CVSS: 7.8EPSS: 0%CPEs: 109EXPL: 0CVE-2008-4618 – kernel: sctp: Fix kernel panic while process protocol violation parameter
https://notcve.org/view.php?id=CVE-2008-4618
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. La implementación de Stream Control Transmission Protocol (sctp) en los nucleos de Linux anteriores a v2.6.27 no manejan correctamente una violación del protocolo en la que un parámetro tiene una longitud no válida, permitiendo a atacantes remotos provocar una denegación de servicio (finalización en modo pánico) mediante vectores no especificados, relacionados con sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, y tipos de datos incorrectos en las llamadas a funciones. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://secunia.com/advisories/32918 http://secunia.com/advisories/32998 http://secunia.com/advisories/33586 http://www.debian.org/security/2008/dsa-1681 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 http://www.openwall.com/lists/oss-security/2008/10/06/1 http:&# • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3831 – kernel: i915 kernel drm driver arbitrary ioremap
https://notcve.org/view.php?id=CVE-2008-3831
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. El driver i915 en (1) drivers/char/drm/i915_dma.c en el kernel v2.6.24 de Linux en Debian GNU/Linux y (2) sys/dev/pci/drm/i915_drv.c en OpenBSD no restringe el DRM_I915_HWS_ADDR ioctl al Direct Rendering Manager (DRM) master, lo cual permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) mediante una llamada ioctl manipulada, relacionado con la ausencia de los indicadores DRM_MASTER y DRM_ROOT_ONLY en la configuración de los ioctl. • http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html http://secunia.com/advisories/32315 http://secunia.com/advisories/32386 http://secunia.com/advisories/32709 http://secunia.com/advisories/32918 http://secunia.com/advisories/33182 http://secunia.com/advisories/33586 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz http://securitytracker.com/id?1021065 http://sunsolve.sun.com/search/document.do&# • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 9%CPEs: 101EXPL: 0CVE-2008-4576 – kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
https://notcve.org/view.php?id=CVE-2008-4576
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. sctp en el kernel de Linux anterior a 2.6.25.18 permite a atacantes remotos provocar una denegación de servicio (OOPS) mediante un INIT-ACK que establece la AUTH de compartición no admitida, lo que provoca que la función sctp_process_init limpie los transportes activos y dispare la OOPS cuando el temporizador T1-Init se agota. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://permalink.gmane.org/gmane.comp.security.oss.general/1039 http://secunia.com/advisories/32370 http://secunia.com/advisories/32386 http://secunia.com/advisories/32759 http://secunia.com/advisories/ • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 106EXPL: 0CVE-2008-4554 – kernel: don't allow splice() to files opened with O_APPEND
https://notcve.org/view.php?id=CVE-2008-4554
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. La función do_splice_from en fs/splice.c del kernel de Linux anterior al 2.6.27 no rechaza los descriptores de fichero que tienen la bandera O_APPEND, lo que permite a usuarios locales evitar el modo append y hacer cambios de su elección a otros sitios en el archivo. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=efc968d450e013049a662d22727cf132618dcb2f http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://secunia.com/advisories/32386 http://secunia.com/advisories/32918 http://secunia.com/advisories/32998 http://secunia.com/advisories/33180 http://secunia.com/advisories/33182 http://secunia.com/advisories/33586 http://secunia.com/advisories/35390 http://www.debian.org/security/2008/ • CWE-264: Permissions, Privileges, and Access Controls •