CVE-2015-0395 – OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
https://notcve.org/view.php?id=CVE-2015-0395
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& •
CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVE-2014-7970 – Kernel: fs: VFS denial of service
https://notcve.org/view.php?id=CVE-2014-7970
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. La implementación pivot_root en fs/namespace.c en el kernel de Linux hasta 3.17 no interactúa debidamente con ciertas localizaciones de un directorio chroot, lo que permite a usuarios locales causar una denegación de servicio (bucle de montaje de árbol) a través de valores . (punto) en ambos argumentos en la llamada de sistema pivot_root. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60174 http://secunia.com/advisories/61142 http://www.openwall.com/lists/oss-security/2014/10/08/21 http://www.securityfocus.com/bid/70319 http://www.securitytracker.com/id/1030991 http://www.spinics.net/lists/linux-fsdevel/msg79153.html http://www.ubuntu.com/usn/USN-2419-1 http://www.ubuntu.com/usn/USN-2420-1 http://www.ubuntu.com/usn/USN-2513-1 http: • CWE-400: Uncontrolled Resource Consumption •
CVE-2012-6657 – Kernel: net: guard tcp_set_keepalive against crash
https://notcve.org/view.php?id=CVE-2012-6657
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. La función sock_setsockopt en net/core/sock.c en el kernel de Linux anterior a 3.5.7 no asegura que una acción keepalive está asociada con un socket de flujo, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) mediante el aprovechamiento de la habilidad de crear un socket en bruto. It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e10986d1d698140747fcfc2761ec9cb64c1d582 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=bugtraq&m=142722450701342&w=2 http://marc.info/?l=bugtraq&m=142722544401658&w=2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7 http://www.openwall.com/lists/oss-security/2014/09 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4357
https://notcve.org/view.php?id=CVE-2013-4357
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. El paquete eglibc versiones anteriores a la versión 2.14, manejó incorrectamente la función getaddrinfo(). Un atacante podría usar este problema para causar una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html http://www.openwall.com/lists/oss-security/2013/09/17/4 http://www.openwall.com/lists/oss-security/2013/09/17/8 http://www.openwall.com/lists/oss-security/2015/01/28/18 http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.openwall.com/lists/oss-security/2015/02/24/3 http://www.securityfocus.com/bid/67992 http://www.ubuntu.com/usn/USN-2306-1 http://www.u • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •