CVE-2015-1781 – glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
https://notcve.org/view.php?id=CVE-2015-1781
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Desbordamiento de buffer en gethostbyname_r y otras funciones NSS no especificadas en la librería C de GNU (también conocida como glibc o libc6) en versiones anteriores a 2.22, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o ejecutar código arbitrario a través de una respuesta DNS manipulada, lo que desencadena una llamada con un buffer incorrectamente alineado. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.debian.org/security/2016/dsa-3480 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74255 http://www.securitytracker.com/id/1032178 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-8121 – glibc: Unexpected closing of nss_files databases after lookups causes denial of service
https://notcve.org/view.php?id=CVE-2014-8121
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo está abierto, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) realizando una búsqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido. It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0327.html http://www.debian.org/security/2016/dsa-3480 http://www.securityfocus.com/bid/73038 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=1165192 https://security.gentoo.org/glsa/201602-02 https://sourcewa • CWE-17: DEPRECATED: Code CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2013-7423 – glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
https://notcve.org/view.php?id=CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. La función send_dg en resolv/res_send.c en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.20 no reutiliza adecuadamente descriptores de fichero, lo que permite a atacantes remotos mandar consultas DNS a ubicaciones no intencionadas a través de un gran número de peticiones que desencadenan una llamada a la función getaddrinfo. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://rhn.redhat.com/errata/RHSA-2015-0863.html http://seclists.org/fulldisclosure/2021/Sep/0 http://www.openwall.com/lists/oss-security/2015/01/28/20 http://www.securityfocus.com/bid/72844 http://www.ubuntu.com/usn/USN-2519-1 https://access.redhat.com/errata/RHSA-2016:1207 https://github.com/golang • CWE-17: DEPRECATED: Code CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2014-9402 – glibc: denial of service in getnetbyname function
https://notcve.org/view.php?id=CVE-2014-9402
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. La implementación nss_dns de getnetbyname en GNU C Library (también conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuración Name Service Switch está habilitado, permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediante el envió de una respuesta positiva mientras el nombre de una red está siendo procesada. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.openwall.com/lists/oss-security/2014/12/18/1 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2013-7424 – glibc: Invalid-free when using getaddrinfo()
https://notcve.org/view.php?id=CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Vulnerabilidad en la función getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una denegación de servicio (liberación de memoria no válida) y posiblemente ejecutar código arbitrario a través de vectores no especificados, según lo demostrado en un nombre de dominio internacionalizado para ping6. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. • http://rhn.redhat.com/errata/RHSA-2015-1627.html http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.securityfocus.com/bid/72710 https://bugzilla.redhat.com/show_bug.cgi?id=1186614 https://bugzilla.redhat.com/show_bug.cgi?id=981942 https://sourceware.org/bugzilla/show_bug.cgi?id=18011 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7 https://access.redhat.com/security/cve/CVE-2013-7424 • CWE-17: DEPRECATED: Code •