03/06週のCVE、続き

nefarious2_project – nefarious2 The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. 2017-03-07 7.5 CVE-2016-7145 MLIST CONFIRM netgear – dgn2200_series_firmware dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. 2017-03-05 9.0 CVE-2017-6334 BID EXPLOIT-DB openbsd -- openbsd Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. CVE-2016-6241　も同様 2017-03-07 7.2 CVE-2016-6240 CONFIRM CONFIRM MLIST MLIST BID ・・・中略・・・ openelec -- openelec The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3 and 7.0.1 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely. Ref: Wikipedia https://en.wikipedia.org/wiki/OpenELEC#External_links 「a Linux distribution designed for home theater PCs and based on the Kodi (formerly XBMC) media player.」 メディアセンターソフトの OpenELEC と OSMC を試す https://jcmaetc.blogspot.jp/2016/04/openelec.html 2017-03-05 7.6 CVE-2017-6445 BID MISC revive-adserver -- revive_adserver Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. 2017-03-03 7.5 CVE-2017-5830 MLIST BID CONFIRM

wireshark -- wireshark	In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. 以前にSeverity Not Yet Assignedだった案件の一部が、このたび ”High Vulnerabilities” に確定 Ref: http://akasaka-taro.blogspot.jp/2017/03/227cve-sevierity-not-yet-assigned.html	2017-03-03	7.8	CVE-2017-6470 CONFIRM CONFIRM CONFIRM
zoneminder -- zoneminder	SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.	2017-03-03	7.5	CVE-2016-10204 MLIST MISC
zoneminder -- zoneminder	Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.	2017-03-03	7.5	CVE-2016-10205 MLIST MISC

Back to top