CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2016-2124.html https://access.redhat.com/security/cve/CVE-2016-2124 • CWE-287: Improper Authentication •
CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25717.html https://access.redhat.com/security/cve/CVE-2020-25717 • CWE-20: Improper Input Validation •
CVE-2021-3733 – python: urllib: Regular expression DoS in AbstractBasicAuthHandler
https://notcve.org/view.php?id=CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Se presenta un fallo en la clase AbstractBasicAuthHandler de urllib. Un atacante que controle un servidor HTTP malicioso al que se conecte un cliente HTTP (como un navegador web), podría desencadenar una Denegación de Servicio por Expresión Regular (ReDOS) durante una petición de autenticación con una carga útil especialmente diseñada que sea enviada por el servidor al cliente. • https://bugs.python.org/issue43075 https://bugzilla.redhat.com/show_bug.cgi?id=1995234 https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb https://github.com/python/cpython/pull/24391 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://security.netapp.com/advisory/ntap-20220407-0001 https://ubuntu.com/security/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3733 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. Se ha encontrado un fallo en el código AMD de KVM para soportar la virtualización anidada SVM. • https://github.com/rami08448/CVE-2021-3656-Demo https://bugzilla.redhat.com/show_bug.cgi?id=1983988 https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://www.openwall.com/lists/oss-security/2021/08/16/1 https://access.redhat.com/security/cve/CVE-2021-3656 • CWE-862: Missing Authorization •
CVE-2021-3609 – kernel: race condition in net/can/bcm.c leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privilegios. Esta condición de carrera en el archivo net/can/bcm.c en el kernel de Linux permite una escalada de privilegios local a root A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463 https://security.netapp.com/advisory/ntap-20220419-0004 https://www.openwall.com/lists/oss-security/2021/06/19/1 https://access.redhat.com/security/cve/CVE-2021-3609 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •