CVE-2008-3283 – Server: multiple memory leaks
https://notcve.org/view.php?id=CVE-2008-3283
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. Múltiples fugas de memoria en Red Hat Directory Server 7.1 anteriores al SP7, Red Hat Directory Server 8, y Fedora Directory Server 1.1.1 y anteriores, permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores que involucran: (1) la fase de autenticación/asignación y (2) peticiones de búsqueda LDAP anónimas. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 http://secunia.com/advisories/31565 http://secunia.com/advisories/31627 http://secunia.com/advisories/31702 http://secunia.com/advisories/31867 http://secunia.com/advisories/31913 http://securitytracker.com/id?1020774 http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html http://www.redhat.com/support/errata/RHSA-2008-0602.html http://www.redhat.com/support/errata/RHSA-2008-0 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2008-3252
https://notcve.org/view.php?id=CVE-2008-3252
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. Desbordamiento de búfer basado en pila en la función read_article en getarticle.c en newsx 1.6, permite a atacantes remotos ejecutar código de su elección a través de un artículo de noticias que contiene un gran número de líneas que empiezan con un período. • http://secunia.com/advisories/31080 http://secunia.com/advisories/31307 http://www.debian.org/security/2008/dsa-1622 http://www.securityfocus.com/bid/30231 https://bugzilla.redhat.com/show_bug.cgi?id=454483 https://exchange.xforce.ibmcloud.com/vulnerabilities/43844 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2359
https://notcve.org/view.php?id=CVE-2008-2359
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. La configuración predeterminada de consolehelper en system-config-network versiones anteriores a 1.5.10-1 en Fedora versión 8, carece de la directiva USER=root, lo que permite a los usuarios locales de la consola de la estación de trabajo alcanzar privilegios y cambiar la configuración de la red. • http://secunia.com/advisories/30399 https://bugzilla.redhat.com/show_bug.cgi?id=448557 https://exchange.xforce.ibmcloud.com/vulnerabilities/42867 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00974.html • CWE-16: Configuration •
CVE-2007-3102 – audit logging of failed logins
https://notcve.org/view.php?id=CVE-2007-3102
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en la función linux_audit_record_event en el OpenSSH 4.3p2, como el utilizado por el Fedora Core 6 y, posiblemente, otros sistemas, permite a atacantes remotos escribir caracteres de su elección sobre un log auditado a través de nombres de usuario modificados. NOTA: algunos de estos detalles se obtienen a partir de la información de terceros. • http://osvdb.org/39214 http://secunia.com/advisories/27235 http://secunia.com/advisories/27588 http://secunia.com/advisories/27590 http://secunia.com/advisories/28319 http://secunia.com/advisories/28320 http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm http://www.redhat.com/support/errata/RHSA-2007-0540.html http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/ •