72 matches found
CVE-2008-4609
CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...
CVE-2008-4395
CVE-2008-4395 concerns multiple buffer overflows in the ndiswrapper module for Linux kernel 2.6. The issue allows a remote attacker to execute arbitrary code by sending WLAN packets with long ESSIDs, effectively exploiting a vulnerability in ESSID handling. Connected advisories confirm affected d...
CVE-2008-2136
The CVE-2008-2136 entry affects the Linux kernel SIT driver: a memory leak in ipip6_rcv (net/ipv6/sit.c) can be triggered by network traffic to a SIT tunnel, due to improper skb handling (pskb_may_pull and kfree_skb) and skb reference count management. Vulnerable on Linux kernel 2.4 up to 2.4.36....
CVE-2008-1673
The CVE-2008-1673 vulnerability affects the Linux kernel ASN.1 BER decoding in CIFS and ip_nat_snmp_basic modules (and gxsnmp). Root cause: improper validation of ASN.1 BER lengths, enabling a remote attacker to crash the system or execute arbitrary code via: (1) a length greater than the working...
CVE-2008-5029
CVE-2008-5029 affects the Linux kernel 2.6.27.4, 2.6.26 and earlier via the __scm_destroy function in net/core/scm.c, which can cause indirect recursive calls when closing sockets after an SCM_RIGHTS message. This local DoS (panic) condition results from the kernel’s handling of UNIX domain socke...
CVE-2008-1669
Summary: CVE-2008-1669 affects the Linux kernel and arises from inadequate protection for fcntl in 2.6.x kernels prior to 2.6.25.2. The issue enables local users to (1) execute code in parallel and (2) trigger a race that can give re-ordered access to the descriptor table. Evidence in connected a...
CVE-2008-0007
CVE-2008-0007 affects the Linux kernel prior to 2.6.22.17. Certain drivers register a fault handler that does not perform proper range checks, allowing a local attacker to access kernel memory via an out-of-range offset. The MiracleLinux/Nessus entry confirms the issue and lists affected kernel v...
CVE-2008-5700
The CVE-2008-5700 entry concerns the Linux kernel Libata subsystem: it does not set minimum SG_IO timeouts, allowing local DoS via multiple SG_IO invocations. Connected docs (MiracleLinux AXSA advisories) explicitly list CVE-2008-5700 and state the issue affects kernel versions prior to 2.6.27.9,...
CVE-2008-4210
CVE-2008-4210 affects the Linux kernel prior to 2.6.22. fs/open.c does not properly strip setuid/setgid bits on writes, allowing local users to gain privileges of a different group and access sensitive information by creating an executable file in a setgid directory via truncate/ftruncate with me...
CVE-2008-5182
The connected Nessus advisory for MiracleLinux 3 (AXSA:2009-22:03) references CVE-2008-5182 in the inotify subsystem of the Linux kernel. Affected product: MiracleLinux 3 running kernel 2.6.18-53.21AXS3. Vulnerability type/root cause: a race condition related to inotify watch removal and unmount,...
CVE-2008-5300
CVE-2008-5300 affects the Linux kernel (example reference in CVE-2008-5300 entry) where local users can cause a denial of service by issuing a large number of sendmsg calls; the trigger is that AF_UNIX garbage collection does not block, leading to an OOM and process loss. The connected advisories...
CVE-2008-0600
CVE-2008-0600 affects the Linux kernel vmsplice_to_pipe flaw present in 2.6.17–2.6.24.1. It allows an unprivileged local user to gain root privileges via crafted vmsplice calls. Several Nessus advisories place this in the context of affected distributions (e.g., MiracleLinux, Oracle Linux/OracleV...
CVE-2008-3528
The CVE-2008-3528 entry concerns a DoS in the Linux kernel 2.6.26.5 lineages (fs/ext2/dir.c, fs/ext3/dir.c, and possibly fs/ext4/dir.c) where there is no limit on printk console messages reporting directory corruption. This enables physically proximate attackers to cause a temporary system hang b...
CVE-2008-4933
CVE-2008-4933: Buffer overflow in hfsplus_find_cat (fs/hfsplus/catalog.c) of the Linux kernel prior to 2.6.28-rc1. An invalid catalog namelength field in an hfsplus filesystem image can cause memory corruption and potentially a denial of service (memory corruption or system crash). Root cause cit...
CVE-2008-5079
CVE-2008-5079 affects the Linux kernel ATM subsystem, specifically net/atm/svc.c in 2.6.27.8 and earlier. A local attacker can cause a denial of service (kernel infinite loop) by performing two calls to svc_listen on the same socket and then reading a /proc/net/atm/*vc file, which relates to corr...
CVE-2008-3272
The CVE-2008-3272 issue affects the Linux kernel sound subsystem (sound/core/seq/oss/seq_oss_synth.c). The root cause is that snd_seq_oss_synth_make_info does not verify that the device number lies within the range defined by max_synthdev before returning data, enabling local users to leak sensit...
CVE-2008-5134
CVE-2008-5134 involves a buffer overflow in the libertas wireless driver (lbs_process_bss in drivers/net/wireless/libertas/scan.c) in the Linux kernel up to versions before 2.6.27.5. The vulnerability can be triggered by an invalid beacon or probe response from a remote wireless network, with an ...
CVE-2008-1375
CVE-2008-1375 describes a race condition in the Linux kernel’s directory notification subsystem (dnotify). It affects Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1. Successful exploitation could allow local users to cause a denial of service (OOPS) and possibly gain privileges vi...
CVE-2008-2812
CVE-2008-2812 affects the Linux kernel prior to 2.6.25.10, with NULL pointer dereferences in tty handling (notably in drivers/net/ such as hamradio, irda, ppp, slip, wan, and wireless components) potentially enabling local privilege escalation or a system crash. The issue arises from missing chec...
CVE-2008-0598
CVE-2008-0598 affects the Linux kernel 2.6.9, 2.6.18 (and likely other versions) via the 32-bit/64-bit emulation. The issue allows local attackers to read uninitialized memory through crafted binaries, indicating a local, unauthenticated attack with LOW complexity and complete confidentiality imp...
CVE-2008-3275
The CVE-2008-3275 issue affects the Linux kernel before 2.6.25.15, where the real_lookup and __lookup_hash functions in fs/namei.c fail to prevent creating a child dentry for a deleted (S_DEAD) directory. This enables a local attacker to trigger a denial of service by repeatedly creating files wi...
CVE-2007-4998
CVE-2007-4998 is a local, user‑assisted vulnerability in cp when preserving symlinks across multiple OSes. The issue allows an attacker to cause a race/symlink attack that can overwrite arbitrary files by crafting directories with multiple source files copied to the same destination. Multiple con...
CVE-2008-3525
Vulnerability (CVE-2008-3525) affects the Linux kernel 2.6.26.3 wan driver (sbni.c) where sbni_ioctl fails to perform CAP_NET_ADMIN checks before handling four ioctls (SIOCDEVRESINSTATS, SIOCDEVSHWSTATE, SIOCDEVENSLAVE, SIOCDEVEMANSIPATE). This permits a local user to bypass intended capability r...
CVE-2008-4554
CVE-2008-4554 affects the Linux kernel in the do_splice_from function (fs/splice.c). Before 2.6.27, it does not reject file descriptors with the O_APPEND flag, allowing a local attacker to bypass append mode and make arbitrary changes to other parts of a file. The vulnerability is tied to the ker...
CVE-2008-5713
The CVE-2008-5713 vulnerability affects the Linux kernel (pre-2.6.25) on SMP systems, where the __qdisc_run function in net/sched/sch_generic.c can be abused to cause a soft lockup/DoS by issuing a large volume of traffic (demonstrated with Netperf UDP_STREAM). Connected advisories note a mitigat...
CVE-2008-1514
CVE-2008-1514 affects the Linux kernel on IBM System z (s390) where a local user can cause a kernel panic via the 31‑bit ptrace padding test. The issue is in arch/s390/kernel/ptrace.c and occurs in kernels from 2.6.9 and in versions older than 2.6.27-rc6. The vulnerability arises from an invalid ...
CVE-2008-2931
The CVE-2008-2931 issue affects the Linux kernel (fs/namespace.c) prior to version 2.6.22, where do_change_type does not verify CAP_SYS_ADMIN, enabling a local user to gain privileges or cause a denial of service by modifying mountpoint properties. The vulnerability is documented across multiple ...
CVE-2008-3276
The CVE-2008-3276 flaw is an integer overflow in the Linux kernel’s DCCP stack (dccp_setsockopt_change in net/dccp/proto.c) affecting kernel versions 2.6.17-rc1 through 2.6.26.2. It allows remote attackers to trigger a denial of service (panic) via crafted Change L/Change R options when dccpsf_va...
CVE-2008-3915
CVE-2008-3915 is a buffer overflow in the Linux kernel’s nfsd when NFSv4 is enabled. The issue can allow remote triggering of a denial of service via crafted NFSv4 ACL decoding; affected are kernels older than 2.6.26.4. The Debian/Ubuntu advisories in the connected set reference this CVE among a ...
CVE-2008-4934
The CVE-2008-4934 issue affects the Linux kernel 2.6.x prior to 2.6.28-rc1 in the hfsplus code path. Specifically, hfsplus_block_allocate in fs/hfsplus/bitmap.c fails to verify the return value of read_mapping_page before invoking kmap, enabling a crafted hfsplus filesystem image to trigger a den...
CVE-2008-2826
The vulnerability CVE-2008-2826 is present in the Linux kernel prior to 2.6.25.9, where an integer overflow in sctp_getsockopt_local_addrs_old (net/sctp/socket.c) allows local users to trigger a denial of service through a large addr_num in the sctp_getaddrs_old structure. The issue is mitigated ...
CVE-2008-5025
CVE-2008-5025: Linux kernel before 2.6.28-rc1 suffers a stack-based buffer overflow in hfs_cat_find_brec() within fs/hfs/catalog.c when processing an HFS image with an invalid catalog namelength, enabling memory corruption or a system crash and a DoS. The MiracleLinux advisory and related OpenVAS...
CVE-2008-3527
CVE-2008-3527 affects the Linux kernel (arch/i386/sysenter/vDSO). The vulnerability stems from missing boundary checks in vDSO install_special_mapping, syscall, and syscall32_nopage in the Linux kernel prior to 2.6.21, permitting local users to gain privileges or cause a denial of service. Affect...
CVE-2008-3833
CVE-2008-3833 affects the Linux kernel up to version 2.6.18 (vulnerable in 2.6.18 and earlier) where generic_file_splice_write in fs/splice.c does not properly strip setuid/setgid bits on writes via splice to a file. This allows local users to gain privileges of a different group or access sensit...
CVE-2008-0001
CVE-2008-0001 affects the Linux kernel: VFS in kernels before 2.6.22.16 and 2.6.23.x before 2.6.23.14 tests access permissions using the flag variable instead of the acc_mode flag, potentially allowing a local, unprivileged user to bypass file-write permissions and remove directories. The issue i...
CVE-2008-3831
The CVE-2008-3831 entry concerns the i915 DRM driver in Linux kernel 2.6.24 (notable on Debian GNU/Linux) and OpenBSD. The root cause is that the DRM_I915_HWS_ADDR ioctl is not restricted to the DRM master due to the absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl configuration. Th...
CVE-2008-2358
The CVE-2008-2358 entry concerns the Linux kernel DCCP module: an integer overflow in dccp_feat_change within net/dccp/feat.c on kernels 2.6.17–2.6.20 and 2.6.18, enabling a local attacker to trigger a heap-based buffer overflow and gain privileges. Connected advisories reference this issue as pa...
CVE-2008-0010
CVE-2008-0010 concerns the Linux kernel vulnerability in copy_from_user_mmap_sem (fs/splice.c) affecting kernels 2.6.22 through 2.6.24. The root cause is a failure to validate a userspace pointer before dereferencing, which allows a local attacker to read from arbitrary kernel memory locations. A...
CVE-2008-2729
CVE-2008-2729 affects the Linux kernel before 2.6.19 on some AMD64 systems. The issue is in arch/x86_64/lib/copy_user.S where, after a kernel memory copy exception, destination memory locations aren’t erased, potentially letting a local user read residual data. Impact: local information disclosur...
CVE-2008-4576
CVE-2008-4576 affects the Linux kernel SCTP implementation prior to 2.6.25.18. A remote attacker can trigger a denial of service by sending an INIT-ACK that states the peer does not support AUTH, causing sctp_process_init to clean up active transports and, when the T1-Init timer expires, to trigg...
CVE-2007-6716
CVE-2007-6716 affects the Linux kernel before 2.6.23, where in the dio subsystem the file system’s direct-io path (fs/direct-io.c) may fail to zero out the dio struct. This can allow a local user to cause a denial of service (OOPS), as demonstrated by a fio test. The connected documents confirm t...
CVE-2008-0009
The CVE-2008-0009 entry is supported by connected documents: it affects Linux kernel 2.6.22–2.6.24 where vmsplice_to_user dereferences a userspace pointer without validation, enabling local access to kernel memory. The issue is a local privilege‑escalation vulnerability; remediation is associated...
CVE-2008-2372
CVE-2008-2372 affects the Linux kernel versions 2.6.24 and 2.6.25 before 2.6.25.9. The root cause is a lack of ZERO_PAGE optimization in get_user_pages, causing the allocation of many useless newly zeroed pages and enabling a local user to trigger a denial of service through memory exhaustion. Th...
CVE-2008-5702
CVE-2008-5702 concerns a buffer underflow in the Linux kernel watchdog driver IB700 SBC (ib700wdt.c) via the ibwdt_ioctl path. Affected software is the Linux kernel prior to 2.6.28-rc1; exploitation could occur through a WDIOC_SETTIMEOUT ioctl on /dev/watchdog by a local user. The Initial Descrip...
CVE-2007-6694
CVE-2007-6694 : A NULL pointer dereference in the CHRP PowerPC kernel code (chrp_show_cpuinfo in setup.c) may be triggered when of_get_property fails, potentially enabling a local denial-of-service (crash) on Linux kernel 2.4.21–2.6.18-53 running on PowerPC. Connected advisories (RHSA/ELSA) indic...
CVE-2008-2365
CVE-2008-2365 describes a race condition in Linux kernel ptrace/utrace support (kernel 2.6.9–2.6.25) used by RHEL4. A local user can cause a denial of service (oops) by issuing a long sequence of PTRACE_ATTACH calls that trigger a conflict between utrace_detach and report_quiescent due to a late ...
CVE-2008-5701
CVE-2008-5701 is a Linux kernel local denial-of-service vulnerability on 64-bit MIPS platforms caused by an array index error in arch/mips/kernel/scall64-o32.S. It affects kernel versions prior to 2.6.28-rc8, where an o32 syscall with a small number can trigger an out-of-bounds access to the sysc...
CVE-2008-5033
The CVE-2008-5033 issue affects the Linux kernel: the chip_command function in drivers/media/video/tvaudio.c is vulnerable in 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3, enabling a denial of service via NULL function pointer dereference (OOPS). Patches are r...
CVE-2008-3792
CVE-2008-3792 affects the Linux kernel SCTP path: net/sctp/socket.c does not verify that the SCTP-AUTH extension is enabled before invoking SCTP-AUTH API functions. This can cause a denial of service (NULL pointer dereference/panic) via calls such as sctp_setsockopt_auth_chunk, sctp_setsockopt_hm...
CVE-2008-2137
The CVE-2008-2137 entry describes a Linux kernel vulnerability in the SPARC/SPARC64 mmap checks. Affected are Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, where sparc_mmap_check (arch/sparc/kernel/sys_sparc.c) and sparc64_mmap_check (arch/sparc64/kernel/sys_sparc.c) omit some virtual...