Page 81 of 453 results (0.017 seconds)

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0

CVE-2009-1242

https://notcve.org/view.php?id=CVE-2009-1242

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. La función vmx_set_msr en arch/x86/kvm/vmx.c en la implementación VMX en el subsistema KVM en el kernel de Linux anteriores a v2.6.29.1 en la plataforma i386 permite a los usuarios invitados del SO causar una denegación de servicio (OOPS) estableciendo el bit EFER_LME (también conocido como "modo largo habilitado") en la Extended Feature Enable Register (EFER) registro específico de modelo, lo que es específico para la plataforma x86_64. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16175a796d061833aacfbd9672235f2d2725df65 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html http://openwall.com/lists/oss-security/2009/04/01/3 http://patchwork.kernel.org/patch/15549 http://secunia.com/advisories/34478 http://secunia.com/advisories/34981 http://secunia.com/advisories/35120 http://secunia.com • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2009-1073

https://notcve.org/view.php?id=CVE-2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. nss-ldapd anteriores a v0.6.8 emplea permisos de "lectura para todos" para el archivo /etc/nss-ldapd.conf, lo que permite a los usuario locales obtener una contraseña en texto claro para el servidor LDAP, leyendo el campo bindpw. • http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813 http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476 http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322 http://launchpad.net/bugs/cve/2009-1073 http://secunia.com/advisories/34523 http://www.debian.org/security/2009/dsa-1758 http://www.openwall.com/lists/oss&# • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

CVE-2009-0115 – device-mapper-multipath: insecure permissions on multipathd.sock

https://notcve.org/view.php?id=CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero del socket (también conocido como /var/run/multipathd.sock), permitiendo a usuarios locales enviar comandos de su elección al demonio "multipath". • http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://launchpad.net/bugs/cve/2009-0115 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/ • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-0784 – systemtap: race condition leads to privilege escalation

https://notcve.org/view.php?id=CVE-2009-0784

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. Una condición de carrera en la herramienta stap de SystemTap versiones 0.0.20080705 y 0.0.20090314, permite a los usuarios locales del grupo stapusr insertar módulos de kernel de SystemTap arbitrarios y alcanzar privilegios por medio de vectores desconocidos. • http://secunia.com/advisories/34441 http://secunia.com/advisories/34479 http://secunia.com/advisories/34548 http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm http://www.debian.org/security/2009/dsa-1755 http://www.redhat.com/support/errata/RHSA-2009-0373.html http://www.vupen.com/english/advisories/2009/0907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613 https://access.redhat.com/security/cve/CVE-2009-0784 https://bug • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.0EPSS: 27%CPEs: 3EXPL: 0

CVE-2009-0590 – openssl: ASN1 printing crash

https://notcve.org/view.php?id=CVE-2009-0590

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. La función ASN1_STRING_print_ex en OpenSSL versiones anteriores a v0.9.8k permite a atacantes remotos provocar una denegación de servicio (acceso inválido a memoria y caída de la aplicación) mediante vectores que provocan la impresión de (1) BMPString o (2) UniversalString con una longitud de codificación inválida. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=bugtraq&m=124464882609472&w=2 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •