CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-6198 – kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs
https://notcve.org/view.php?id=CVE-2016-6198
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. La capa del sistema de archivos en el kernel de Linux en versiones anteriores a 4.5.5 procede con operaciones de cambio de nombre después de que un archivo OverlayFS es cambiado de nombre a un self-hardlink, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una llamada al sistema, relacionado con fs/namei.c y fs/open.c. A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d5ca871e72f2bb172ec9323497f01cd5091ec7 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6197 – kernel: overlayfs: missing upper dentry verification before unlink and rename
https://notcve.org/view.php?id=CVE-2016-6197
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. fs/overlayfs/dir.c en la implementación del sistema de archivos OverlayFS en el kernel de Linux en versiones anteriores a 4.6 no verifica adecuadamente la dentry superior antes de proceder con el procesamiento de desconexión y cambio de nombre de llamadas al sistema, lo que permite a usuarios locales provocar una denegación del servicio (caída de sistema) a través de una llamada al sistema cambiada de nombre que especifica un self-hardlink. It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185 http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://www.openwall.com/lists/oss-security/2016/07/11/8 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/91709 http://www.securitytracker. • CWE-20: Improper Input Validation CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5408 – squid: Buffer overflow vulnerability in cachemgr.cgi tool
https://notcve.org/view.php?id=CVE-2016-5408
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051. Desbordamiento de búfer basado en pila en la función munge_other_line en cachemgr.cgi en el paquete squid en versiones anteriores a 3.1.23-16.el6_8.6 en Red Hat Enterprise Linux 6 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-4051. It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. • http://rhn.redhat.com/errata/RHSA-2016-1573.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://access.redhat.com/security/cve/CVE-2016-5408 https://bugzilla.redhat.com/show_bug.cgi?id=1359203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 3%CPEs: 8EXPL: 1CVE-2016-5259 – Mozilla: Use-after-free in service workers with nested sync events (MFSA 2016-73)
https://notcve.org/view.php?id=CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. Vulnerabilidad de uso después de liberación de memoria en la función CanonicalizeXPCOMParticipant en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos ejecutar código arbitrario a través de una secuencia de comandos que cierra su propio Service Worker dentro de un bloque de eventos sync anidados. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-73.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5262 – Mozilla: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76)
https://notcve.org/view.php?id=CVE-2016-5262
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 procesa atributos de controladores de eventos JavaScript de un elemento MARQUEE dentro de un elemento IFRAME aislado que carece de valor de atributo sandbox="allow-scripts", lo que facilita a atacantes remotos llevar a cabo ataques XSS a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-76.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •