CVE-2015-5739 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5739
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." La biblioteca net/http en net/textproto/reader.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente claves de cabecera HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante un espacio en lugar de un guión, tal y como se muestra en "Content Length", en lugar de "Content-Length". HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 http://www.securityfocus.com/bid/76281 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/117ddcb83d7f42d • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2015-0296
https://notcve.org/view.php?id=CVE-2015-0296
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. El script preinstalado en textlive 3.1.20140525_r34255.fc21 tal y como se distribuye en Fedora 21 y rpm y textlive 6.20131226_r32488.fc20 y rpm permite que los usuarios locales eliminen archivos arbitrarios mediante un archivo modificado en el directorio raíz del usuario. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html http://www.openwall.com/lists/oss-security/2015/02/27/6 http://www.securityfocus.com/bid/72826 https://bugzilla.redhat.com/show_bug.cgi?id=1197082 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5070
https://notcve.org/view.php?id=CVE-2015-5070
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.4 y las versiones 1.13.x anteriores a 1.13.1, cuando se usa un sistema de archivos no sensible a mayúsculas/minúsculas, permiten que los atacantes remotos obtengan información sensible mediante vectores relacionados con la inclusión de archivos .pbl desde WML. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-5069. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://www.openwall.com/lists/oss-security/2015/06/25/12 http://www.securityfocus.com/bid/75425 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59 https://github.com/wesnoth/wesnoth/releases/tag/1.12.4 https://github.com/wesnoth/wesnoth/releases/tag/1.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5069
https://notcve.org/view.php?id=CVE-2015-5069
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.3 y las versiones 1.13.x anteriores a 1.13.1 permiten que los atacantes remotos obtengan información sensible mediante vectores relacionados con la inclusión de archivos .pbl desde WML. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://www.openwall.com/lists/oss-security/2015/06/25/12 http://www.securityfocus.com/bid/75424 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d https://github.com/wesnoth/wesnoth/releases/tag/1.12.3 https://github.com/wesnoth/wesnoth/releases/tag/1.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5704
https://notcve.org/view.php?id=CVE-2015-5704
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. scripts/licensecheck.pl en devscripts en versiones anteriores a la 2.15.7 permite que los usuarios locales ejecuten comandos shell arbitrarios. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html http://www.openwall.com/lists/oss-security/2015/08/01/7 http://www.securityfocus.com/bid/76143 https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260 https://bugzilla.redhat.com/show_bug.cgi?id=1249635 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •