CVSS: 7.8EPSS: 81%CPEs: 41EXPL: 32CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- only la cartografía de la memoria, como explotados en la naturaleza en octubre de 2016, vulnerabilidad también conocida como "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. • https://github.com/dirtycow/dirtycow.github.io https://www.exploit-db.com/exploits/40611 https://www.exploit-db.com/exploits/40838 https://www.exploit-db.com/exploits/40616 https://www.exploit-db.com/exploits/40839 https://www.exploit-db.com/exploits/40847 https://github.com/timwr/CVE-2016-5195 https://github.com/gbonacini/CVE-2016-5195 https://github.com/whu-enjoy/CVE-2016-5195 https://github.com/jas502n/CVE-2016-5195 https://github.com/arttnba3/CVE-2016- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 1%CPEs: 56EXPL: 0CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4170 – kernel: pty layer race condition on tty ldisc shutdown.
https://notcve.org/view.php?id=CVE-2015-4170
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. Condición de carrera en la función ldsem_cmpxchg en drivers/tty/tty_ldsem.c en el kernel de Linux en versiones anteriores a 3.13-rc4-next-20131218 permite a usuarios locales provocar una denegación de servicio (interbloqueo de ldsem_down_read y ldsem_down_write) estableciendo un nuevo hilo tty durante la desconexión de un hilo tty previo. A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae http://www.openwall.com/lists/oss-security/2015/05/26/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74820 https://access.redhat.com/errata/RHSA-2016:1395 https://bugzilla.redhat.com/show_bug.cgi?id=1218879 https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae https://www.kernel.org/pub/linu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.5EPSS: 5%CPEs: 38EXPL: 0CVE-2015-5300 – ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
https://notcve.org/view.php?id=CVE-2015-5300
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). La comprobación panic_gate en NTP anterior a versión 4.2.8p5 es solo habilitada nuevamente después del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opción -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un número no especificado de peticiones de fuentes de confianza y aprovechando una denegación de servicio resultante (anular y reiniciar). It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announc • CWE-20: Improper Input Validation CWE-361: 7PK - Time and State •
CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-4858 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4858
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2015-4913. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481&# •