CVE-2016-0728 – Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-0728
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. La función join_session_keyring en security/keys/process_keys.c en el kernel de Linux en versiones anteriores a 4.4.1 no maneja correctamente referencias a objetos en un cierto caso de error, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (desbordamiento de entero y uso después de liberación) a través de comandos keyctl manipulados. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. • https://www.exploit-db.com/exploits/40003 https://www.exploit-db.com/exploits/39277 https://github.com/hal0taso/CVE-2016-0728 https://github.com/googleweb/CVE-2016-0728 https://github.com/th30d00r/Linux-Vulnerability-CVE-2016-0728-and-Exploit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016 • CWE-416: Use After Free •
CVE-2015-6637
https://notcve.org/view.php?id=CVE-2015-6637
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. El driver MediaTek misc-sd en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocida como error interno 25307013. • https://github.com/betalphafai/CVE-2015-6637 http://source.android.com/security/bulletin/2016-01-01.html http://www.securitytracker.com/id/1034592 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6644 – bouncycastle: Information disclosure in GCMBlockCipher
https://notcve.org/view.php?id=CVE-2015-6644
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. Bouncy Castle en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener información sensible a través de una aplicación manipulada, también conocida como error interno 24106146. It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. • http://source.android.com/security/bulletin/2016-01-01.html http://www.debian.org/security/2017/dsa-3829 http://www.securityfocus.com/bid/79865 http://www.securitytracker.com/id/1034592 https://access.redhat.com/errata/RHSA-2017:1832 https://access.redhat.com/errata/RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2018:2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6641
https://notcve.org/view.php?id=CVE-2015-6641
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. Bluetooth en Android 6.0 en versiones anteriores a 2016-01-01 permite a atacantes remotos obtener información sensible de Contacts aprovechándo el pareado, también conocida como error interno 23607427. • http://source.android.com/security/bulletin/2016-01-01.html http://www.securitytracker.com/id/1034592 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6643
https://notcve.org/view.php?id=CVE-2015-6643
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. Setup Wizard en Android 5.x en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes físicamente próximos modificar ajustes o eludir un mecanismo de protección de reseteo a través de vectores no especificados, también conocida como error interno 25290269. • http://source.android.com/security/bulletin/2016-01-01.html http://www.securitytracker.com/id/1034592 • CWE-264: Permissions, Privileges, and Access Controls •