Page 941 of 5163 results (0.016 seconds)

CVSS: 4.9EPSS: 0%CPEs: 269EXPL: 3

CVE-2008-1514 – kernel: ptrace: Padding area write - unprivileged kernel crash

https://notcve.org/view.php?id=CVE-2008-1514

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference. El archivo arch/s390/kernel/ptrace.c en el kernel de Linux versión 2.6.9 y otras versiones anteriores a 2.6.27-rc6, en plataformas s390 permite a los usuarios locales causar una denegación de servicio (pánico del kernel) por medio de la prueba de relleno del área de usuario del testsuite de ptrace en modo de 31 bits, que desencadena una desreferencia no válida. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d6e48f43340343d97839eadb1ab7b6a3ea98797 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.6 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc6 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html http://rhn.redhat.com/errata/RHSA-2008-0972.html http://secunia.com/advisories/31826 http://secunia.com/advisories/32237 http://secunia.com/advisories/32 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-0731

https://notcve.org/view.php?id=CVE-2008-0731

The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. El núcleo de Linux versiones anteriores a 2.6.18.8-0.8 de SUSE openSUSE 10.2 no maneja apropiadamente los fallos del sistema llamado AppArmor change_hat, lo cual permite a atacantes disparar el no limitamiento de una tarea apparmored. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://secunia.com/advisories/28806 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 23EXPL: 5

CVE-2008-0009 – Linux Kernel 2.6.23 < 2.6.24 - 'vmsplice' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2008-0009

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. La función vmsplice_to_user en fs/splice.c del núcleo de Linux 2.6.22 hasta 2.6.24 no valida ciertos punteros en el espacio antes referenciados, lo cual permite a usuarios locales acceder a localizaciones de memoria del núcleo de su elección. • https://www.exploit-db.com/exploits/5093 https://www.exploit-db.com/exploits/5092 http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt http://secunia.com/advisories/28835 http://secunia.com/advisories/28896 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 http://www.securityfocus.com/archive/1/487982/100/0/threaded http://www.securityfocus.com/bid/27704 http://www.securityfocus.com/bid/27799 http://www.vupen.com/english/advisories/2008 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 104EXPL: 7

CVE-2008-0600 – Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2008-0600

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. La función vmsplice_to_pipe en el Kernel linux de la versión 2.6.17 a la 2.6.24.1 no valida ciertos espacios de memoria antes de referenciarlos, lo que permite a usuarios locales obtener privilegios de root/administrador a través de argumentos manipulados en una llamada al sistema del tipo vmsplice. Esta es una vulnerabilidad distinta de CVE-2008-0009 y CVE-2008-0010. • https://www.exploit-db.com/exploits/5092 https://www.exploit-db.com/exploits/5093 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://marc.info/?l=linux-kernel&m=120263652322197&w=2 http://marc.info/?l=linux-kernel&m=120264520431307&w=2 http://marc.info/?l=linux-kernel&m=120264773202422&w=2 http:&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 23EXPL: 4

CVE-2008-0010 – Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2008-0010

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. La copia de la función copy_from_user_mmap_semen fs/splice.c en kernel linux de la versión 2.6.22 a la 2.6.24, no valida ciertos referencias a punteros en memoria, que permite a usuarios locales leer espacios de memoria del kernel de su elección. • https://www.exploit-db.com/exploits/5092 https://www.exploit-db.com/exploits/5093 http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt http://secunia.com/advisories/28835 http://secunia.com/advisories/28875 http://secunia.com/advisories/28896 http://www.debian.org/security/2008/dsa-1494 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 http://www.securityfocus.com/archive/1/487982/100/0/threaded http://www.securityfocus.com/bid/27704 ht • CWE-20: Improper Input Validation •