CVE-2020-1472 – Microsoft Netlogon Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. • https://www.exploit-db.com/exploits/49071 https://github.com/SecuraBV/CVE-2020-1472 https://github.com/dirkjanm/CVE-2020-1472 https://github.com/VoidSec/CVE-2020-1472 https://github.com/k8gege/CVE-2020-1472-EXP https://github.com/cube0x0/CVE-2020-1472 https://github.com/sv3nbeast/CVE-2020-1472 https://github.com/thatonesecguy/zerologon-CVE-2020-1472 https://github.com/CanciuCostin/CVE-2020-1472 https://github.com/0xkami/CVE-2020-1472 https://github.com/striveben • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •
CVE-2010-2222
https://notcve.org/view.php?id=CVE-2010-2222
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. La función _ger_parse_control en Red Hat Directory Server 8 y 389 Directory Server, permite a atacantes causar una denegación de servicio (desreferencia del puntero NULL) por medio de una consulta de búsqueda especialmente diseñada. • https://access.redhat.com/security/cve/cve-2010-2222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2222 • CWE-476: NULL Pointer Dereference •
CVE-2014-3562 – 389-ds: unauthenticated information disclosure
https://notcve.org/view.php?id=CVE-2014-3562
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Red Hat Directory Server 8 y 389 Directory Server, cuando depuración está habilitada, permite a atacantes remotos obtener metadatos replicados sensibles mediante la búsqueda del directorio. It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. • http://rhn.redhat.com/errata/RHSA-2014-1031.html http://rhn.redhat.com/errata/RHSA-2014-1032.html https://bugzilla.redhat.com/show_bug.cgi?id=1123477 https://access.redhat.com/security/cve/CVE-2014-3562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2013-4485 – 389-ds-base: DoS due to improper handling of ger attr searches
https://notcve.org/view.php?id=CVE-2013-4485
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. 389 Directory Server 1.2.11.15 (también conocido como Red Hat Directory Server anterior a la versión 8.2.11-14) permite a usuarios remotos autenticados provocar una denegación de servicio (caída) a través de múltiples caracteres @ en una lista de atributo GER de una petición de búsqueda. • http://rhn.redhat.com/errata/RHSA-2013-1752.html http://rhn.redhat.com/errata/RHSA-2013-1753.html http://secunia.com/advisories/55765 https://access.redhat.com/security/cve/CVE-2013-4485 https://bugzilla.redhat.com/show_bug.cgi?id=1024552 • CWE-20: Improper Input Validation •
CVE-2013-2219 – Server: ACLs inoperative in some search scenarios
https://notcve.org/view.php?id=CVE-2013-2219
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. El Red Hat Directory Server 8.2.11-13 y 389 Directory Server, no restringe adecuadamente los atributos de entidad, lo que permite a usuarios autenticados remotamente obtener información sensible a través de una consulta de búsqueda hacia ese atributo. • http://rhn.redhat.com/errata/RHSA-2013-1116.html http://rhn.redhat.com/errata/RHSA-2013-1119.html https://bugzilla.redhat.com/show_bug.cgi?id=979508 https://access.redhat.com/security/cve/CVE-2013-2219 • CWE-264: Permissions, Privileges, and Access Controls •