CVE-2016-7050 – RESTEasy: SerializableProvider enabled by default and deserializes untrusted data
https://notcve.org/view.php?id=CVE-2016-7050
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. SerializablesProvider de RESTEasy en RedHat Enterprise Linux Desktop 7, RedHat Enterprise Linux HPC node 7, RedHat Enterprise Linux Server 7, y RedHat Enterprise Linux WorkStation 7 permite a un atacante remoto ejecutar código arbitrario. It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. • http://rhn.redhat.com/errata/RHSA-2016-2604.html https://bugzilla.redhat.com/show_bug.cgi?id=1378613 https://access.redhat.com/security/cve/CVE-2016-7050 • CWE-502: Deserialization of Untrusted Data •
CVE-2016-4455 – subscription-manager: sensitive world readable files in /var/lib/rhsm/
https://notcve.org/view.php?id=CVE-2016-4455
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. El paquete Subscription Manager (también conocido como subscription-manager) en versiones anteriores a 1.17.7-1 para Candlepin utiliza permisos débiles (755) para los directorios de caché del subscription-manager, lo que permite a los usuarios locales obtener información sensible leyendo archivos en los directorios. It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. • http://rhn.redhat.com/errata/RHSA-2016-2592.html http://rhn.redhat.com/errata/RHSA-2017-0698.html http://www.openwall.com/lists/oss-security/2016/10/26/5 http://www.securityfocus.com/bid/93926 http://www.securitytracker.com/id/1038083 https://bugzilla.redhat.com/show_bug.cgi?id=1340525 https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec https://github.com/candlepin/subscription-manager/commit/9dec31 https://access.redha • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-3099 – mod_nss: Invalid handling of +CIPHER operator
https://notcve.org/view.php?id=CVE-2016-3099
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. mod_ns en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7, permite a atacantes remotos forzar el uso de cifrados que no estaban destinados a ser habilitados. A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183129.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184345.html http://rhn.redhat.com/errata/RHSA-2016-2602.html https://bugzilla.redhat.com/show_bug.cgi?id=1319052 https://access.redhat.com/security/cve/CVE-2016-3099 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-392: Missing Report of Error Condition •
CVE-2016-5410 – firewalld: Firewall configuration can be modified by any logged in user
https://notcve.org/view.php?id=CVE-2016-5410
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. firewalld.py en firewalld en versiones anteriores a 0.4.3.3 permite a usuarios locales eludir la autenticación y modificar las configuraciones del firewall a través de (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry o (5) setEntries D-Bus API method. A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings. • http://rhn.redhat.com/errata/RHSA-2016-2597.html http://www.firewalld.org/2016/08/firewalld-0-4-3-3-release http://www.openwall.com/lists/oss-security/2016/08/16/3 http://www.securityfocus.com/bid/92481 https://bugzilla.redhat.com/show_bug.cgi?id=1360135 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPM3GUQRU2KPRXDEQLAMCDQEAIARJSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJMYLGRVKIPJEI3VZJ4WQZT7FBQ5BKO • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVE-2016-6489 – nettle: RSA/DSA code is vulnerable to cache-timing related attacks
https://notcve.org/view.php?id=CVE-2016-6489
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. El código de descifrado RSA y DSA en Nettle facilita a los atacantes cubrir las claves privadas a través de un ataque de canal secundario de caché. It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. • http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/07/29/7 http://www.ubuntu.com/usn/USN-3193-1 https://bugzilla.redhat.com/show_bug.cgi?id=1362016 https://eprint.iacr.org/2016/596.pdf https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3 https://security.gentoo.org/glsa/201706-21 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2016-6489 • CWE-203: Observable Discrepancy •