CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-4302 – Linux Kernel 2.6.x - 'add_to_page_cache_lru()' Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-4302
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. fs/splice.c en el subsistema "splice" en el kernel de Linux anterior a v2.6.22.2 no maneja de forma adecuada un fallo en la función add_to_page_cache_Lru, y como consecuencia intentar desbloquear una página que no está bloqueada, lo que permite que usuarios locales puedan provocar una denegación de servicio (Error del Kernel y caída del sistema), como se demostró por la herramienta "fio I/O". • https://www.exploit-db.com/exploits/32384 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://lkml.org/lkml/2007/7/20/168 http://secunia.com/advisories/32237 http://secunia.com/advisories/32485 http://secunia.com/advisories/32759 http://www.debian.org/securi • CWE-667: Improper Locking •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3528 – Linux kernel ext[234] directory corruption denial of service
https://notcve.org/view.php?id=CVE-2008-3528
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. La funcionalidad de error de informe en (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, y posiblemente en (3) fs/ext4/dir.c en el kernet de Linux v2.6.26.5 no limita el número de mensajes de consola printk que informa de la corrupción de directorio, lo cual permite a atacantes aproximarse físicamente para causar denegación de servicio (cuelgue temporal del sistema) montando un archivo de sistema corrupto con valores dir->i_size y dir->i_blocks e interpretando operaciones de (a) lectura o (b) escritura. NOTA: hay escenarios limitados en los cuales estos cruzan los límites de privilegios. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html http://lkml.org/lkml/2008/9/13/98 http://lkml&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 1CVE-2008-4113 – Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2008-4113
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. Función The sctp_getsockopt_hmac_ident en net/sctp/socket.c la implementación de Stream Control Transmission Protocol (sctp) en el kernel de Linux anterior a 2.6.26.4, cuando la extensión SCPT-AUTH está activada, basada en un valor de tamaño no confiable en el límite de la copia de datos de la memoria del kernel, permite a usuarios locales obtener información sensible a través de una petición SCTP_HMAC_IDENT IOCTL manipulada implicando a la función sctp_getsockopt. • https://www.exploit-db.com/exploits/7618 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://secunia.com/advisories/32190 http://secunia.com/advisories/32315 http://secunia.com/advisories/32393 http://securityreason.com/securityalert/4266 http://www.debian.org/security/2008/dsa-1655 http://www.kernel.org/pub/linux/kernel/v2.6/Ch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 1CVE-2008-3889
https://notcve.org/view.php?id=CVE-2008-3889
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. Postfix versión 2.4 anteriores a la 2.4.9, versión 2.5 anteriores a la 2.5.5 y versión 2.6 anteriores a la 2.6-2000902, cuando se utiliza con el nucleo de Linux versión 2.6, muestra los descriptores del fichero epoll durante la ejecución de comandos que no son Postfix, permite a usuarios locales provocar una denegación de servicio (aplicación más lenta o finalización) mediante un comando especialmente construido, como se ha demostrado por un comando en un fichero .forward. • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://secunia.com/advisories/31716 http://secunia.com/advisories/31800 http://secunia.com/advisories/31982 http://secunia.com/advisories/31986 http://secunia.com/advisories/32231 http://security.gentoo.org/glsa/glsa-200809-09.xml http://securityreason.com/securityalert/4239 http://securitytracker.com/id?1020800 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311 http://www.mandriva.com/security/advisories?na • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 66%CPEs: 63EXPL: 0CVE-2008-3915 – kernel: nfsd: fix buffer overrun decoding NFSv4 acl
https://notcve.org/view.php?id=CVE-2008-3915
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. Desbordamiento del búfer en nfsd en el kernel de Linux anterior a 2.6.26.4, cuando NFSv4 está activado, permite a atacantes remotos realizar acciones con un impacto desconocido a través de vectores que están relacionados con la decodificación de un NFSv4 acl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=91b80969ba466ba4b915a4a1d03add8c297add3f http://lkml.org/lkml/2008/9/3/286 http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4 http://www.openwall.com/lists/oss-security/2008/09/04/18 http://www.openwall.com/lists/oss& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •