CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2066 – kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
https://notcve.org/view.php?id=CVE-2010-2066
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. La función mext_check_arguments en fs/ext4/move_extent.c en el kernel de Linux anterior a v2.6.35, permite a usuarios locales sobrescribir una archivo de solo-añadir (append-only) a través de una llamada MOVE_EXT ioctl que especifica este archivo como un donante. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html http://secunia.com/advisories/43315 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.openwall.com/lists/oss-security/2010/06/07/1 http://www.openwall.com/lists/oss-security/2010/06/09/1 http://www.redhat.com/support/errata/RHSA-2010-0610.html http://w •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2010-2954
https://notcve.org/view.php?id=CVE-2010-2954
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. La función irda_bind en net/irda/af_irda.c en el kernel de Linux anterior v2.6.36-rc3-next-20100901 no maneja adecuadamente los fallos de la función irda_open_tsap, lo que permite a usuarios locales causar una denegación de servicio(desreferencia a puntero NULL y panico) y probablemente otros impactos no especificados a través de múltiples llamadas no exitosas en el socket AF_IRDA (conocido como PF_IRDA). • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=128331787923285&w=2 http://secunia.com/advisories/4 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2010-2798 – kernel: gfs2: rename causes kernel panic
https://notcve.org/view.php?id=CVE-2010-2798
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. La función gfs2_dirent_find_space en fs/gfs2/dir.c en el kernel de Linux anterior a v 2.6.35, usa un valor de tamaño incorrecto en los cálculos asociados con las entradas del directorio "sentinel", lo que permite a usuarios locales provocar una denegación de servicio (deferencia a puntero nullo y kernel panic) y posiblemente otro impacto no especificados mediante el renombrado de un archivo en un sistema de fichero GFS2, relacionado con la función gfs2_rename en fs/gfs2/ops_inode.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://secunia.com/advisories/46397 http://securitytracker.com/id?1024386 http://support.avaya.com/css/P8/documents/100113326 http://www.debian.org/security/2010/dsa-2094 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLo • CWE-476: NULL Pointer Dereference •
CVSS: 3.6EPSS: 0%CPEs: 11EXPL: 0CVE-2010-2226 – kernel: xfs swapext ioctl minor security issue
https://notcve.org/view.php?id=CVE-2010-2226
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. La función xfs_swapext en fs/xfs/xfs_dfrag.c en el kernel de Linux kernel anterior v2.6.35 no chequea adecuadamente los descriptores de archivo en SWAPEXT ioctl, lo que permiete a usuarios locales aprovechar el acceso de escritura y obtener acceso de lectura por intercambio de un fichero en otro fichero. • http://archives.free.net.ph/message/20100616.130710.301704aa.en.html http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=127677135609357&w=2 http://marc.info/?l=oss-security& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 3CVE-2010-2959 – Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-2959
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. Desbordamiento de enterno en net/can/bcm en la implementación Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de sistema) a través de tráfico CAN manipulado. • https://www.exploit-db.com/exploits/14814 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde http://jon.oberheide.org/files/i-can-haz-modharden.c http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011& • CWE-190: Integer Overflow or Wraparound •