Log

CVE-2017-17440 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
References
+ https://bugs.debian.org/883528#35
+ https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
Notes
CVE-2017-17448 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Access restriction bypass
Description
+ It has been discovered that net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
References
+ https://git.kernel.org/linus/4b380c42f7d00a395feede754f0bc2292eebe6e5
Notes
+ 4.15
CVE-2017-17449 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52 when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
References
+ https://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291
Notes
CVE-2017-17450 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Access restriction bypass
Description
+ It has been discovered that net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
References
+ https://git.kernel.org/linus/916a27901de01446bcf57ecca4783f6cff493309
Notes
+ Fixed in 4.15
CVE-2017-17558 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Denial of service
Description
+ The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
References
+ https://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md
+ https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
+ http://openwall.com/lists/oss-security/2017/12/12/7
Notes
CVE-2017-17712 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A flaw was found in the Linux kernel's implementation of raw_sendmsg before 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel to automatically create ip header values and thus potentially escalate their privileges.
References
+ https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
Notes
CVE-2017-17722 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1524116
Notes
CVE-2017-17723 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1524104
+ https://github.com/Exiv2/exiv2/issues/229
Notes
CVE-2017-17724 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1524107
+ https://github.com/Exiv2/exiv2/issues/210
Notes
CVE-2017-17725 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference.
References
+ https://github.com/Exiv2/exiv2/issues/188
+ https://bugzilla.redhat.com/show_bug.cgi?id=1525055
Notes