CVE-2016-9949 – Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
https://notcve.org/view.php?id=CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y después evalúa el campo como código Python si comienza con un "{". • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2015-1328 – Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. La implementación de overlayfs en el paquete linux (también conocido como kernel Linux) en versiones anteriores a 3.19.0-21.21 en Ubuntu hasta la versión 15.04 no comprueba adecuadamente permisos para la creación de archivos en el directorio de sistema de archivos upper, lo que permite a usuarios locales obtener acceso de root aprovechando una configuración donde overlayfs es permitido en un espacio de nombre de montaje arbitrario. • https://www.exploit-db.com/exploits/40688 https://www.exploit-db.com/exploits/37293 https://www.exploit-db.com/exploits/37292 https://github.com/elit3pwner/CVE-2015-1328-GoldenEye https://github.com/notlikethis/CVE-2015-1328 https://github.com/SR7-HACKING/LINUX-VULNERABILITY-CVE-2015-1328 http://seclists.org/oss-sec/2015/q2/717 http://www.exploit-db.com/exploits/40688 http://www.securityfocus.com/bid/75206 https://people.canonical.com/~ubuntu-security/cve/2015/CVE • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1944 – curl: Cookie domain suffix match vulnerability
https://notcve.org/view.php?id=CVE-2013-1944
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. • http://curl.haxx.se/docs/adv_20130412.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1899 – PostgreSQL Database Name Command Line Flag Injection
https://notcve.org/view.php?id=CVE-2013-1899
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). Vulnerabilidad de inyección de argumentos en PostgreSQL 9.2.x anterior a 9.2.4, 9.1.x anterior a 9.1.9, y 9.0.x anterior a 9.0.13, permite a atacantes remotos provocar una denegación de servicio (corrupción de archivos) y permite a usuarios autenticados remotamente modificar los parámetros de configuración y ejecutar código arbitrario a través de una petición de conexión utilizando un nombre de base de datos que comienza con el carácter "-". • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-1901
https://notcve.org/view.php?id=CVE-2013-1901
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9 no comprueba correctamente los privilegios de "REPLICATION", lo que permite a usuarios remotos autenticados para eludir restricciones de seguridad destinados a la llamada (1) pg_start_backup o las funciones (2) pg_stop_backup. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-264: Permissions, Privileges, and Access Controls •