CVE-2010-4248 – kernel: posix-cpu-timers: workaround to suppress the problems with mt exec
https://notcve.org/view.php?id=CVE-2010-4248
Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. Una condición de carrera en la función __exit_signal en kernel/exit.c en el kernel de Linux anterior a v2.6.37-rc2 permite a usuarios locales causar una denegación de servicio a través de vectores relacionados con un exec con multiples hilos, el uso de un líder de grupo de hilos en kernel/posix- CPU-timers.c, y la selección de un líder de grupo de hilos en la función de_thread en fs/exec.c • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0a70217107e6f9844628120412cb27bb4cea194 http://secunia.com/advisories/42789 http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://www.openwall.com/lists/oss-security/2010/11/23/2 http://www.openwall.com/lists/oss-security/2010/11/24 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2010-3849 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3849
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. La función econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una dirección econet, permite a usuarios locales causar una denegación de servicio (desreferencia a puntero NULL y OOPS) a través de una llamada sendmsg que especifica un valor NULL para el campo de dirección remota. • https://www.exploit-db.com/exploits/15704 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://openwall.com/lists/oss-security/2010/11 • CWE-476: NULL Pointer Dereference •
CVE-2010-3875
https://notcve.org/view.php?id=CVE-2010-3875
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. La función ax25_getname en net/ax25/af_ax25.c en el kernel de Linux anterior a v2.6.37-rc2 no inicializa una determinada estructura, que permite a usuarios locales obtener información sensible de la pila del núcleo de memoria mediante la lectura de una copia de esta estructura. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe10ae53384e48c51996941b7720ee16995cbcb7 http://marc.info/?l=linux-netdev&m=128854507120898&w=2 http://openwall.com/lists/oss-security/2010/11/02/7 http://openwall.com/lists/oss-security/2010/11/04/5 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-3850 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3850
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. La función ec_dev_ioctl en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2 no requiere la capacidad CAP_NET_ADMIN, que permite a usuarios locales evitar las restricciones de acceso y configurar las direcciones econet a través de una llamada SIOCSIFADDR ioctl. • https://www.exploit-db.com/exploits/15704 https://www.exploit-db.com/exploits/17787 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http •
CVE-2010-3858 – Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-3858
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. La función setup_arg_pages en fs/exec.c en el kernel de Linux anterior a v2.6.36, cuando se utiliza CONFIG_STACK_GROWSDOWN, no restringe adecuadamente el consumo de memoria de pila de (1) los argumentos y (2) las variables de entorno para una aplicación de 32 bits en un plataforma de 64 bits, lo que permite a usuarios locales causar una denegación de servicio (mediante caída del sistema) a través de una system call debidamente modificada. Se trata de un problema relacionado con la CVE-2010-2240. • https://www.exploit-db.com/exploits/15619 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b528181b2ffa14721fb28ad1bd539fe1732c583 http://grsecurity.net/~spender/64bit_dos.c http://secunia.com/advisories/42758 http://secunia.com/advisories/42789 http://secunia.com/advisories/46397 http://www.debian.org/security/2010/dsa-2126 http://www.exploit-db.com/exploits/15619 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http:/ • CWE-400: Uncontrolled Resource Consumption •