Page 16 of 93 results (0.016 seconds)

CVSS: 7.8EPSS: 94%CPEs: 109EXPL: 0

CVE-2013-4854 – ISC BIND rdata Denial Of Service Vulnerability

https://notcve.org/view.php?id=CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, 9.8.6b1, 9.9.x anterior a 9.9.3-P2, y 9.9.4b1, y DNSco BIND 9.9.3-S1 anterior a 9.9.3-S1-P1 y 9.9.4-S1b1, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una petición con una sección RDATA manipulada que se maneja adecuadamente durante la contrucción de mensaje de log. Ha sido explotada "in the wild" en Julio de 2013. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a length that is less than four. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html http://rhn. •

CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 2

CVE-2013-2171 – FreeBSD 9 - Address Space Manipulation Privilege Escalation

https://notcve.org/view.php?id=CVE-2013-2171

The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls. La función vm_map_lookup en sys/vm/vm_map.c en la ejecución de "mmap" en el kernel en FreeBSD v9.0 hasta v9.1-RELEASE-p4 no determina correctamente si una tarea debe tener acceso de escritura a una posición de memoria, que permite a los usuarios locales saltarse permisos de escritura del sistema de archivos y por lo tanto obtener privilegios a través de una aplicación manipulada que aprovecha permisos de lectura, y que hace llamadas al sistema "mmap" y "ptrace". • https://www.exploit-db.com/exploits/26454 https://www.exploit-db.com/exploits/26368 http://svnweb.freebsd.org/base?view=revision&revision=251901 http://www.debian.org/security/2013/dsa-2714 http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 10%CPEs: 6EXPL: 0

CVE-2013-3266

https://notcve.org/view.php?id=CVE-2013-3266

The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory. La función nfsrvd_readdir en sys/fs/nfsserver/nfs_nfsdport.c en el nuevo servidor NFS en FreeBSD v8.0 a través de v9.1-RELEASE-p3 no verifica que la solicitud READDIR para un nodo de directorio, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario mediante la especificación de un archivo sin formato en lugar de un directorio. • http://secunia.com/advisories/53241 http://www.debian.org/security/2013/dsa-2672 http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc http://www.securitytracker.com/id/1028491 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2012-4576

https://notcve.org/view.php?id=CVE-2012-4576

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges FreeBSD: un Fallo de Comprobación de Entrada permite a usuarios locales alcanzar privilegios elevados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0089.html http://www.securityfocus.com/bid/56654 http://www.securitytracker.com/id?1027809 https://access.redhat.com/security/cve/cve-2012-4576 https://exchange.xforce.ibmcloud.com/vulnerabilities/80321 https://security-tracker.debian.org/tracker/CVE-2012-4576 • CWE-20: Improper Input Validation •

CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 3

CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation

https://notcve.org/view.php?id=CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •