CVSS: 7.5EPSS: 11%CPEs: 10EXPL: 0CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine
https://notcve.org/view.php?id=CVE-2017-7539
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servidores de NBD (Network Block Device) en el que la corrutina I/O no estaba definida. Esto podría provocar el cierre inesperado del servidor qemu-nbd si un cliente envía datos no esperados durante la negociación de la conexión. • http://www.openwall.com/lists/oss-security/2017/07/21/4 http://www.securityfocus.com/bid/99944 https://access.redhat.com/errata/RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3474 https://bugzilla.redhat.com/show_b • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7543 – openstack-neutron: iptables not active after update
https://notcve.org/view.php?id=CVE-2017-7543
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Se ha descubierto una condición de carrera en openstack-neutron en versiones anteriores a la 7.2.0-12.1, 8.x anteriores a la 8.3.0-11.1, 9.x anteriores a la 9.3.1-2.1 y 10.x anteriores a la 10.0.2-1.1, cuando, siguiendo a una actualización overcloud menor, los grupos de seguridad neutron estaban deshabilitados. De manera específica, lo siguiente se ha reiniciado a 0: net.bridge.bridge-nf-call-ip6tables y net.bridge.bridge-nf-call-iptables. • http://www.securityfocus.com/bid/100237 https://access.redhat.com/errata/RHSA-2017:2447 https://access.redhat.com/errata/RHSA-2017:2448 https://access.redhat.com/errata/RHSA-2017:2449 https://access.redhat.com/errata/RHSA-2017:2450 https://access.redhat.com/errata/RHSA-2017:2451 https://access.redhat.com/errata/RHSA-2017:2452 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543 https://access.redhat.com/security/cve/CVE-2017-7543 https://bugzilla.redhat.com/sh • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 4%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). • http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/29/1 http://www.securityfocus.com/bid/99513 https://access.redhat.com/errata/RHSA-2017:2390 https://access.redhat.com/errata/RHSA-2017:2445 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RH • CWE-248: Uncaught Exception •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2673 – openstack-keystone: Incorrect role assignment with federated Keystone
https://notcve.org/view.php?id=CVE-2017-2673
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. Se ha descubierto un error de comprobación de autorización en las configuraciones de federación del servicio Identity de OpenStack (keystone). Un usuario autenticado federado podría solicitar permisos para un proyecto y, de forma no intencionada, se le proporcionarían todos los roles relacionados, incluyendo los roles administrativos. • http://seclists.org/oss-sec/2017/q2/125 http://www.securityfocus.com/bid/98032 https://access.redhat.com/errata/RHSA-2017:1461 https://access.redhat.com/errata/RHSA-2017:1597 https://bugs.launchpad.net/keystone/+bug/1677723 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673 https://access.redhat.com/security/cve/CVE-2017-2673 https://bugzilla.redhat.com/show_bug.cgi?id=1439586 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en la biblioteca “lib/ofp-util.c”. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html https • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •