Log

CVE-2018-5407 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Private key recovery
Description
+ A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and ECDH, has been shown
+ to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.
References
+ https://www.openssl.org/news/secadv/20181112.txt
+ https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c
Notes
CVE-2018-5686 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
References
+ https://bugs.ghostscript.com/show_bug.cgi?id=698860
+ https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
Notes
CVE-2018-5702 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ The transmission-daemon in Transmission before 2.93 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
References
+ http://www.openwall.com/lists/oss-security/2018/01/12/1
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
+ https://github.com/transmission/transmission/commit/eb5d1a79cbe1b9bc5b22fdcc598694ecd4d02f43
+ https://github.com/transmission/transmission/pull/468
Notes
CVE-2018-5709 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
References
Notes
CVE-2018-5711 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
References
+ https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
+ https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
Notes
CVE-2018-5729 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null dereference in kadmind, or circumvent a DN container check, by supplying tagged data intended to be internal to the database module.
References
+ https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
Notes
+ Fixed in 1.16.1
CVE-2018-5730 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
References
+ https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
Notes
+ Fixed in 1.16.1
CVE-2018-5732 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet.
References
+ https://kb.isc.org/article/AA-01565
+ https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
+ https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=c5931725b48b121d232df4ba9e45bc41e0ba114d
+ https://bugs.isc.org/Public/Bug/Display.html?id=47139
Notes
CVE-2018-5733 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic.
References
+ https://kb.isc.org/article/AA-01567
+ https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
+ https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=197b26f25309f947b97a83b8fdfc414b767798f8
+ https://bugs.isc.org/Public/Bug/Display.html?id=47140
Notes
CVE-2018-5736 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession.
References
+ https://kb.isc.org/article/AA-01602/74/CVE-2018-5736
Notes
+ Workaround:
+
+ For servers which must receive notifies to keep slave zone contents current, no complete workarounds are known although restricting BIND to only accept NOTIFY messages from authorized sources can greatly mitigate the risk of attack.