exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-05
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-12-15
Updated
2016-10-18
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
Max CVSS
5.0
EPSS Score
4.57%
Published
2003-08-27
Updated
2017-10-11
Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.
Max CVSS
5.0
EPSS Score
0.22%
Published
2003-08-27
Updated
2016-10-18
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
Max CVSS
5.0
EPSS Score
0.22%
Published
2003-08-18
Updated
2017-10-11
The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.
Max CVSS
5.0
EPSS Score
0.25%
Published
2003-07-24
Updated
2016-10-18
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
Max CVSS
3.6
EPSS Score
0.36%
Published
2003-06-16
Updated
2017-10-11
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.
Max CVSS
5.0
EPSS Score
12.29%
Published
2003-05-27
Updated
2017-10-11
The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.
Max CVSS
5.0
EPSS Score
0.27%
Published
2003-08-27
Updated
2017-10-11
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
Max CVSS
7.2
EPSS Score
0.05%
Published
2003-03-31
Updated
2018-05-03
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
Max CVSS
3.6
EPSS Score
0.04%
Published
2003-02-19
Updated
2008-09-11
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Max CVSS
5.0
EPSS Score
2.33%
Published
2003-01-17
Updated
2019-04-30
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!