2 results (0.006 seconds)

CVSS: 8.1EPSS: 0%CPEs: 44EXPL: 1

CVE-2016-0778 – OpenSSH: Client buffer-overflow when using roaming connections

https://notcve.org/view.php?id=CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2, cuando ciertas opciones proxy y forward se encuentran habilitadas, no mantiene adecuadamente los descriptores de archivo de conexión, lo que permite a servidores remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado mediante la petición de varios reenvíos. A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-01& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2015-3200

https://notcve.org/view.php?id=CVE-2015-3200

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. mod_auth en lighttpd anterior a 1.4.36 permite a atacantes remotos inyectar entradas de registro largas a través de una cadena de la autenticación HTTP básica sin un caracter de dos puntos, tal y como fue demostrado por una cadena que contiene un caracter nulo y de nueva línea. • http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html http://redmine.lighttpd.net/issues/2646 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/74813 http://www.securitytracker.com/id/1032405 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •