CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2013-4786 – Intelligent Platform Management Interface - Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4786
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. La especificación IPMI 2.0 soporta autenticación "RMCP+ Authenticated Key-Exchange Protocol (RAKP)", lo que permite a atacantes remotos obtener resúmenes de contraseñas y llevar a cabo ataques fuera de línea de adivinación de contraseña consiguiendo el HMAC de un mensaje RAKP 2 respondido desde un BMC. • https://www.exploit-db.com/exploits/38633 http://fish2.com/ipmi/remote-pw-cracking.html http://marc.info/?l=bugtraq&m=139653661621384&w=2 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi https://nvidia.custhelp.com/app/answers/detail/a_id/5010 https://security.netapp.com/advisory/ntap-20190919-0005 https://support.hpe.com/hpsc/doc/public/display?docLoca • CWE-255: Credentials Management Errors •