CVE-2017-7668 – httpd: ap_find_token() buffer overread
https://notcve.org/view.php?id=CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99137 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2017-3167 – httpd: ap_get_basic_auth_pw() authentication bypass
https://notcve.org/view.php?id=CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, el uso de ap_get_basic_auth_pw() por parte de módulos de terceros fuera de la fase de autenticación puede dar lugar a que se omitan requisitos de autenticación.. It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99135 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://access.redhat.com/errata/RHS • CWE-287: Improper Authentication •
CVE-2017-5988
https://notcve.org/view.php?id=CVE-2017-5988
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. NetApp Clustered Data ONTAP 8.1 hasta la versión 9.1P1, cuando NFS o SMB está habilitado, permite a los atacantes remotos causar una denegación de servicio a través de vectores no especificados. • https://kb.netapp.com/support/s/article/NTAP-20170331-0001 •
CVE-2016-5374
https://notcve.org/view.php?id=CVE-2016-5374
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. NetApp Data ONTAP 9.0 y 9.1 en versiones anteriores a 9.1P1 permite a usuarios remotos autenticados que poseen datos alojados en SMB anfitrión eludir las restricciones de uso compartido previstas aprovechando el manejo inadecuado de la entrada ACL de derechos de propietario. • http://www.securityfocus.com/bid/96524 https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-3135 – Combination of DNS64 and RPZ Can Lead to Crash
https://notcve.org/view.php?id=CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. En ciertas condiciones, al emplear DNS64 y RPZ para rescribir respuestas a consultas, el procesamiento de consultas puede continuar de forma inconsistente, lo que puede conducir a un fallo de aserción de INSIST o a un intento para leer a través de un puntero NULL. Afecta a BIND en su versión 9.8.8, desde la versión 9.9.3-S1 hasta la 9.9.9-S7, desde la versión 9.9.3 hasta la 9.9.9-P5, la versión 9.9.10b1, desde la versión 9.10.0 hasta la 9.10.4-P5, la versión 9.10.5b1, desde la versión 9.11.0 hasta la 9.11.0-P2 y a la versión 9.11.1b1. A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. • http://rhn.redhat.com/errata/RHSA-2017-0276.html http://www.securityfocus.com/bid/96150 http://www.securitytracker.com/id/1037801 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://kb.isc.org/docs/aa-01453 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https://www.debian.org/security/2017/dsa-3795 https://access.redhat.com/security/cve/CVE-2017-3135 https:/ • CWE-476: NULL Pointer Dereference •