CVE-2015-2774
https://notcve.org/view.php?id=CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Erlang/OTP en versiones anteriores a 18.0-rc1 no comprueba correctamente los bytes de relleno CBC cuando finaliza las conexiones, lo que hace más fácil para atacantes man-in-the-middle obtener datos en texto plano a través de un ataque padding-oracle, una variante de CVE-2014-3566 (también conocida como POODLE). • http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html http://openwall.com/lists/oss-security/2015/03/27/6 http://openwall.com/lists/oss-security/2015/03/27/9 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73398 https://usn.ubuntu.com/3571-1 https://web.archive.org/web/20150905124006/http://www.erlang.org/news/85 https://www.imperialviolet.org/2014/12/08/poodleagain.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-1693
https://notcve.org/view.php?id=CVE-2014-1693
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command. Múltiples vulnerabilidades de inyección CRLF en el módulo FTP en Erlang/OTP R15B03 permiten a atacantes dependientes de contexto inyectar comandos FTP arbitrarios a través de secuencias CRLF en el comando (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, o (18) append_bin. • http://advisories.mageia.org/MGASA-2014-0553.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html http://seclists.org/oss-sec/2014/q1/163 http://www.mandriva.com/security/advisories?name=MDVSA-2015:174 https://bugzilla.redhat.com/show_bug.cgi?id=1059331 https://usn.ubuntu.com/3571-1 •