CVSS: 4.6EPSS: 0%CPEs: 84EXPL: 1CVE-2006-4814 – kernel Race condition in mincore can cause "ps -ef" to hang
https://notcve.org/view.php?id=CVE-2006-4814
The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. La función mincore en el núcleo de Linux anterior a 2.4.33.6 no bloquea adecuadamente el acceso al espacio del usuario, lo cual tiene impacto y vectores de ataque no especificados, posiblemente relativos a un bloqueo mortal. • https://github.com/tagatac/linux-CVE-2006-4814 http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://rhn.redhat.com/errata/RHSA-2007-0014.html http://secunia.com/advisories/23436 http://secunia.com/advisories/23609 http://secunia.com/advisories/23997 http://secunia.com/advisories/24098 http://secunia.com/advisories/24100 http://secunia.com/advisories/24206 http://secunia.com/advisories/24482 http://secunia.com/advisories/25691 http://secunia.com/adv • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 14%CPEs: 245EXPL: 0CVE-2006-6106
https://notcve.org/view.php?id=CVE-2006-6106
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. Múltiples desbordamientos de búfer en la función cmtp_recv_interopmsg en el controlador Bluetooth (net/bluetooth/cmtp/capi.c) en el kernel de Linux 2.4.22 hasta la versión 2.4.33.4 y 2.6.2 en versiones anteriores a 2.6.18.6 y 2.6.19.x, permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de mensajes CAPI con un valor grande para la longitud del campo (1) manu (fabricante) o (2) serial (número de serie). • http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.5 http://marc.info/?l=linux-kernel&m=116614741607528&w=2 http://marc.info/?l=linux-kernel&m=116648929829440&w=2 http://rhn.redhat.com/errata/RHSA-2007-0014.html http://secunia.com/advisories/23408 http://secunia.com/advisories/23427 http://secunia.com/advisories/23593 http://secunia.com/advisories/23609 http://secunia.com/advisories/23752 http://secunia.com/advisories/23997 http://secunia.com/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6304 – kernel: use flag in do_coredump()
https://notcve.org/view.php?id=CVE-2006-6304
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. La función do_coredump en fs/exec.c del Kernel Linux 2.6.19.1, marca la bandera O_EXCL pero no la usa, lo cual permite a atacantes dependientes del contexto modificar ficheros de su elección mediante un ataque de sobreescritura durante un volcado de memoria. • http://secunia.com/advisories/23349 http://support.avaya.com/css/P8/documents/100073666 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.1 http://www.securityfocus.com/bid/21591 http://www.trustix.org/errata/2006/0074 http://www.vupen.com/english/advisories/2006/5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7446 https://rhn.r • CWE-399: Resource Management Errors •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5871
https://notcve.org/view.php?id=CVE-2006-5871
smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. smbfs en el núcleo de Linux 2.6.8 y otras versiones, y 2.4.x anterior a 2.4.34, cuando las extensiones UNIX están habilitadas, ignora determinadas opciones de montaje (mount options), lo cual podría provocar que los clientes utilicen un uid, gid y una configuración de modos (mode settings) especificados por el servidor. • http://secunia.com/advisories/23361 http://secunia.com/advisories/23370 http://secunia.com/advisories/23395 http://secunia.com/advisories/25683 http://www.debian.org/security/2006/dsa-1233 http://www.novell.com/linux/security/advisories/2007_35_kernel.html http://www.securityfocus.com/bid/21523 http://www.us.debian.org/security/2006/dsa-1237 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10171 https://access.redhat.com/security/cve/CVE&# •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6333
https://notcve.org/view.php?id=CVE-2006-6333
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset. La función tr_rx en ibmtr.c para el núcleo de Linux 2.6.19 asigna la bandera (flag) wrong al campo ip_summed, lo cual permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) mediante paquetes artesanales que provocan que el núcleo interprete otro campo como offset. • http://secunia.com/advisories/23254 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=0d97e10ccac580e16d3dffbe4a9a88144360e64a%3Bhp=bfe59865b1dd50e5c4dbd4cefe506a31e1495a1a%3Bhb=ee28b0da1069ced1688aa9d0b7b378353b988321%3Bf=drivers/net/tokenring/ibmtr.c http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee28b0da1069ced1688aa9d0b7b378353b988321 http://www.securityfocus.com/bid/21490 http://www.vupen.com/english/advisories/2006/4907 •