CVSS: 6.1EPSS: 4%CPEs: 252EXPL: 0CVE-2007-2876 – nf}_conntrack_sctp: remotely triggerable NULL ptr dereference
https://notcve.org/view.php?id=CVE-2007-2876
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. La función sctp_new en (1) ip_conntrack_proto_sctp.c y (2) nf_conntrack_proto_sctp.c en Netfilter en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, permite a atacantes remotos provocar denegación de servicio provocando ciertos estados no válidos que disparan un puntero NULL referenciado. • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 http://marc.info/?l=linux-kernel&m=118128622431272&w=2 http://osvdb.org/37112 http://rhn.redhat.com/errata/RHSA-2007-0488.html http://secunia.com/advisories/25838 http://secunia.com/advisories/25961 http://secunia.com/advisories/26133 http://secunia.com/advisories/26139 http://secunia.com/advisories/26289 http://secunia.com/advisories/26450 http://secunia.com/advisories/26620 http://secunia.com/advisories/ •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2875 – cpuset information leak
https://notcve.org/view.php?id=CVE-2007-2875
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. Desbordamiento inferior de entero en la función cpuset_tasks_read en el Kernel de Linux anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, cuando el sistema de archivos cpuset está montado, permite a usuarios locales obtener contenido de memoria local utilizando un desplazamiento (offset) largo cuando se lee el archivo /dev/cpuset/tasks. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541 http://osvdb.org/37113 http://secunia.com/advisories/26133 http://secunia.com/advisories/26139 http://secunia.com/advisories/26620 http://secunia.com/advisories/26647 http://secunia.com/advisories/26760 http://secunia.com/advisories/27227 http://www.debian.org/security/ • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 1%CPEs: 197EXPL: 0CVE-2007-2451
https://notcve.org/view.php?id=CVE-2007-2451
Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en drivers/crypto/geode-aes.c en GEOCE-AES en el núcleo de Linux anterior a 2.6.21.3 permite a atacantes obtener información sensible a través de vectores no especificados. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.3 http://lwn.net/Articles/235711 http://osvdb.org/35925 http://secunia.com/advisories/25398 http://secunia.com/advisories/25596 http://www.securityfocus.com/bid/24150 http://www.ubuntu.com/usn/usn-470-1 http://www.vupen.com/english/advisories/2007/1987 https://exchange.xforce.ibmcloud.com/vulnerabilities/34545 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2007-2878 – Linux Kernel 2.6.x - VFat Compat IOCTLS Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-2878
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. Las llamadas ioctl VFAT compat en el núcleo de Linux anterior a 2.6.21.2, cuando se ejecuta en un sistema de 64 bits, permite a usuarios locales corromper una estructura kernel_dirent y provocar una denegación de servicio (caída del sistema) a través de vectores no especificados. • https://www.exploit-db.com/exploits/30080 http://osvdb.org/35926 http://secunia.com/advisories/25505 http://secunia.com/advisories/26133 http://secunia.com/advisories/26139 http://secunia.com/advisories/26760 http://secunia.com/advisories/27436 http://secunia.com/advisories/27747 http://secunia.com/advisories/28626 http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm http://www.debian.org/security/2008/dsa-1479 http://www.kernel.org/pub/linux/kernel/v2. •
CVSS: 1.2EPSS: 0%CPEs: 252EXPL: 0CVE-2007-2453 – /dev/random broken
https://notcve.org/view.php?id=CVE-2007-2453
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. La característica de número aleatorio en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, (1) no rellena adecuadamente la quiniela cuando no hay entropia, o (2) utiliza un rango incorrecto cuando extrae entropia, lo cual podría provocar que el generado de número aleatorios devuelva los mismos valores después de reiniciar el sistema sin una fuente de entropia. • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 http://marc.info/?l=linux-kernel&m=118128622431272&w=2 http://osvdb.org/37114 http://secunia.com/advisories/25596 http://secunia.com/advisories/25700 http://secunia.com/advisories/25961 http://secunia.com/advisories/26133 http://secunia.com/advisories/26139 http://secunia.com/advisories/26450 http://secunia.com/advisories/26620 http://secunia.com/advisories/26664 http://www.debian.org/security/2007/dsa-1356& •