CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://www.securitytracker.com/id/1041396 https://access.redhat.com/errata/RHBA-2018:3788 https://access.redhat.com/errata/RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2585 https://access.redhat.co • CWE-426: Untrusted Search Path •
CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. • https://access.redhat.com/errata/RHSA-2018:1267 https://access.redhat.com/errata/RHSA-2018:2038 https://access.redhat.com/errata/RHSA-2018:2102 https://access.redhat.com/errata/RHSA-2018:2524 https://access.redhat.com/security/cve/cve-2018-1059 https://bugzilla.redhat.com/show_bug.cgi?id=1544298 https://usn.ubuntu.com/3642-1 https://usn.ubuntu.com/3642-2 https://access.redhat.com/security/cve/CVE-2018-1059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9579 – ceph: Object Gateway server DoS by sending invalid cross-origin HTTP request
https://notcve.org/view.php?id=CVE-2016-9579
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. Se ha encontrado un error en la forma en la que Ceph Object Gateway procesa peticiones HTTP cross-origin si la política CORS está configurada para permitir el origen en un bucket. Un atacante remoto no autenticado podría utilizar este problema para provocar una denegación de servicio (DoS) mediante el envío de una petición HTTP cross-origin especialmente manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2954.html http://rhn.redhat.com/errata/RHSA-2016-2956.html http://rhn.redhat.com/errata/RHSA-2016-2994.html http://rhn.redhat.com/errata/RHSA-2016-2995.html http://tracker.ceph.com/issues/18187 http://www.securityfocus.com/bid/94936 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579 https://access.redhat.com/security/cve/CVE-2016-9579 https://bugzilla.redhat.com/show_bug.cgi?id=1403245 • CWE-20: Improper Input Validation •
CVE-2016-7031 – ceph: RGW permits bucket listing when authenticated_users=read
https://notcve.org/view.php?id=CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. El código RGW en Ceph en versiones anteriores a 10.0.1, cuando la lectura autenticada ACL es aplicada a un compartimento, permite a atacantes remotos listar el contenido del compartimento a través de una URL. A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket. • http://docs.ceph.com/docs/master/release-notes/#v10-0-1 http://rhn.redhat.com/errata/RHSA-2016-1972.html http://rhn.redhat.com/errata/RHSA-2016-1973.html http://tracker.ceph.com/issues/13207 http://www.securityfocus.com/bid/93240 https://github.com/ceph/ceph/pull/6057 https://access.redhat.com/security/cve/CVE-2016-7031 https://bugzilla.redhat.com/show_bug.cgi?id=1372446 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVE-2016-5009 – crash: mon_command crashes ceph monitors on receiving empty prefix
https://notcve.org/view.php?id=CVE-2016-5009
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. La función handle_command en mon/Monitor.cc en Ceph permite a usuarios remotos autenticados provocar un denegación de servicio (fallo de segmentación y caída del monitor ceph) a través de un prefijo (1) vacío o (2) manipulado. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00126.html http://tracker.ceph.com/issues/16297 https://access.redhat.com/errata/RHSA-2016:1384 https://access.redhat.com/errata/RHSA-2016:1385 https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6 https://github.com/ceph/ceph/pull/9700 https://access.redhat.com/security/cve/CVE-2016-5009 https://bugzilla.redhat.com/show_bug.cgi?id=1351453 • CWE-20: Improper Input Validation •