May 10, 2016

SSH, SSL, Linux Kernel


openssh -- openbsd
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
2016-04-30
7.2

openssl -- openssl
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
2016-05-04
10.0
CVE-2016-2108
CONFIRM
CONFIRM
CONFIRM

linux -- linux_kernel
The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.
2016-05-02
7.8
CVE-2003-1604
CONFIRM
MLIST
MLIST

投稿者 時刻:
ラベル: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)