CVE-2017-1000372
https://notcve.org/view.php?id=CVE-2017-1000372
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. Existe un error en la implementación de OpenBSD de la página stack guard que permite que los atacantes la omitan, lo que resulta en la ejecución de código arbitrario mediante el uso de binarios setuid como /usr/bin/at. Esto afecta a OpenBSD 6.1 y posiblemente a versiones anteriores. • http://www.securityfocus.com/bid/99172 https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt •
CVE-2017-1000373 – OpenBSD - 'at Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000373
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. La función qsort() de OpenBSD es recursiva y no aleatorizada, por lo que un atacante puede construir un array de entrada patológica de elementos N que provoca que qsort() se repita inevitablemente N/4 veces. Esto permite que los atacantes consuman cantidades de memoria de pila arbitrarias y manipulen la memoria de pila para ayudar en los ataques de ejecución de código arbitrario. • https://www.exploit-db.com/exploits/42271 http://www.securityfocus.com/bid/99177 http://www.securitytracker.com/id/1039427 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208115 https://support.apple.com/HT208144 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-6241
https://notcve.org/view.php?id=CVE-2016-6241
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. Desbordamiento de entero en la función amap_alloc1 en OpenBSD 5.8 y 5.9 permite a usuarios locales ejecutar código arbitrario con privilegios del kernel a través de un valor de gran tamaño. • http://www.openbsd.org/errata58.html http://www.openbsd.org/errata59.html http://www.openwall.com/lists/oss-security/2016/07/14/5 http://www.openwall.com/lists/oss-security/2016/07/17/7 http://www.securityfocus.com/bid/91805 http://www.securitytracker.com/id/1036318 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-6247
https://notcve.org/view.php?id=CVE-2016-6247
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. OpenBSD 5.8 y 5.9 permite a ciertos usuarios locales provocar una denegación de servicio (pánico en el kernel) desmontando un sistema de archivos con un vnode abierto en el mnt_vnodelist. • http://www.openbsd.org/errata58.html http://www.openbsd.org/errata59.html http://www.openwall.com/lists/oss-security/2016/07/14/5 http://www.openwall.com/lists/oss-security/2016/07/17/7 http://www.securityfocus.com/bid/91805 • CWE-20: Improper Input Validation •
CVE-2016-6242
https://notcve.org/view.php?id=CVE-2016-6242
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. OpenBSD 5.8 y 5.9 permite a usuarios locales provocar una denegación de servicio (fallo de aserción y pánico en el kernel) a través un valor ident grande en una llamada al sistema kevent. • http://www.openbsd.org/errata58.html http://www.openbsd.org/errata59.html http://www.openwall.com/lists/oss-security/2016/07/14/5 http://www.openwall.com/lists/oss-security/2016/07/17/7 http://www.securityfocus.com/bid/91805 • CWE-189: Numeric Errors •