CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5404 – ipa: Insufficient privileges check in certificate revocation
https://notcve.org/view.php?id=CVE-2016-5404
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. El comando cert_revoke en FreeIPA no realiza comprobaciones para el permiso "certificado de revocación", lo que permite a usuarios remotos autenticados revocar certificados arbitrarios aprovechando el permiso "certificado de recuperación". An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. • http://rhn.redhat.com/errata/RHSA-2016-1797.html http://www.openwall.com/lists/oss-security/2016/08/17/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92525 https://fedorahosted.org/freeipa/ticket/6232 https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4 https://lists.fedorap • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6197 – kernel: overlayfs: missing upper dentry verification before unlink and rename
https://notcve.org/view.php?id=CVE-2016-6197
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. fs/overlayfs/dir.c en la implementación del sistema de archivos OverlayFS en el kernel de Linux en versiones anteriores a 4.6 no verifica adecuadamente la dentry superior antes de proceder con el procesamiento de desconexión y cambio de nombre de llamadas al sistema, lo que permite a usuarios locales provocar una denegación del servicio (caída de sistema) a través de una llamada al sistema cambiada de nombre que especifica un self-hardlink. It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185 http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://www.openwall.com/lists/oss-security/2016/07/11/8 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/91709 http://www.securitytracker. • CWE-20: Improper Input Validation CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-6198 – kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs
https://notcve.org/view.php?id=CVE-2016-6198
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. La capa del sistema de archivos en el kernel de Linux en versiones anteriores a 4.5.5 procede con operaciones de cambio de nombre después de que un archivo OverlayFS es cambiado de nombre a un self-hardlink, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una llamada al sistema, relacionado con fs/namei.c y fs/open.c. A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d5ca871e72f2bb172ec9323497f01cd5091ec7 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5408 – squid: Buffer overflow vulnerability in cachemgr.cgi tool
https://notcve.org/view.php?id=CVE-2016-5408
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051. Desbordamiento de búfer basado en pila en la función munge_other_line en cachemgr.cgi en el paquete squid en versiones anteriores a 3.1.23-16.el6_8.6 en Red Hat Enterprise Linux 6 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-4051. It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. • http://rhn.redhat.com/errata/RHSA-2016-1573.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://access.redhat.com/security/cve/CVE-2016-5408 https://bugzilla.redhat.com/show_bug.cgi?id=1359203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •