CVSS: 4.9EPSS: 0%CPEs: 285EXPL: 0CVE-2006-3741
https://notcve.org/view.php?id=CVE-2006-3741
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption). La llamada al sistema perfmonctl (sys_perfmonctl) en el núcleo Linux 2.4.x y 2.6 anterior a 2.6.18, cuando se ejecuta en sistemas Itanium, no lleva correctamente la cuenta de referencias a los descriptores de fichero, lo que permite a usuarios locales provocar una denegación de servicio (agotamiento de descriptores de fichero). • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360 http://secunia.com/advisories/22279 http://secunia.com/advisories/22292 http://secunia.com/advisories/22382 http://secunia.com/advisories/22945 http://secunia.com/advisories/23370 http://secunia.com/advisories/23474 http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b8444d00762703e1b6146fce12ce2684885f8bf6 http://www.mandriva.com/ •
CVSS: 2.1EPSS: 0%CPEs: 201EXPL: 0CVE-2006-5174
https://notcve.org/view.php?id=CVE-2006-5174
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. La función copy_from_user en el código uaccess en Linux kernel 2.6 anterior a 2.6.19-rc1, cuando funciona sobre s390, no correctamente claro un búfer del núcleo, lo cuál permite que los programas locales del espacio del usuario lean porciones de la memoria del núcleo “añadiendo a un archivo una mala dirección,” lo que dispara una falta que previene la memoria no usada se limpie en el búfer del nucleo. • http://lkml.org/lkml/2006/11/5/46 http://rhn.redhat.com/errata/RHSA-2007-0014.html http://secunia.com/advisories/22289 http://secunia.com/advisories/22497 http://secunia.com/advisories/23064 http://secunia.com/advisories/23370 http://secunia.com/advisories/23395 http://secunia.com/advisories/23474 http://secunia.com/advisories/23997 http://secunia.com/advisories/24206 http://securitytracker.com/id?1017090 http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm •
CVSS: 7.8EPSS: 43%CPEs: 191EXPL: 1CVE-2006-3468 – Linux Kernel 2.6.17.7 - NFS and EXT3 Combination Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-3468
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. Linux kernel 2.6.x, cuando utiliza NFS y EXT3, permite a atacantes remotos provocar denegación de servicio (panic en el sistema de archivos) a través de paquetes UDP manipulados con un procedimiento de búsqueda V2 que especifica una cabecera de fichero mala (número de inode), lo cual dispara un error y provocar un directorio exportado se remontado en solo lectura. • https://www.exploit-db.com/exploits/28358 http://lkml.org/lkml/2006/7/17/41 http://secunia.com/advisories/21369 http://secunia.com/advisories/21605 http://secunia.com/advisories/21614 http://secunia.com/advisories/21847 http://secunia.com/advisories/21934 http://secunia.com/advisories/22093 http://secunia.com/advisories/22148 http://secunia.com/advisories/22174 http://secunia.com/advisories/22822 http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm http:&# •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2006-2935
https://notcve.org/view.php?id=CVE-2006-2935
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. La función dvd_read_bca en el código de manejo de los DVD en el fichero drivers/cdrom/cdrom.c del kernel de Linux v2.2.16 y posteriores, asigna un valor incorrecto a la variable "length" (longitud), lo que permite a usuarios locales ejecutar código de su elección a través de dispositivos de almacenamiento USB modificados maliciosamente que disparan un desbordamiento de buffer. • http://bugzilla.kernel.org/show_bug.cgi?id=2966 http://secunia.com/advisories/21179 http://secunia.com/advisories/21298 http://secunia.com/advisories/21498 http://secunia.com/advisories/21605 http://secunia.com/advisories/21614 http://secunia.com/advisories/21695 http://secunia.com/advisories/21934 http://secunia.com/advisories/22082 http://secunia.com/advisories/22093 http://secunia.com/advisories/22174 http://secunia.com/advisories/22497 http://secunia.com/advisories/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 2.1EPSS: 0%CPEs: 113EXPL: 0CVE-2006-0456
https://notcve.org/view.php?id=CVE-2006-0456
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors. La función strnlen_user en el kernel Linux anterior a la versión 2.6.16 en IBM S/390 puede devolver un valor incorrecto, lo que permite a usuarios locales provocar una denegación de servicio mediante vectores desconocidos. • http://secunia.com/advisories/20914 http://secunia.com/advisories/21465 http://secunia.com/advisories/22417 http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm http://www.debian.org/security/2006/dsa-1103 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=331c46591414f7f92b1cec048009abe89892ee79 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=331c46591414f7f92b1cec048009abe89892ee79 http://www.kernel.org/pub&# •