CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVE-2017-3137 – A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
https://notcve.org/view.php?id=CVE-2017-3137
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podría conducir a una situación en la que named se cerraría con un fallo de aserción al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, la versión 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, la versión 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y en la versión 9.9.9-S8. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. • http://www.securityfocus.com/bid/97651 http://www.securitytracker.com/id/1038258 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1582 https://access.redhat.com/errata/RHSA-2017:1583 https://kb.isc.org/docs/aa-01466 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002 https://www.debian.org& • CWE-617: Reachable Assertion •
CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer
https://notcve.org/view.php?id=CVE-2016-8864
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro DNAME en la sección de respuesta de una respuesta a una petición recursiva, relacionado con db.c y resolver.c. A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2016-2141.html http://rhn.redhat.com/errata/RHSA-2016-2142.html http://rhn.redhat.com/errata/RHSA-2016-2615.html http://rhn.redhat.com/errata/RHSA-2016-2871.html http://www.debian.org/security/2016/dsa-3703 http://www.securityfocus.com/bid/94067 http://www.securitytracker.com/id/1037156 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https: • CWE-617: Reachable Assertion •
CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- only la cartografía de la memoria, como explotados en la naturaleza en octubre de 2016, vulnerabilidad también conocida como "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. • https://github.com/dirtycow/dirtycow.github.io https://www.exploit-db.com/exploits/40611 https://www.exploit-db.com/exploits/40838 https://www.exploit-db.com/exploits/40616 https://www.exploit-db.com/exploits/40839 https://www.exploit-db.com/exploits/40847 https://github.com/timwr/CVE-2016-5195 https://github.com/gbonacini/CVE-2016-5195 https://github.com/whu-enjoy/CVE-2016-5195 https://github.com/jas502n/CVE-2016-5195 https://github.com/arttnba3/CVE-2016- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2016-3715 – ImageMagick Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files. ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http • CWE-20: Improper Input Validation •