logrotten 3.15.1 - Privilege Escalation

logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...

logrotten 3.15.1 - Privilege Escalation

Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian...

Amazon Linux 2 : nss (ALAS-2019-1305)

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 Libgcrypt before 1.7.10 and...

Amazon Linux AMI : curl (ALAS-2019-1294)

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVE-2019-5482 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. CVE-2019-5481 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon...

Amazon Linux 2 : libxml2 (ALAS-2019-1301)

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

Amazon Linux AMI : mysql57 (ALAS-2019-1297)

A stack-based buffer overflow vulnerability in the 'Server: Packaging cURL' subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server. CVE-2019-3822 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML...

Amazon Linux AMI : mod24_auth_openidc (ALAS-2019-1300)

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. CVE-2017-6059 It was found that modauthopenidc did not properly sanitize...

Amazon Linux AMI : oniguruma (ALAS-2019-1295)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Amazon Linux AMI : mysql56 (ALAS-2019-1296)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

Amazon Linux 2 : ncurses (ALAS-2019-1302)

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the appendacs function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. CVE-2017-11112 In ncurses 6.0, there is a NULL pointer...

Amazon Linux 2 : libssh2 (ALAS-2019-1303)

An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. CVE-2019-3862 C Tenable...

Amazon Linux AMI : nginx (ALAS-2019-1299) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

Amazon Linux AMI : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

Medium: libssh2

Issue Overview: An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

Medium: nss

Issue Overview: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 Libgcrypt...

Amazon Linux AMI : kernel (ALAS-2019-1293)

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

Amazon Linux 2 : kernel (ALAS-2019-1293)

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

Important: kernel

Issue Overview: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host...

Amazon Linux 2 : glib2 (ALAS-2019-1289)

filecopyfallback in gio/gfile.c in GNOME GLib 2.56.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Amazon Linux 2 : mariadb (ALAS-2019-1292)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical...