CVE-2015-8776 – glibc: Segmentation fault caused by passing out-of-range data to strftime()
https://notcve.org/view.php?id=CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. La función strftime en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente obtener información sensible a través de un valor de tiempo fuera de rango. It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://rhn.redhat.com/errata/RHSA-2017-0680.html http • CWE-189: Numeric Errors •
CVE-2015-8777 – glibc: LD_POINTER_GUARD in the environment is not sanitized
https://notcve.org/view.php?id=CVE-2015-8777
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. La función process_envvars en elf/rtld.c en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a usuarios locales eludir un mecanismo de protección de puntero a través de un valor cero de la variable de entorno LD_POINTER_GUARD. It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application. • http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://www.debian.org/security/2016/dsa-3480 http://www.openwall& • CWE-254: 7PK - Security Features •
CVE-2015-1781 – glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
https://notcve.org/view.php?id=CVE-2015-1781
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Desbordamiento de buffer en gethostbyname_r y otras funciones NSS no especificadas en la librería C de GNU (también conocida como glibc o libc6) en versiones anteriores a 2.22, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o ejecutar código arbitrario a través de una respuesta DNS manipulada, lo que desencadena una llamada con un buffer incorrectamente alineado. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.debian.org/security/2016/dsa-3480 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74255 http://www.securitytracker.com/id/1032178 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-8121 – glibc: Unexpected closing of nss_files databases after lookups causes denial of service
https://notcve.org/view.php?id=CVE-2014-8121
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo está abierto, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) realizando una búsqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido. It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0327.html http://www.debian.org/security/2016/dsa-3480 http://www.securityfocus.com/bid/73038 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=1165192 https://security.gentoo.org/glsa/201602-02 https://sourcewa • CWE-17: DEPRECATED: Code CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2013-7423 – glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
https://notcve.org/view.php?id=CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. La función send_dg en resolv/res_send.c en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.20 no reutiliza adecuadamente descriptores de fichero, lo que permite a atacantes remotos mandar consultas DNS a ubicaciones no intencionadas a través de un gran número de peticiones que desencadenan una llamada a la función getaddrinfo. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://rhn.redhat.com/errata/RHSA-2015-0863.html http://seclists.org/fulldisclosure/2021/Sep/0 http://www.openwall.com/lists/oss-security/2015/01/28/20 http://www.securityfocus.com/bid/72844 http://www.ubuntu.com/usn/USN-2519-1 https://access.redhat.com/errata/RHSA-2016:1207 https://github.com/golang • CWE-17: DEPRECATED: Code CWE-201: Insertion of Sensitive Information Into Sent Data •