CVE-2018-1073 – ovirt-engine: account enumeration through login to web console
https://notcve.org/view.php?id=CVE-2018-1073
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. El formulario de inicio de sesión en la consola web de ovirt-engine, en versiones anteriores a la 4.2.3, devolvió errores diferentes para usuarios inexistentes y contraseñas no válidas, lo que permitió que un atacante descubriese los nombres de cuentas de usuario válidas. The ovirt-engine web console login form returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. • http://www.securityfocus.com/bid/104189 https://access.redhat.com/errata/RHSA-2018:1525 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1073 https://access.redhat.com/security/cve/CVE-2018-1073 https://bugzilla.redhat.com/show_bug.cgi?id=1553525 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2018-1111 – DynoRoot DHCP Client - Command Injection
https://notcve.org/view.php?id=CVE-2018-1111
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. Los paquetes DHCP en Red Hat Enterprise Linux 6 y 7, Fedora 28 y anteriores son vulnerables a un error de inyección de comandos en el script de integración NetworkManager incluido en el cliente DHCP. Un servidor DHCP malicioso o un atacante en la red ocal capaz de suplantar respuestas DHCP podría emplear este error para ejecutar comandos arbitrarios con privilegios root en sistemas que emplean NetworkManager y se configuran para obtener la configuración de red mediante el protocolo de configuración dinámica de host (DHCP). A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. • https://www.exploit-db.com/exploits/44652 https://www.exploit-db.com/exploits/44890 https://github.com/kkirsche/CVE-2018-1111 https://github.com/knqyf263/CVE-2018-1111 http://www.securityfocus.com/bid/104195 http://www.securitytracker.com/id/1040912 https://access.redhat.com/errata/RHSA-2018:1453 https://access.redhat.com/errata/RHSA-2018:1454 https://access.redhat.com/errata/RHSA-2018:1455 https://access.redhat.com/errata/RHSA-2018:1456 https://access.redhat.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-1118 – kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. El vhost del kernel de Linux desde la versión 4.8 no inicializa correctamente la memoria en los mensajes que se pasan entre invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Esto puede permitir que usuarios con privilegios locales lean el contenido de la memoria del kernel al leer del archivo de dispositivo /dev/vhost-net. The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3762-1 https://usn.ubuntu.com/3762-2 https://access.redhat.com/security/cve/CVE-2018-1118 https://bugzilla.redhat.com/show_bug.cgi?id=1573699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVE-2018-1087 – Kernel: KVM: error in exception handling leads to wrong debug stack value
https://notcve.org/view.php?id=CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. kernel KVM en versiones anteriores al kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 y kernel 4.17-rc3 es vulnerable a un error en la forma en la que el hipervisor KVM del kernel de Linux gestiona las excepciones lanzadas tras una operación de cambio de pila mediante instrucciones Mov SS o Pop SS. Durante la operación de cambio de pila, el procesador no lanzó interrupciones y excepciones, sino que las lanza una vez se ha ejecutado la primera instrucción tras el cambio de pila. Un usuario invitado sin privilegios de KVM podría usar este error para provocar el cierre inesperado del guest o escalar sus privilegios en el guest. • http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.securityfocus.com/bid/104127 http://www.securitytracker.com/id/1040862 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1524 https://access.redhat.com/security/vulnerabili • CWE-250: Execution with Unnecessary Privileges •
CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 http://www.securityfocus.com/bid/104093 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018& • CWE-416: Use After Free •