CVE-2016-4992 – 389-ds-base: Information disclosure via repeated use of LDAP ADD operation
https://notcve.org/view.php?id=CVE-2016-4992
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. Servidor de directorios en Red Hat Enterprise Linux de escritorio 6 a 7, Red Hat Enterprise Linux HPC de nodo 6 a 7, Servidor 6 a 7 de Red Hat Enterprise Linux y Red Hat Enterprise Linux Estación de trabajo 6 a 7 permite a atacantes remotos inferir la existencia del componente RDN objetos. An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. • http://rhn.redhat.com/errata/RHSA-2016-2594.html http://rhn.redhat.com/errata/RHSA-2016-2765.html https://bugzilla.redhat.com/show_bug.cgi?id=1347760 https://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1 https://access.redhat.com/security/cve/CVE-2016-4992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2016-5405 – 389-ds-base: Password verification vulnerable to timing attack
https://notcve.org/view.php?id=CVE-2016-5405
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. 389 Directory Server en Red Hat Enterprise Linux Desktop versiones 6 a la 7, Red Hat Enterprise Linux HPC Node versiones 6 a la 7, servidor Red Hat Enterprise Linux versiones 6 a la 7 y Red Hat Enterprise Linux Las Workstation versiones 6 a la 7, permiten a atacantes remotos obtener contraseñas de usuario. It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries. • http://rhn.redhat.com/errata/RHSA-2016-2594.html http://rhn.redhat.com/errata/RHSA-2016-2765.html http://www.securityfocus.com/bid/93884 https://bugzilla.redhat.com/show_bug.cgi?id=1358865 https://access.redhat.com/security/cve/CVE-2016-5405 • CWE-199: Information Management Errors CWE-385: Covert Timing Channel •
CVE-2016-7091 – sudo: Possible info leak via INPUTRC
https://notcve.org/view.php?id=CVE-2016-7091
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. sudo: Se ha descubierto que la configuración por defecto de sudo en Red Hat Enterprise Linux y posiblemente en otras implementaciones de Linux preserva el valor de INPUTRC lo que podría llevar a revelación de información. Un usuario local con acceso sudo a un programa restringido que utiliza readline puede utilizar esta falla para leer contenido de archivos especialmente formateados con privilegios elevados concedidos por sudo. It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. • http://www.securityfocus.com/bid/92615 https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html https://rhn.redhat.com/errata/RHSA-2016-2593.html https://access.redhat.com/security/cve/CVE-2016-7091 https://bugzilla.redhat.com/show_bug.cgi?id=1339935 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-7050 – RESTEasy: SerializableProvider enabled by default and deserializes untrusted data
https://notcve.org/view.php?id=CVE-2016-7050
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. SerializablesProvider de RESTEasy en RedHat Enterprise Linux Desktop 7, RedHat Enterprise Linux HPC node 7, RedHat Enterprise Linux Server 7, y RedHat Enterprise Linux WorkStation 7 permite a un atacante remoto ejecutar código arbitrario. It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. • http://rhn.redhat.com/errata/RHSA-2016-2604.html https://bugzilla.redhat.com/show_bug.cgi?id=1378613 https://access.redhat.com/security/cve/CVE-2016-7050 • CWE-502: Deserialization of Untrusted Data •
CVE-2016-4455 – subscription-manager: sensitive world readable files in /var/lib/rhsm/
https://notcve.org/view.php?id=CVE-2016-4455
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. El paquete Subscription Manager (también conocido como subscription-manager) en versiones anteriores a 1.17.7-1 para Candlepin utiliza permisos débiles (755) para los directorios de caché del subscription-manager, lo que permite a los usuarios locales obtener información sensible leyendo archivos en los directorios. It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. • http://rhn.redhat.com/errata/RHSA-2016-2592.html http://rhn.redhat.com/errata/RHSA-2017-0698.html http://www.openwall.com/lists/oss-security/2016/10/26/5 http://www.securityfocus.com/bid/93926 http://www.securitytracker.com/id/1038083 https://bugzilla.redhat.com/show_bug.cgi?id=1340525 https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec https://github.com/candlepin/subscription-manager/commit/9dec31 https://access.redha • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •