CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2016-6321 – GNU tar 1.29 Extract Pathname Bypass
https://notcve.org/view.php?id=CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. Vulnerabilidad de salto de directorio en la función safer_name_suffix en GNU tar 1.14 hasta la versión 1.29 podrían permitir a atacantes remotos eludir un mecanismo de protección previsto y escribir en archivos arbitarios a través de vectores relacionados con una desinfección inadecuada del parámetro file_name, también conocida como POINTYFEATHER. The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected. • http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html http://seclists.org/fulldisclosure/2016/Oct/102 http://seclists.org/fulldisclosure/2016/Oct/96 http://www.debian.org/security/2016/dsa-3702 http://www.securityfocus.com/bid/93937 http://www.ubuntu.com/usn/USN-3132-1 https://lists.apache. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2016-6323
https://notcve.org/view.php?id=CVE-2016-6323
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. La función makecontext en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.25 crea contexto de ejecución incompatibles con el desbobinador en plataformas ARM EABI (32-bit), lo que podría permitir a atacantes dependientes del contexto provocar una denegación de servicio (cuelgue), según lo demostrado por las aplicaciones compiladas utilizando gccgo, relacionado con la generación de traza inversa. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.openwall.com/lists/oss-security/2016/08/18/12 http://www.securityfocus.com/bid/92532 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTXSOVCRDGBIB4WCIDAGYYUBESXZ4IGK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWSAZVBTLALXF4SCBPDV3FY6J22DXLZ https://lists.fedoraproject.org/archives/list/pac • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7444 – gnutls: Incorrect certificate validation when using OCSP responses (GNUTLS-SA-2016-3)
https://notcve.org/view.php?id=CVE-2016-7444
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. La función gnutls_ocsp_resp_check_crt en lib/x509/ocsp.c en GnuTLS en versiones anteriores a 3.4.15 y 3.5.x en versiones anteriores a 3.5.4 no verifica la longitud de serie de una respuesta OCSP, lo que podría permitir a atacantes remotos eludir un mecanismo de validación destinada a certificados a través de vectores que involucran bytes finales dejados por gnutls_malloc. A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html http://www.securityfocus.com/bid/92893 https://access.redhat.com/errata/RHSA-2017:2292 https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html https://www.gnutls.org/security.html https://access.redhat.com/security/cve/CVE-2016-7444 https://bugzilla.redhat.com/show_bug.cgi?id=1374266 • CWE-264: Permissions, Privileges, and Access Controls CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 2CVE-2016-7098 – GNU Wget < 1.18 - Access List Bypass / Race Condition
https://notcve.org/view.php?id=CVE-2016-7098
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. Condición de carrera en wget1.17 y versiones anteriores, cuando es utilizado en modo recursivo o de reflejo para descargar un único archivo, podría permitir a servidores remotos eludir las restricciones de lista destinadas al acceso manteniendo una conexión HTTP abierta. GNU wget versions 1.17 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with the -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution, etc. • https://www.exploit-db.com/exploits/40824 http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html http://www.openwall.com/lists/oss-security/2016/08/27/2 http://www.securityfocus.com/bid/93157 https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2016-6893 – mailman: CSRF protection missing in the user options page
https://notcve.org/view.php?id=CVE-2016-6893
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. Vulnerabilidad de CSRF en la página de opciones de usuario en GNU Mailman 2.1.x en versiones anteriores a 2.1.23 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones que modifican una opción, tal como se demuestra ganando acceso a las credenciales de una cuenta de una víctima. • http://www.debian.org/security/2016/dsa-3668 http://www.securityfocus.com/bid/92731 http://www.securitytracker.com/id/1036728 https://bugs.launchpad.net/bugs/1614841 https://access.redhat.com/security/cve/CVE-2016-6893 https://bugzilla.redhat.com/show_bug.cgi?id=1370155 • CWE-352: Cross-Site Request Forgery (CSRF) •