CVE-2011-2691
https://notcve.org/view.php?id=CVE-2011-2691
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. La función png_err en pngerror.c en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antes de v1.5.4, hace una llamada a la función con un argumento de puntero NULL en lugar de un argumento de cadena vacía, lo cual permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una imagen PNG creada. • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://secunia.com/advisories/45046 http://secunia.com/advisories/45405 http://secunia.com/advisories/45492 http://secunia.com/advisories/49660 http://security.gentoo.org/gls • CWE-476: NULL Pointer Dereference •
CVE-2011-1526 – krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)
https://notcve.org/view.php?id=CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. ftpd.c en el demonio GSS-API FTP en MIT Kerberos Version 5 Applications (también conocido como krb5-appl) v1.0.1 y anteriores no comprueban el valor de retorno krb5_setegid, lo que permite que usuarios autenticados de forma remota evitar las restricciones de acceso de grupo, y crear, sobreescribir, borrar, o leer ficheros, a través de comandos FTP estándar, relacionado con test autoconfigurados olvidados en un script configurado. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the krb5_setegid() function call. On systems where the set real, set effective, or set saved group ID system calls might fail, a remote FTP user could use this flaw to gain unauthorized read or write access to files that were owned by the root group. • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/201 • CWE-269: Improper Privilege Management •
CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar por clientes legitimos a servidores remotos a través de peticiones GSSAPI. • http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html http://secunia.com/advisories/45047 http://secunia.com/advisories/45067 http://secunia.com/advisories/45088 http://secunia.com/advisories/45144 http://secunia.com/ • CWE-255: Credentials Management Errors •
CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documento XML manipulado que contiene un gran número de referencias a entidades anidadas, un problema similar a CVE-2003-1564. • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html http://secunia.com/advisories/44787 http://secunia.com/advisories/44957 http://secunia.com/advisories/45112 http:/ • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2011-1770 – kernel: dccp: handle invalid feature options length
https://notcve.org/view.php?id=CVE-2011-1770
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. Desbordamiento de entero en la función dccp_parse_options (net/DCCP/options.c) en el kernel de Linux antes de la versión v2.6.33.14 permite a atacantes remotos causar una denegación de servicio a través de un paquete de datagramas del Protocolo de control de congestión (DCCP) con una longitud de opciones de características no válida, lo que provoca una sobre lectura de un búfer. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html http://marc.info/?l=linux-kernel&m=130468845209036&w=2 http://marc.info/?l=linux-kernel&m=130469305815140&w=2 http://secunia.com/advisories/44932 http://securityreason.com/securityalert/8286 http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14 http://www.securityfocus.com/bid/47769 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) •