Oracle Linux vulnerabilities

CVE-2013-5704 [MEDIUM] CVE-2013-5704: The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHe The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2014-2706 [HIGH] CWE-362 CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers t Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.

CVE-2014-2678 [MEDIUM] CWE-476 CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

CVE-2013-5211 [MEDIUM] CWE-20 CVE-2013-5211: The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

CVE-2011-2306 [MEDIUM] CVE-2011-2306: Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confid Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated."

CVE-2007-6283 [MEDIUM] CWE-200 CVE-2007-6283: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permis Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.