CVE-2009-3939 – kernel: megaraid_sas permissions in sysfs
https://notcve.org/view.php?id=CVE-2009-3939
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero. • http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2008-6708
https://notcve.org/view.php?id=CVE-2008-6708
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x y v4.x, permite a usuarios remotos autentificados, obtener privilegios de root a través de vectores desconocidos relativos a la configuración de "viendo datos locales o restaurando parámetros". • http://osvdb.org/46604 http://secunia.com/advisories/30751 http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm http://www.securityfocus.com/bid/29939 http://www.voipshield.com/research-details.php?id=77 http://www.vupen.com/english/advisories/2008/1943/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43390 •
CVE-2008-6709
https://notcve.org/view.php?id=CVE-2008-6709
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters." Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios remotos autentificados, ejecutar comandos de su elección a través de vectores no específicos, relativos a la configuración de "viendo datos locales o restaurando parámetros". • http://secunia.com/advisories/30751 http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm http://www.osvdb.org/46603 http://www.securityfocus.com/bid/29939 http://www.voipshield.com/research-details.php?id=78 http://www.vupen.com/english/advisories/2008/1943/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43380 •
CVE-2008-6707
https://notcve.org/view.php?id=CVE-2008-6707
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." El interfase de administración web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificación para ciertas tareas, lo que permite a atacantes remotos obtener información sensible y acceso a funcionalidades restringidas a través de (1) la utilidad de instalación de certificados, (2) secuencias de comandos no específicas en el directorio de objetos, (3) una "aplicación por defecto no necesaria", (4) secuencias de código no específicas en el directorio "States",(5) una "aplicación por defecto" no específica que lista la configuración del servidor, y (6) "ayuda del sistema completa". • http://osvdb.org/46598 http://osvdb.org/46599 http://osvdb.org/46600 http://secunia.com/advisories/30751 http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm http://www.securityfocus.com/bid/29939 http://www.voipshield.com/research-details.php?id=86 http://www.voipshield.com/research-details.php?id=87 http://www.voipshield.com/research-details.php?id=88 http://www.voipshield.com/research-details.php?id=89 http://www.voipshield.com/research-details.php? • CWE-287: Improper Authentication •
CVE-2008-6706
https://notcve.org/view.php?id=CVE-2008-6706
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." Múltiples vulnerabilidades no especificadas en el interfase de gestión web en Avaya SIP Enablement Services (SES) v3.x y v4.0, como los usados en Avaya Communicatión Manager v3.1.x, permite a atacantes remotos conseguir (1)configuración de la aplicación del servidor, (2) configuración del servidor de bases de datos, incluidas claves cifradas, (3) utilidad del sistema que desencripta "claves de tablas de suscriptor", (4) utilidad del sistema que desencripta las claves de la base de datos, y (5) una utilidad del sistema que encripta "claves de tablas de suscriptor". • http://osvdb.org/46602 http://secunia.com/advisories/30751 http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm http://www.securityfocus.com/bid/29939 http://www.voipshield.com/research-details.php?id=81 http://www.voipshield.com/research-details.php?id=82 http://www.voipshield.com/research-details.php?id=83 http://www.voipshield.com/research-details.php?id=84 http://www.voipshield.com/research-details.php? •