CVE-2014-9984 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. nscd en la biblioteca C de GNU (también conocido como glibc o libc6), versiones anteriores a la 2.20 ,no calcula correctamente el tamaño de un buffer interno al procesar solicitudes netgroup, posibilitando la caída del demonio nscd o permitiendo la ejecución de código como usuario que ejecuta nscd. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.securityfocus.com/bid/99071 https://seclists.org/bugtraq/2019/Jun/14 https://seclists.org/bugtraq/2019/Sep/7 https://sourceware.org/bugzilla/show_bug.cgi?id=16695 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-8804
https://notcve.org/view.php?id=CVE-2017-8804
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references **EN DISPUTA** Las funciones xdr_bytes y xdr_string en la librería GNU C (conocida como glibc o libc6) 2.25 no maneja adecuadamente los fallos de deserialización de buffer, lo que permite a atacantes remotos causar una denegación de servicio a través de paquetes UDP manipulados en el puerto 111, un problema relacionado con CVE-2017-8779. NOTA: [Información suministrada por el usuario y referencias] • http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html http://www.openwall.com/lists/oss-security/2017/05/05/2 http://www.securityfocus.com/bid/98339 https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7 https://seclists.org/oss-sec/2017/q2/228 https://sourceware.org/bugzilla/show_bug.cgi?id=21461 https:/ • CWE-502: Deserialization of Untrusted Data •
CVE-2017-16997 – glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries
https://notcve.org/view.php?id=CVE-2017-16997
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. elf/dl-load.c en la biblioteca GNU C (también llamada glibc o libc6) desde la versión 2.19 hasta la 2.26 manipula incorrectamente RPATH y RUNPATH que contienen $ORIGIN para un programa privilegiado (setuid o AT_SECURE), lo que permite que los usuarios locales obtengan privilegios mediante una librería con malware troyano en el directorio actual. Esto está relacionado con las funciones fillin_rpath y decompose_rpath. Esto se asocia con la interpretación incorrecta de un token RPATH/RUNPATH vacío como el directorio "./". • https://github.com/Xiami2012/CVE-2017-16997-poc http://www.securityfocus.com/bid/102228 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://bugs.debian.org/884615 https://sourceware.org/bugzilla/show_bug.cgi?id=22625 https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html https://access.redhat.com/security/cve/CVE-2017-16997 https://bugzilla.redhat.com/show_bug.cgi?id=1526865 • CWE-426: Untrusted Search Path CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVE-2017-15804 – glibc: Buffer overflow during unescaping of user names with the ~ operator
https://notcve.org/view.php?id=CVE-2017-15804
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. La función glob en glob.c en la biblioteca GNU C (también llamada glibc o libc6) en versiones anteriores a la 2.27 contiene un desbordamiento de búfer durante la eliminación del escape de nombres de usuario con el operador ~. • http://www.securityfocus.com/bid/101535 https://access.redhat.com/errata/RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:1879 https://sourceware.org/bugzilla/show_bug.cgi?id=22332 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 https://access.redhat.com/security/cve/CVE-2017-15804 https://bugzilla.redhat.com/show_bug.cgi?id=1505298 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2018-6485 – glibc: Integer overflow in posix_memalign in memalign functions
https://notcve.org/view.php?id=CVE-2018-6485
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Un desbordamiento de enteros en la implementación de posix_memalign en las funciones memalign en GNU C Library (también conocido como glibc o libc6) en versiones 2.26 y anteriores podría provocar que estas funciones devuelvan un puntero a un área de la memoria dinámica (heap) demasiado pequeña, pudiendo corromper el heap. • http://bugs.debian.org/878159 http://www.securityfocus.com/bid/102912 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190404-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=22343 https://usn.ubuntu.com/4218-1 https://usn.ubuntu.com/4416-1 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/security/cve/CVE-2018-6485 https:/ • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •