CVE-2008-1105 – Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1105
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. Desbordamiento de búfer basado en montículo en la función receive_smb_raw de util/sock.c en Samba 3.0.0 hasta 3.0.29, permite a atacantes remotos ejecutar código de su elección a través de una respuesta SMB manipulada. • https://www.exploit-db.com/exploits/5712 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30228 http://secunia.com/advisories/30385 http://secunia.com/advisories/30396 http://secunia.com/advisories/30442 http://secunia.com/advisories/30449 http://secunia.com/advisories/30478 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2136 – kernel: sit memory leak
https://notcve.org/view.php?id=CVE-2008-2136
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. Fugas de memoria en la función ip6_rcv de net/ipv6/sit.c en el núcleo de Linux versiones anteriores a 2.6.25.3 permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria) a través de tráfico de red de una interfaz de túnel Simple Internet Transition (SIT), relacionado a las funciones pskb_may_pull y kfree_skb, y la gestión de una cuenta de referencia skb. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://marc.info/?l=linux-netdev&m=121031533024912&w=2 http://secunia.com/advisories/30198 http://secunia.com/advisories/30241 http://secunia.com/advisories/30276 http://secunia.com/advisories/30368 http://secunia.com/advisories/30499 http://secunia.com/advisories/30 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2008-0166 – OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
https://notcve.org/view.php?id=CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. OpenSSL versión 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de números aleatorios que genera números predecibles, lo que facilita a atacantes remotos la conducción de ataques de adivinación por fuerza bruta contra claves criptográficas. • https://www.exploit-db.com/exploits/5622 https://www.exploit-db.com/exploits/5720 https://www.exploit-db.com/exploits/5632 https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166 http://metasploit.com/users/hdm/tools/debian-openssl http://secunia.com/advisories/30136 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 http:/ • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVE-2008-2108 – PHP weak 64 bit random seed
https://notcve.org/view.php?id=CVE-2008-2108
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. La macro GENERATE_SEED de PHP 4.x versiones anteriores a la 4.4.8 y 5.x versiones anteriores a la 5.2.5, cuando se ejecuta en sistemas de 64 bits, realiza un producto que genera una porción de bits cero durante la conversión debido a la falta de precisión, lo que provoca 24 bits de entropía y simplifican los ataques por fuerza bruta contra mecanismos de protección que utilizan la secuencia generada y las funciones mt-rand. • http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 http://secunia.com/advisories/32746 http://secunia.com/advisories/35003 http://security.gentoo.org/glsa/glsa-200811-05.xml http://securityreason.com/securityalert/3859 http://www.debian.org/security/2009/dsa-1789 http://www.man • CWE-331: Insufficient Entropy •
CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario a través de una URI manipulada. • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http:/ • CWE-131: Incorrect Calculation of Buffer Size •