Vasiliy Kulikov

**Name of the Vulnerable Software and Affected Versions** libnet6 versions prior to 1.3.14 **Description** The issue is related to an integer overflow in the inc/server.hpp file of libnet6. This could potentially allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. **Recommendations** For versions prior to 1.3.14, update to version 1.3.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** radvd versions prior to 1.8.2 **Description** The issue is related to a buffer overflow in the `process ra` function of the router advertisement daemon (radvd). This can be exploited by remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a `label len` value. Multiple vulnerabilities in the radvd package before version 1.8.2 can lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the radvd service to minimize the risk of exploitation. Avoid using the `label len` value in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** radvd versions prior to 1.8.2 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a temporary service hang. This can be achieved by sending a large number of ND ROUTER SOLICIT requests when UnicastOnly is enabled. Multiple vulnerabilities in the radvd package may lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `process rs` function or disabling UnicastOnly until a patch is available.

**Name of the Vulnerable Software and Affected Versions** radvd versions prior to 1.8.2 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a crash due to a stack-based buffer over-read. Exploitation of the vulnerabilities may compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `process ra` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** radvd versions prior to 1.8.2 **Description** The issue is related to the router advertisement daemon (radvd) and its failure to properly handle errors in the privsep init function. This causes the radvd daemon to run as root, potentially leading to unspecified impacts. Multiple vulnerabilities in the radvd package before version 1.8.2 may allow remote exploitation, affecting the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the radvd daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** A buffer overflow issue exists in the clusterip proc write function, potentially allowing local users to cause a denial of service or have other unspecified impacts. This issue is related to string data lacking a terminating '0' character. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.1 **Description** The issue allows local users to obtain sensitive I/O statistics, potentially revealing confidential information such as the length of another user's password. This is achieved by sending taskstats commands to a netlink socket. **Recommendations** For Linux kernel versions prior to 3.1, update to version 3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue is related to the sco sock getsockopt old function in the Linux kernel, which does not properly initialize a certain structure. This allows local users to potentially obtain sensitive information from kernel stack memory via the SCO CONNINFO option. **Recommendations** For versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue allows local users to obtain potentially sensitive information from kernel memory by issuing a crafted request and then reading the argument to the resulting modprobe process. This is due to the failure of the IPv4 implementation to place the expected '0' character at the end of string data in certain structure members. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue is related to the IPv6 implementation in the Linux kernel, where the `net/ipv6/netfilter/ip6 tables.c` file does not properly null-terminate string data in certain structure members. This allows local users with the `CAP NET ADMIN` capability to potentially obtain sensitive information from kernel memory by issuing a crafted request and then reading the argument to the resulting `modprobe` process. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38 **Description** The issue allows local users to bypass an intended capability requirement, enabling them to load arbitrary modules. This is achieved by leveraging the CAP NET ADMIN capability in the dev load function in net/core/dev.c. **Recommendations** For versions prior to 2.6.38, update to version 2.6.38 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue allows local users to obtain potentially sensitive information from kernel stack memory or cause a denial of service, resulting in a system crash. This is due to the `bnep sock ioctl` function in `net/bluetooth/bnep/sock.c` not ensuring that a certain device field ends with a '0' character, which can be exploited via a BNEPCONNADD command. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bnep sock ioctl` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue allows local users to obtain potentially sensitive information from kernel stack memory. This is possible because the `do replace` function in `net/bridge/netfilter/ebtables.c` does not ensure that a certain name field ends with a '0' character. A local user with the CAP NET ADMIN capability can replace a table and then read a modprobe command line to exploit this. **Recommendations** For versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38.6 **Description** The issue is related to the agp subsystem in the Linux kernel, which does not properly restrict memory allocation by the `AGPIOC RESERVE` and `AGPIOC ALLOCATE` ioctls. This allows local users to cause a denial of service by consuming large amounts of memory through repeated calls to these ioctls. **Recommendations** For Linux kernel versions prior to 2.6.38.6, consider restricting access to the `AGPIOC RESERVE` and `AGPIOC ALLOCATE` ioctls to prevent denial of service attacks. As a temporary workaround, limit the number of calls to these ioctls to minimize the risk of memory consumption.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38.5 kernel-kdumppae (affected versions not specified) **Description** The issue allows local users to gain privileges or cause a denial of service via a crafted AGPIOC UNBIND agp ioctl ioctl call. Additionally, multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise may lead to disruption of protected information availability, potentially exploitable remotely. **Recommendations** For Linux kernel versions prior to 2.6.38.5, update to version 2.6.38.5 or later to resolve the issue. For kernel-kdumppae, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38.5 kernel-kdumppae (affected versions not specified) **Description** The issue is related to multiple integer overflows in the Linux kernel, specifically in the `agp allocate memory` and `agp create user memory` functions. This can lead to buffer overflows, causing a denial of service (system crash) or potentially other unspecified impacts. The overflows can be triggered by local users through calls that specify a large number of memory pages. Additionally, there are multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise that can be exploited remotely, leading to a disruption of protected information availability. **Recommendations** For Linux kernel versions prior to 2.6.38.5, update to version 2.6.38.5 or later to resolve the issue. For kernel-kdumppae, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38.5 SUSE Linux Enterprise kernel-kdumppae (affected versions not specified) **Description** The issue concerns an integer overflow in the Linux kernel, specifically in the agp generic insert memory function, allowing local users to potentially gain privileges or cause a system crash through a crafted AGPIOC BIND agp ioctl ioctl call. Additionally, there are multiple vulnerabilities in the SUSE Linux Enterprise kernel-kdumppae package that can be exploited remotely, leading to a disruption in the availability of protected information. **Recommendations** For Linux kernel versions prior to 2.6.38.5, update to version 2.6.38.5 or later to resolve the issue. For SUSE Linux Enterprise kernel-kdumppae, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37-rc2 kernel-devel-2.6.9 kernel-doc-2.6.9 kernel-hugemem-2.6.9 kernel-2.6.9 kernel-largesmp-2.6.9 kernel-smp-devel-2.6.9 kernel-smp-2.6.9 kernel-hugemem-devel-2.6.9 kernel-largesmp-devel-2.6.9 kernel-smp-devel-2.6.9 **Description** The issue affects the Linux kernel and can lead to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Local users can obtain potentially sensitive information from kernel stack memory by leveraging the CAP NET RAW capability to read copies of the applicable structures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37-rc2 **Description** The issue concerns the ax25 getname function in the Linux kernel, which fails to initialize a certain structure. This allows local users to potentially obtain sensitive information from kernel stack memory by reading a copy of the structure. **Recommendations** For versions prior to 2.6.37-rc2, update to version 2.6.37-rc2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ecryptfs-utils versions prior to 90 ecryptfs-utils-32bit (affected versions not specified) ecryptfs-utils-gui-75 (affected versions not specified) ecryptfs-utils-devel-75 (affected versions not specified) ecryptfs-utils-75 (affected versions not specified) ecryptfs-utils-82 (affected versions not specified) ecryptfs-utils-devel-82 (affected versions not specified) ecryptfs-utils-debuginfo-82 (affected versions not specified) ecryptfs-utils-x86-61 (affected versions not specified) ecryptfs-utils-61 (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the ecryptfs-utils package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally, allowing an attacker to overwrite arbitrary files via unspecified vectors. **Recommendations** For ecryptfs-utils versions prior to 90, update to version 90 or later. For ecryptfs-utils-32bit, ecryptfs-utils-gui-75, ecryptfs-utils-devel-75, ecryptfs-utils-75, ecryptfs-utils-82, ecryptfs-utils-devel-82, ecryptfs-utils-debuginfo-82, ecryptfs-utils-x86-61, and ecryptfs-utils-61, at the moment, there is no information about a newer version that contains a fix for this vulnerability.