CVE-2007-5962 – vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption
https://notcve.org/view.php?id=CVE-2007-5962
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option. Filtrado de memoria en cierto parche de Red Hat, aplicado a vsftpd 2.0.5 vsftpd 2.0.5 sobre Red Hat Enterprise Linux (RHEL) 5, Fedora 6 a la 8, Foresight Linux y aplicaciones rPath, permite a atacantes remotos provocar una denegación de servicio (Consumo de memoria) a través una un gran número de comandos CWD, como se ha demostrado mediante un ataque al demonio con la opción de configuración deny_file. • https://www.exploit-db.com/exploits/5814 https://www.exploit-db.com/exploits/31818 https://www.exploit-db.com/exploits/31819 https://github.com/antogit-sys/CVE-2007-5962 http://secunia.com/advisories/30341 http://secunia.com/advisories/30354 http://securitytracker.com/id?1020079 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 http://www.openwall.com/lists/oss-security/2008/05/21/10 http://www.openwall.com/lists/oss-security/2008/05/21/12 http://www • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2008-2140
https://notcve.org/view.php?id=CVE-2008-2140
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el plugin rootpw en rPath Appliance Platform Agent 2 y 3 permite a atacantes remotos reiniciar la contraseña de root como administrador a través de una URL manipulada. • http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/42393 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2008-2139
https://notcve.org/view.php?id=CVE-2008-2139
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. El plugin rootpw en rPath Appliance Platform Agent 2 y 3 no revalida peticiones de un navegador con una sesión de administrador válida, incluyendo peticiones para cambiar la contraseña, lo que facilita a atacantes próximos físicamente obtener privilegios y conservar el control sobre la cuenta de administrador. • http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/42393 https://exchange.xforce.ibmcloud.com/vulnerabilities/42394 • CWE-264: Permissions, Privileges, and Access Controls •