CVE-2017-18344 – Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
https://notcve.org/view.php?id=CVE-2017-18344
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). La implementación de llamada del sistema timer_create en kernel/time/posix-timers.c en el kernel de Linux en versiones anteriores a la 4.14.8 no valida correctamente el campo sigevent->sigev_notify, conduciendo a un acceso fuera de límites en la función show_timer (que se llama cuando se lee /proc/$PID/timers). Esto permite que las aplicaciones del espacio del usuario lean memoria del kernel arbitraria (en un kernel construido con CONFIG_POSIX_TIMERS y CONFIG_CHECKPOINT_RESTORE). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function. • https://www.exploit-db.com/exploits/45175 http://www.securityfocus.com/bid/104909 http://www.securitytracker.com/id/1041414 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3459 https://access.redhat.com/errata/RHSA-2018:3540 https://access.redhat.com/errata/RHSA-2018:3586 https://access.redhat.com/errata/RHSA-2018:3590 https:/ • CWE-125: Out-of-bounds Read •
CVE-2018-10879 – kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file
https://notcve.org/view.php?id=CVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar un uso de memoria previamente liberada en la función ext4_xattr_set_entry y puede ocurrir una denegación de servicio (DoS) u otro impacto no especificado renombrando una imagen del sistema de archivos ext4 manipulado. • http://patchwork.ozlabs.org/patch/928666 http://patchwork.ozlabs.org/patch/928667 http://www.securityfocus.com/bid/104902 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=200001 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6 • CWE-416: Use After Free •
CVE-2018-10878 – kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-10878
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar una escritura fuera de límites y una denegación de servicio (DoS) u otro impacto no especificado montando y operando una imagen del sistema de archivos ext4 manipulado. • http://patchwork.ozlabs.org/patch/929237 http://patchwork.ozlabs.org/patch/929238 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199865 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee https://git.kernel.org/pub • CWE-787: Out-of-bounds Write •
CVE-2018-10881 – kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar un acceso fuera de límites en la función ext4_get_group_info, una denegación de servicio (DoS) y un cierre inesperado del sistema montando y operando una imagen del sistema de archivos ext4 especialmente manipulada. • http://patchwork.ozlabs.org/patch/929792 http://www.securityfocus.com/bid/104901 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=200015 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b https://lists.debian.org/debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2018-10862 – wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
https://notcve.org/view.php?id=CVE-2018-10862
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. WildFly Core en versiones anteriores a la 6.0.0.0.Alpha3 no valida correctamente las rutas de los archivos en los archivos .war, lo que permite la extracción de archivos .war manipulados para sobrescribir archivos arbitrarios. Este es un ejemplo de la vulnerabilidad 'Zip Slip'. It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. • https://access.redhat.com/errata/RHSA-2018:2276 https://access.redhat.com/errata/RHSA-2018:2277 https://access.redhat.com/errata/RHSA-2018:2279 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •