Page 10 of 137 results (0.012 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. La herramienta de resolución de zonas stub de DNS en la librería GNU C, también conocida como glibc o libc6, en sus versiones anteriores a la 2.26 cuando el soporte EDNS está activado, solicitará respuestas UDP de gran tamaño de servidores de nombres, pudiendo simplificar los ataques de suplantación de DNS debido a una fragmentación de IP. • http://www.securityfocus.com/bid/100598 https://access.redhat.com/errata/RHSA-2018:0805 https://arxiv.org/pdf/1205.4011.pdf https://sourceware.org/bugzilla/show_bug.cgi?id=21361 https://access.redhat.com/security/cve/CVE-2017-12132 https://bugzilla.redhat.com/show_bug.cgi?id=1477529 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 3

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH especialmente creados para manipular la región heap/stack de la memoria, generando entonces un alias, lo que podría conllevar a la ejecución del código arbitrario. Tenga en cuenta que se han realizado cambios de refuerzo adicionales en glibc para evitar la manipulación del stack y heap de la memoria de almacenamiento dinámico, pero estos problemas no se pueden explotar directamente, por lo que no se les ha otorgado un CVE. • https://www.exploit-db.com/exploits/42276 https://www.exploit-db.com/exploits/42274 https://www.exploit-db.com/exploits/42275 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Sep/7 http://www.debian.org/security/2017/dsa-3887 http://www.securityfocus.com/bid/99127 http://www.securitytracker.com/id/1038712 https://access.redhat.com/errata/RHSA-2017:1479 https://access.redhat.com/errata/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. nscd en la biblioteca C de GNU (también conocido como glibc o libc6), versiones anteriores a la 2.20 ,no calcula correctamente el tamaño de un buffer interno al procesar solicitudes netgroup, posibilitando la caída del demonio nscd o permitiendo la ejecución de código como usuario que ejecuta nscd. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.securityfocus.com/bid/99071 https://seclists.org/bugtraq/2019/Jun/14 https://seclists.org/bugtraq/2019/Sep/7 https://sourceware.org/bugzilla/show_bug.cgi?id=16695 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references **EN DISPUTA** Las funciones xdr_bytes y xdr_string en la librería GNU C (conocida como glibc o libc6) 2.25 no maneja adecuadamente los fallos de deserialización de buffer, lo que permite a atacantes remotos causar una denegación de servicio a través de paquetes UDP manipulados en el puerto 111, un problema relacionado con CVE-2017-8779. NOTA: [Información suministrada por el usuario y referencias] • http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html http://www.openwall.com/lists/oss-security/2017/05/05/2 http://www.securityfocus.com/bid/98339 https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7 https://seclists.org/oss-sec/2017/q2/228 https://sourceware.org/bugzilla/show_bug.cgi?id=21461 https:/ • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 1

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. elf/dl-load.c en la biblioteca GNU C (también llamada glibc o libc6) desde la versión 2.19 hasta la 2.26 manipula incorrectamente RPATH y RUNPATH que contienen $ORIGIN para un programa privilegiado (setuid o AT_SECURE), lo que permite que los usuarios locales obtengan privilegios mediante una librería con malware troyano en el directorio actual. Esto está relacionado con las funciones fillin_rpath y decompose_rpath. Esto se asocia con la interpretación incorrecta de un token RPATH/RUNPATH vacío como el directorio "./". • https://github.com/Xiami2012/CVE-2017-16997-poc http://www.securityfocus.com/bid/102228 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://bugs.debian.org/884615 https://sourceware.org/bugzilla/show_bug.cgi?id=22625 https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html https://access.redhat.com/security/cve/CVE-2017-16997 https://bugzilla.redhat.com/show_bug.cgi?id=1526865 • CWE-426: Untrusted Search Path CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •