CVE-2018-1000028
https://notcve.org/view.php?id=CVE-2018-1000028
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. El kernel de Linux, en versiones posteriores al commit con ID bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+, contiene una vulnerabilidad de control de acceso incorrecto en el servidor NFS (nfsd) que puede resultar en que usuarios remotos lean o escriban archivos para los que no deberían tener permisos mediante NFS. Este ataque parece ser explotable por un servidor NFS que debe exportar un sistema de archivos con las opciones "rootsquash" habilitadas. • https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420 • CWE-269: Improper Privilege Management •
CVE-2017-16914
https://notcve.org/view.php?id=CVE-2017-16914
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. La función "stub_send_ret_submit()" (drivers/usb/usbip/stub_tx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.107, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a https://lists.debian.org/debian-lts • CWE-476: NULL Pointer Dereference •
CVE-2017-16911
https://notcve.org/view.php?id=CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. El controlador vhci_hcd en el kernel de Linux, en versiones anteriores a la 4.14.8 y la 4.4.114, permite que atacantes locales revelen direcciones de memoria del kernel. La explotación con éxito requiere que se conecte un dispositivo USB mediante IP. • http://www.securityfocus.com/bid/102156 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://secuniaresearch.flexerasoftware.com/advisories/80454 https://secuniaresearch.flexerasoftware.com/secunia_research/2017- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-16912
https://notcve.org/view.php?id=CVE-2017-16912
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. La función "get_pipe()" (drivers/usb/usbip/stub_rx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.114, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://secuniaresearch.flexerasoftware.com/ad • CWE-125: Out-of-bounds Read •
CVE-2017-16913
https://notcve.org/view.php?id=CVE-2017-16913
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. La función "stub_recv_cmd_submit()" (drivers/usb/usbip/stub_rx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.114, al gestionar paquetes CMD_SUBMIT, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://secuniaresearch.flexerasoftware.com/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •