CVE-2012-4412 – GNU glibc - 'strcoll()' Routine Integer Overflow
https://notcve.org/view.php?id=CVE-2012-4412
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Desbordamiento de enteros en string/strcoll_l.c en GNU C Library (también conocida como glibc o libc6) 2.17 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación del servicio (cuelgue) o posiblemente ejecutar código arbitrario a través de una cadena larga, lo que provoca un desbordamiento de buffer basado en memoria dinámica. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • https://www.exploit-db.com/exploits/37783 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Jun/18 http://secunia.com/advisories/55113 http://sourceware.org/bugzilla/show_bug.cgi?id=14547 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2012/09/07/9 http • CWE-189: Numeric Errors •
CVE-2013-2207
https://notcve.org/view.php?id=CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. pt_chown en GNU C Library (también conocida como glibc o libc6) anterior a la versión 2.18 no comprueba adecuadamente los permisos para archivos tty, lo que permite a usuarios locales cambiar el permiso en los archivos y obtener acceso a pseudo-terminals arbitrarios mediante el aprovechamiento de un sistema de archivos FUSE. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=976408 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=15755 https • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4332 – glibc: three integer overflows in memory allocator
https://notcve.org/view.php?id=CVE-2013-4332
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Múltiples desbordamientos de enteros en malloc/malloc.c de GNU C Library (también conocida como glibc o libc6) 2.18 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación de servicio (corrupción de memoria dinámica) a través de un valor largo de funciones (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, o (5) aligned_alloc. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2013-1411.html http://rhn.redhat.com/errata/RHSA-2013-1605.html http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2013/09/12/6 http://www.securityfocus.com/bid/62324 http://www.ubuntu.com/usn/USN-1991-1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332 https:// • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2013-4122
https://notcve.org/view.php?id=CVE-2013-4122
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. SASL de Cyrus, 2.1.23, 2.1.26 y anteriores no trabaja correctamente cuando un valor NULL se devuelve a un error de la función crypt como se aplica en glibc 2.17 y posteriores, lo que permite a atacantes remotos provocar una denegación de servicio (caída de hilo y el consumo) a través de una "salt" no válido o, cuando FIPS-140 está activado, a contraseñas cifradas con DES o MD5, lo que desencadena una referencia a un puntero NULL • http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d http://security.gentoo.org/glsa/glsa-201309-01.xml http://www.debian.org/security/2015/dsa-3368 http://www.openwall.com/lists/oss-security/2013/07/12/3 http://www.openwall.com/lists/oss-security/2013/07/12/6 http://www.openwall.com/lists/oss-security/2013/07/13/1 http://www.openwall.com/lists/oss-security/2013/07/15/1 http://www.ubuntu.com/usn/USN-2755-1 https://www • CWE-189: Numeric Errors •
CVE-2013-4788 – glibc and eglibc 2.5/2.7/2.13 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4788
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. La implementación PTR_MANGLE en la GNU C Library (librería también conocida como glibc o libc6) 2.4, 2.17 y versiones anteriores y Embedded GLIBC (EGLIBC) no inicia el valor aleatorio para la guardia de puntero, lo que facilita a atacantes dependientes del contexto controlar la ejecución de flujo aprovechando una vulnerabilidad de desbordamiento de búfer en una aplicación y utilizando el valor cero conocido guardia de puntero para calcular la dirección de puntero. • https://www.exploit-db.com/exploits/28657 http://hmarco.org/bugs/CVE-2013-4788.html http://seclists.org/fulldisclosure/2015/Sep/23 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2013/07/15/9 http://www.securityfocus.com/bid/61183 https://security.gentoo.org/glsa/201503-04 • CWE-20: Improper Input Validation •