CVE-2008-5104
https://notcve.org/view.php?id=CVE-2008-5104
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. Ubuntu 6.06 LTS, 7.10, 8.04 LTS y 8.10, cuando está instalado como una máquina virtual por (1) python-vm-builder o (2) ubuntu-vm-builder en VMBuilder 0.9 en Ubuntu 8.10, tiene un ! (signo de exclamación) como la contraseña por defecto de root, lo que permite a atacantes remotos evitar las restricciones de login previstas. • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46881 • CWE-255: Credentials Management Errors •
CVE-2008-5103
https://notcve.org/view.php?id=CVE-2008-5103
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. Las implementaciones (1) python-vm-builder y (2) ubuntu-vm-builder en VMBuilder v0.9 en Ubuntu v8.10 omiten la opción -e cuando invocan chpasswd con un argumento root:!, lo cual configura la cuenta raíz con una contraseña en texto claro de ! • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://osvdb.org/49996 http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46603 • CWE-255: Credentials Management Errors •
CVE-2008-4395
https://notcve.org/view.php?id=CVE-2008-4395
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. Múltiples desbordamientos de búfer en el modulo ndiswrapper v1.53 en el kernel de Linux v2.6 permite a atacantes remotos ejecutar código a su elección mediante el envío de paquetes a través de una red inalámbrica local que obligue a tener un ESSID largo. • http://bugs.gentoo.org/show_bug.cgi?id=239371 http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git%3Ba=commitdiff%3Bh=49945b423c2f7e33b4c579ca460df6a806ee8f9f http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html http://secunia.com/advisories/32509 http://www.mail-archive.com/frugalware-git%40frugalware.org/msg22366.html http://www.securityfocus.com/bid/32118 http://www.securitytracker.com/id?1021142 http://www.ubuntu.com/usn/usn-662-1 http://www.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4306 – enscript: "font" special escape buffer overflows
https://notcve.org/view.php?id=CVE-2008-4306
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence. Vulnerabilidad inespecífica en enscript antes de la v1.6.4 en Ubuntu Linux v6.06 LTS, v7.10, v8.04 y v8.10 que tiene un impacto y unos vectores de ataque desconocidos, posiblemente este relacionado con el desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://osvdb.org/49569 http://rhn.redhat.com/errata/RHSA-2008-1021.html http://secunia.com/advisories/32521 http://secunia.com/advisories/32530 http://secunia.com/advisories/32753 http://secunia.com/advisories/32854 http://secunia.com/advisories/32970 http://secunia.com/advisories/33109 http://security.gentoo.org/glsa/glsa-200812-02.xml http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o tener otros impactos no especificados mediante un nombre de archivo modificado. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •