CVE-2019-17498 – libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c
https://notcve.org/view.php?id=CVE-2019-17498
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. En libssh2 versión v1.9.0 y anteriores, la lógica de la función SSH_MSG_DISCONNECT en el archivo packet.c presenta un desbordamiento de enteros en una comprobación de límites, lo que permite a un atacante especificar un desplazamiento arbitrario (fuera de límites) para una lectura de memoria posterior. Un servidor SSH diseñado puede ser capaz de revelar información confidencial o causar una condición de denegación de servicio en el sistema del cliente cuando un usuario conecta con el servidor. libssh2 version 1.9.0 contains a remotely trigger-able out-of-bounds read, leading to denial of service or potentially to information disclosure. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498 https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498 https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480 https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. • http://www.securityfocus.com/bid/108427 https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://issues.apache.org/jira/browse/ZOOKEEPER-1392 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •