CVE-2016-3610 – Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3610
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3598. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of MethodHandles.filterReturnValue. Due to unsafe handling of reflection of privileged classes inside the MethodHandles class, it is possible for untrusted code to gain access to privileged methods and properties. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00028. •
CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. El Apache HTTP Server hasta la versión 2.4.23 sigue a RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que puede permitir a atacantes remotos redireccionar el tráfico HTTP saliente de aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, también conocido como problema "httpoxy". NOTA: el vendedor afirma "Se ha asignado a esta mitigación el identificador CVE-2016-5387"; en otras palabras, esto no es un CVE ID para una vulnerabilidad. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://rhn.redhat.com/errata/RHSA-2016-1624.html http://rhn.redhat.com/errata/RHSA-2016-1625.html http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://www.debian.org/security/2016/dsa-3623 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •
CVE-2016-4470 – kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
https://notcve.org/view.php?id=CVE-2016-4470
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •
CVE-2016-2141 – JGroups: Authorization bypass
https://notcve.org/view.php?id=CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. JGroups en versiones anteriores a 4.0 no solicita las cabeceras adecuadas para los protocolos ENCRYPT y AUTH desde los nodos uniéndose al grupo, lo que permite a atacantes remotos eludir las restricciones de seguridad y enviar y recibir mensajes dentro del grupo a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1435.html http://rhn.redhat.com/errata/RHSA-2016-1439.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://www.securityfocus.com/bid/91481 http://www.securitytracker.com/id/1036165 https://access.redhat.com/errata/RHSA-2016:1345 https://access.redhat.com/errata/RHSA-2016:1346 https://access.redhat.com/errata/RHSA-2016:1347 https://access.redhat.com/errata/RHSA-2016:1374 https://access.redhat.com/errata/RHSA-2016:1376& •
CVE-2016-2178 – openssl: Non-constant time codepath followed for certain operations in DSA implementation
https://notcve.org/view.php?id=CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización de canal lateral. It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. • http://eprint.iacr.org/2016/594.pdf http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org& • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •