CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15037
https://notcve.org/view.php?id=CVE-2017-15037
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. En FreeBSD hasta la versión 11.1, la función smb_strdupin en sys/netsmb/smb_subr.c tiene una condición de carrera con una lectura fuera de límites porque puede hace que les falten el carácter "\0" a las cadenas t2p->t_name. • http://www.securityfocus.com/bid/101191 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 https://svnweb.freebsd.org/base?view=revision&revision=324102 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6259
https://notcve.org/view.php?id=CVE-2017-6259
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. NVIDIA GPU Display Driver contiene una vulnerabilidad en el manejador layer del modo kernel donde una detección y recuperación incorrecta de un estado no válido producido por las acciones de un usuario específico pueden conllevar a la denegación de servicio. • http://nvidia.custhelp.com/app/answers/detail/a_id/4525 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6257
https://notcve.org/view.php?id=CVE-2017-6257
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges NVIDIA GPU Display Driver contiene una vulnerabilidad en el manejador layer del modo kernel donde una desreferencia del puntero NULL puede conllevar a la denegación de servicio o la potencial escalada de privilegios. • http://nvidia.custhelp.com/app/answers/detail/a_id/4525 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 4%CPEs: 10EXPL: 0CVE-2017-11103
https://notcve.org/view.php?id=CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. Heimdal en versiones anteriores a la 7.4 permite que atacantes remotos suplanten servicios con ataques Orpheus' Lyre ya que obtiene nombres de servicios principales, de manera que viola la especificación del protocolo Kerberos 5. • http://www.debian.org/security/2017/dsa-3912 http://www.h5l.org/advisories.html?show=2017-07-11 http://www.securityfocus.com/bid/99551 http://www.securitytracker.com/id/1038876 http://www.securitytracker.com/id/1039427 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0 https://support.apple.com/HT208112 https://support.apple.com/HT208144 https://support.apple.com/HT208221 https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc https://ww • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-1085 – FreeBSD - 'setrlimit' Stack Clash (PoC)
https://notcve.org/view.php?id=CVE-2017-1085
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. En FreeBSD en versiones anteriores a la 11.2-RELEASE, una aplicación que llama a setrlimit() para incrementar RLIMIT_STACK podría hacer que una región de memoria de solo lectura bajo la pila pase a ser una región de lectura y escritura. Un ejecutable especialmente manipulado podría explotarse para ejecutar código arbitrario en el contexto del usuario. • https://www.exploit-db.com/exploits/42279 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •