CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 53CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. GNU Bash hasta la versión 4.3 procesa cadenas finales después de las definiciones de funciones en los valores de variables de entorno, lo que permite a atacantes remotos ejecutar código arbitrario a través de un entorno manipulado, tal como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en las cuales el ajuste de entorno ocurre a través de un límite privilegiado de la ejecución de Bash, también conocido como "ShellShock." NOTA: la reparación original para este problema era incorrecta; CVE-2014-7169 ha sido asignada para cubrir la vulnerabilidad que todavía está presente después de la solución incorrecta. A flaw was found in the way Bash evaluated certain specially crafted environment variables. • https://github.com/darrenmartyn/visualdoor https://www.exploit-db.com/exploits/38849 https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/39918 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/40619 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/40938 https://www.exploit-db.com/exploits/34900 https • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.3EPSS: 0%CPEs: 35EXPL: 0CVE-2014-4027 – Kernel: target/rd: imformation leakage
https://notcve.org/view.php?id=CVE-2014-4027
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI. An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 http://www.openwall. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •