CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-18344 – Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
https://notcve.org/view.php?id=CVE-2017-18344
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). La implementación de llamada del sistema timer_create en kernel/time/posix-timers.c en el kernel de Linux en versiones anteriores a la 4.14.8 no valida correctamente el campo sigevent->sigev_notify, conduciendo a un acceso fuera de límites en la función show_timer (que se llama cuando se lee /proc/$PID/timers). Esto permite que las aplicaciones del espacio del usuario lean memoria del kernel arbitraria (en un kernel construido con CONFIG_POSIX_TIMERS y CONFIG_CHECKPOINT_RESTORE). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function. • https://www.exploit-db.com/exploits/45175 http://www.securityfocus.com/bid/104909 http://www.securitytracker.com/id/1041414 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3459 https://access.redhat.com/errata/RHSA-2018:3540 https://access.redhat.com/errata/RHSA-2018:3586 https://access.redhat.com/errata/RHSA-2018:3590 https:/ • CWE-125: Out-of-bounds Read •
CVE-2018-2767 – mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
https://notcve.org/view.php?id=CVE-2018-2767
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/103954 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://usn.ubuntu.com/3725-2 https://www.debian.org/security/2018/dsa& • CWE-325: Missing Cryptographic Step •
CVE-2018-2952 – OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
https://notcve.org/view.php?id=CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104765 http://www.securitytracker.com/id/1041302 https://access.redhat.com/errata/RHSA-2018:2241 https://access.redhat.com/errata/RHSA-2018:2242 https://access.redhat.com/errata/RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2256 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2018-14354 – mutt: Remote code injection vulnerability to an IMAP mailbox
https://notcve.org/view.php?id=CVE-2018-14354
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto esto está relacionado con el comando mailboxes asociado con una suscripción o una baja manuales. • http://www.mutt.org/news.html http://www.securityfocus.com/bid/104925 https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-2 h • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •