CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2358 – kernel: dccp: sanity check feature length
https://notcve.org/view.php?id=CVE-2008-2358
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow. Un desbordamiento de enteros en la función dccp_feat_change en el archivo net/dccp/feat.c en el subsistema Datagram Congestion Control Protocol (DCCP) en el kernel de Linux versión 2.6.18, y versiones 2.6.17 hasta 2.6.20, permite a los usuarios locales alcanzar privilegios por medio de una longitud de funcionalidad no válida, lo que conlleva a un desbordamiento de búfer en la región heap de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://secunia.com/advisories/30000 http://secunia.com/advisories/30818 http://secunia.com/advisories/30849 http://secunia.com/advisories/30920 http://secunia.com/advisories/31107 http://www.debian.org/security/2008/dsa-1592 http://www.mandriva.com/security/advisories?name=MDVSA-2008:112 http://www.mandriva.com/security/advisories?name=MDVSA-2008:167 http://www.redhat.com/support/errata/RHSA-2008-0519.html& • CWE-189: Numeric Errors •
CVSS: 4.4EPSS: 0%CPEs: 116EXPL: 1CVE-2008-2137
https://notcve.org/view.php?id=CVE-2008-2137
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. Las funciones (1) sparc_mmap_check en arch/sparc/kernel/sys_sparc.c y (2) sparc64_mmap_check en arch/sparc64/kernel/sys_sparc.c, en el Kernel de Linux 2.6.25.3, omite ciertas validaciones de rangos de direcciones virtuales (también conocidas como span) cuando el bit nmap MAP_FIXED no está establecido, lo que permite a usuarios locales provocar una denegación de servicio (caída) a través de llamadas a nmpa sin especificar. • http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604 http://secunia.com/advisories/30368 http://secunia.com/advisories/30499 http://secunia.com/advisories/31107 http://www.debian.org/security/2008/dsa-1588 http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 http://www.securityfocus.com/bid/29397 http://www.securitytracker.com/id?1020119 http://www.ubuntu.com/usn/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 87%CPEs: 7EXPL: 0CVE-2008-2136 – kernel: sit memory leak
https://notcve.org/view.php?id=CVE-2008-2136
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. Fugas de memoria en la función ip6_rcv de net/ipv6/sit.c en el núcleo de Linux versiones anteriores a 2.6.25.3 permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria) a través de tráfico de red de una interfaz de túnel Simple Internet Transition (SIT), relacionado a las funciones pskb_may_pull y kfree_skb, y la gestión de una cuenta de referencia skb. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://marc.info/?l=linux-netdev&m=121031533024912&w=2 http://secunia.com/advisories/30198 http://secunia.com/advisories/30241 http://secunia.com/advisories/30276 http://secunia.com/advisories/30368 http://secunia.com/advisories/30499 http://secunia.com/advisories/30 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.6EPSS: 0%CPEs: 22EXPL: 0CVE-2008-2148 – kernel: fix permission checking in sys_utimensat
https://notcve.org/view.php?id=CVE-2008-2148
The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. Una llamada de sistema utimensat (sys_utimensat) en el Kernel de Linux versión 2.6.22 y otras versiones anteriores a 2.6.25.3, no comprueba los permisos de los archivos cuando son usadas ciertas combinaciones UTIME_NOW y UTIME_OMIT, lo que permite a los usuarios locales modificar los tiempos de archivos arbitrarios, posiblemente conllevando a una denegación de servicio. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f9dfda1ad0637a89a64d001cf81478bd8d9b6306 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://secunia.com/advisories/30198 http://secunia.com/advisories/30241 http://secunia.com/advisories/30818 http://secunia.com/advisories/31107 http://secunia.com/advisories/31628 http://wiki.rpath.com/wiki/Advisories:rPSA- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 304EXPL: 0CVE-2008-1669 – kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c
https://notcve.org/view.php?id=CVE-2008-1669
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." El kernel de Linux en versiones posteriores a la 2.6.25.2, no aplica determinados mecanismos de protección para la funcionalidad fcntl, la cual permite a usuarios locales (1) ejecutar código en paralelo o (2) explotar una condición de carrera (race condition) para obtener un “acceso re-ordenado a la tabla descriptor” • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30077 http://secunia.com/advisories/30101 http://secunia.com/advisories/30108 http://secunia.com/adv • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •