CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2018-1000199 – kernel: ptrace() incorrect error handling leads to corruption and DoS
https://notcve.org/view.php?id=CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. El kernel de Linux en su versión 3.18 contiene una vulnerabilidad de funcionalidad peligrosa en modify_user_hw_breakpoint() que puede resultar en un cierre inesperado y en una posible corrupción de memoria. El ataque parece ser explotable mediante la ejecución de código local y la capacidad de usar ptrace. • https://github.com/dsfau/CVE-2018-1000199 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.securitytracker.com/id/1040806 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 23%CPEs: 10EXPL: 4CVE-2018-10583 – LibreOffice/Open Office - '.odt' Information Disclosure
https://notcve.org/view.php?id=CVE-2018-10583
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Ocurre una vulnerabilidad de divulgación de información cuando LibreOffice 6.0.3 y Apache OpenOffice Writer 4.1.5 procesan automáticamente e inician una conexión SMB embebida en un archivo malicioso, tal y como queda demostrado con xlink:href=file://192.168.0.2/test.jpg en un elemento office:document-content en un documento XML .odt. Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. • https://www.exploit-db.com/exploits/44564 https://github.com/MrTaherAmine/CVE-2018-10583 https://github.com/octodi/CVE-2018-10583 http://seclists.org/fulldisclosure/2020/Oct/26 http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files https://access.redhat.com/errata/RHSA-2018:3054 https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10535 – binutils: NULL pointer dereference in elf.c
https://notcve.org/view.php?id=CVE-2018-10535
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. La función ignore_section_sym en elf.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, no valida el puntero output_section en el caso de que haya una entrada symtab con un tipo "SECTION" que tiene un valor "0". Esto permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante un archivo manipulado, tal y como demuestra objcopy. • http://www.securityfocus.com/bid/104021 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201908-01 https://sourceware.org/bugzilla/show_bug.cgi?id=23113 https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-10535 https://bugzilla.redhat.com/show_bug.cgi?id=1574697 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10534 – binutils: out of bounds memory write in peXXigen.c files
https://notcve.org/view.php?id=CVE-2018-10534
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. La función _bfd_XX_bfd_copy_private_bfd_data_common en peXXigen.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, procesa un tamaño Data Directory negativo con un bucle no limitado que aumenta el valor de (external_IMAGE_DEBUG_DIRECTORY) *edd para que la dirección exceda su propia región de memoria, lo que resulta en una escritura en la memoria fuera de límites, tal y como demuestra la copia de información privada por parte de objcopy con _bfd_pex64_bfd_copy_private_bfd_data_common en pex64igen.c. • http://www.securityfocus.com/bid/104025 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201908-01 https://sourceware.org/bugzilla/show_bug.cgi?id=23110 https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-10534 https://bugzilla.redhat.com/show_bug.cgi?id=1574696 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10373 – binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file
https://notcve.org/view.php?id=CVE-2018-10373
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. concat_filename en dwarf2.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante un archivo binario manipulado, tal y como demuestra nm-new. • http://www.securityfocus.com/bid/104000 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201908-01 https://sourceware.org/bugzilla/show_bug.cgi?id=23065 https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-10373 https://bugzilla.redhat.com/show_bug.cgi?id=1573365 • CWE-476: NULL Pointer Dereference •