
CVE-2016-8635 – nss: small-subgroups attack flaw
https://notcve.org/view.php?id=CVE-2016-8635
16 Nov 2016 — It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo pequeño. Un atacante podría emplear este error para recuperar claves privadas confinando la clave DH d... • http://rhn.redhat.com/errata/RHSA-2016-2779.html • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •

CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
14 Nov 2016 — SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context ... • http://rhn.redhat.com/errata/RHSA-2016-2702.html • CWE-284: Improper Access Control •

CVE-2016-7091 – sudo: Possible info leak via INPUTRC
https://notcve.org/view.php?id=CVE-2016-7091
04 Nov 2016 — sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. sudo: Se ha descubierto que la configuración por defecto de sudo en Red Hat Enterprise Linux y posiblemente en otras implemen... • http://www.securityfocus.com/bid/92615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2016-5405 – 389-ds-base: Password verification vulnerable to timing attack
https://notcve.org/view.php?id=CVE-2016-5405
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. 389 Directory Server en Red Hat Enterprise Linux Desktop versiones 6 a la 7, Red Hat Enterprise Linux HPC Node versiones 6 a la 7, servidor Red Hat Enterprise Linux versiones 6 a la 7 y Red Hat Enterprise Linux Las Workstation versiones 6 a la 7, ... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-199: Information Management Errors CWE-385: Covert Timing Channel •

CVE-2016-7035 – pacemaker: Privilege escalation due to improper guarding of IPC communication
https://notcve.org/view.php?id=CVE-2016-7035
04 Nov 2016 — An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. Se ha detectado un error en Pacemaker en versiones anteriores a la 1.1.6 por el que no protegía correctamente su interfaz IPC. Un atacante con una cuenta sin privilegios en un nodo Pacemaker... • http://rhn.redhat.com/errata/RHSA-2016-2614.html • CWE-285: Improper Authorization •

CVE-2016-3099 – mod_nss: Invalid handling of +CIPHER operator
https://notcve.org/view.php?id=CVE-2016-3099
04 Nov 2016 — mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. mod_ns en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7, permite a atacantes remotos forzar el uso de cifrados que no estaban destinados a ser habilitados. ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-392: Missing Report of Error Condition •

CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS
https://notcve.org/view.php?id=CVE-2016-5011
04 Nov 2016 — The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada c... • http://rhn.redhat.com/errata/RHSA-2016-2605.html •

CVE-2016-5416 – 389-ds-base: ACI readable by anonymous user
https://notcve.org/view.php?id=CVE-2016-5416
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. 389 Directory Server en RedHat Enterprise Linux Desktop 6 hasta el 7, RedHat Enterprise Linux HPC node 6 hasta el 7, RedHat Enterprise Linux Server 6 hasta el 7, y RedHat Enterprise Linux WorkStation 6 hasta el 7 permite a u... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2016-4455 – subscription-manager: sensitive world readable files in /var/lib/rhsm/
https://notcve.org/view.php?id=CVE-2016-4455
04 Nov 2016 — The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. El paquete Subscription Manager (también conocido como subscription-manager) en versiones anteriores a 1.17.7-1 para Candlepin utiliza permisos débiles (755) para los directorios de caché del subscription-manager, lo que permite a los usuarios locales obte... • http://rhn.redhat.com/errata/RHSA-2016-2592.html • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2016-5410 – firewalld: Firewall configuration can be modified by any logged in user
https://notcve.org/view.php?id=CVE-2016-5410
04 Nov 2016 — firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. firewalld.py en firewalld en versiones anteriores a 0.4.3.3 permite a usuarios locales eludir la autenticación y modificar las configuraciones del firewall a través de (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry o (5) setEntries D-Bus API method... • http://rhn.redhat.com/errata/RHSA-2016-2597.html • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •