CVE-2018-16658 – kernel: Information leak in cdrom_ioctl_drive_status
https://notcve.org/view.php?id=CVE-2018-16658
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.6. Una fuga de información en cdrom_ioctl_drive_status en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para leer memoria del kernel debido a que una conversión de un long no firmado a int interfiere con la comprobación de límites. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 http://www.securityfocus.com/bid/105334 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:4154 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6 https://github.com/torvalds/linux/commit/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 https://lists.debian.org/debian-lts-announce/2018/10/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-14618 – curl: NTLM password overflow via integer overflow
https://notcve.org/view.php?id=CVE-2018-14618
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. • http://www.securitytracker.com/id/1041605 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:1880 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-14618.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014 https://security.gentoo.org/glsa/201903-03 https://usn.ubuntu.com/3765-1 https://usn.ubuntu.com/ • CWE-122: Heap-based Buffer Overflow CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVE-2018-6555
https://notcve.org/view.php?id=CVE-2018-6555
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. La función irda_setsockopt en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada en ias_object y cierre inesperado del sistema) o cualquier otro tipo de impacto sin especificar mediante un socket AF_IRDA. • http://www.securityfocus.com/bid/105304 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www.spinics.net/lists/stable/msg255031.html https://www.spinics.net/lists • CWE-416: Use After Free •
CVE-2018-6554
https://notcve.org/view.php?id=CVE-2018-6554
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. Fuga de memoria en la función irda_bind en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) enlazando repetidamente un socket AF_IRDA. • http://www.securityfocus.com/bid/105302 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-16428
https://notcve.org/view.php?id=CVE-2018-16428
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. En GNOME GLib 2.56.1, g_markup_parse_context_end_parse() en gmarkup.c tiene una desreferencia de puntero NULL. • http://www.openwall.com/lists/oss-security/2020/02/14/3 http://www.securityfocus.com/bid/105210 https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 https://gitlab.gnome.org/GNOME/glib/issues/1364 https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html https://usn.ubuntu.com/3767-1 https://usn.ubuntu.com/3767-2 • CWE-476: NULL Pointer Dereference •