Julien Tinnes

**Name of the Vulnerable Software and Affected Versions** Bip versions 0.8.8 and earlier **Description** The issue allows remote authenticated users to potentially execute arbitrary code. This is achieved through vectors involving a series of TCP connections, which triggers the use of many open file descriptors, leading to a buffer overflow. **Recommendations** For Bip versions 0.8.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. This is due to a flaw in the kernel/signal.c file in the Linux kernel. **Recommendations** For versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PulseAudio versions 0.9.9 through 0.9.14 Description: A race condition exists that allows local users to gain privileges. This issue involves the creation of a hard link and is related to the application setting `LD BIND NOW` to 1, and then calling `execv()` on the target of the `/proc/self/exe` symlink. Recommendations: For PulseAudio versions 0.9.9 through 0.9.14, consider restricting access to the `execv()` function call until a patch is available. As a temporary workaround, avoid setting `LD BIND NOW` to 1 to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Virtual PC versions 2004 SP1, 2007, 2007 SP1 Microsoft Virtual Server version 2005 R2 SP1 Description: The issue allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application. This is due to the Virtual Machine Monitor (VMM) not enforcing CPU privilege-level requirements for all machine instructions. Recommendations: For Microsoft Virtual PC versions 2004 SP1, 2007, 2007 SP1, and Microsoft Virtual Server version 2005 R2 SP1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.

**Name of the Vulnerable Software and Affected Versions** Marvell driver for the Netgear WN802T Wi-Fi access point version 1.3.16 **Description** The issue concerns the Marvell driver's improper parsing of EAPoL-Key packets, which can be exploited by remote authenticated users. This can lead to a denial of service, causing the device to reboot or hang, or potentially allow the execution of arbitrary code. The exploitation involves sending a malformed EAPoL-Key packet with a crafted `advertised length`. **Recommendations** For version 1.3.16, consider disabling the handling of EAPoL-Key packets as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MadWifi versions prior to 0.9.2.1 **Description** A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code. This issue is related to the `encode ie` and `giwscan cb` functions. **Recommendations** For versions prior to 0.9.2.1, update to version 0.9.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the wireless network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4.4 through 2.4.37.4 Linux kernel versions 2.6.0 through 2.6.30.4 kernel-default-base (affected versions not specified) kernel-pseries64 (affected versions not specified) kernel-s390-debug (affected versions not specified) kernel-smp-debuginfo (affected versions not specified) kernel-pae (affected versions not specified) kernel-default-debugsource (affected versions not specified) kernel-pmac64 (affected versions not specified) kexec-tools (affected versions not specified) cluster-network-kmp-pae (affected versions not specified) appleir-kmp-debug (affected versions not specified) kernel-pae-extra (affected versions not specified) kernel-xenpae (affected versions not specified) kernel-pae-base (affected versions not specified) kernel-s390x (affected versions not specified) kernel-s390x-debug (affected versions not specified) kernel-64k-pagesize (affected versions not specified) acx-kmp-debug (affected versions not specified) pcc-acpi-kmp-debug (affected versions not specified) kexec-tools-debuginfo (affected versions not specified) kernel-ec2-base (affected versions not specified) um-host-install-initrd (affected versions not specified) kernel-vmipae (affected versions not specified) ext4dev-kmp-default (affected versions not specified) kernel-iseries64-debuginfo (affected versions not specified) um-host-kernel (affected versions not specified) kernel-smp (affected versions not specified) kernel-ec2 (affected versions not specified) ocfs2-kmp-xen (affected versions not specified) ocfs2-kmp-default (affected versions not specified) cluster-network-kmp-xen (affected versions not specified) kernel-um (affected versions not specified) uvcvideo-kmp-debug (affected versions not specified) ext4dev-kmp-ppc64 (affected versions not specified) kernel-iseries64 (affected versions not specified) kernel-default-extra (affected versions not specified) acerhk-kmp-debug (affected versions not specified) kernel-sn2 (affected versions not specified) kernel-s390 (affected versions not specified) kernel-xen-base (affected versions not specified) wlan-ng-kmp-debug (affected versions not specified) kexec-tools-debuginfo (affected versions not specified) kernel-xenpae-debuginfo (affected versions not specified) kernel-ppc64-debugsource (affected versions not specified) kernel-xen-extra (affected versions not specified) kernel-kdump-debugsource (affected versions not specified) tpctl-kmp-debug (affected versions not specified) cluster-network-kmp-default (affected versions not specified) kernel-bigsmp (affected versions not specified) gspcav-kmp-debug (affected versions not specified) ocfs2-kmp-pae (affected versions not specified) nouveau-kmp-debug (affected versions not specified) kernel-bigsmp-debuginfo (affected versions not specified) kernel-ppc64-base (affected versions not specified) at76 usb-kmp-debug (affected versions not specified) atl2-kmp-debug (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Linux kernel, which can be exploited to gain privileges and disrupt the availability of protected information. The vulnerabilities can be exploited remotely. Local users can trigger a NULL pointer dereference by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, such as the sendpage operation (sock sendpage function) on a PF PPPOX socket. **Recommendations** As a temporary workaround, consider disabling the `sock sendpage` function until a patch is available. Restrict access to the vulnerable kernel modules to minimize the risk of exploitation. Avoid using the `mmap` function to map page zero until the issue is resolved. Update the Linux kernel to a version that contains a fix for this issue, if available. For each affected package, apply the recommended fix or patch, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.31-rc3 SUSE Linux Enterprise kernel-default-base (affected versions not specified) SUSE Linux Enterprise kernel-pae (affected versions not specified) openSUSE kernel-pseries64 (affected versions not specified) openSUSE kernel-s390x (affected versions not specified) openSUSE kernel-smp (affected versions not specified) SUSE Linux Enterprise kernel-ec2 (affected versions not specified) SUSE Linux Enterprise kernel-xenpae (affected versions not specified) openSUSE kernel-64k-pagesize (affected versions not specified) openSUSE kernel-iseries64 (affected versions not specified) SUSE Linux Enterprise kernel-default-extra (affected versions not specified) openSUSE kernel-sn2 (affected versions not specified) SUSE Linux Enterprise kernel-ppc64-base (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Linux kernel, which can lead to disruption of protected information. These vulnerabilities can be exploited remotely. The personality subsystem in the Linux kernel has a PER CLEAR ON SETID setting that does not clear the ADDR COMPAT LAYOUT and MMAP PAGE ZERO flags when executing a setuid or setgid program. This makes it easier for local users to conduct NULL pointer dereference attacks, bypass the mmap min addr protection mechanism, or defeat address space layout randomization (ASLR). **Recommendations** As a temporary workaround, consider disabling the `checkPassword()` function until a patch is available. Restrict access to the vulnerable module `moduleX` to minimize the risk of exploitation. Avoid using the parameter `user id` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise (affected versions not specified) Linux kernel versions prior to 2.6.19 **Description** The issue allows local users to gain privileges or cause a denial of service via vectors involving the MSG MORE flag and a UDP socket. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of the issue can be carried out locally. **Recommendations** For Linux kernel versions prior to 2.6.19, update to a version 2.6.19 or later to resolve the issue. At the moment, there is no information about a newer version of SUSE Linux Enterprise that contains a fix for this vulnerability.