CVE-2014-8768 – tcpdump 4.6.2 - Geonet Decoder Denial of Service
https://notcve.org/view.php?id=CVE-2014-8768
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. Múltiples subdesbordamientos de enteros en la función geonet_print en tcpdump 4.5.0 hasta 4.6.2, cuando se utiliza el modo verbose, permite a atacantes remotos causar una denegación de servicio (fallo de segmentación y caída) a través de un valor de longitud manipulado en un Frame Geonet. tcpdump versions 4.5.0 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed Geonet payload. • https://www.exploit-db.com/exploits/35359 http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Nov/48 http://www.exploit-db.com/exploits/35359 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/archive/1/534010/100/0/threaded http://www.securityfocus.com/bid/71155 http://www.ubuntu.com/ • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2014-5459
https://notcve.org/view.php?id=CVE-2014-5459
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. La clase PEAR_REST en REST.php en PEAR en PHP hasta 5.6.0 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero (1) rest.cachefile o (2) rest.cacheid en /tmp/pear/cache/, relacionado con las funciones retrieveCacheFirst y useLocalCache. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html http://www.openwall.com/lists/oss-security/2014/08/27/3 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2014-6270
https://notcve.org/view.php?id=CVE-2014-6270
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud UDP SNMP manipulada, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/542 http://seclists.org/oss-sec/2014/q3/550 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/69686 http://www.ubuntu.com/usn/USN-2921-1 https://bugzilla.novell.com/show_bug.cgi?id=895773 https://bugzilla.redhat.com/show_bug.cgi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2198
https://notcve.org/view.php?id=CVE-2011-2198
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". La capacidad de "insertar caracteres en blanco" en caps.c en gnome-terminal (vte) en versiones anteriores a 0.28.1 permite a usuarios autenticados remotos provocar una denegación de servicio (consumo de CPU y memoria y caída) a través de un archivo manipulado, según lo demostrado por un archivo que contiene la cadena "\033[100000000000000000@". • http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html http://www.openwall.com/lists/oss-security/2011/06/09/3 http://www.openwall.com/lists/oss-security/2011/06/13/10 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688 https://bugzilla.gnome.org/show_bug.cgi?id=652124 https://bugzilla.redhat.com/show_bug.cgi?id=712148 https://git.gnome.org/browse/vte/commit/?h=vte-0-28&am • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de transferencia fragmentada. NOTA: el proveedor afirma que "esto no es un problema de seguridad en httpd como tal." A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://martin.swende.se/blog/HTTPChunked.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://rhn.redhat.com/errata/RHSA-2015-1249.html http://rhn.redhat& • CWE-287: Improper Authentication •