Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*
There are 1,777 matching records.
Displaying matches 1,741 through 1,760.
Vuln ID Summary CVSS Severity
CVE-2005-0180

Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.

Published: March 07, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

Published: March 01, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-0937

Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.

Published: February 22, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 1.2 LOW
CVE-2004-0887

SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.

Published: January 27, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-0883

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2004-0949

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2004-1016

The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2004-1056

Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 1.2 LOW
CVE-2004-1069

Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 1.2 LOW
CVE-2004-1070

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-1072

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-1073

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2004-1074

The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2004-1137

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2004-1151

Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-2536

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

Published: December 31, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-2607

A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.

Published: December 31, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2004-2660

Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.

Published: December 31, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM