CVE-2007-5686
https://notcve.org/view.php?id=CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. initscripts en el rPath Linux 1 establece permisos inseguros para el fichero /var/log/btmp, lo que permite a usuarios locales obtener información sensible respecto a los intentos de autenticación. NOTA: debido a que el sshd detecta los permisos inseguros y no registra ciertos eventos, esto también previene al sshd de registrar intentos fallidos de autenticación por usuarios remotos. • http://secunia.com/advisories/27215 http://www.securityfocus.com/archive/1/482129/100/100/threaded http://www.securityfocus.com/archive/1/482857/100/0/threaded http://www.securityfocus.com/bid/26048 http://www.vupen.com/english/advisories/2007/3474 https://issues.rpath.com/browse/RPL-1825 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5194
https://notcve.org/view.php?id=CVE-2007-5194
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. El servidor Chroot en rMake versión 1.0.11, crea un archivo de dispositivo /dev/zero con permisos de lectura y escritura para el usuario rMake y el mismo número de dispositivo menor que /dev/port, lo que podría permitir a usuarios locales alcanzar privilegios de root. • http://secunia.com/advisories/27030 http://www.securityfocus.com/archive/1/481395/100/0/threaded http://www.securityfocus.com/bid/25899 https://bugs.gentoo.org/show_bug.cgi?id=194550 https://issues.rpath.com/browse/RMK-634 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los enlaces simbólicos de directorio en un fichero TAR. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26573 http://secunia.com/advisories/26590 http://secunia.com/advisories/26603 http://secunia.com/advisories/26604 http://secunia.com/advisories/26655 http://secunia.com/advisories/26673 http://secunia.com/advisories/26674 http://secunia.com/advisories/26781 http: •
CVE-2007-4029 – Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
https://notcve.org/view.php?id=CVE-2007-4029
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. libvorbis 1.1.2, y posiblemente otras versiones anteriores a 1.2.0, permite a atacantes dependientes del contexto provocar denegación de servicio a travñes de (1) un tipo de mapeo no válido, el cual dispara una lectura fuera de límite en la función vorbis_info_clear en info.c, y (2) tamaño de bloque no válido que dispara un fallo de segmento en la función read en block.c. • http://secunia.com/advisories/24923 http://secunia.com/advisories/26087 http://secunia.com/advisories/26232 http://secunia.com/advisories/26299 http://secunia.com/advisories/26429 http://secunia.com/advisories/26535 http://secunia.com/advisories/26865 http://secunia.com/advisories/27099 http://secunia.com/advisories/27439 http://secunia.com/advisories/28614 http://security.gentoo.org/glsa/glsa-200710-03.xml http://securitytracker.com/id?1018712 http://www.debian.org/sec •
CVE-2007-3106 – libvorbis array boundary condition
https://notcve.org/view.php?id=CVE-2007-3106
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors. En la biblioteca lib/info.c en libvorbis versión 1.1.2, y posiblemente otras versiones anteriores a 1.2.0, permite a los atacantes dependiendo del contexto causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de valores no válidos (1) blocksize_0 y (2) blocksize_1, que desencadenan una "heap overwrite" en la función _01inverse en el archivo res0.c. NOTA: este problema ha sido REESTRUCTURADO para que el CVE-2007-4029 maneje vectores adicionales. • http://secunia.com/advisories/24923 http://secunia.com/advisories/26087 http://secunia.com/advisories/26232 http://secunia.com/advisories/26299 http://secunia.com/advisories/26429 http://secunia.com/advisories/26535 http://secunia.com/advisories/26865 http://secunia.com/advisories/27099 http://secunia.com/advisories/28614 http://security.gentoo.org/glsa/glsa-200710-03.xml http://www.debian.org/security/2008/dsa-1471 http://www.isecpartners.com/advisories/2007-003-libvorbis • CWE-399: Resource Management Errors •