CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9715 – kernel: netfilter connection tracking extensions denial of service
https://notcve.org/view.php?id=CVE-2014-9715
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. include/net/netfilter/nf_conntrack_extend.h en el subsistema netfilter en el kernel de Linux anterior a 3.14.5 utiliza un tipo de datos insuficientemente grande para ciertos datos de extensión, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y OOPS) a través de trafico de red saliente que provoca la carga de extensiones, tal y como fue demostrado mediante la configuración de un túnel PPTP en un entorno NAT. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279 http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 http://rhn.redhat.com/errata/RHSA-2015-1534.html http://rhn.redhat.com/errata/RHSA-2015-1564.html http://www.debian.org/security/2015/dsa-3237 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5 http://www.openwall.com/lists/oss-security/2015/04/08/1 http://www.oracle.com/te • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3339 – kernel: race condition between chown() and execve()
https://notcve.org/view.php?id=CVE-2015-3339
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. Condición de carrera en la función prepare_binprm en fs/exec.c en el kernel de Linux anterior a 3.19.6 permite a usuarios locales ganar privilegios mediante la ejecución de un programa setuid en un instancia de tiempo que un chown a root está en progreso, y el propietario ha cambiado pero el bit setuid todavía no se ha eliminado. A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html http://l • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2015-3331 – Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
https://notcve.org/view.php?id=CVE-2015-3331
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. La función __driver_rfc4106_decrypt en arch/x86/crypto/aesni-intel_glue.c en el kernel de Linux anterior a 3.19.3 no determina correctamente las localizaciones de memoria utilizadas para datos cifrados, Lo que permite a atacantes dependientes de contexto causar una denegación de servicio (desbordamiento de buffer y caída de sistema) o posiblemente ejecutar código arbitrario mediante la provocación de una llamada de API Crypto, tal y como fue demostrado por el uso de un programa de pruebas de libkcapi con un socket AF_ALG(aead). A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html http://rhn.red • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3332
https://notcve.org/view.php?id=CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds. Cierto backport en la implementación TCP Fast Open para el kernel de Linux anterior a 3.18 no mantiene correctamente un valor de contador, lo que permite a usuarios locales causar una denegación de servicio (caída de sistema) a través de la característica Fast Open, tal y como fue demostrado mediante la visita a la URL chrome://flags/#enable-tcp-fast-open cuando utiliza ciertos builds del kernel 3.10.x hasta 3.16.x, incluyendo lanzamientos de mantenimiento a largo plazo y builds ckt (también conocidos como Canonical Kernel Team). • http://article.gmane.org/gmane.linux.network/359588 http://www.debian.org/security/2015/dsa-3237 http://www.openwall.com/lists/oss-security/2015/04/14/14 https://bugs.debian.org/782515 https://bugzilla.redhat.com/show_bug.cgi?id=1213951 • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2042
https://notcve.org/view.php?id=CVE-2015-2042
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. net/rds/sysctl.c en el kernel de Linux anterior a 3.19 utiliza un tipo de datos incorrecta en una tabla sysctl, lo que permite a usuarios locales obtener información sensible de la memoria del kernel o posiblemente tener otro impacto no especificado mediante el acceso a una entrada sysctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db27ebb111e9f69efece08e4cb6a34ff980f8896 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://www.debian.org/security/2015/dsa-3237 http://www.openwall.com/lists/oss-security/2015/02/20/20 http://www.securityfocus.com/bid/72730 http://www.ubuntu.com/usn/USN-2560-1 http://www.ubuntu.com/usn/USN-2561-1 http://www.ubuntu.com/usn/USN-2562-1 http://www.ubuntu • CWE-17: DEPRECATED: Code •