CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar números arbitrarios que en realidad no son claves públicas, y desencadenar costosos cálculos de exponenciación modular DHE del lado del servidor, también se conoce como un ataque D(HE)ater. • https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf https://dheatattack.com https://dheatattack.gitlab.io https://github.com/Balasys/dheater https://github.com/mozilla/ssl-config-generator/issues/162 https://gitlab.com/dheatattack/dheater https://ieeexplore.ieee.org/document/10374117 https://support.f5.com/csp/article/K83120834 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration https: • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-18906 – cryptctl: client side password hashing is equivalent to clear text password storage
https://notcve.org/view.php?id=CVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. Una vulnerabilidad de autenticación inadecuada en cryptctl de SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 permite a los atacantes con acceso a la contraseña cifrada utilizarla sin tener que descifrarla. Este problema afecta a: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versiones anteriores a la 2.4. • https://bugzilla.suse.com/show_bug.cgi?id=1186226 • CWE-287: Improper Authentication •
CVE-2021-25321 – arpwatch: Local privilege escalation from runtime user to root
https://notcve.org/view.php?id=CVE-2021-25321
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. Una vulnerabilidad de Seguimiento de Enlaces Simbólicos UNIX (Symlink) en arpwatch de SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server versión 4.0, SUSE OpenStack Cloud Crowbar versión 9; openSUSE Factory, Leap versión 15.2, permite a atacantes locales con control del usuario en runtime ejecutar arpwatch como escalar a root en el siguiente reinicio de arpwatch. • https://bugzilla.suse.com/show_bug.cgi?id=1186240 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-25317 – cups: ownership of /var/log/cups allows the lp user to create files as root
https://notcve.org/view.php?id=CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de cups de SUSE Linux Enterprise Server versión 11-SP4-LTSS, SUSE Manager Server versión 4.0, SUSE OpenStack Cloud Crowbar versión 9; openSUSE Leap versión 15.2, Factory permite a atacantes locales con control de los usuarios lp crear archivos como root con permisos 0644 sin la capacidad de configurar el contenido. • https://bugzilla.suse.com/show_bug.cgi?id=1184161 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47 • CWE-276: Incorrect Default Permissions •
CVE-2020-8028 – salt-api is accessible to every user on SUSE Manager Server
https://notcve.org/view.php?id=CVE-2020-8028
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. • https://bugzilla.suse.com/show_bug.cgi?id=1175884 • CWE-284: Improper Access Control •