CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19126 – glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
https://notcve.org/view.php?id=CVE-2019-19126
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. En la arquitectura de x86-64, la Biblioteca GNU C (también se conoce como glibc) versiones anteriores a 2.31 no omite la variable de entorno de LD_PREFER_MAP_32BIT_EXEC durante la ejecución del programa después de una transición de seguridad, permitiendo a atacantes locales restringir las posibles direcciones de mapeo para las bibliotecas cargadas y así omitir ASLR para un programa setuid A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH https://sourceware.org/bugzilla/show_bug.cgi?id=25204 https://usn.ubuntu.com/4416-1 https://access.redhat.com/security/cve/CVE-2019-19126 https://bugzilla.redhat.com/show_bug.cgi?id=1774681 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2013-4412
https://notcve.org/view.php?id=CVE-2013-4412
slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 http://www.securityfocus.com/bid/62906 https://access.redhat.com/security/cve/cve-2013-4412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 https://security-tracker.debian.org/tracker/CVE-2013-4412 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7254
https://notcve.org/view.php?id=CVE-2006-7254
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. El demonio nscd en la librería GNU C (glibc) anterior a la versión 2.5, no cierra los sockets de clientes entrantes si no pueden ser manejados por el demonio, lo que permite a los usuarios locales llevar a cabo un ataque de denegación de servicio en el demonio. • https://sourceware.org/bugzilla/show_bug.cgi?id=2498 • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3590
https://notcve.org/view.php?id=CVE-2005-3590
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. La función getgrouplist en la librería GNU C (glibc) anterior a la versión 2.3.5, cuando se invoca con un argumento cero, escribe en el puntero pasado incluso si el tamaño de la matriz especificada es cero, lo que lleva a un desbordamiento del búfer y potencialmente permite a los atacantes corromper la memoria • http://www.securityfocus.com/bid/107871 https://sourceware.org/bugzilla/show_bug.cgi?id=661 https://support.f5.com/csp/article/K12740406 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9192
https://notcve.org/view.php?id=CVE-2019-9192
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern ** EN DISPUTA ** EN GNU C Library (también conocido como glibc o libc6), hasta la versión 2.29, check_dst_limits_calc_pos_1 en posix/regexec.c tiene una recursión no controlada, tal y como queda demostrado con "(|)(\\1\\1)*" en grep. Este problema es diferente de CVE-2018-20796. NOTA: el mantenedor del software discute si esto es una vulnerabilidad debido a que el comportamiento solo ocurre con un patrón manipulado. • https://sourceware.org/bugzilla/show_bug.cgi?id=24269 https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS • CWE-674: Uncontrolled Recursion •