Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vserver | linux-vserver | 1.22 |
Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vserver | linux-vserver | 1.3.9 |
| vserver | linux-vserver | 1.9.1 |
| vserver | linux-vserver | 1.20 |
| vserver | linux-vserver | 1.24 |
| vserver | linux-vserver | 1.3.3 |
| vserver | linux-vserver | 1.25 |
| vserver | linux-vserver | 1.3.0 |
| vserver | linux-vserver | 1.23 |
| vserver | linux-vserver | 1.3.4 |
| vserver | linux-vserver | 1.3.6 |
| vserver | linux-vserver | 1.3.8 |
| vserver | linux-vserver | 1.26 |
| vserver | linux-vserver | 1.3.2 |
| vserver | linux-vserver | 1.3.7 |
| vserver | linux-vserver | 1.27 |
| vserver | linux-vserver | 1.3.1 |
| vserver | linux-vserver | 1.3.5 |
| vserver | linux-vserver | 1.22 |
| vserver | linux-vserver | 1.21 |
Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vserver | linux-vserver | 1.20 |
| vserver | linux-vserver | 1.3.2 |
| vserver | linux-vserver | 1.3.3 |
| vserver | linux-vserver | 1.3.1 |
| vserver | linux-vserver | 1.22 |
| vserver | linux-vserver | 1.3.0 |
| vserver | linux-vserver | 1.3.4 |
| vserver | linux-vserver | 1.21 |
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.5.48 |
| linux | linux_kernel | 2.5.49 |
| linux | linux_kernel | 2.4.28 |
| linux | linux_kernel | 2.0.8 |
| linux | linux_kernel | 2.5.41 |
| linux | linux_kernel | 2.0 |
| linux | linux_kernel | 2.0.4 |
| linux | linux_kernel | 2.2.7 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.5.19 |
| linux | linux_kernel | 2.5.25 |
| linux | linux_kernel | 2.0.14 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.5.23 |
| linux | linux_kernel | 2.6.11.7 |
| linux | linux_kernel | 2.5.21 |
| linux | linux_kernel | 2.5.67 |
| linux | linux_kernel | 2.5.33 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.0.9 |
| netkit | linux_netkit | 0.17 |
| linux | linux_kernel | 2.2.22 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.0.30 |
| linux | linux_kernel | 2.5.61 |
| linux | linux_kernel | 2.5.31 |
| linux | linux_kernel | 2.5.35 |
| linux | linux_kernel | 2.0.18 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.9 |
| linux | linux_kernel | 2.5.46 |
| linux | linux_kernel | 2.2.15_pre20 |
| linux | linux_kernel | 2.2.17 |
| linux | linux_kernel | 2.2.6 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.0.31 |
| linux | linux_kernel | 2.0.23 |
| linux | linux_kernel | 2.1 |
| linux | linux_kernel | 2.0.25 |
| linux | linux_kernel | 2.6.11.1 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.1.89 |
| linux | linux_kernel | 2.2.21 |
| linux | linux_kernel | 2.0.16 |
| linux | linux_kernel | 2.0.1 |
| linux | linux_kernel | 2.0.36 |
| linux | linux_kernel | 2.0.24 |
| linux | linux_kernel | 2.5.9 |
| linux | linux_kernel | 2.0.35 |
| linux | linux_kernel | 2.4.24_ow1 |
| linux | linux_kernel | 2.0.29 |
| linux | linux_kernel | 2.5.53 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.5.66 |
| linux | linux_kernel | 2.0.20 |
| linux | linux_kernel | 2.6.11.5 |
| linux | linux_kernel | 2.0.11 |
| linux | linux_kernel | 2.5.43 |
| linux | linux_kernel | 2.5.0 |
| linux | linux_kernel | 2.5.51 |
| linux | linux_kernel | 2.3.0 |
| linux | linux_kernel | 2.0.21 |
| linux | linux_kernel | 2.4.30 |
| vserver | linux-vserver | 1.21 |
| linux | linux_kernel | 2.2.20 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.5.28 |
| linux | linux_kernel | 2.2.14 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.2.16 |
| linux | linux_kernel | 2.5.68 |
| linux | linux_kernel | 2.2.27 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.5.45 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.5.13 |
| linux | linux_kernel | 2.4.31 |
| linux | linux_kernel | 2.5.10 |
| linux | linux_kernel | 2.6.11.4 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.2.15 |
| linux | linux_kernel | 2.5.34 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.0.34 |
| linux | linux_kernel | 2.6.11.8 |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.5.44 |
| linux | linux_kernel | 2.5.11 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.5.59 |
| linux | linux_kernel | 2.5.4 |
| linux | linux_kernel | 2.5.17 |
| linux | linux_kernel | 2.4.29 |
| linux | linux_kernel | 2.0.33 |
| linux | linux_kernel | 2.0.7 |
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.5.1 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.2.23 |
| linux | linux_kernel | 2.5.60 |
| linux | linux_kernel | 2.5.8 |
| linux | linux_kernel | 2.0.5 |
| linux | linux_kernel | 2.5.6 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.5.20 |
| linux | linux_kernel | 2.5.22 |
| vserver | linux-vserver | 1.22 |
| linux | linux_kernel | 2.2.1 |
| linux | linux_kernel | 2.5.26 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.2.24 |
| linux | linux_kernel | 2.6.11 |
| linux | linux_kernel | 2.5.42 |
| linux | linux_kernel | 2.5.55 |
| linux | linux_kernel | 2.2.2 |
| linux | linux_kernel | 2.5.47 |
| linux | linux_kernel | 2.5.40 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.5.65 |
| linux | linux_kernel | 2.0.2 |
| linux | linux_kernel | 2.0.32 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.2.4 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.5.29 |
| linux | linux_kernel | 2.6.11.2 |
| linux | linux_kernel | 2.2.13 |
| linux | linux_kernel | 2.5.3 |
| linux | linux_kernel | 2.5.14 |
| vserver | linux-vserver | 1.20 |
| linux | linux_kernel | 2.0.28 |
| linux | linux_kernel | 2.5.36 |
| linux | linux_kernel | 2.2.25 |
| linux | linux_kernel | 2.5.12 |
| linux | linux_kernel | 2.5.30 |
| linux | linux_kernel | 2.5.2 |
| linux | linux_kernel | 2.5.16 |
| linux | linux_kernel | 2.5.56 |
| linux | linux_kernel | 2.5.5 |
| linux | linux_kernel | 2.2.8 |
| linux | linux_kernel | 2.2.19 |
| linux | linux_kernel | 2.0.22 |
| linux | linux_kernel | 2.2.11 |
| linux | linux_kernel | 2.5.58 |
| netkit | linux_netkit | 0.17.17 |
| linux | linux_kernel | 2.5.38 |
| linux | linux_kernel | 2.0.6 |
| linux | linux_kernel | 2.2.5 |
| linux | linux_kernel | 2.0.17 |
| linux | linux_kernel | 2.0.26 |
| linux | linux_kernel | 2.2.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.5.7 |
| linux | linux_kernel | 2.0.39 |
| linux | linux_kernel | 2.0.13 |
| linux | linux_kernel | 2.5.54 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.0.12 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.5.18 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.5.52 |
| linux | linux_kernel | 2.0.19 |
| linux | linux_kernel | 2.0.9.9 |
| linux | linux_kernel | 2.4.16 |
| linux | linux_kernel | 2.2.3 |
| linux | linux_kernel | 2.6.11.3 |
| linux | linux_kernel | 2.6.20.1 |
| linux | linux_kernel | 2.6.11.6 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.0.38 |
| linux | linux_kernel | 2.5.24 |
| vserver | linux-vserver | 1.24 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.5.15 |
| linux | linux_kernel | 2.5.37 |
| linux | linux_kernel | 2.2.10 |
| linux | linux_kernel | 2.0.27 |
| linux | linux_kernel | 2.5.69 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.5.62 |
| linux | linux_kernel | 2.5.57 |
| linux | linux_kernel | 2.0.3 |
| vserver | linux-vserver | 1.23 |
| linux | linux_kernel | 2.0.15 |
| linux | linux_kernel | 2.5.27 |
| linux | linux_kernel | 2.3.99 |
| linux | linux_kernel | 2.2.18 |
| linux | linux_kernel | 2.0.37 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.2.9 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.5.39 |
| linux | linux_kernel | 2.2.12 |
| linux | linux_kernel | 2.5.63 |
| linux | linux_kernel | 2.5.64 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.0.10 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.5.32 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.5.50 |
| linux | linux_kernel | 2.6.2 |
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vserver | util-vserver | 0 |
| vserver | util-vserver | 0.30.209 |
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vserver | util-vserver | 0.30.209 |
| vserver | util-vserver | * |