CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 1CVE-2008-1105 – Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1105
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. Desbordamiento de búfer basado en montículo en la función receive_smb_raw de util/sock.c en Samba 3.0.0 hasta 3.0.29, permite a atacantes remotos ejecutar código de su elección a través de una respuesta SMB manipulada. • https://www.exploit-db.com/exploits/5712 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30228 http://secunia.com/advisories/30385 http://secunia.com/advisories/30396 http://secunia.com/advisories/30442 http://secunia.com/advisories/30449 http://secunia.com/advisories/30478 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 116EXPL: 1CVE-2008-2137
https://notcve.org/view.php?id=CVE-2008-2137
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. Las funciones (1) sparc_mmap_check en arch/sparc/kernel/sys_sparc.c y (2) sparc64_mmap_check en arch/sparc64/kernel/sys_sparc.c, en el Kernel de Linux 2.6.25.3, omite ciertas validaciones de rangos de direcciones virtuales (también conocidas como span) cuando el bit nmap MAP_FIXED no está establecido, lo que permite a usuarios locales provocar una denegación de servicio (caída) a través de llamadas a nmpa sin especificar. • http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604 http://secunia.com/advisories/30368 http://secunia.com/advisories/30499 http://secunia.com/advisories/31107 http://www.debian.org/security/2008/dsa-1588 http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 http://www.securityfocus.com/bid/29397 http://www.securitytracker.com/id?1020119 http://www.ubuntu.com/usn/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 87%CPEs: 7EXPL: 0CVE-2008-2136 – kernel: sit memory leak
https://notcve.org/view.php?id=CVE-2008-2136
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. Fugas de memoria en la función ip6_rcv de net/ipv6/sit.c en el núcleo de Linux versiones anteriores a 2.6.25.3 permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria) a través de tráfico de red de una interfaz de túnel Simple Internet Transition (SIT), relacionado a las funciones pskb_may_pull y kfree_skb, y la gestión de una cuenta de referencia skb. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://marc.info/?l=linux-netdev&m=121031533024912&w=2 http://secunia.com/advisories/30198 http://secunia.com/advisories/30241 http://secunia.com/advisories/30276 http://secunia.com/advisories/30368 http://secunia.com/advisories/30499 http://secunia.com/advisories/30 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.6EPSS: 0%CPEs: 14EXPL: 1CVE-2008-0167 – phpQLAdmin 2.2.7 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2008-0167
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. La función write_array_file en utils/include.pl de GForge 4.5.14 actualiza los archivos de configuración truncándolos a longitud cero y a continuación escribe datos nuevos, lo que podría permitir a atacantes evitar las restricciones de acceso planificadas o tener otros impactos no especificados en circunstancias oportunas. • https://www.exploit-db.com/exploits/5173 http://secunia.com/advisories/30088 http://secunia.com/advisories/30286 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz http://www.debian.org/security/2008/dsa-1577 http://www.securityfocus.com/bid/29215 http://www.vupen.com/english/advisories/2008/1537/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42456 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 11%CPEs: 6EXPL: 5CVE-2008-0166 – OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
https://notcve.org/view.php?id=CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. OpenSSL versión 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de números aleatorios que genera números predecibles, lo que facilita a atacantes remotos la conducción de ataques de adivinación por fuerza bruta contra claves criptográficas. • https://www.exploit-db.com/exploits/5622 https://www.exploit-db.com/exploits/5720 https://www.exploit-db.com/exploits/5632 https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166 http://metasploit.com/users/hdm/tools/debian-openssl http://secunia.com/advisories/30136 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 http:/ • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •