issues
advisories
todo
stats
log
login

Log

« prev 1 2 … 1881 1882 1883 1884 1885 1886 1887 … 2047 2048 next »

CVE-2017-17124 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Arbitrary code execution

Description

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

References

+	https://sourceware.org/bugzilla/show_bug.cgi?id=22507
+	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c

Notes

CVE-2017-17125 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

+	nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

References

+	https://sourceware.org/bugzilla/show_bug.cgi?id=22443
+	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4

Notes

CVE-2017-17126 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Denial of service

Description

+	The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

References

+	https://sourceware.org/bugzilla/show_bug.cgi?id=22510
+	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8

Notes

CVE-2017-17383 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Cross-site scripting

Description

+	Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

References

+	https://jenkins.io/security/advisory/2017-12-05/

Notes

CVE-2017-17433 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Access restriction bypass

Description

+	The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

References

+	https://git.samba.org/?p=rsync.git;a=commitdiff;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51

Notes

CVE-2017-17434 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Access restriction bypass

Description

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

References

+	https://git.samba.org/?p=rsync.git;a=commitdiff;h=5509597decdbd7b91994210f700329d8a35e70a1
+	https://git.samba.org/?p=rsync.git;a=commitdiff;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9

Notes

CVE-2017-17440 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

References

+	https://bugs.debian.org/883528#35
+	https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e

Notes

CVE-2017-17448 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Local

Type

+	Access restriction bypass

Description

It has been discovered that net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

References

+	https://git.kernel.org/linus/4b380c42f7d00a395feede754f0bc2292eebe6e5

Notes

4.15

CVE-2017-17449 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Local

Type

+	Information disclosure

Description

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52 when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.

References

+	https://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291

Notes

CVE-2017-17450 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Local

Type

+	Access restriction bypass

Description

It has been discovered that net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

References

+	https://git.kernel.org/linus/916a27901de01446bcf57ecca4783f6cff493309

Notes

+	Fixed in 4.15