CVE-2023-5870 – Postgresql: role pg_signal_backend can signal certain superuser processes.
https://notcve.org/view.php?id=CVE-2023-5870
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Se encontró una falla en PostgreSQL que involucra la función pg_cancel_backend que señala a los trabajadores en segundo plano, incluido el iniciador de replicación lógica, los trabajadores de autovacuum y el iniciador de autovacuum. La explotación exitosa requiere una extensión no central con un trabajador en segundo plano menos resistente y afectaría únicamente a ese trabajador en segundo plano específico. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-4641 – Shadow-utils: possible password leak during passwd(1) change
https://notcve.org/view.php?id=CVE-2023-4641
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. Se encontró una falla en Shadow-Utils. • https://access.redhat.com/errata/RHSA-2023:6632 https://access.redhat.com/errata/RHSA-2023:7112 https://access.redhat.com/errata/RHSA-2024:0417 https://access.redhat.com/errata/RHSA-2024:2577 https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 • CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm •
CVE-2023-4732 – Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h
https://notcve.org/view.php?id=CVE-2023-4732
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. Se encontró una falla en pfn_swap_entry_to_page en el subsistema de administración de memoria del kernel de Linux. En esta falla, un atacante con privilegios de usuario local puede causar un problema de denegación de servicio debido a una declaración de ERROR que hace referencia a pmd_t x. • https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/security/cve/CVE-2023-4732 https://bugzilla.redhat.com/show_bug.cgi?id=2236982 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVE-2023-4806 – Glibc: potential use-after-free in getaddrinfo()
https://notcve.org/view.php?id=CVE-2023-4806
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. Se encontró una falla en glibc. • http://www.openwall.com/lists/oss-security/2023/10/03/4 http://www.openwall.com/lists/oss-security/2023/10/03/5 http://www.openwall.com/lists/oss-security/2023/10/03/6 http://www.openwall.com/lists/oss-security/2023/10/03/8 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:7409 https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/sho • CWE-416: Use After Free •
CVE-2023-4527 – Glibc: stack read overflow in getaddrinfo in no-aaaa mode
https://notcve.org/view.php?id=CVE-2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. Se encontró una falla en glibc. Cuando se llama a la función getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema está configurado con el modo no-aaaa a través de /etc/resolv.conf, una respuesta DNS a través de TCP de más de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a través de los datos de la dirección devuelta por la función, y puede provocar un crash. • http://www.openwall.com/lists/oss-security/2023/09/25/1 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA https: • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •