CVE-2013-7423 – glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
https://notcve.org/view.php?id=CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. La función send_dg en resolv/res_send.c en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.20 no reutiliza adecuadamente descriptores de fichero, lo que permite a atacantes remotos mandar consultas DNS a ubicaciones no intencionadas a través de un gran número de peticiones que desencadenan una llamada a la función getaddrinfo. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://rhn.redhat.com/errata/RHSA-2015-0863.html http://seclists.org/fulldisclosure/2021/Sep/0 http://www.openwall.com/lists/oss-security/2015/01/28/20 http://www.securityfocus.com/bid/72844 http://www.ubuntu.com/usn/USN-2519-1 https://access.redhat.com/errata/RHSA-2016:1207 https://github.com/golang • CWE-17: DEPRECATED: Code CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2014-9402 – glibc: denial of service in getnetbyname function
https://notcve.org/view.php?id=CVE-2014-9402
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. La implementación nss_dns de getnetbyname en GNU C Library (también conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuración Name Service Switch está habilitado, permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediante el envió de una respuesta positiva mientras el nombre de una red está siendo procesada. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.openwall.com/lists/oss-security/2014/12/18/1 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2015-1473 – glibc: Stack-overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1473
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera correctamente el tamaño de tipos de datos durante una decisión de la gestión de riesgos para utilizar en la función alloca, lo que podría permitir atacantes dependientes de contexto causar una denegación de servicio (violación de segmentación) o sobrescribir localizaciones de memoria más allá del límite de la pila a través de una línea larga que contiene caracateres anchas que se manejen incorrectamente en una llamada wscanf. A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. • http://openwall.com/lists/oss-security/2015/02/04/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72499 http://www.ubuntu.com/usn/USN-2519-1 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 https://access.redhat.com/security/cve/CVE-2015-1473 https://bugzilla.redhat.com/show_bug.cgi?id=1209105 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2015-1472 – glibc: heap buffer overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1472
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera correctamente el tamaño de datos de estado durante la reserva de memoria, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de una línea larga que contiene caracteres anchos que se manejen incorrectamente en una llamada wscanf. A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://openwall.com/lists/oss-security/2015/02/04/1 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-1572
https://notcve.org/view.php?id=CVE-2015-1572
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. Desbordamiento de buffer basado en memoria dinámica en closefs.c en la libraría libext2fs en e2fsprogs anterior a 1.42.12 permite a usuarios locales ejecutar código arbitrario al causar que un descriptor manipulado de grupos en bloques se marque como sucio. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0247. • http://advisories.mageia.org/MGASA-2015-0088.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html http://www.debian.org/security/2015/dsa-3166 http://www.mandriva.com/security/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •