Page 882 of 5145 results (0.068 seconds)

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-3859 – kernel: tipc: heap overflow in tipc_msg_build()

https://notcve.org/view.php?id=CVE-2010-3859

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c. Múltiples errores de signo de entero en la implementación de TIPC en el kernel de Linux anteriores a v2.6.36.2 permite a usuarios locales conseguir privilegios a través de una llamada manipulada sendmsg que provoca un desbordamiento de búfer basado en memoria dinámica, relacionado con la función tipc_msg_build en net/tipc/msg.c y la función verify_iovec en net/core/iovec.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8acfe468b0384e834a303f08ebc4953d72fb690a http://marc.info/?l=linux-netdev&m=128770476511716&w=2 http://secunia.com/advisories/42789 http://secunia.com/advisories/42963 http://secunia.com/advisories/46397 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/ • CWE-787: Out-of-bounds Write •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-3448 – kernel: thinkpad-acpi: lock down video output state access

https://notcve.org/view.php?id=CVE-2010-3448

drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation. drivers/platform/x86/thinkpad_acpi.c en el kernel de Linux anterior a v2.6.34 en los dispositivos de ThinkPad, cuando el servidor de X, X.Org, se utiliza, no restringe correctamente el acceso al estado del control de salida de vídeo, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de operaciones de (1) lectura o (2) escritura. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b525c06cdbd8a3963f0173ccd23f9147d4c384b5 http://openwall.com/lists/oss-security/2010/06/23/2 http://openwall.com/lists/oss-security/2010/09/28/1 http://openwall.com/lists/oss-security/2010/09/29/7 http://openwall.com/lists/oss-security/2010/09/30/1 http://openwall.com/lists/oss-security/2010/09/30/6 http://www.debian.org& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 2

CVE-2010-3858 – Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service

https://notcve.org/view.php?id=CVE-2010-3858

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. La función setup_arg_pages en fs/exec.c en el kernel de Linux anterior a v2.6.36, cuando se utiliza CONFIG_STACK_GROWSDOWN, no restringe adecuadamente el consumo de memoria de pila de (1) los argumentos y (2) las variables de entorno para una aplicación de 32 bits en un plataforma de 64 bits, lo que permite a usuarios locales causar una denegación de servicio (mediante caída del sistema) a través de una system call debidamente modificada. Se trata de un problema relacionado con la CVE-2010-2240. • https://www.exploit-db.com/exploits/15619 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b528181b2ffa14721fb28ad1bd539fe1732c583 http://grsecurity.net/~spender/64bit_dos.c http://secunia.com/advisories/42758 http://secunia.com/advisories/42789 http://secunia.com/advisories/46397 http://www.debian.org/security/2010/dsa-2126 http://www.exploit-db.com/exploits/15619 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http:/ • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2010-3880 – kernel: logic error in INET_DIAG bytecode auditing

https://notcve.org/view.php?id=CVE-2010-3880

net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. net/ipv4/inet_diag.c en el kernel Linux, en versiones anteriores a la 2.6.37-rc2, no audita apropiadamente el bytecode INET_DIAG, lo que permite a atacantes locales provocar una denegación de servicio (bucle infinito del kernel) mediante instrucciones INET_DIAG_REQ_BYTECODE debidamente modificadas en un mensaje netlink que contiene múltiples elementos de atributos, como se ha demostrado por las intrucciones INET_DIAG_BC_JMP. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860 http://openwall.com/lists/oss-security/2010/11/04/9 http://openwall.com/lists/oss-security/2010/11/05/3 http://secunia.com/advisories/42126 http://secunia.com/advisories/42789 http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/testing/Change • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-4076

https://notcve.org/view.php?id=CVE-2010-4076

The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función rs_ioctl de drivers/char/amiserial.c del kernel de Linux en versiones 2.6.36.1 y anteriores no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de una llamada ioctl TIOCGICOUNT. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862 http://lkml.org/lkml/2010/9/15/389 http://www.openwall.com/lists/oss-security/2010/09/25/2 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/lists/oss-security/2010/10/07/1 http://www.openwall.com/lists/oss-security/2010/10/25/3 https://bugzilla.redhat.com/show_bug.cgi?id=648661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •