CVE-2013-4237 – glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
https://notcve.org/view.php?id=CVE-2013-4237
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. sysdeps/posix/readdir_r.c en GNU C Library (también conocido como glibc o libc6) 2.18 y anteriores permite a atacantes dependientes del contexto provocar una denegación de servicio (escritura fuera de límites y cuelgue) o posiblemente ejecutar código arbitrario a través de (1) NTFS o (2) una imagen CIFS manipulada. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. • http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.openwall.com/lists/oss-security/2013/08/12/8 http://www.securityfocus.com/bid/61729 http://www.ubuntu.com/usn/USN-1991-1 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2012-4412 – GNU glibc - 'strcoll()' Routine Integer Overflow
https://notcve.org/view.php?id=CVE-2012-4412
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Desbordamiento de enteros en string/strcoll_l.c en GNU C Library (también conocida como glibc o libc6) 2.17 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación del servicio (cuelgue) o posiblemente ejecutar código arbitrario a través de una cadena larga, lo que provoca un desbordamiento de buffer basado en memoria dinámica. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • https://www.exploit-db.com/exploits/37783 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Jun/18 http://secunia.com/advisories/55113 http://sourceware.org/bugzilla/show_bug.cgi?id=14547 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2012/09/07/9 http • CWE-189: Numeric Errors •
CVE-2013-2207
https://notcve.org/view.php?id=CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. pt_chown en GNU C Library (también conocida como glibc o libc6) anterior a la versión 2.18 no comprueba adecuadamente los permisos para archivos tty, lo que permite a usuarios locales cambiar el permiso en los archivos y obtener acceso a pseudo-terminals arbitrarios mediante el aprovechamiento de un sistema de archivos FUSE. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=976408 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=15755 https • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4332 – glibc: three integer overflows in memory allocator
https://notcve.org/view.php?id=CVE-2013-4332
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Múltiples desbordamientos de enteros en malloc/malloc.c de GNU C Library (también conocida como glibc o libc6) 2.18 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación de servicio (corrupción de memoria dinámica) a través de un valor largo de funciones (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, o (5) aligned_alloc. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2013-1411.html http://rhn.redhat.com/errata/RHSA-2013-1605.html http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2013/09/12/6 http://www.securityfocus.com/bid/62324 http://www.ubuntu.com/usn/USN-1991-1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332 https:// • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2013-4122
https://notcve.org/view.php?id=CVE-2013-4122
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. SASL de Cyrus, 2.1.23, 2.1.26 y anteriores no trabaja correctamente cuando un valor NULL se devuelve a un error de la función crypt como se aplica en glibc 2.17 y posteriores, lo que permite a atacantes remotos provocar una denegación de servicio (caída de hilo y el consumo) a través de una "salt" no válido o, cuando FIPS-140 está activado, a contraseñas cifradas con DES o MD5, lo que desencadena una referencia a un puntero NULL • http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d http://security.gentoo.org/glsa/glsa-201309-01.xml http://www.debian.org/security/2015/dsa-3368 http://www.openwall.com/lists/oss-security/2013/07/12/3 http://www.openwall.com/lists/oss-security/2013/07/12/6 http://www.openwall.com/lists/oss-security/2013/07/13/1 http://www.openwall.com/lists/oss-security/2013/07/15/1 http://www.ubuntu.com/usn/USN-2755-1 https://www • CWE-189: Numeric Errors •