CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0787 – kernel: ecryptfs file header infoleak
https://notcve.org/view.php?id=CVE-2009-0787
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. La función ecryptfs_write_metadata_to_contents en la funcionalidad eCryptfs en el kernel Linux v2.6.28 anterior a v2.6.28.9 emplea un tamaño incorrecto cuando escribe de la memoria del kernel a la cabecera del archivo eCryptfs, lo que dispara una lectura fuera de rango y permite a usuarios locales obtener porciones d la memoria del kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8faece5f906725c10e7a1f6caf84452abadbdc7b http://osvdb.org/52860 http://rhn.redhat.com/errata/RHSA-2009-0473.html http://secunia.com/advisories/34422 http://secunia.com/advisories/35015 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34216 http:&# • CWE-189: Numeric Errors •
CVSS: 6.2EPSS: 96%CPEs: 22EXPL: 0CVE-2009-1072 – kernel: nfsd should drop CAP_MKNOD for non-root
https://notcve.org/view.php?id=CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opción root_squash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://secunia.com/advisories/34422 http://secunia.com/advisories/34432 http://sec • CWE-16: Configuration •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1CVE-2009-1046 – Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1046
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. La funcionalidad de selección de consola en el kernel de Linux 2.6.28 en versiones anteriores a 2.6.28.4, 2.6.25 y posiblemente versiones anteriores, cuando se utiliza la consola UTF-8, permite a atacantes físicamente próximos causar una denegación de servicio (corrupción de memoria) seleccionando un número pequeño de carácteres de 3 bytes UTF-8, lo que desencadena un "error de memoria off-by-two". NOTA: no queda claro si el problema traspasa límites de privilegio. • https://www.exploit-db.com/exploits/9083 http://lists.openwall.net/linux-kernel/2009/01/30/333 http://lists.openwall.net/linux-kernel/2009/02/02/364 http://secunia.com/advisories/34917 http://secunia.com/advisories/34981 http://secunia.com/advisories/35121 http://www.debian.org/security/2009/dsa-1787 http://www.debian.org/security/2009/dsa-1800 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4 http://www.openwall.com/lists/oss-security/ • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0935
https://notcve.org/view.php?id=CVE-2009-0935
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance. La función inotify_read en el kernel de Linux versiones 2.6.27 hasta 2.6.27.13, 2.6.28 hasta 2.6.28.2 y 2.6.29-rc3, permite a los usuarios locales causar una denegación de servicio (OOPS) por medio de una lectura con una dirección no válida en una instancia inotify, lo que causa que la exclusión mutua de la lista de eventos del dispositivo se desbloquee dos veces e impida la sincronización apropiada de una estructura de datos para la instancia inotify. • http://marc.info/?l=linux-kernel&m=123337123501681&w=2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3 http://www.openwall.com/lists/oss-security/2009/03/06/2 http://www.openwall.com/lists/oss-security/2009/03/18/5 http://www.openwall.com/lists/oss-security/2009/03/19/2 http://www.securityfocus.com/bid/33624 https://bugzilla.redhat.com/show_bug.cgi?id=488935 https://exchange.xforce.ibmcloud.com/vulnerabilities/49331 • CWE-667: Improper Locking •
CVSS: 7.1EPSS: 1%CPEs: 358EXPL: 1CVE-2009-0778 – kernel: rt_cache leak leads to lack of network connectivity
https://notcve.org/view.php?id=CVE-2009-0778
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." La función icmp_send en net/ipv4/icmp.c en el kernel Linux anerior a v2.6.25, cuando se configura como un router con una ruta RECHAZADA, no gestiona apropiadamente el Protocolo Independiente de Caché de Destino (alias DST) en alguna situación que involucra transmisión de un mensaje ICMP Host inalcanzable, el cual permite a los atacantes remotos causar una denegación de servicio (conectividad parada) enviando una larga serie de paquetes a muchos direcciones IP de destino con esta ruta RECHAZADA, RELATIVA a "rt_cache leak." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 http://openwall.com/lists/oss-security/2009/03/11/2 http://secunia.com/advisories/33758 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 http://www.redhat.com/support/errata/RHSA-2009-0326.html http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34084 http:/&#x • CWE-400: Uncontrolled Resource Consumption •