CVE-2016-4470 – kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
https://notcve.org/view.php?id=CVE-2016-4470
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •
CVE-2015-1350
https://notcve.org/view.php?id=CVE-2015-1350
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. El subsistema VFS en el kernel de Linux 3.x provee un conjunto incompleto de requerimientos para operaciones setattr que subespecifica eliminando atributos de extensión de privilegios, lo que permite a usuarios locales provocar una denegación de servicio (desprovisión de capacidad) a través de una invocación fallida of a system call, según lo demostrado usando chown para eliminar una capacidad una capacidad de ping o del programa dumpcap de Wireshark. • http://marc.info/?l=linux-kernel&m=142153722930533&w=2 http://www.openwall.com/lists/oss-security/2015/01/24/5 http://www.securityfocus.com/bid/76075 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492 https://bugzilla.redhat.com/show_bug.cgi?id=1185139 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2015-7837 – kernel: securelevel disabled after kexec
https://notcve.org/view.php?id=CVE-2015-7837
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. El kernel de Linux, tal y como se emplea en Red Hat Enterprise Linux 7, kernel-rt y Enterprise MRG 2 y cuando se emplea con UEFI Secure Boot habilitado, permite que usuarios locales omitan las restricciones securelevel/secureboot previstas aprovechando la gestión incorrecta de la marca secure_boot cuando se reinicia kexec. A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination. • http://rhn.redhat.com/errata/RHSA-2015-2152.html http://rhn.redhat.com/errata/RHSA-2015-2411.html http://www.openwall.com/lists/oss-security/2015/10/15/6 http://www.securityfocus.com/bid/77097 https://bugzilla.redhat.com/show_bug.cgi?id=1272472 https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798 https://access.redhat.com/security/cve/CVE-2015-7837 • CWE-254: 7PK - Security Features CWE-456: Missing Initialization of a Variable •
CVE-2012-6685 – rubygem-nokogiri: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2012-6685
Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE. • https://bugzilla.redhat.com/show_bug.cgi?id=1178970 https://github.com/sparklemotion/nokogiri/issues/693 https://nokogiri.org/CHANGELOG.html#154-2012-06-12 https://access.redhat.com/security/cve/CVE-2012-6685 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2014-8171 – kernel: memcg: OOM handling DoS
https://notcve.org/view.php?id=CVE-2014-8171
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. El controlador de recursos de memoria (también conocido como memcg) en el kernel de Linux permite que usuarios locales provoquen una denegación de servicio (deadlock) generando nuevos procesos en un cgroup con límite de memoria. It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system. • http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat.com/errata/RHSA-2015-2152.html http://rhn.redhat.com/errata/RHSA-2015-2411.html http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.securityfocus.com/bid/74293 https://bugzilla.redhat.com/show_bug.cgi?id=1198109 https://access.redhat.com/security/cve/CVE-2014-8171 • CWE-399: Resource Management Errors CWE-833: Deadlock •