504783 : Vulnerable Version Of Linux

Risk 5 : Miscellaneous

A remote attacker could execute arbitrary code, cause information disclosure, or cause a denial of service.  The Linux kernel is released under the GNU General Public License version 2 (GPLv2) and developed by contributors worldwide. The Linux kernel is used by a family of Unix-like operating systems.

"mmap()" and "mremap()" Multiple Denial of Service Vulnerabilities

02/19/10 CVE 2010-0291 The Linux kernel before 2.6.32.4 is prone to multiple denial-of-service vulnerabilities when mapping memory addresses. Local attackers may leverage these issues to crash the kernel and deny service to legitimate users. Other attacks may also be possible.

Linux Kernel ipv6_hop_jumbo() Remote Denial of Service Vulnerability

02/09/10 CVE 2010-0006 The Linux kernel before 2.6.32.4, when network namespaces are enabled, is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Linux Kernel fasync_helper() Local Privilege Escalation Vulnerability

02/09/10 CVE 2009-4141 Linux kernel before 2.6.33-rc4-git1 is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges.

Linux Kernel ebtables Security Bypass Vulnerability

01/29/10 CVE 2010-0007 The Linux kernel before 2.6.33-rc4 is prone to a security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and set or modify ebtables rules.

Linux Kernel print_fatal_signal() Local Information Disclosure Vulnerability

01/29/10 CVE 2010-0003 The Linux kernel before 2.6.32.4 is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Denial-of-service attacks are also possible.

Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability

01/21/10 CVE 2009-4537 Linux Kernel 2.6.32.3 and prior are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to deny service to legitimate users.

Linux Kernel fuse_ioctl_copy_user() Local Denial of Service Vulnerability

01/19/10 CVE 2009-4410 Linux Kernel before 2.6.31 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the affected kernel to panic and stop responding, denying service to legitimate users.

Linux Kernel drivers/firewire/ohci.c NULL Pointer Dereference Denial of Service Vulnerability

01/11/10 CVE 2009-4138 Linux Kernel before 2.6.32-git9 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel Ext4 move extents ioctl Local Privilege Escalation Vulnerability

01/11/10 CVE 2009-4131 Linux Kernel before 2.6.32-git6 is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary code with kernel-level privileges and launch other attacks.

Linux Kernel KVM handle_dr() Local Denial of Service Vulnerability

01/05/10 CVE 2009-3722 Linux Kernel before 2.6.31.1 is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM) subsystem. Attackers in guest systems can exploit this issue to crash the affected host system, denying service to legitimate users.

Linux Kernel ip_frag_reasm() Null Pointer Deference Remote Denial of Service Vulnerability

01/05/10 CVE 2009-1298 Linux Kernel before 2.6.31.6 is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference error. An attacker may exploit this issue to crash the affected computer, denying service to legitimate users.

Linux Kernel net/mac80211/ Multiple Remote Denial of Service Vulnerabilities

12/22/09 CVE 2009-4026 CVE 2009-4027 Linux kernel before 2.6.32-rc8 is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause a kernel panic, denying service to legitimate users.

Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability

12/22/09 CVE 2009-4031 Linux kernel before 2.6.32-rc8 is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM). Local attackers can exploit this issue to cause excessive scheduling latency, denying service to legitimate users.

Linux Kernel drivers/char/n_tty.c NULL Pointer Dereference Denial of Service Vulnerability

12/22/09 The Linux kernel 2.6.32-rc7 and prior are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel fuse_direct_io() Invalid Pointer Dereference Local Denial of Service Vulnerability

12/18/09 CVE 2009-4021 Linux kernel before 2.6.32-rc7 is prone to a local denial-of-service vulnerability that stems from an invalid pointer dereference. Attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

Linux Kernel drivers/scsi/gdth.c Local Privilege Escalation Vulnerability

12/18/09 CVE 2009-3080 Linux kernel before 2.6.32-rc8 is prone to a local privilege-escalation vulnerability that is caused by an array index error. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges.

Linux Kernel fput() NULL Pointer Dereference Local Denial of Service Vulnerability

12/10/09 CVE 2009-3888 Linux kernel before 2.6.31.6 is prone to a local denial-of-service vulnerability that stems from a NULL-pointer dereference. Attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

Linux Kernel nfs4_proc_lock() Local Denial of Service Vulnerability

12/10/09 CVE 2009-3726 Linux kernel before 2.6.31-rc4 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the kernel to panic, denying service to legitimate users.

Linux Kernel pipe.c Local Privilege Escalation Vulnerability

12/02/09 CVE 2009-3547 Linux kernel before 2.4.37.7 and 2.6.32-rc6 is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers.

Linux Kernel unix_stream_connect() Local Denial of Service Vulnerability

11/16/09 CVE 2009-3621 The Linux kernel 2.6.31.4 and prior are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the affected kernel to stop responding, denying service to legitimate users.

Linux Kernel net/ax25/af_ax25.c Local Denial of Service Vulnerability

11/11/09 CVE 2009-2909 The Linux kernel before 2.6.31.2 is prone to a local denial-of-service vulnerability because it fails to properly verify signedness of a user-supplied value. Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability

11/11/09 CVE 2009-2908 The Linux kernel before 2.6.31.2 is prone to a local denial-of-service vulnerability in the eCryptfs component. Attackers can exploit this issue to corrupt memory, resulting in a denial-of-service condition.

Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability

11/03/09 CVE 2009-3290 The Linux Kernel before 2.6.31 is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM). Attackers can exploit this issue to crash a guest kernel or potentially gain read or write access to guest kernel memory.

Linux Kernel O_EXCL NFSv4 Privilege Escalation Vulnerability

10/28/09 CVE 2009-3286 The Linux Kernel before 2.6.19-rc6 is prone to a privilege-escalation vulnerability. Local attackers may be able to exploit this issue to execute arbitrary code with the privileges of another user and compromise the affected computer.

Linux Kernel find_ie() Function Remote Denial of Service Vulnerability

10/28/09 CVE 2009-3280 The Linux Kernel 2.6.31-rc7 and prior are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the kernel to end up in an infinite loop, denying service to legitimate users.

Linux Kernel perf_counter_open() Local Buffer Overflow Vulnerability

10/28/09 CVE 2009-3234 The Linux Kernel 2.6.31-rc7 and prior are prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Local attackers may be able to exploit this issue to run arbitrary code with elevated privileges.

Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability

10/21/09 CVE 2009-2903 The Linux Kernel before 2.6.31.4 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a memory leak, denying service to legitimate users.

Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities

10/09/09 The Linux kernel is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks.

Linux Kernel drivers/scsi/sg.c NULL Pointer Dereference Denial of Service Vulnerability

10/09/09 CVE 2009-3288 The Linux kernel 2.6.28-rc1 through 2.6.31-rc8 are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel Multiple Protocols Local Information Disclosure Vulnerabilities

09/18/09 The Linux kernel before 2.6.31-rc7 is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks.

Linux Kernel drivers/char/tty_ldisc.c NULL Pointer Dereference Denial of Service Vulnerability

09/18/09 CVE 2009-3043 The Linux kernel before 2.6.31-rc8 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel net/llc/af_llc.c Local Information Disclosure

09/10/09 CVE 2009-3001 The Linux kernel 2.6.31 -rc7 and prior are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Linux Kernel cmp_ies Remote Null Pointer Dereference Vulnerability

09/10/09 CVE 2009-2844 The Linux Kernel from 2.6.30-rc1 through 2.6.30.4 are prone to a remote NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the system, denying service to legitimate users.

Linux Kernel udp_sendmsg MSG_MORE Flag Local Privilege Escalation

09/10/09 CVE 2009-2698 The Linux kernel before 2.6.19 is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Linux Kernel binfmt_flat.c NULL Pointer Dereference Denial of Service Vulnerability

09/01/09 CVE 2009-2768 The Linux kernel 2.6.31 -rc3 and prior are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel sock_sendpage() NULL Pointer Dereference Vulnerability

09/01/09 CVE 2009-2692 The Linux kernel is prone to a local NULL-pointer dereference vulnerability. A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users. Versions prior to the Linux kernel 2.4.37.5 and 2.6.31-rc6 are vulnerable.

Linux Kernel posix-timers.c NULL Pointer Dereference Denial of Service Vulnerability

08/27/09 CVE 2009-2767 The Linux Kernel before 2.6.31-rc5-git3 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel fs/proc/base.c Local Information Disclosure Vulnerability

08/27/09 CVE 2009-2691 The Linux Kernel 2.6.31 -rc3 and prior are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Linux Kernel clear_child_tid() Local Denial of Service Vulnerability

08/21/09 CVE 2009-2848 The Linux Kernel 2.6.31 -rc3 and prior are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to corrupt memory, resulting in a denial-of-service condition.

Linux Kernel eCryptfs parse_tag_11() Remote Stack Buffer Overflow Vulnerability

08/19/09 CVE 2009-2406 The Linux Kernel before 2.6.30.4 is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue affects the eCryptfs filesystem. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.

Linux Kernel SGI GRU Driver Off By One Vulnerability

08/13/09 CVE 2009-2584 The Linux kernel 2.6.30.2 and prior are prone to an off-by-one vulnerability that may allow attackers to trigger a denial-of-service condition. This issue affects the SGI GRU driver.

Linux Kernel tun_chr_pool() NULL Pointer Dereference Vulnerability

08/13/09 CVE 2009-1897 The Linux kernel 2.6.30.1 and prior are prone to a local NULL-pointer dereference vulnerability. A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

Linux Kernel PER_CLEAR_ON_SETID Incomplete Personality List Access Validation Weakness

08/07/09 CVE 2009-1895 The Linux kernel 2.6.30.1 and prior are prone to an unauthorized-access weakness because of an error in the definition of the PER_CLEAR_ON_SETID personalities mask, which is defined in the 'include/linux/personality.h' source file. An attacker can exploit this issue to perform unsafe operations on a vulnerable computer, which may aid in further attacks.

Linux Kernel ptrace_start() And do_coredump() Deadlock Local Denial of Service Vulnerability

08/04/09 CVE 2009-1388 The Linux kernel 2.6.18 and prior are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause a deadlock in the kernel, resulting in a denial-of-service condition.

Linux Kernel kvm_arch_vcpu_ioctl_set_sregs() Local Denial of Service Vulnerability

07/29/09 CVE 2009-2287 The Linux kernel before 2.6.30.1 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to lock kernel resources, resulting in a denial-of-service condition.

Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability

07/09/09 CVE 2009-1389 The Linux kernel before 2.6.30 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the system, denying service to legitimate users.

Linux Kernel splice(2) Double Lock Local Denial of Service Vulnerability

06/26/09 CVE 2009-1961 The Linux kernel before 2.6.30-rc3, 2.6.29.4, and 2.6.27.24, is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause an affected process to hang, denying service to legitimate users.

Linux Kernel e1000/e1000_main.c Remote Denial of Service Vulnerability

06/26/09 CVE 2009-1385 The Linux kernel before 2.6.30-rc8 is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue via crafted packets to cause a kernel panic, denying service to legitimate users.

Linux Kernel CIFS String Conversion Multiple Vulnerabilities

06/03/09 The Linux Kernel before 2.6.30-rc5 is prone to multiple vulnerabilities affecting the CIFS (Common Internet File System) implementation. Successfully exploiting these issues may allow remote attackers to execute arbitrary code with kernel-level privileges, resulting in the complete compromise of affected computers.

Linux Kernel NFS MAY_EXEC Security Bypass Vulnerability

06/03/09 CVE 2009-1630 The Linux kernel before 2.6.30-rc3 is prone to a security-bypass vulnerability that affects the NFS (Network File System) implementation. An attacker can exploit this issue to perform privileged operations on a vulnerable computer.

Linux Kernel ptrace_attach() Local Privilege Escalation Vulnerability

05/25/09 CVE 2009-1527 The Linux kernel before 2.6.30-rc4 is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Linux Kernel CAP_FS_SET Incomplete Capabilities List Access Validation Vulnerability

05/20/09 The Linux Kernel is prone to an unauthorized-access vulnerability because of an error in the definition of the CAP_FS_SET capabilities mask. This issue has been demonstrated to impact the NFS and VFS filesystems; other applications or kernel components may provide additional attack vectors.

Linux Kernel drivers/char/agp/generic.c Local Information Disclosure Vulnerability

05/20/09 CVE 2009-1192 The Linux kernel before 2.6.30-rc3 is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Linux Kernel inet6_hashtables.c NULL Pointer Dereference Denial of Service Vulnerability

05/14/09 CVE 2009-1360 The Linux kernel before 2.6.29 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel kill_something_info() Local Denial of Service Vulnerability

05/14/09 CVE 2009-1338 The Linux kernel 2.6.24 through 2.6.27.12 are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to signal all processes on the affected computer, resulting in a denial-of-service condition.

Linux Kernel CIFS decode_unicode_ssetup Remote Buffer Overflow Vulnerability

05/06/09 CVE 2009-1633 The Linux kernel 2.6.29.1 and prior are to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.

Linux Kernel CIFS Remote Buffer Overflow Vulnerability

04/28/09 CVE 2009-1439 The Linux kernel 2.6.29.1 and prior are prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Linux Kernel ecryptfs_write_metadata_to_contents() Information Disclosure Vulnerability

04/08/09 CVE 2009-0787 The Linux kernel before 2.6.28.9 is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using it in a user-accessible operation. Successful exploits will allow attackers to view portions of kernel memory.

Linux Kernel /proc/net/rt_cache Remote Denial of Service

04/01/09 CVE 2009-0778 The Linux kernel before 2.6.25 is prone to a remote denial-of-service vulnerability because it fails to properly flush the '/proc/net/rt_cache' file under some conditions. Attackers can exploit this issue to cause the kernel to fail to respond to network traffic, denying service to legitimate users.

Linux Kernel nfsd CAP_MKNOD Security Bypass

03/24/09 CVE 2009-1072 A security bypass vulnerability exists in Linux Kernel. The vulnerability is due to an insecure design in Linux kernel when handling the NFS request, MKNOD. By sending a crafted NFS MKNOD request to a target system, a remote attacker can leverage this vulnerability to create a device on a target system.

Linux Kernel /ipc/shm.c Local Denial of Service Vulnerability

03/24/09 CVE 2009-0859 The Linux kernel before 2.6.28.5 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the Linux kernel to lock up, resulting in a denial-of-service condition.

Linux Kernel seccomp System Call Security Bypass Vulnerability

03/17/09 CVE 2009-0835 The Linux kernel 2.6.8.6 and prior are prone to a local security-bypass vulnerability. A local attacker may be able to exploit this issue to bypass access control and make restricted system calls, which may result in an elevation of privileges.

Linux Kernel Audit System audit_syscall_entry() System Call Security Bypass Vulnerability

03/17/09 CVE 2009-0834 The Linux kernel 2.6.8.6 and prior are prone to a local security-bypass vulnerability. A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.

Linux Kernel Cloned Process CLONE_PARENT Local Origin Validation Weakness

03/17/09 CVE 2009-0028 The Linux kernel 2.6.8.6 and prior are prone to an origin-validation weakness when dealing with signal handling. This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process. A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition.

Linux Kernel sock.c SO_BSDCOMPAT Option Information Disclosure Vulnerability

03/11/09 CVE 2009-0676 The Linux kernel before 2.6.28.6 is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using it in a user-accessible operation. Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Linux Kernel Kprobe Memory Corruption Vulnerability

03/03/09 CVE 2009-0605 The Linux kernel before 2.6.28.5 is prone to a memory-corruption vulnerability because of a design flaw in the Kprobe system. Local attackers could exploit this issue to cause denial-of-service conditions.

Linux Kernel Console Selection Local Privilege Escalation Vulnerability

02/27/09 CVE 2009-1046 The Linux kernel before 2.6.28.4 is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Linux Kernel inotify_read() Local Denial of Service Vulnerability

02/27/09 CVE 2009-0935 The Linux kernel before 2.6.28.3 is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause an oops condition in the Linux kernel, which may cause a denial of service.

Linux Kernel make_indexed_dir() Local Denial of Service Vulnerability

02/27/09 The Linux kernel before 2.6.27.14 is prone to a local denial-of-service vulnerability because it fails to properly handle malformed filesystem images. Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Note that to exploit this issue, attackers must be able to mount appropriate filesystem types, which may require membership in a privileged group or root access.

Linux Kernel inotify Local Privilege Escalation Vulnerability

02/24/09 CVE 2008-5182 The Linux kernel before 2.6.28-rc5 is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Linux Kernel dell_rbu Local Denial of Service Vulnerabilities

02/16/09 CVE 2009-0322 The Linux kernel before 2.6.28.2 is prone to two denial-of-service vulnerabilities. A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

Linux Kernel readlink Local Privilege Escalation Vulnerability

02/16/09 CVE 2009-0269 The Linux kernel before 2.6.28.1 is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash the affected kernel, denying service to legitimate users.

Linux Kernel keyctl_join_session_keyring() Denial of Service Vulnerability

02/06/09 CVE 2009-0031 The Linux kernel before 2.6.29-rc2-git1 is prone to a denial-of-service vulnerability because it fails to manage memory in a proper manner. Attackers can exploit this issue to cause a crash by exhausting memory resources.

Linux Kernel sys_remap_file_pages() Local Privilege Escalation Vulnerability

01/28/09 CVE 2009-0024 The Linux kernel before 2.6.24.1 is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful exploit will result in the complete compromise of affected computers.

Linux Kernel locks_remove_flock() Local Race Condition Vulnerability

01/28/09 CVE 2008-4307 The Linux kernel before 2.6.25.6 is prone to a local race-condition vulnerability because it fails to properly handle POSIX locks. A local attacker may exploit this issue to crash the computer or gain elevated privileges.

Linux Kernel FWD-TSN Chunk Remote Buffer Overflow Vulnerability

01/12/09 CVE 2009-0065 The Linux kernel 2.6.28 and prior are prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Linux Kernel ib700wdt.c Buffer Underflow Vulnerability

01/05/09 CVE 2008-5702 The Linux kernel before 2.6.28-rc1 is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.

qdisc_run Denial of Service

12/26/08 CVE 2008-5713 A vulnerability exists in the qdisc_run function on kernels prior to 2.6.25 that allows a local user to send large amounts of data in UDP stream mode which causes a denial of service.

Minimum Time SG_IO Denial of Service

12/26/08 CVE 2008-5700 Linux kernels prior to 2.6.27.9 do not set minimum times for SG_IO requests. This allows local users to cause a denial of service by running multiple instances of an unspecified test program.

Linux Kernel ac_ioctl() Local Buffer Overflow

12/26/08 Linux Kernels prior to 2.6.28-rc1 are vulnerable to a denial of service caused by inadequate boundary checking on user supplied data. Local users may be able to exploit this to crash the system or run arbitrary code.

ATM vcc Table Corruption Denial of Service

12/26/08 CVE 2008-5079 Systems running kernels 2.6.27.8 or lower are vulnerable to a denial of service when a local user makes two svc_listen calls for the same socket followed by reading a /proc/net/atm/*vc file. Despite the second call's failure to return a socket, an unassigned socket is created that causes the kernel to infinitely loop during the file read.

Linux Kernel sendmsg() Local Denial of Service

12/17/08 CVE 2008-5300 The Linux Kernel 2.6.27.8 is prone to a local denial-of-service vulnerability. The vulnerability is caused due to sendmsg() not correctly blocking while the UNIX garbage collector is running. This can be exploited to cause soft lockups or trigger out of memory conditions in other applications via certain UNIX socket operations.

Linux Kernel lbs_process_bss() Remote Denial of Service

12/17/08 CVE 2008-5134 Linux Kernels prior to 2.6.27.5 are prone to a remote denial-of-service vulnerability because of a buffer-overflow error in the libertas subsystem. Successful exploits will allow attackers to crash the affected computer, denying service to legitimate users.

Linux Kernel drivers/media/video/tvaudio.c Memory Corruption

12/04/08 Linux kernels before 2.6.28-rc5 are prone to a memory-corruption vulnerability because of insufficient boundary checks. A successful attack may cause the affected kernel to crash, effectively denying service to legitimate users.

Linux Kernel scm_destroy() Local Denial of Service

11/27/08 CVE 2008-5029 Linux kernels 2.6.27.4, 2.6.26, and earlier are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

Linux Kernel ndiswrapper Remote Buffer Overflow

11/27/08 CVE 2008-4395 Linux kernel earlier than 2.6.27 are prone to a buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the ndiswrapper kernel driver when processing wireless network packets. This can be exploited to cause a buffer overflow via an overly long ESSID (Extended Service Set Identifier).

Linux Kernel VDSO Unspecified Privilege Escalation

11/27/08 CVE 2008-3527 Linux kernels before 2.6.21 are prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to gain elevated privileges or to create a denial-of-service condition.

Linux Kernel hfsplus_block_allocate() Local Denial of Service

11/27/08 CVE 2008-4934 Linux kernels prior to 2.6.28-rc1 are prone to a local denial-of-service vulnerability. The vulnerability is caused due to the hfsplus_block_allocate() function in fs/hfsplus/bitmap.c not properly checking the return values of read_mapping_page() function before using them. This can be exploited to crash a system.

Linux Kernel tvaudio.c Operations NULL Pointer Dereference

11/27/08 CVE 2008-5033 Linux kernels before 2.6.25.19, 2.6.26.7, and 2.6.27.3 are prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel hfsplus_find_cat() Local Denial of Service

11/27/08 CVE 2008-4933 Linux kernels before 2.6.28-rc1 are prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

Linux Kernel hfs_cat_find_brec() Buffer Overflow

11/27/08 CVE 2008-5025 Linux kernels before 2.6.27.6 are prone to a DoS vulnerability. The vulnerability is caused due to a boundary error in the hfs_cat_find_brec() function and can be exploited to cause a buffer overflow via an overly large catalog name length.

Linux Kernel do_splice_from() Local Security Bypass

11/14/08 CVE 2008-4554 Linux kernels released before 2.6.27 are prone to a local security-bypass vulnerability because the do_splice_from() function fails to correctly reject file descriptors when performing certain file operations. Attackers can exploit this issue to bypass restrictions on append mode when updating files to update arbitrary locations in the file.

Linux Kernel proc_do_xprt() Local Buffer Overflow Vulnerability

11/13/08 CVE 2008-3911 Linux kernels 2.6.24-git13 through 2.6.26.3 are prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Local attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

Linux Kernel i915 Driver Memory Corruption Vulnerability

10/31/08 CVE 2008-3831 Linux kernels 2.6.24.6 and prior is prone to a memory-corruption vulnerability because of insufficient boundary checks in the i915 driver. Local attackers could exploit this issue to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.

Linux kernel SCTP Protocol Violation Remote Denial of Service

10/28/08 CVE 2008-4618 Linux kernels before 2.6.27 are prone to a remote denial-of-service vulnerability because it fails to handle SCTP protocol violations. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Linux kernel fs/direct-io.c Local Denial of Service

10/21/08 CVE 2007-6716 fs/direct-io.c in the dio subsystem in the Linux kernels before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service.

Linux Kernel truncate() Local Privilege Escalation Vulnerability

10/09/08 CVE 2008-4210 Linux kernels are prone to a local privilege-escalation vulnerability related to the truncate() and ftruncate() functions.

Linux Kernel nfsd Subsystem Buffer Overflow

09/26/08 CVE 2008-3915 A remote denial of service vulnerability exists in the Linux Kernel. The vulnerability is due to an implementation flaw which may result in a buffer overflow in the NFS subsystem of the Linux Kernel. By sending Access Control List NFS requests to a target host, an attacker may exploit this vulnerability to cause kernel panic, leading to a system wide denial of service condition.

Linux Kernel sctp_setsockopt_auth_key() Remote Denial of Service Vulnerability

09/10/08 CVE 2008-3526 The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Linux Kernel DCCP Protocol Handler dccp_setsockopt_change Integer Overflow

08/26/08 CVE 2008-3276 There exists an integer overflow vulnerability in the Datagram Congestion Control Protocol stack in Linux kernel. The flaw is due to lack of data validation when parsing DCCP datagrams. An unauthenticated remote attacker may leverage this vulnerability to raise a denial of service condition on the target system.

Linux Kernel Multiple Vulnerabilities fixed in 2.6.26.2

08/19/08 CVE 2008-3272 CVE 2008-3275 The vulnerabilities fixed in 2.6.26.2 allow local users to cause a denial of service or disclose potentially sensitive information.

Linux Kernel uvc_driver.c Format Descriptor Parsing Buffer Overflow

08/19/08 CVE 2008-3496 The Linux kernel prior to 2.6.26.1 are prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will result in the complete compromise of affected computers.

Linux Kernel Multiple Vulnerabilities fixed in 2.6.25.10

07/17/08 CVE 2008-2812 CVE 2008-3077 The vulnerabilities fixed in 2.6.25.10 allow local users to cause a denial of service or possibly gain privileges.

Linux Kernel ASN.1 BER Decoding Vulnerability

06/26/08 CVE 2008-1673 Vulnerabilities exist in the ASN.1 BER decoder of the cifs and ip_nat_snmp_basic modules when calculating the buffer size. This can lead to remote code execution and denial of service. This vulnerability exists in versions prior to 2.4.36.6 of the 2.4 branch and prior to version 2.6.25.5 of the 2.6 branch.

Linux Kernel Virtual Address Range Checking Denial of Service

05/28/08 CVE 2008-2137 The vulnerability is due to an error in the virtual address range checking of mmaped regions on the sparc architecture. Local attackers could exploit this vulnerability to corrupt the memory. Successful exploitation would result in a denial of service condition.

Linux IPv6 Over IPv4 vulnerability

05/21/08 CVE 2008-2136 In Linux kernel 2.6, IPv6 over IPv4 tunneling is implemented in network driver sit.ko. In this driver, a function named ipip6_rcv() processes all received IPv4 packets with protocol value 0x29. The function extracts IPv6 data from encapsulating packets and delivers them to proper tunnel endpoint.

There exists a memory leak vulnerability in the Linux IPv6 over IPv4 tunneling driver. The vulnerable code resides in function ipip6_rcv(). The minimum size of an IPv6 header is 40 bytes. If an IPv6 over IPv4 tunneling packet has less than 40 bytes of IPv4 payload, the encapsulated IPv6 packet does not have a complete header. In this case, the vulnerable code fails to release the memory block that stores the malicious packet. Since memory allocated by Linux kernel driver cannot be swapped out, repeating attack will eventually exhaust all available memory resource and render the target host inaccessible.

Solution:

Install an updated kernel package from your Linux vendor, or upgrade Linux kernel to 2.4.37.7 or higher for 2.4.x, or 2.6.33 or higher for 2.6.x.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-04-12
New Search
Keywords
Risk Factor
Start Date
End Date
Browse