CVSS: 7.5EPSS: 25%CPEs: 39EXPL: 0CVE-2017-3137 – A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
https://notcve.org/view.php?id=CVE-2017-3137
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podría conducir a una situación en la que named se cerraría con un fallo de aserción al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, la versión 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, la versión 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y en la versión 9.9.9-S8. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. • http://www.securityfocus.com/bid/97651 http://www.securitytracker.com/id/1038258 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1582 https://access.redhat.com/errata/RHSA-2017:1583 https://kb.isc.org/docs/aa-01466 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002 https://www.debian.org& • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 87%CPEs: 45EXPL: 0CVE-2016-9131 – bind: assertion failure while processing response to an ANY query
https://notcve.org/view.php?id=CVE-2016-9131
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada a una query RTYPE ANY. A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2017-0062.html http://www.debian.org/security/2017/dsa-3758 http://www.securityfocus.com/bid/95386 http://www.securitytracker.com/id/1037582 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https://kb.isc.org/article/AA-01439/74/CVE-2016-9131 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https: • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 95%CPEs: 57EXPL: 0CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer
https://notcve.org/view.php?id=CVE-2016-8864
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro DNAME en la sección de respuesta de una respuesta a una petición recursiva, relacionado con db.c y resolver.c. A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2016-2141.html http://rhn.redhat.com/errata/RHSA-2016-2142.html http://rhn.redhat.com/errata/RHSA-2016-2615.html http://rhn.redhat.com/errata/RHSA-2016-2871.html http://www.debian.org/security/2016/dsa-3703 http://www.securityfocus.com/bid/94067 http://www.securitytracker.com/id/1037156 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https:&# • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-6325 – tomcat: tomcat writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-6325
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 5 hasta la versión 7, JBoss Web Server 3.0 y JBoss EWS 2 utiliza permisos débiles para (1) /etc/sysconfig/tomcat y (2) /etc/tomcat/tomcat.conf, lo que permite a usuarios locales obtener privilegios aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. • http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93478 https://access.redhat.com/errata/RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0456 https://bugzilla.redhat.com/show_bug.cgi?id=1367447 https://access.redhat.com/security/cve/CVE-2016-6325 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 4CVE-2016-5425 – Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-5425
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux y posiblemente en otros productos distribuidos por Linux utiliza permisos débiles para /usr/lib/tmpfiles.d/tomcat.conf, lo que permite a usuarios locales obtener privilegios de root aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros. • https://www.exploit-db.com/exploits/40488 http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.openwall.com/lists/oss-security/2016/10/10/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93472 http://www.securitytracker.com/id/1036979&# • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •