CVE-2012-2143 – crypt(): DES encrypted password weakness
https://notcve.org/view.php?id=CVE-2012-2143
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. La función crypt_des (también conocido como crypt basado en DES), en FreeBSD v9.0-RELEASE-p2, tal y como se utiliza en PHP, PostgreSQL y otros productos, no procesa las contraseñas en claro si la contraseña contiene un carácter de 0x80, lo que hace más fácil para los atacantes dependientes del contexto a la hora de obtener acceso a través de un intento de autenticación con una subcadena inicial con la contraseña, tal y como se demuestra con una contraseña Unicode. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34 http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html http://lists.fedoraproject.org • CWE-310: Cryptographic Issues •
CVE-2010-4755
https://notcve.org/view.php?id=CVE-2010-4755
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob.c y (2) la función process_put en sftp.c en OpenSSH v5.8 y versiones anteriores, como se usa en FreeBSD v7.3 y v8.1, NetBSD v5.0.2, OpenBSD v4.7 y otros productos, permiten a usuarios remotos autenticados causar una denegación de servicio (por excesivo uso de CPU y consumo de memoria) a través de expresiones glob debidamente modificadas que no coinciden con ningún nombre de ruta, como lo demuestran las expresiones glob en las solicitudes SSH_FXP_STAT a un demonio de sftp. Se trata de una vulnerabilidad diferente a CVE-2010-2632. • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1 http://cxib.net/stuff/glob-0day.c http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc http://securityreason.com/achievement_securityalert/89 http://securityreason.com/exploitalert/9223 http://securityreason.com/securityalert/8116 • CWE-399: Resource Management Errors •
CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVE-2008-2476
https://notcve.org/view.php?id=CVE-2008-2476
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). La implementación IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegación de servicio (pérdida de conectividad) o leer tráfico de red privado a través de mensajes falsos que modifica la Forward Information Base (FIB). • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc http://secunia.com/advisories/32112 http://secunia.com/advisories/32116 http://secunia.com/advisories/32117 http://secunia.com/advisories/32133 http://secunia.com/advisories/32406 http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc http://securitytracker.com/id?1020968 http://support.apple.com/kb/HT3467 http://www.kb.cert.org/vuls/id/472363 http://www.kb.cert.org/vuls/id/ • CWE-20: Improper Input Validation •
CVE-2008-1215 – BSD PPP 'pppx.conf' - Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-1215
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. Desbordamiento de búfer basado en pila en la función command_Expand_Interpret de command.c en ppp (aka user-ppp), como se distribuyó en FreeBSD 6.3 y 7.0, OpenBSD 4.1 y 4.2, y el paquete net/userppp para NetBSD, permite a usuarios locales obtener privilegios a través de comandos largos que contienen los caracteres "~". • https://www.exploit-db.com/exploits/31333 http://secunia.com/advisories/29234 http://secunia.com/advisories/29238 http://secunia.com/advisories/29240 http://www.openbsd.org/errata41.html#014_ppp http://www.openbsd.org/errata42.html#009_ppp http://www.securityfocus.com/archive/82/488980/30/0/threaded http://www.securityfocus.com/archive/82/489031/30/0/threaded http://www.securityfocus.com/bid/28090 https://exchange.xforce.ibmcloud.com/vulnerabilities/41034 • CWE-264: Permissions, Privileges, and Access Controls •