CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten. • http://www.securitytracker.com/id/1041520 https://access.redhat.com/errata/RHSA-2018:0260 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://usn.ubuntu.com/3558-1 https://access.redhat.com/security/cve/CVE-2018-1049 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. • http://www.securitytracker.com/id/1040319 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:2948 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://patchwork.kernel.org/patch/10174835 https://usn.ubuntu.com/3631-1 https://usn.ubuntu.com/3631-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-5748 – libvirt: Resource exhaustion via qemuMonitorIORead() method
https://notcve.org/view.php?id=CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. qemu/qemu_monitor.c en libvirt permite que los atacantes provoquen una denegación de servicio (consumo de memoria) mediante una respuesta QEMU grande. • http://www.securityfocus.com/bid/102825 https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html https://access.redhat.com/security/cve/CVE-2018-5748 https://bugzilla.redhat.com/show_bug.cgi?id=1528396 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-1000007 – curl: HTTP authentication leak in redirects
https://notcve.org/view.php?id=CVE-2018-1000007
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. libcurl, desde la versión 7.1 hasta la 7.57.0, podría filtrar accidentalmente datos de autenticación a terceros. Cuando se le solicita que envíe cabeceras personalizadas en sus peticiones HTTP, libcurl enviará primero ese conjunto de cabeceras al host en la URL inicial pero también, si se le pide que siga redirecciones y se devuelve un código de respuesta HTTP 30X al host mencionado en la URL en el valor de la cabecera de respuesta "Location:". El envío de la misma serie de cabeceras a hosts subsecuentes es un problema en particular para las aplicaciones que pasan cabeceras "Authorization:" personalizadas, ya que esta cabecera suele contener información sensible de privacidad o datos que podrían permitir que otros suplanten la petición del cliente que emplea libcurl. • http://www.openwall.com/lists/oss-security/2022/04/27/4 http://www.securitytracker.com/id/1040274 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2020:0544 https://access.redhat.com/errata/RHSA-2020:0594 https://curl.haxx.se/docs/adv_2018-b3bf.html https://lists.debian.org/debian • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •