CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1418
https://notcve.org/view.php?id=CVE-2015-1418
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program. La función do_ed_script en pch.c en GNU patch hasta la versión 2.7.6; y patch in FreeBSD en versiones 10.1 anteriores a la 10.1-RELEASE-p17, versiones 10.2 anteriores a la 10.2-BETA2-p3, versiones 10.2-RC1 anteriores a la 10.2-RC1-p2 y versiones 0.2-RC2 anteriores a la 10.2-RC2-p1, permite que atacantes remotos ejecuten comandos arbitrarios mediante un archivo patch manipulado. Esto se debe a que se puede pasar un carácter '!' al programa ed. • http://rachelbythebay.com/w/2018/04/05/bangpatch http://www.securityfocus.com/bid/76236 http://www.securitytracker.com/id/1033188 https://bugs.debian.org/894667 https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5674
https://notcve.org/view.php?id=CVE-2015-5674
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. Routed daemon en FreeBSD 9.3 anteriores a 9.3-RELEASE-p22, 10.2-RC2 anteriores a 10.2-RC2-p1, 10.2-RC1 anteriores a 10.2-RC1-p2, 10.2 anteriores a 10.2-BETA2-p3 y 10.1 anteriores a 10.1-RELEASE-p17 permite que los usuarios autenticados remotos provocan una denegación de servicio (fallo de aserción y cierre del demonio) mediante una consulta de una red que no está conectada directamente. • http://www.securityfocus.com/bid/76244 http://www.securitytracker.com/id/1033185 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:19.routed.asc • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1416
https://notcve.org/view.php?id=CVE-2015-1416
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. El parche Larry Wall, el parche en FreeBSD en versiones 10.2-RC1 anteriores a la 10.2-RC1-p1, 10.2 anteriores a la 10.2-BETA2-p2, 10.1 anteriores a la 10.1-RELEASE-p16; Bitrig, el parche GNU en versiones anteriores a la 2.2.5 y posiblemente otras variantes de parches permiten que los atacantes remotos ejecutan comandos shell mediante un archivo de parche manipulado. • http://www.openwall.com/lists/oss-security/2015/07/30/9 http://www.openwall.com/lists/oss-security/2015/08/01/4 http://www.openwall.com/lists/oss-security/2015/08/02/1 http://www.openwall.com/lists/oss-security/2015/08/02/6 http://www.securityfocus.com/bid/76116 http://www.securitytracker.com/id/1033110 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-1417
https://notcve.org/view.php?id=CVE-2015-1417
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. El módulo inet en FreeBSD versión 10.2x anterior a 10.2-PRERELEASE, versión 10.2-BETA2-p2, versión 10.2-RC1-p1, versión 10.1x anterior a 10.1-RELEASE-p16, versión 9.x anterior a 9.3-STABLE, versión 9.3-RELEASE-p21, y versión 8. x anterior a 8.4-ESTABLE, versión 8.4-RELEASE-p35 en sistemas con VNET habilitado y al menos 16 peticiones VNET permiten a los atacantes remotos causar una denegación de servicio (consumo de mbuf) por medio de múltiples conexiones TCP concurrentes. • http://www.securityfocus.com/bid/76112 http://www.securitytracker.com/id/1033111 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 2CVE-2015-1415 – FreeBSD 10.x ZFS encryption.key Disclosure
https://notcve.org/view.php?id=CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. El instalador bsdinstall en FreeBSD 10.x anterior a 10.1 p9, cuando configura ZFS codificado de disco completo, utiliza permisos de lectura universal para el fichero de claves GELI (/boot/encryption.key), lo que permite a usuarios locales obtener información sensible de claves mediante la lectura del fichero. FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk. • http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html http://www.securityfocus.com/archive/1/535209/100/0/threaded http://www.securitytracker.com/id/1032042 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •