CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 4CVE-2018-1000001 – glibc - 'realpath()' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. En glibc 2.26 y anteriores existe una confusión en el uso de getcwd() por realpath(), que puede emplearse para escribir antes del búfer de destino. Esto conduce a un subdesbordamiento de búfer y a una potencial ejecución de código. glibc suffers from a getcwd() local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/44889 https://www.exploit-db.com/exploits/43775 https://github.com/0x00-0x00/CVE-2018-1000001 https://github.com/usernameid0/tools-for-CVE-2018-1000001 http://seclists.org/oss-sec/2018/q1/38 http://www.securityfocus.com/bid/102525 http://www.securitytracker.com/id/1040162 https://access.redhat.com/errata/RHSA-2018:0805 https://security.netapp.com/advisory/ntap-20190404-0003 https://usn.ubuntu.com/3534-1 https://usn.ubuntu.com • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas insuficiente en el controlador de la tarjeta de red bnx2x que puede resultar en un DoS: la aserción del firmware de la tarjeta de red toma la tarjeta offline. Parece que el ataque puede ser explotado mediante un atacante que deba pasar un paquete muy grande, especialmente manipulado a la tarjeta bnx2x. • http://lists.openwall.net/netdev/2018/01/16/40 http://lists.openwall.net/netdev/2018/01/18/96 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://patchwork.ozlabs.org/patch/859410 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn. • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()
https://notcve.org/view.php?id=CVE-2017-15129
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Se ha descubierto una vulnerabilidad en los nombres de espacio de red que afecta al kernel de Linux en versiones anteriores a la 4.14.11. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 http://seclists.org/oss-sec/2018/q1/7 http://www.securityfocus.com/bid/102485 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/security/cve/CVE-2017-15129 https://bugzilla.redhat.com/show_bug.cgi& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. • http://www.openwall.com/lists/oss-security/2017/12/04/2 http://www.securityfocus.com/bid/102038 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/security/cve/cve-2017-1000407 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https&# • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5344 – kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
https://notcve.org/view.php?id=CVE-2018-5344
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. En el kernel de Linux hasta la versión 4.14.13, drivers/block/loop.c gestiona de manera incorrecta la serialización de lo_release, lo que permite que atacantes provoquen una denegación de servicio (uso de memoria previamente liberada de __lock_acquire) o, posiblemente, otro impacto sin especificar. A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 http://www.securityfocus.com/bid/102503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https://usn.ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •