CVE-2007-3740 – CIFS should honor umask
https://notcve.org/view.php?id=CVE-2007-3740
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. El sistema de archivos CIFS en kernel de Linux versiones anteriores a 2.6.22, cuando el soporte de extensión Unix está habilitado, no respeta la umask de un proceso, lo que permite a usuarios locales alcanzar privilegios. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://secunia.com/advisories/26760 http://secunia.com/advisories/26955 http://secunia.com/advisories/26978 http://secunia.com/advisories/27436 http://secunia.com/advisories/27747 http://secunia.com/advisories/27912 http://secunia.com/advisories/28806 http://secunia.com/advisories/29058 http://support.avaya.com/elmodocs2/security/ASA-200 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3848 – Privilege escalation via PR_SET_PDEATHSIG
https://notcve.org/view.php?id=CVE-2007-3848
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). El núcleo Linux 2.4.35 y otras versiones permite a usuarios locales enviar señales de su elección a un proceso hijo que está ejecutándose con privilegios mayores provocando que un proceso padre con setuid-root muera, lo cual envía desde un proceso padre controlado por el atacante una señal de muerte (PR_SET_PDEATHSIG). • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html http://marc.info/?l=bugtraq&m=118711306802632&w=2 http://marc.info/?l=openwall-announce&m=118710356812637&w=2 http://secunia.com/advisories/26450 http://secunia.com/advisories/26500 http://secunia.com/advisories/26643 http://secunia.com/advisories/26651 http://s •
CVE-2007-4308 – kernel: Missing ioctl() permission checks in aacraid driver
https://notcve.org/view.php?id=CVE-2007-4308
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. Las funciones (1) aac_cfg_open y (2) aac_compat_ioctl en la ruta ioctl de la capa SCSI en el núcleo de Linux anterior a 2.6.23-rc2 no comprueba los permisos para ioctls, lo cual podría permitir a usuarios locales provocar una denegación de servicio u obtener privilegios. • http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://lkml.org/lkml/2007/7/23/195 http://secunia.com/advisories/26322 http://secunia.com/advisories/26643 http://s •
CVE-2007-4311
https://notcve.org/view.php?id=CVE-2007-4311
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator. La función xfer_secondary_pool en el archivo drivers/char/random.c en el kernel de Linux versiones 2.4 anteriores a 2.4.35, realiza operaciones de reconfiguración solo en los primeros bytes de un búfer, lo que podría hacer mas fácil para los atacantes predecir la salida del generador de números aleatorios, relacionado con el uso incorrecto del operador sizeof. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=bd67d4c7b11cc33ebdc346bc8926d255b354cd64 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=faa3369ac2ea7feb0dd266b6a5e8d6ab153cf925 http://secunia.com/advisories/29058 http://www.debian.org/security/2008/dsa-1503 http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.6 http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35 http://www.securityfocus • CWE-310: Cryptographic Issues •
CVE-2007-3851 – i965 DRM allows insecure packets
https://notcve.org/view.php?id=CVE-2007-3851
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. El componente drm/i915 en el núcleo Linux anterior a 2.6.22.2, cuando se usa con el conjunto de chips (chipset) i965G y posteriores, permite a usuarios locales con acceso a una sesión X11 y al Direct Rendering Manager (DRM) escribir a posiciones de memoria de su elección y obtener privilegios mediante un búfer de ejecución por lotes (batchbuffer) manipulado. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2 http://secunia.com/advisories/26389 http://secunia.com/advisories/26450 http://secunia.com/advisories/26500 http://secunia.com/advisories/26643 http://secunia.com/advisories/26664 http://secunia.com/advisories/26760 http://secunia.com/advisories/27227 http://www.debian.org/security/2007/dsa-1356 http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 http://www.novell.com/linux/security/advisories/20 • CWE-399: Resource Management Errors •