CVE-2019-5603
https://notcve.org/view.php?id=CVE-2019-5603
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. En FreeBSD versión 12.0-STABLE anterior a r350261, versión 12.0-RELEASE anterior a 12.0-RELEASE-p8, versión 11.3-STABLE anterior a r350263, versión 11.3-RELEASE anterior a 11.3-RELEASE-p1, y versión 11.2-RELEASE anterior a 11.2-RELEASE-p12, las llamadas de sistema operando sobre descriptores de archivo como parte de mqueuefs, no liberaron correctamente la referencia, permitiendo a un usuario malicioso desbordar el contador, lo que permite el acceso a archivos, directorios y sockets abiertos por parte de procesos que son propiedad de otros usuarios. • https://github.com/raymontag/CVE-2019-5603 http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html https://seclists.org/bugtraq/2019/Aug/35 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc https://security.netapp.com/advisory/ntap-20190814-0003 • CWE-404: Improper Resource Shutdown or Release •
CVE-2019-5605
https://notcve.org/view.php?id=CVE-2019-5605
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly. En FreeBSD versión 11.3-STABLE anterior a r350217, versión 11.3-RELEASE anterior a 11.3-RELEASE-p1, y versión 11.2-RELEASE anterior a 11.2-RELEASE-p12, debido a una insuficiente inicialización de la memoria copiada hacia userland en la interfaz de freebsd32_ioctl, pequeñas cantidades de memoria del kernel pueden ser divulgadas a los procesos de userland. Esto puede permitir a un atacante aprovechar esta información para obtener privilegios elevados tanto directa como indirectamente. • http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.asc https://security.netapp.com/advisory/ntap-20190814-0003 • CWE-665: Improper Initialization •
CVE-2019-5606
https://notcve.org/view.php?id=CVE-2019-5606
In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail. En FreeBSD versión 12.0-STABLE anterior a r349805, versión 12.0-RELEASE anterior a 12.0-RELEASE-p8, versión 11.3-STABLE anterior a r349806, versión 11.3-RELEASE anterior a 11.3-RELEASE-p1, y versión 11.2-RELEASE anterior a 11.2-RELEASE-p12, el código que maneja el cierre de un descriptor creado por posix_openpt no puede deshacer una configuración de la señal. Esto causa que una señal incorrecta sea generada conduciendo a una escritura después de liberar la memoria del kernel, lo que permite a un usuario malicioso alcanzar privilegios de root o escapar de una jaula.. • http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc https://security.netapp.com/advisory/ntap-20190814-0003 • CWE-416: Use After Free •
CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptográfica sin comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en wpa_supplicant EAP Peer, cuando se construyen contra una biblioteca criptográfica que carece de comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •