CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0163
https://notcve.org/view.php?id=CVE-2008-0163
Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. Linux kernel 2.6, cuando usa vservers, permite a usuarios locales acceder a recursos de otros vservers a través de un ataque de enlaces simbólicos en /proc. • http://secunia.com/advisories/28875 http://www.debian.org/security/2008/dsa-1494 http://www.securityfocus.com/bid/27704 http://www.securityfocus.com/bid/27798 https://exchange.xforce.ibmcloud.com/vulnerabilities/40486 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0007 – kernel: insufficient range checks in fault handlers with mremap
https://notcve.org/view.php?id=CVE-2008-0007
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. Núcleo de Linux versiones anteriores a 2.6.22.17, cuando se usan ciertos controladores que registran un error en el manejador, que no realiza comprobaciones de rango, permite a usuarios locales acceder a la memoria del núcleo a través de un desplazamiento fuera de rango. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://lkml.org/lkml/2008/2/6/457 http://secunia.com/advisories/28806 http://secunia.com/advisories/28826 http://secunia.com/advisories/29058 http://secunia.com/advisories/29570 http://secunia.com/advisories/30018 http://secunia.com/advisories/30110 http://sec • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 317EXPL: 0CVE-2007-6694 – /proc/cpuinfo DoS on some ppc machines
https://notcve.org/view.php?id=CVE-2007-6694
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. La función chrp_show_cpuinfo (chrp/setup.c) en Linux kernel 2.4.21 hasta 2.6.18-53, cuando funciona sobre PowerPC, podría permitir a usuarios locales provocar denegación de servicio (caida) a través de vectores desconocidos que hacen que la función of_get_property falle, lo cual dispara un puntero de referencia NULL. • http://marc.info/?l=linux-kernel&m=119576191029571&w=2 http://rhn.redhat.com/errata/RHSA-2008-0055.html http://secunia.com/advisories/28696 http://secunia.com/advisories/28748 http://secunia.com/advisories/29058 http://secunia.com/advisories/29236 http://secunia.com/advisories/30018 http://secunia.com/advisories/30515 http://secunia.com/advisories/30769 http://www.debian.org/security/2008/dsa-1503 http://www.debian.org/security/2008/dsa-1504 http://www.debian&# • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 30EXPL: 1CVE-2008-0352 – Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0352
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). El núcleo de Linux 2.6.20 hasta 2.6.21.1 permite a atacantes remotos provocar una denegación de servicio (error irrecuperable del sistema) mediante cierto paquete IPv6, posiblemente implicando la opción Jumbo Payload salto a salto (jumbogram). • https://www.exploit-db.com/exploits/4893 http://bugzilla.kernel.org/show_bug.cgi?id=8450 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2 https://exchange.xforce.ibmcloud.com/vulnerabilities/39643 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.6EPSS: 0%CPEs: 234EXPL: 0CVE-2008-0001 – kernel: filesystem corruption by unprivileged user via directory truncation
https://notcve.org/view.php?id=CVE-2008-0001
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. VFS en el kernel de Linux versiones anteriores a 2.6.22.16 y versiones 2.6.23.x anteriores a 2.6.23.14, realiza pruebas de modo de acceso mediante el uso de la variable flag en lugar de la variable acc_mode, lo que podría permitir a usuarios locales omitir los permisos previstos y eliminar directorios. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=974a9f0b47da74e28f68b9c8645c3786aa5ace1a http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0055.html http://secunia.com/advisories/28485 http://secunia.com/advisories/28558 http://secunia.com/advisories/28626& •