CVE-2011-2918 – Linux Kernel 3.0.0 - 'perf_count_sw_cpu_clock' event Denial of Service
https://notcve.org/view.php?id=CVE-2011-2918
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. El subsistema Performance Events en el kernel de Linux antes de v3.1 no trata correctamente los desbordamientos de eventos asociados con eventos PERF_COUNT_SW_CPU_CLOCK, lo que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) a través de una aplicación modificada. • https://www.exploit-db.com/exploits/17769 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8b0ca17b80e92faab46ee7179ba9e99ccb61233 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/08/16/1 https://bugzilla.redhat.com/show_bug.cgi?id=730706 https://github.com/torvalds/linux/commit/a8b0ca17b80e92faab46ee7179ba9e99ccb61233 https://access.redhat.com/security/cve/CVE-2011-2918 • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-2491 – kernel: rpc task leak after flock()ing NFS share
https://notcve.org/view.php?id=CVE-2011-2491
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call. La implementación del protocolo Network Lock Manager (NLM) en la funcionalidad de cliente NFS en el kernel de Linux anteriores a v3.0 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una llamada de sistema flock LOCK_UN. • http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b760113a3a155269a3fba93a409c640031dd68f http://rhn.redhat.com/errata/RHSA-2011-1212.html http://www.openwall.com/lists/oss-security/2011/06/23/6 https://bugzilla.redhat.com/show_bug.cgi?id=709393 https://github.com/torvalds/linux/commit/0b760113a3a155269a3fba93a409c640031dd68f https://access.redhat.com/security/cve/CVE-2011-2491 • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-2517 – kernel: nl80211: missing check for valid SSID size in scan operations
https://notcve.org/view.php?id=CVE-2011-2517
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. Múltiples desbordamientos de búfer en net/wireless/nl80211.c en el kernel de Linux antes de v2.6.39.2 permite a usuarios locales obtener privilegios mediante el aprovechamiento de la capacidad CAP_NET_ADMIN durante las operaciones de exploración con un valor de SSID de largo. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=208c72f4fe44fe09577e7975ba0e7fa0278f3d03 http://rhn.redhat.com/errata/RHSA-2011-1212.html http://www.openwall.com/lists/oss-security/2011/07/01/4 https://bugzilla.redhat.com/show_bug.cgi?id=718152 https://github.com/torvalds/linux/commit/208c72f4fe44fe09577e7975ba0e7fa0278f3d03 https://access.redhat.com/security/cve/CVE-2011-2517 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2497 – kernel: bluetooth: buffer overflow in l2cap config request
https://notcve.org/view.php?id=CVE-2011-2497
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow. Desbordamiento de enteros en la función l2cap_config_req en net/bluetooth/l2cap_core.c en el Kernel de Linux anterior a v3.0 permite a atacantes remotos provocar una denegación de servicio o posiblemente tner otro impacto desconocido a través de un pequeño valor "command-size" dentro del comando header en un "Control de Enlace Lógico" (Logical Link Control) y petición de configuración de "Protocolo de Adaptación" (Adaptation Protocol (L2CAP)), cargando un desbordamiento de bufer. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ac28817536797fd40e9646452183606f9e17f71 http://marc.info/?l=linux-kernel&m=130891911909436&w=2 http://securityreason.com/securityalert/8359 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0 http://www.openwall.com/lists/oss-security/2011/06/24/9 http://www.openwall.com/lists/oss-security/2011/06/27/3 http://www.osvdb.org/74679 http://www.securityfocus.com/bid/48472 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2011-2495 – kernel: /proc/PID/io infoleak
https://notcve.org/view.php?id=CVE-2011-2495
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. fs/proc/base.c del kernel de Linux en versiones anteriores a la 2.6.39.4 no restringe el acceso apropiadamente a los archivos /proc/#####/io, lo que facilita a usuarios locales obtener estadísticas sobre I/O confidenciales consultando un archivo, como se ha demostrado descubriendo la lengitud de la contraseña de otro usuario. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d1221f375c94ef961ba8574ac4f85c8870ddd51 http://rhn.redhat.com/errata/RHSA-2011-1212.html http://www.openwall.com/lists/oss-security/2011/06/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=716825 https://github.com/torvalds/linux/commit/1d1221f375c94ef961ba8574ac4f85c8870ddd51 https://access.redhat.com/security/cve/CVE-2011-2495 • CWE-264: Permissions, Privileges, and Access Controls •