CVE-2016-8651 – 3: Pulling of any image is possible with it manifest
https://notcve.org/view.php?id=CVE-2016-8651
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. S ha encontrado un error de validación de entradas en la forma en la que OpenShift 3 gestiona peticiones para imágenes. Un usuario, con una copia del manifiesto asociado con una imagen, puede extraer una imagen incluso aunque normalmente no cuente con acceso a la misma. Esto resulta en la divulgación de información contenida en la imagen. • http://www.securityfocus.com/bid/94935 https://access.redhat.com/errata/RHSA-2016:2915 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 https://access.redhat.com/security/cve/CVE-2016-8651 https://bugzilla.redhat.com/show_bug.cgi?id=1397987 • CWE-20: Improper Input Validation •
CVE-2016-8631 – 3: Router sometimes selects new routes over old routes when determining claimed hostnames
https://notcve.org/view.php?id=CVE-2016-8631
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. El router OpenShift Enterprise 3 no clasifica correctamente las rutas al procesar rutas añadidas recientemente. Un atacante con acceso para crear rutas puede sobrescribir las rutas existentes y redirigir el tráfico de red de otros usuarios a su propio sitio. • http://www.securityfocus.com/bid/94110 https://access.redhat.com/errata/RHSA-2016:2696 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 https://access.redhat.com/security/cve/CVE-2016-8631 https://bugzilla.redhat.com/show_bug.cgi?id=1390735 • CWE-20: Improper Input Validation •
CVE-2016-1000232 – nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons
https://notcve.org/view.php?id=CVE-2016-1000232
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. NodeJS Tough-Cookie 2.2.2 contiene una vulnerabilidad de análisis de expresiones regulares en el análisis de la cabecera de cookie de petición HTTP que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable mediante una cabecera HTTP personalizada pasada por el cliente. • https://access.redhat.com/errata/RHSA-2016:2101 https://access.redhat.com/errata/RHSA-2017:2912 https://access.redhat.com/security/cve/cve-2016-1000232 https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232 https://www.npmjs.c • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2016-7075 – 3: API server does not validate client-provided intermediate certificates correctly
https://notcve.org/view.php?id=CVE-2016-7075
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podría emplear este error para omitir los requisitos de autenticación mediante el uso de un certificado X.509 especialmente manipulado It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. • https://access.redhat.com/errata/RHSA-2016:2064 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 https://github.com/kubernetes/kubernetes/issues/34517 https://access.redhat.com/security/cve/CVE-2016-7075 https://bugzilla.redhat.com/show_bug.cgi?id=1384112 • CWE-295: Improper Certificate Validation •
CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •