CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19126 – glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
https://notcve.org/view.php?id=CVE-2019-19126
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. En la arquitectura de x86-64, la Biblioteca GNU C (también se conoce como glibc) versiones anteriores a 2.31 no omite la variable de entorno de LD_PREFER_MAP_32BIT_EXEC durante la ejecución del programa después de una transición de seguridad, permitiendo a atacantes locales restringir las posibles direcciones de mapeo para las bibliotecas cargadas y así omitir ASLR para un programa setuid A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH https://sourceware.org/bugzilla/show_bug.cgi?id=25204 https://usn.ubuntu.com/4416-1 https://access.redhat.com/security/cve/CVE-2019-19126 https://bugzilla.redhat.com/show_bug.cgi?id=1774681 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18862 – GNU Mailutils 3.7 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. maidag en GNU Mailutils versiones anteriores 3.8, se instaló un setuid y permite una escalada de privilegios locales en el modo url. GNU Mailutils versions 2.0 through 3.7 suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47703 http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS https://security.gentoo.org/glsa/202006-12 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18397 – fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution
https://notcve.org/view.php?id=CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. Un desbordamiento de búfer en la función fribidi_get_par_embedding_levels_ex() en la biblioteca lib/fribidi-bidi.c de GNU FriBidi versiones hasta 1.0.7, permite a un atacante causar una denegación de servicio o posiblemente ejecutar código arbitrario al entregar contenido de texto diseñado a un usuario, cuando este contenido es entonces renderizado mediante una aplicación que utiliza FriBidi para los cálculos de diseño de texto. Los ejemplos incluyen cualquier aplicación basada en GNOME o GTK+ que use Pango para el diseño de texto, ya que esto utiliza internamente FriBidi para el diseño de texto bidireccional. • https://access.redhat.com/errata/RHSA-2019:4326 https://access.redhat.com/errata/RHSA-2019:4361 https://access.redhat.com/errata/RHSA-2020:0291 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944327 https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFS3N6KKXPI6ATDNEUFRSLX7R6BOBNIP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5UJRTG32FDNI7T637Q6PZYL3UCRR5HR& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 2CVE-2019-14866 – cpio: improper input validation when writing tar header fields leads to unexpected tar generation
https://notcve.org/view.php?id=CVE-2019-14866
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. En todas las versiones de cpio anteriores a la versión 2.13, no comprueba apropiadamente los archivos de entrada cuando se generan archivos TAR. Cuando cpio es usado para crear archivos TAR desde rutas en las que un atacante puede escribir, el archivo resultante puede contener archivos con permisos que el atacante no tenía o en rutas a las que no tenía acceso. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866 https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html https://access.redhat.com/security/cve/CVE-2019-14866 https://bugzilla.redhat.com/show_bug.cgi?id=1765511 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2013-4412
https://notcve.org/view.php?id=CVE-2013-4412
slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 http://www.securityfocus.com/bid/62906 https://access.redhat.com/security/cve/cve-2013-4412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 https://security-tracker.debian.org/tracker/CVE-2013-4412 • CWE-476: NULL Pointer Dereference •