Page 11 of 100 results (0.017 seconds)

CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 10

CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1

CVE-2016-2856 – Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-2856

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. pt_chown en el paquete glibc en versiones anteriores a 2.19-18+deb8u4 en Debian jessie; el paquete elibc en versiones anteriores a 2.15-0ubuntu10.14 en Ubuntu 12.04 LTS y en versiones anteriores a 2.19-0ubuntu6.8 en Ubuntu 14.04 LTS; y el paquete glibc en versiones anteriores a 2.21-0ubuntu4.2 en Ubuntu 15.10 y en versiones anteriores a 2.23-0ubuntu1 en Ubuntu 16.04 LTS y 16.10 carece de verificación de paso de espacio de nombres asociado a la ejecución del descriptor de archivo, lo que permite a usuarios locales capturar pulsaciones del teclado y suplantar datos, y posiblemente obtener privilegios, a través de operaciones pts de lectura y escritura, relacionado con debian/sysdeps/linux.mk. NOTA: no está considerada una vulnerabilidad inicial en la GNU C Library porque la documentación de distribución tiene una clara recomendación de seguridad frente a la opción --enable-pt_chown. Ubuntu versions prior to 15.10 suffer from a PT chown arbitrary PTs access via user namespace privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41760 http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403 http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace http://www.openwall.com/lists/oss-security/2016/02/23/3 http://www.openwall.com/lists/oss • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 5%CPEs: 23EXPL: 0

CVE-2014-9761 – glibc: Unbounded stack allocation in nan* functions

https://notcve.org/view.php?id=CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbirario a través de un argumento largo en la función (1) nan, (2) nanf o (3) nanl. A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://packetstormsecurity.com/files/153278/WAGO-852-Industria • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

CVE-2016-3075 – glibc: Stack overflow in nss_dns_getnetbyname_r

https://notcve.org/view.php?id=CVE-2016-3075

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. Desbordamiento de buffer basado en pila en la implementación nss_dns de la función getnetbyname en GNU C Library (también conocido como glibc) en versiones anteriores a 2.24 permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de pila y caída de aplicación) a través de un nombre largo. A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-2573.html http://www.securityfocus.com/bid/85732 http://www.ubuntu.com/usn/USN-2985-1 https://security.gentoo.org/glsa/201702-11 https://sourceware.org/bugzilla/show_bug.cgi?id=19879 https://sourceware.org/git/gitweb.cgi?p=glibc. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-5277 – glibc: data corruption while reading the NSS files database

https://notcve.org/view.php?id=CVE-2015-5277

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. La función get_contents en nss_files/files-XXX.c en el Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.20 puede permitir a usuarios locales causar una denegación de servicio (corrupción de pila) o ganar privilegios a través de una larga fila en la base de datos de archivos NSS. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://rhn.redhat.com/errata/RHSA-2015-2172.html http://seclists.org/fulldisclosure/2019/Sep/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/78092 http://www.securitytracker.com/id/1034196 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=1262914& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •