CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas de configuración L2CAP, lo que desemboca en la ejecución remota de código en el espacio del kernel. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/42762 https://github.com/hayzamjs/Blueborne-CVE-2017-1000251 https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC https://github.com/sgxgsx/blueborne-CVE-2017-1000251 https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100809 http://www.securitytracker.com/id/1039373 https://access.redhat.com/errata& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a la 55. • http://www.securityfocus.com/bid/100315 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1353312 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-125: Out-of-bounds Read •
CVE-2017-7792 – Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7792
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurrirá un desbordamiento de búfer al ver un certificado en el gestor de certificados si el certificado tiene un OID (Object Identifier) o identificador de objeto demasiado largo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1368652 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2017-7801 – Mozilla: Use-after-free with marquee during window resizing
https://notcve.org/view.php?id=CVE-2017-7801
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando vuelve a calcular la disposición del elemento "marquee" durante el reajuste del tamaño de la ventana cuando el objeto estilo actualizado se libera mientras se utiliza. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/100197 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1371259 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-416: Use After Free •
CVE-2017-7787 – Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7787
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Las protecciones de política del mismo origen se pueden omitir en páginas con iframes embebidos durante la recarga de páginas, lo que permite que los iframes accedan a contenido en la página de nivel más alto, lo que conduce a una divulgación de información. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a la 55. • http://www.securityfocus.com/bid/100234 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1322896 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •