CVE-2016-2117 – kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers
https://notcve.org/view.php?id=CVE-2016-2117
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. La función atl2_probe en drivers/net/ethernet/atheros/atlx/atl2.c en el kernel de Linux hasta la versión 4.5.2 activa incorrectamente scatter/gather I/O, lo que permite a atacantes remotos obtener información sensible de la memoria del kernel leyendo datos de paquete. It was discovered that the atl2_probe() function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2016/03/16/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.secu • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3960
https://notcve.org/view.php?id=CVE-2016-3960
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Desbordamiento de entero en el código shadow pagetable en Xen permite a usuarios locales del SO invitado provocar una denegación de servicio (caída de host) o posiblemente obtener privilegios sombreando un mapeo de superpágina. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://support.citrix.com/article/CTX209443 http://www.debian.org/security/2016/dsa-3554 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/86318 http://www.securitytracker.com/id/1035587 http://xenbits • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-3159
https://notcve.org/view.php?id=CVE-2016-3159
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. La función fpu_fxrstor en arch/x86/i387.c en Xen 4.x no maneja correctamente escrituras al bit FSW.ES hardware cuando se ejecuta en procesadores AMD64, lo que permite a usuarios locales del SO invitado obtener información sensible del contenido de registro de otro invitado aprovechando una excepción pendiente y bits de máscara. NOTA: esta vulnerabilidad existe por una solución incorrecta para CVE-2013-2076. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html http://support.citrix.com/article/CTX209443 http://www.debian.org/security/2016/dsa-3554 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/85716 http://www.securitytracker.com/id/1035435 http://xenbits.xen.org/xsa/advisory-172.html http://xenbits.xen.org/xsa/xsa172.patc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2016-3158
https://notcve.org/view.php?id=CVE-2016-3158
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. La función xrstor en arch/x86/xstate.c en Xen 4.x no maneja correctamente escrituras al bit FSW.ES hardware cuando se ejecuta en procesadores AMD64, lo que permite a usuarios locales del SO invitado obtener información sensible del contenido de registro de otro invitado aprovechando una excepción pendiente y bits de máscara. NOTA: esta vulnerabilidad existe por una solución incorrecta para CVE-2013-2076. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html http://support.citrix.com/article/CTX209443 http://www.debian.org/security/2016/dsa-3554 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/85714 http://www.securitytracker.com/id/1035435 http://xenbits.xen.org/xsa/advisory-172.html http://xenbits.xen.org/xsa/xsa172-4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2016-3115 – OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
https://notcve.org/view.php?id=CVE-2016-3115
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de datos X11 manipulados, relacionadas con las funciones (1) do_authenticated1 y (2) session_x11_req. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. OpenSSH versions 7.2p1 and below suffer from a command injection and /bin/false bypass vulnerability via xauth. • https://www.exploit-db.com/exploits/39569 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html http://lists.fedoraproject.org/pipermail& • CWE-20: Improper Input Validation •