109 matches found
CVE-2006-1864
CVE-2006-1864: Directory traversal in smbfs (Linux kernel 2.6.16 and earlier) lets a local user escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences. Severity: CVSS v2 base 4.6 (Medium); vectors indicate LOCAL access with low complexity and partial confidentiality/integrit...
CVE-2006-2932
CVE-2006-2932 is a regression in the restore_all code path of the 4/4GB split support for non-hugemem kernels in Red Hat Enterprise Linux 4 (Desktop/Enterprise) that allows a local user to cause a denial of service (panic) via unspecified vectors. The issue is documented in Red Hat advisories RHS...
CVE-2006-1056
CVE-2006-1056 : A vulnerability in the Linux kernel (before 2.6.16.9) and FreeBSD on AMD64/7th–8th gen AMD processors causes FXSAVE/FXRSTOR to save/restore only certain x87 registers when an exception is pending. This can allow a local attacker to infer portions of the floating‑point state of oth...
CVE-2006-2935
CVE-2006-2935 affects the Linux kernel starting with 2.2.16 and later, where the dvd_read_bca function in the DVD handling code (drivers/cdrom/cdrom.c) assigns the wrong value to a length variable, enabling a local user to trigger a buffer overflow via a crafted USB Storage device and execute arb...
CVE-2006-0039
CVE-2006-0039 is a race condition in the Linux kernel 2.6.16 netfilter do_add_counters that can allow a local user with CAP_NET_ADMIN to trigger a buffer over-read in IPT_ENTRY_ITERATE, enabling read of kernel memory. Public advisories (Ubuntu USN-311-1, Red Hat RHSA-2006:0689, Debian DSA-1097/11...
CVE-2004-2660
CVE-2004-2660 is a vulnerability in the Linux kernel (2.6.x) where a memory leak in direct-io.c affects O_DIRECT write paths. Impact is local denial of service through memory consumption. The issue is fixed in the 2.6.10 update (as reflected by the ChangeLog-2.6.10 and related advisories); apply ...
CVE-2006-4538
CVE-2006-4538 describes a vulnerability in Linux kernel 2.6.17 and earlier on Itanium (IA64) and SPARC where a malformed ELF image can trigger cross-region memory mappings, allowing a local attacker to crash the system (denial of service). The root cause is in ELF handling that permits cross-regi...
CVE-2006-1527
CVE-2006-1527 affects the SCTP-netfilter code in the Linux kernel; an invalid SCTP chunk size can cause for_each_sctp_chunk to loop indefinitely, enabling a remote attacker to trigger a denial of service. The issue is in kernels prior to 2.6.16.13 and is addressed by the upstream 2.6.16.13 patch....
CVE-2006-3468
CVE-2006-3468 affects the Linux kernel 2.6.x when NFS and EXT3 are used. A remote attacker can trigger a denial of service by sending a crafted UDP packet containing a V2 lookup procedure that specifies a bad file handle (inode number). This triggers an error and causes the exported directory to ...
CVE-2006-3745
CVE-2006-3745 affects the SCTP implementation in Linux 2.6.x (before 2.6.17.10) and 2.4.x (up to 2.4.33). The vulnerability resides in sctp_make_abort_user and allows a local user to cause a denial of service (panic) and potentially gain root privileges via unspecified attack vectors. Connected s...
CVE-2006-4997
CVE-2006-4997 involves the Linux kernel ATM subsystem (clip_mkip in net/atm/clip.c). The issue allows a remote attacker to trigger a denial of service (panic) by causing the ATM subsystem to dereference memory of socket buffers after they have been freed. This is triggered by memory access patter...
CVE-2006-5619
The CVE-2006-5619 issue is a Linux kernel 2.6.x vulnerability (up to 2.6.18-stable) where the /proc/net/ip6_flowlabel path handling can trigger an infinite loop while searching for flowlabels, allowing local users to cause a denial of service (hang or oops). Affected components are the ip6_fl_get...
CVE-2006-2444
CVE-2006-2444 affects the Linux kernel SNMP NAT Netfilter processing. The vulnerability in snmp_trap_decode (kernel = 2.6.16.18) or applying vendor patches where applicable. No additional exploitation details are provided in the documents.
CVE-2006-3626
CVE-2006-3626 is a local-privilege-escalation flaw in the Linux kernel (affected: 2.6.17.4 and earlier) caused by a race in the proc filesystem via prctl(PR_SET_DUMPABLE) that can set /proc/self/environ to setuid root. Exploitation would require local access and is not described as remote. The is...
CVE-2006-4145
CVE-2006-4145 affects the Linux kernel UDF filesystem driver (2.6.17 and earlier). The issue allows a local user to trigger a hang or crash by performing operations on truncated files (illustrated via dd). Public documents in connected feeds confirm this CVE and indicate that updated kernel packa...
CVE-2006-4093
CVE-2006-4093 affects Linux kernel 2.x on PowerPC PPC970: HID0 attention enable at boot time can crash the kernel (denial of service). Vulnerable: 2.6.x up to 2.6.17.9 and 2.4.x up to 2.4.33.1. Exploitation details are not provided in the initial documents, but multiple advisories (e.g., RHSA, SU...
CVE-2006-4814
CVE-2006-4814 is a mincore-related Linux kernel vulnerability restricted to older kernels (before 2.4.33.6) where access to user space was not properly locked, potentially causing a system hang (deadlock). Public sources in connected advisories confirm this CVE as part of multiple kernel updates,...
CVE-2006-5751
CVE-2006-5751 concerns the Linux kernel (pre-2.6.18.4) where an integer overflow in get_fdb_entries (net/bridge/br_ioctl.c) allows a local user to trigger arbitrary code execution by supplying a large maxnum in an ioctl. The issue is rooted in kernel networking bridge ioctl handling and could ena...
CVE-2005-4605
CVE-2005-4605 concerns the Linux kernel procfs implementation. A signedness error in the proc_misc.c code (pre-2.6.15) allows a local attacker to read sensitive kernel memory by manipulating a signed value added to an unsigned value, disclosed via /proc interactions. Public reports document the a...
CVE-2006-1052
CVE-2006-1052 affects SELinux ptrace logic in SELinux for Linux 2.6.6. It allows local users with ptrace permissions to change the tracer SID to the SID of another process (local privilege impact). Public advisories (e.g., Debian DSA-1184-1/DSA-1184-2 and RHSA-2006:0575) indicate kernel updates m...
CVE-2006-1863
CVE-2006-1863 is a directory traversal vulnerability in CIFS on Linux 2.6.16 and earlier that allows a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences. The issue is mitigated by applying a kernel update (e.g., as per ChangeLog-2.6.16.11). Mode: C (detail...
CVE-2006-5823
CVE-2006-5823 is a Linux kernel issue affecting the cramfs file system in 2.6.x where malformed compressed data can trigger memory corruption, leading to a local-denial crash. Connected advisories (RHSA-2007:0436, RHSA-2007:0014, and corresponding openvas entries) enumerate the cramfs memory corr...
CVE-2006-6054
The CVE-2006-6054 issue affects the Linux kernel 2.6.x ext2 file system code, where a malformed ext2 stream can cause ext2_check_page to crash due to a length smaller than the minimum, enabling a local denial of service. Several connected advisories indicate this flaw was fixed in kernel updates ...
CVE-2006-6058
CVE-2006-6058 affects the Linux kernel 2.6.x up to 2.6.24 (including 2.6.18). Local users can cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in minix_bmap. The issue may involve an integer overflow or signedness error. The documented fix is a ker...
CVE-2006-2451
The CVE-2006-2451 issue affects Linux kernel 2.6.13 up to 2.6.17.4 inclusive, and 2.6.16 up to 2.6.16.24, where the suid_dumpable handling enables a local user to cause disk-based denial of service and potentially gain privileges via PR_SET_DUMPABLE when a core dump is created in a directory the ...
CVE-2006-6106
The CVE-2006-6106 entry describes several buffer overflows in the Bluetooth driver (net/bluetooth/cmtp/capi.c) of the Linux kernel, specifically in the cmtp_recv_interopmsg function. Affected products/versions include Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 up to 2.6.18.5, with 2.6.19.x also...
CVE-2006-6304
The CVE-2006-6304 issue affects Linux kernel 2.6.19 where do_coredump in fs/exec.c sets the O_EXCL flag but does not use it, enabling a context-dependent attacker to modify arbitrary files via a core-dump rewrite attack. A fix is available in the kernel changelog (2.6.19.1) and related advisories...
CVE-2006-3741
CVE-2006-3741 concerns the perfmonctl (sys_perfmonctl) system call in Linux kernels 2.4.x and 2.6.x prior to 2.6.18 on Itanium. The issue is an improper reference-count accounting for file descriptors, which can allow local users to exhaust file descriptors and cause a denial of service. The desc...
CVE-2005-3359
CVE-2005-3359 affects Linux kernel 2.6.x (atm module) where certain socket calls can produce inconsistent references counts on loadable protocol modules, enabling a local user to trigger a denial of service (panic). Publicly documented in Debian/DSA-1103-1 and Red Hat/CESA-RHSA-2006:0493 style ad...
CVE-2006-0742
CVE-2006-0742 affects the Linux kernel on IA-64 (Itanium) where the die_if_kernel function in arch/ia64/kernel/unaligned.c is compiled with the noreturn attribute. In kernels 2.6.x before 2.6.15.6, this can allow local users to trigger user faults that lead to a denial of service. The root cause ...
CVE-2006-1856
CVE-2006-1856 is a confirmed issue in the Linux kernel up to 2.6.8 where the readv and writev LSM hooks could be bypassed due to a missing file_permission check. The Debian advisory DSA-1184-2 and related distributions (e.g., Ubuntu USN-302-1) document this as one of several vulnerabilities fixed...
CVE-2006-5757
CVE-2006-5757 is a local privilege vulnerability in the Linux kernel (2.6.x) related to the __find_get_block_slow function within the ISO9660 filesystem. The issue allows a local user to trigger a denial of service (infinite loop) by mounting a crafted ISO9660 image containing malformed data stru...
CVE-2005-4811
CVE-2005-4811 concerns the Linux 2.6 kernel hugepage code (hugetlb.c). In certain configurations, a local user could trigger an mmap error before a prefault, causing an error in unmap_hugepage_area and potentially crash the system (local DoS). The connected advisories confirm this as a kernel fla...
CVE-2006-1528
CVE-2006-1528 affects the Linux kernel prior to 2.6.13. The vulnerability arises in the sg (SCSI generic) driver’s handling of memory-mapped I/O space during a dio transfer, allowing a local user to trigger a crash ( Denial of Service ). The connected documents confirm the issue is located in the...
CVE-2006-2071
CVE-2006-2071 affects Linux kernels 2.4.x and 2.6.x up to 2.6.16. It arises from a flaw in the mprotect handling that allowed a local user to grant write permission to a read-only attachment of a shared memory segment, bypassing IPC permissions and enabling modification of the attachment. Reporte...
CVE-2006-2448
Concrete details found: CVE-2006-2448 affects the Linux kernel on PowerPC, specifically versions before 2.6.16.21 and 2.6.17. The root cause is missing access_ok checks in PowerPC signal handling (signal_64.c, potentially signal_32.c). Impact as stated: local users could read arbitrary kernel mem...
CVE-2005-3356
CVE-2005-3356 is a kernel vulnerability in Linux 2.6.x where the mq_open system call can be tricked into decrementing an internal counter twice, potentially leading to a kernel panic and local denial of service. The connected documents describe the root cause as a faulty sequence in mntput/dentry...
CVE-2006-0744
CVE-2006-0744 affects the Linux kernel before 2.6.16.5. The issue arises from handling uncanonical return addresses on Intel EM64T CPUs, where an exception is reported in SYSRET instead of the next instruction, causing the kernel exception handler to run on the user stack with an incorrect GS. Im...
CVE-2006-2936
CVE-2006-2936 affects the ftdi_sio USB/serial driver in Linux kernels 2.6.x (up to at least 2.6.17). The issue lets local users trigger memory consumption DoS by writing more data to a serial port than the hardware can handle, causing queued data and potential resource exhaustion. Public referenc...
CVE-2006-4535
CVE-2006-4535 describes a local denial-of-service in the Linux kernel SCTP implementation where a socket with a specific SO_LINGER value can crash the kernel. Affected are kernel versions 2.6.17.10, 2.6.17.11 and 2.6.18-rc5 (and older kernels backported CVE-2006-3745 patches). Public sources (Red...
CVE-2006-6053
CVE-2006-6053 affects the Linux kernel 2.6.x: the ext3fs_dirhash function can crash the kernel via a malformed ext3 stream, enabling a local user to cause a denial of service. The issue is tied to the ext3 filesystem code in the 2.6.x series and is listed among kernel vulnerabilities addressed by...
CVE-2006-1066
CVE-2006-1066 is tied to the Linux kernel prior to 2.6.16 on x86_64 with preemption enabled. The vulnerability allows a local attacker to trigger a denial of service (oops) by using multiple ptrace tasks performing single steps, which can cause corruption of the DEBUG_STACK stack during the do_de...
CVE-2006-1343
The connected Debian advisory (DSA-1184-2) confirms CVE-2006-1343 as a local information-leak in the Linux 2.6.8 kernel (kernel-source-2.6.8), caused by an information leak in the getsockopt system call that can let a local user leak potentially sensitive memory to userspace. Affected architectur...
CVE-2006-5158
CVE-2006-5158 affects the Linux kernel’s NFS lockd (nlmclnt_mark_reclaim in clntlock.c). The connected advisories (RHSA-2007-0488, CESAs for RHEL/CentOS, SL) describe a vulnerability in NFS locking daemon that can cause a denial of service (deadlock) or kernel oops via NULL dereference, allowing ...
CVE-2006-4623
The vulnerability CVE-2006-4623 affects the Linux kernel DVB ULE decapsulation path: Unidirectional Lightweight Encapsulation (ULE) in dvb-core/dvb_net.c of the kernel 2.6.17.8. A remote attacker can cause a denial of service (crash) by sending a ULE packet with an SNDU length of 0. Public adviso...
CVE-2006-1525
CVE-2006-1525 affects the Linux kernel 2.6 series (before 2.6.16.8). The vulnerability arises in ip_route_input, where a local user can trigger a NULL pointer dereference by requesting a route for a multicast IP address, leading to a denial of service (panic). Public references in Debian/DSA advi...
CVE-2006-1857
The CVE-2006-1857 entry describes a buffer overflow in the SCTP implementation of the Linux kernel up to version 2.6.16.17. A remote attacker could trigger this via a malformed HB-ACK chunk, potentially causing a crash (DoS) and possibly executing arbitrary code. A fix is available in kernel 2.6....
CVE-2006-2934
CVE-2006-2934 is a kernel-level DoS in SCTP conntrack (netfilter) for Linux kernels 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23, where a crafted packet without chunks can trigger a value bug leading to a NULL dereference and crash. The connected advisories reference upstream kernel patches...
CVE-2006-5174
CVE-2006-5174 concerns the Linux kernel 2.6 copy_from_user() implementation on s390/s390x where a local user could read kernel memory due to improper clearing of a kernel buffer. Affected platform: Linux kernel 2.6 before 2.6.19-rc1 on s390. The issue is an information leak (partial confidentiali...
CVE-2006-0038
The CVE-2006-0038 issue is a local kernel vulnerability in Linux 2.6.x where arithmetic in netfilter’s do_replace() can overflow a buffer. Exploitation requires CAP_NET_ADMIN rights and is tied to virtualization environments (e.g., OpenVZ). The advisory notes that this can lead to arbitrary code ...