CVE-2009-0115 – device-mapper-multipath: insecure permissions on multipathd.sock
https://notcve.org/view.php?id=CVE-2009-0115
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero del socket (también conocido como /var/run/multipathd.sock), permitiendo a usuarios locales enviar comandos de su elección al demonio "multipath". • http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://launchpad.net/bugs/cve/2009-0115 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/ • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2009-0040 – libpng arbitrary free() flaw
https://notcve.org/view.php?id=CVE-2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit. • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg000 • CWE-824: Access of Uninitialized Pointer •
CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html http://osvdb.org/50284 http://secunia.com/advisories/32832 http://www.securityfocus.com/bid/32464 https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo "hombre en el medio" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN). • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/32619 http://secunia.com/advisories/32681 http://secunia.com/advisories/32687 http://secunia.com/advisories/32879 http://secunia.com/advisories/33501 http://secunia.com/advi • CWE-295: Improper Certificate Validation •
CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMonkey v1.x antes de la v1.1.13 permite a atacantes remotos producir una denegación de servicio (caída) y una posible ejecución de código a su elección modificación de las propiedades de un elemento de entrada de fichero mientras se inicia, cuando se esta utilizando el método blur para acceder a no ha sido inicializada. This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a DOM method on a specific HTML form object is called before the object itself has actually completed it's initialization. This will lead to a call of uninitialized data which can result in code execution under the context of the current user. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •