CVE-2016-8635 – nss: small-subgroups attack flaw
https://notcve.org/view.php?id=CVE-2016-8635
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo pequeño. Un atacante podría emplear este error para recuperar claves privadas confinando la clave DH del cliente en un subgrupo pequeño del grupo deseado. It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. • http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94346 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635 https://security.gentoo.org/glsa/201701-46 https://access.redhat.com/security/cve/CVE-2016-8635 https://bugzilla.redhat.com/show_bug.cgi?id=1391818 • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •
CVE-2016-7035 – pacemaker: Privilege escalation due to improper guarding of IPC communication
https://notcve.org/view.php?id=CVE-2016-7035
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. Se ha detectado un error en Pacemaker en versiones anteriores a la 1.1.6 por el que no protegía correctamente su interfaz IPC. Un atacante con una cuenta sin privilegios en un nodo Pacemaker podría emplear este error para, por ejemplo, forzar al demonio Local Resource Manager para que ejecute un script como root y, por lo tanto, obtenga acceso root a la máquina An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. • http://rhn.redhat.com/errata/RHSA-2016-2614.html http://rhn.redhat.com/errata/RHSA-2016-2675.html http://www.openwall.com/lists/oss-security/2016/11/03/5 http://www.securityfocus.com/bid/94214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035 https://github.com/ClusterLabs/pacemaker/commit/5d71e65049 https://lists.clusterlabs.org/pipermail/users/2016-November/004432.html https://security.gentoo.org/glsa/201710-08 https://access.redhat.com/security/cve/CVE-2016- • CWE-285: Improper Authorization •
CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS
https://notcve.org/view.php?id=CVE-2016-5011
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada con un registro de arranque de partición extendida en desplazamiento cero. It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. • http://rhn.redhat.com/errata/RHSA-2016-2605.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801 http://www.openwall.com/lists/oss-security/2016/07/11/2 http://www.securityfocus.com/bid/91683 http://www.securitytracker.com/id/1036272 https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3 https://access.redhat.com/security/cve/CVE-2016-5011 https://bugzilla.redhat. •
CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. • http://rhn.redhat.com/errata/RHSA-2016-2577.html http://www.openwall.com/lists/oss-security/2017/07/21/3 https://bugs.launchpad.net/ossn/+bug/1686743 https://bugzilla.redhat.com/show_bug.cgi?id=1245647 https://wiki.openstack.org/wiki/OSSN/OSSN-0079 https://access.redhat.com/security/cve/CVE-2015-5160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer
https://notcve.org/view.php?id=CVE-2016-8864
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro DNAME en la sección de respuesta de una respuesta a una petición recursiva, relacionado con db.c y resolver.c. A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2016-2141.html http://rhn.redhat.com/errata/RHSA-2016-2142.html http://rhn.redhat.com/errata/RHSA-2016-2615.html http://rhn.redhat.com/errata/RHSA-2016-2871.html http://www.debian.org/security/2016/dsa-3703 http://www.securityfocus.com/bid/94067 http://www.securitytracker.com/id/1037156 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https: • CWE-617: Reachable Assertion •