CVE-2018-14654 – glusterfs: "features/index" translator can create arbitrary, empty files
https://notcve.org/view.php?id=CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. El sistema de archivos Gluster hasta la versión 4.1.4 es vulnerable al abuso del traductor "features/index". Un atacante remoto con acceso a los volúmenes de montaje podría explotar esta vulnerabilidad mediante el xaatrop "GF_XATTROP_ENTRY_IN_KEY" para crear archivos arbitrarios vacíos en el servidor objetivo. A flaw was found in the way glusterfs server handles client requests. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14654 https://bugzilla.redhat.com/show_bug.cgi?id=1631576 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-1127 – tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions
https://notcve.org/view.php?id=CVE-2018-1127
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user. Tendrl API en Red Hat Gluster Storage en versiones anteriores a la 3.4.0 no elimina inmediatamente los tokens de sesión una vez el usuario ha cerrado sesión. Los tokens de sesión siguen activos durante unos pocos minutos, lo que permite que los atacantes reproduzcan los tokens adquiridos mediante ataques de rastreo o Man-in-the-Middle (MitM) y autenticándose como el usuario objetivo. • http://www.securitytracker.com/id/1041597 https://access.redhat.com/errata/RHSA-2018:2616 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 https://github.com/Tendrl/api/pull/422 https://access.redhat.com/security/cve/CVE-2018-1127 https://bugzilla.redhat.com/show_bug.cgi?id=1575835 • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •
CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://www.securitytracker.com/id/1041396 https://access.redhat.com/errata/RHBA-2018:3788 https://access.redhat.com/errata/RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2585 https://access.redhat.co • CWE-426: Untrusted Search Path •
CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese controlar los resultados de las llamadas lookup(), podrían inyectar cadenas Unicode para que sean analizadas por el sistema de plantillas jinja2, resultando en una ejecución de código. • http://www.securityfocus.com/bid/98492 https://access.redhat.com/errata/RHSA-2017:1244 https://access.redhat.com/errata/RHSA-2017:1334 https://access.redhat.com/errata/RHSA-2017:1476 https://access.redhat.com/errata/RHSA-2017:1499 https://access.redhat.com/errata/RHSA-2017:1599 https://access.redhat.com/errata/RHSA-2017:2524 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481 https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 https://lists.deb • CWE-20: Improper Input Validation •
CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. • https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/34766 https://www.exploit-db.com/exploits/35115 https://www.exploit-db.com/exploits/36933 https://www.exploit-db.com/exploits/34765 https://www.exploit-db.com/exploits/34860 https://www.exploit-db.com/exploits/34879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •