CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0029
https://notcve.org/view.php?id=CVE-2009-0029
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. ABI en el kernel de Linux v2.6.28 y anteriores sobre las plataformas s390, powerpc, sparc64, y mips 64-bit requiere que un argumento de 32-bit en un registro de 64-bit sea firmado adecuadamente cuando se envía una aplicación en modo de usuario, pero esto no lo puede realizar, lo que permitiría a usuarios locales producir una denegación de servicio (caída) o ganar privilegios a través de una llamada al sistema manipulada. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html http://marc.info/?l=linux-kernel&m=123155111608910&w=2 http://secunia.com/advisories/33477 http://secunia.com/advisories/33674 http://secunia.com/advisories/34394 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://www.debian.org/security/2009/dsa-1749 http://www.debian.org/security/2009/dsa-1787 http://www.debian.org/security/2009/dsa-1794 http://www.mandriva.com&#x • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 233EXPL: 0CVE-2009-0024
https://notcve.org/view.php?id=CVE-2009-0024
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. La función sys_remap_file_pages en mm/fremap.c del kernel de Linux anterior a la versión v2.6.24.1 permite a usuarios locales provocar una denegación de servicio o ganar privilegios mediante vectores de ataque no especificados, relacionados con un miembro de la estructura de vm_file, y las funciones mmap_region y do_munmap. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git%3Ba=commit%3Bh=8a459e44ad837018ea5c34a9efe8eb4ad27ded26 http://openwall.com/lists/oss-security/2009/01/12/1 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 http://www.securityfocus.com/bid/33211 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 102EXPL: 0CVE-2008-4307 – Kernel BUG() in locks_remove_flock
https://notcve.org/view.php?id=CVE-2008-4307
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. Condición de carrera en la función do_setlk en fs/nfs/file.c del kernel de Linux versiones anteriores a v2.6.26 permite a usuarios locales provocar una denegación de servicio (caída) mediante vectores resultantes de una petición RPC interrumpida que conduce a una perdida de cierre de FL_POSIX, relacionado con un inapropiado manejo de una carrera entre "fcntl" y "close" en la gestión de la interrupción de sistema "EINTR". • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc http://openwall.com/lists/oss-security/2009/01/13/1 http://rhn.redhat.com/errata/RHSA-2009-0459.html http://rhn.redhat.com/errata/RHSA-2009-0473.html http://secunia.com/advisories/34917 http://secunia.com/advisories/34962 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://secunia.com/advisories/35015 http://secunia.com&#x • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 94%CPEs: 109EXPL: 1CVE-2009-0065 – Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow
https://notcve.org/view.php?id=CVE-2009-0065
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. Desbordamiento de búfer en net/sctp/sm_statefuns.c en la implementación del "Stream Control Transmission Protocol (sctp)" (Protocolo de Tansmisión de Control de Flujo) en el kernel de Linux antes de v2.6.28-git8 permite a atacantes remotos tener un impacto desconocido mediante un fragmento WD-TSN (también conocido como FORWARD-TSN) con un flujo ID grande. • https://www.exploit-db.com/exploits/8556 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9fcb95a105758b81ef0131cd18e2db5149f13e95 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://patchwork.ozlabs.org/patch/15024 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 235EXPL: 1CVE-2008-5713 – Linux Kernel 2.6.x - 'qdisc_run()' Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-5713
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode. La función __qdisc_run en net/sched/sch_generic.c en el kernel de Linux antes de 2.6.25 en máquinas SMP permite a usuarios locales provocar una denegación de servicio (bloqueo blando "soft lockup") enviando una cantidad de tráfico de red grande, como se demostró por múltiples invocaciones simultáneas de la aplicación Netperf benchmark en modo UDP_STREAM. • https://www.exploit-db.com/exploits/32682 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 http://openwall.com/lists/oss-security/2008/12/23/1 http://rhn.redhat.com/errata/RHSA-2009-0264.html http://secunia.com/advisories/33706 http://secunia.com/advisories/33858 http://secunia.com/advisories/35011 http://www.debian.org/security/2009&#x • CWE-399: Resource Management Errors •