CVE-2015-8212
https://notcve.org/view.php?id=CVE-2015-8212
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. Fallo de manejo de CGI en bozohttpd en NetBSD 6.0 hasta la versión 6.0.6, 6.1 hasta la versión 6.1.5 y 7.0 permite a atacantes remotos ejecutar código arbitrario a través de argumentos manipulados, que son manejados por un programa no-CGI consciente. • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc http://www.securitytracker.com/id/1035673 • CWE-20: Improper Input Validation •
CVE-2016-6253 – NetBSD - 'mail.local' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6253
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. mail.local en NetBSD en versiones desde 6.0 hasta la versión 6.0.6, 6.1 hasta la versión 6.1.5 y 7.0 permite a usuarios locales cambiar la propiedad o anexar datos a archivos arbitrarios en el sistema objetivo a través de un ataque de enlace simbólico en el buzón de usuario. • https://www.exploit-db.com/exploits/40141 https://www.exploit-db.com/exploits/40385 http://akat1.pl/?id=2 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local http://www.securityfocus.com/bid/92101 http://www.securitytracker.com/id/1036429 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2014-7250
https://notcve.org/view.php?id=CVE-2014-7250
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. La pila de TCP en 4.3BSD Net/2, utilizado en FreeBSD 5.4, NetBSD posiblemente 2.0, y OpenBSD posiblemente 3.6, no implementa correctamente el temporizador de la sesión, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de paquetes manipulados. • http://jvn.jp/en/jp/JVN07930208/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243 • CWE-399: Resource Management Errors •
CVE-2014-8517 – tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side
https://notcve.org/view.php?id=CVE-2014-8517
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. La función fetch_url ubicada en usr.bin/ftp/fetch.c en thftp, usada en NetBSD 5.1 en 5.1.4, 5.2 hasta 5.2.2, 6.0 hasta 6.0.6 y 6.1 hasta 6.1.5 permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter '|' (tubería) al final de una redirección HTTP. • https://www.exploit-db.com/exploits/35427 https://www.exploit-db.com/exploits/43112 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html http://seclists.org/oss-sec/2014/q4/459 http://seclists.org/oss-sec/2014/q4/464 http://secunia.com/advisories/62028 http://secunia.com/advisories/62260 http://support. • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •