Log

CVE-2017-16995 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-16996 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17122 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22508
+ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
Notes
CVE-2017-17123 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22509
+ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543
Notes
CVE-2017-17124 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22507
+ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c
Notes
CVE-2017-17125 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22443
+ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4
Notes
CVE-2017-17126 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22510
+ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8
Notes
CVE-2017-17383 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
References
+ https://jenkins.io/security/advisory/2017-12-05/
Notes
CVE-2017-17433 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
References
+ https://git.samba.org/?p=rsync.git;a=commitdiff;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
Notes
CVE-2017-17434 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
References
+ https://git.samba.org/?p=rsync.git;a=commitdiff;h=5509597decdbd7b91994210f700329d8a35e70a1
+ https://git.samba.org/?p=rsync.git;a=commitdiff;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
Notes