Page 913 of 5146 results (0.058 seconds)

CVSS: 4.9EPSS: 0%CPEs: 80EXPL: 2

CVE-2009-2847 – Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure

https://notcve.org/view.php?id=CVE-2009-2847

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. La función do_sigaltstack en kernel/signal.c en el kernel de Linux 2.6 antes de 2.6.31-RC5, cuando se ejecuta en sistemas de 64 bits, no limpia algunos octetos de relleno de una estructura, lo que permite a usuarios locales obtener información sensible de la pila del núcleo a través de la función sigaltstack. • https://www.exploit-db.com/exploits/9352 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=0083fc2c50e6c5127c2802ad323adf8143ab7856 http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/36136 http://secunia.com/advisories/36501 http://secunia.com/advisories/36562 http://secunia.com/advisories/36759 http://secunia.com/advisories/37105 http://secunia.com/advisories/37471 http://www.exploit-db.com/exploits/9352 http://w •

CVSS: 7.8EPSS: 5%CPEs: 79EXPL: 0

CVE-2009-2844

https://notcve.org/view.php?id=CVE-2009-2844

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. cfg80211 en el archivo net/wireless/scan.c en el kernel de Linux versión 2.6.30-rc1 y otras versiones anteriores a 2.6.31-rc6, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de una secuencia de tramas beacon en los que una trama omite un Elemento de Información (IE) SSID y la trama posterior contiene un IE SSID, que desencadena una desreferencia de un puntero NULL en la función cmp_ies. NOTA: también se abordó una potencial debilidad en la función is_mesh, pero la condición relevante no existía en el código, por lo que no es una vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e http://jon.oberheide.org/files/cfg80211-remote-dos.c http://secunia.com/advisories/36278 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 http://www.openwall.com/lists/oss-security/2009/08/17/1 http://www.openwall.com/lists/oss-security/2009/08/17/2 http://www.securityfocus.com/bid/36052 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 2

CVE-2009-2848 – kernel: execve: must clear current->clear_child_tid

https://notcve.org/view.php?id=CVE-2009-2848

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. Una función execve en el kernel de Linux, posiblemente versión 2.6.30-rc6 y anteriores, no borra apropiadamente el puntero de current-)clear_child_tid, lo que permite a los usuarios locales causar una denegación de servicio (corrupción de memoria) o posiblemente alcanzar privilegios por medio de un sistema de clonación que llama con CLONE_CHILD_SETTID o CLONE_CHILD_CLEARTID habilitadas, que no son manejados apropiadamente durante la creación y salida de hilos (subprocesos). • http://article.gmane.org/gmane.linux.kernel/871942 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/35983 http://secunia.com/advisories/36501 http://secunia.com/advisories/36562 http://secunia.com/advisories/36759 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 316EXPL: 0

CVE-2009-2846

https://notcve.org/view.php?id=CVE-2009-2846

The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. La función eisa_eeprom_read en el componente the parisc isa-eeprom (drivers/parisc/eisa_eeprom.c) en el kernel de Linux anterior a v2.6.31-rc6 permite a usuarios locales acceder a memoria restringida a través de argumentos negativos ppos, lo que evita un control que asume que ppos es positivo y causa una lectura fuera de rango en la función readb. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=6b4dbcd86a9d464057fcc7abe4d0574093071fcc http://secunia.com/advisories/37105 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2009/08/10/1 http://www.openwall.com/lists/oss-security/2009/08/18/6 http://www.ubuntu.com/usn/USN-852-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/52906 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 1

CVE-2009-2767 – Linux Kernel 2.6.x - 'posix-timers.c' Null Pointer Dereference Denial of Service

https://notcve.org/view.php?id=CVE-2009-2767

The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. La función init_posix_timers en kernel/posix-timers.c en el kernel de linux anteriores a v2.6.31-rc6 permite a usuarios locales provocar una denegación de servicio (OOPS) o posiblemente conseguir privilegios a través de una llamada CLOCK_MONOTONIC_RAW clock_nanosleep que provoca una desreferencia a un puntero NULL. • https://www.exploit-db.com/exploits/33148 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70d715fd0597f18528f389b5ac59102263067744 http://lkml.org/lkml/2009/8/4/28 http://lkml.org/lkml/2009/8/4/40 http://secunia.com/advisories/36200 http://secunia.com/advisories/37105 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 http://www.openwall.com/lists/oss-security/2009/08/06/2 http://www.ubuntu.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •