Page 19 of 108 results (0.021 seconds)

CVSS: 5.0EPSS: 1%CPEs: 28EXPL: 7

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." La implementación de regcomp en la librería de C de GNU (también conocido como glibc o libc6) desde v2.11.3 y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular que contiene repeticiones delimitadas adjacentes que pretenden evitar la limitación RE_DUP_MAX, como se demuestra mediante la secuencia {10} {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD, relacionado con un desbordamiento de "RE_DUP_MAX". Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/15935 http://cxib.net/stuff/proftpd.gnu.c http://seclists.org/fulldisclosure/2011/Jan/78 http://secunia.com/advisories/42547 http://securityreason.com/achievement_securityalert/93 http://securityreason.com/securityalert/8003 http://securitytracker.com/id?1024832 http://www.exploit-db.com/exploits/15935 http://www.kb.cert.org/vuls/id/912279 http://www.securityfocus.com/archive/1/515589/100/0/threaded http://www.securityfocus.com/bid/45 •

CVSS: 5.0EPSS: 2%CPEs: 28EXPL: 8

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. Vulnerabilidad de lconsumo de pila de memoria en la aplicación regcomp en la Biblioteca de C de GNU (también conocido como glibc o libc6) hasta v2.11.3, y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto para provocar una denegación de servicio (agotamiento de recursos) a través de expresión regular que contiene operadores de repetición adyacentes, como se demuestra con una secuencia {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/35061 https://www.exploit-db.com/exploits/15935 http://cxib.net/stuff/proftpd.gnu.c http://seclists.org/fulldisclosure/2011/Jan/78 http://secunia.com/advisories/42547 http://securityreason.com/achievement_securityalert/93 http://securityreason.com/securityalert/8003 http://securitytracker.com/id?1024832 http://www.exploit-db.com/exploits/15935 http://www.kb.cert.org/vuls/id/912279 http://www.securityfocus.com/archive/1/515589/100/0 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 3

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. ld.so en la librería de GNU C (también conocida como glibc o libc6) anteriores a v2.11.3, y v2.12.x anteriores a v2.12.2, no restringen el uso de la variable de entorno LD_AUDIT para hacer referencia a objetos dinámicos compartidos (DSO) como objetos de auditoría, que permite a usuarios locales conseguir privilegios mediante el aprovechamiento de un DSO inseguros ubicado en un directorio de la librería de confianza, como lo demuestra libpcprofile.so. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • https://www.exploit-db.com/exploits/18105 https://www.exploit-db.com/exploits/44025 https://www.exploit-db.com/exploits/15304 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2010/Oct/344 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2023/Jul/31 http:/&# • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •

CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 5

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. elf/dl-load.c de ld.so en la Biblioteca GNU C (también conocida como glibc o libc6) hasta v2.11.2, y v2.12.x hasta v2.12.1 no maneja adecuadamente un valor de $ORIGIN de la variable de entorno LD_AUDIT, esto permite a usuarios locales aumentar sus privilegios mediante un objeto dinámico compartido (DSO) ubicado en un directorio aleatorio. The GNU C library dynamic linker suffers from an $ORIGIN expansion vulnerability. • https://www.exploit-db.com/exploits/44024 https://www.exploit-db.com/exploits/44025 https://www.exploit-db.com/exploits/15274 https://www.exploit-db.com/exploits/15304 http://seclists.org/fulldisclosure/2010/Oct/257 http://seclists.org/fulldisclosure/2010/Oct/292 http://seclists.org/fulldisclosure/2010/Oct/294 http://secunia.com/advisories/42787 http://security.gentoo.org/glsa/glsa-201011-01.xml http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html http://s • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-426: Untrusted Search Path •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. Algunos mecanismos run-time de protección de memoria en la Librería C de GNU (también conocido como glibc o libc6) print argv[0] y backtrace information, lo cual permite a atacantes dependientes del contexto obtener información sensible de procesos de memoria mediante la ejecución de un programa incorrecto, como el demostrado por un programa setuid que contiene un error de desbordamiento de búfer basado en pila, relacionado con la función __fortify_fail en debug/fortify_fail.c, y las implementaciones __stack_chk_fail (también conocida como stack protection) y __chk_fail (también conocida como FORTIFY_SOURCE). • http://seclists.org/fulldisclosure/2010/Apr/399 http://www.openwall.com/lists/oss-security/2010/08/25/8 http://www.openwall.com/lists/oss-security/2010/08/31/6 http://www.openwall.com/lists/oss-security/2010/08/31/7 http://www.openwall.com/lists/oss-security/2010/09/02/2 http://www.openwall.com/lists/oss-security/2010/09/02/3 http://www.openwall.com/lists/oss-security/2010/09/02/4 http://www.openwall.com/lists/oss-security/2010/09/02/5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •