CVE-2017-18017 – kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
https://notcve.org/view.php?id=CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. La función tcpmss_mangle_packet en net/netfilter/xt_TCPMSS.c en el kernel de Linux, en versiones anteriores a la 4.11 y en versiones 4.9.x anteriores a la 4.9.36, permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) o, posiblemente, otro tipo de impacto sin especificar aprovechando la presencia de xt_TCPMSS en una acción iptables. The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2017-17558 – kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow
https://notcve.org/view.php?id=CVE-2017-17558
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. La función usb_destroy_configuration en drivers/usb/core/config.c en el subsistema del núcleo USB en el kernel de Linux hasta la versión 4.14.5 no considera el máximo número de configuraciones e interfaces antes de intentar liberar recursos. Esto permite que usuarios locales provoquen una denegación de servicio (acceso de escritura fuera de límites) o, posiblemente, tengan otro tipo de impacto sin especificar mediante un dispositivo USB manipulado. The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://openwall.com/lists/oss-security/2017/12/12/7 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2017-15115
https://notcve.org/view.php?id=CVE-2017-15115
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. La función sctp_do_peeloff en net/sctp/socket.c en el kernel de Linux en versiones anteriores a la 4.14 no comprueba si el netns planeado se emplea en una acción peel-off, lo que permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, otro impacto sin especificar mediante llamadas del sistema manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/oss-sec/2017/q4/282 http://www.securityfocus.com/bid/101877 https://bugzilla.redhat.com/show_bug.cgi?id=1513345 https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://patchwork.ozlabs.org/patch • CWE-416: Use After Free •
CVE-2017-15638
https://notcve.org/view.php?id=CVE-2017-15638
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. El paquete SuSEfirewall2 en versiones anteriores a la 3.6.312-2.13.1 en SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2 y Server para Raspberry Pi 12 SP2; en versiones anteriores a la 3.6.312.333-3.10.1 en SLE Desktop 12 SP3 y Server 12 SP3; en versiones anteriores a la 3.6_SVNr208-2.18.3.1 en SLE Server 11 SP4; en versiones anteriores a la 3.6.312-5.9.1 en openSUSE Leap 42.2 y en versiones anteriores a la 3.6.312.333-7.1 en openSUSE Leap 42.3 podría permitir que atacantes remotos omitan las restricciones de acceso planeadas en el servicio portmap aprovechando la ausencia de una restricción de red de origen para servicios _rpc_. • http://lists.opensuse.org/opensuse-updates/2017-11/msg00014.html •
CVE-2017-13078 – wpa_supplicant: Reinstallation of the group key in the 4-way handshake
https://notcve.org/view.php?id=CVE-2017-13078
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave temporal GTK (Group Temporal Key) durante la negociación en cuatro pasos, haciendo que un atacante en el rango de radio reproduzca frames desde los puntos de acceso hasta los clientes. A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake. • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt http://www.debian.org/security/2017/dsa-3999 http://www.kb.cert.org/vuls/id/228519 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-a • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •