Mar 28, 2017

3/20週のCVE ... High Vulnerabilities

High Vulnerabilities

Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
canonical -- ubuntu_linux
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."”
他に特定のソースコードが、バッファーオーバーフローするケース、等あり。下記いずれもCVSS SCore 7.5
2017-03-20
cerberus -- cerberus_ftp_server
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
2017-03-17
chef_manage_project -- chef_manage
The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5.
2017-03-17
erlang -- erlang/otp
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
2017-03-18
gnu -- binutils
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
2017-03-21
gnu -- screen
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
2017-03-20
ibm -- power_hardware_management_console
IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.
2017-03-20
ibm -- websphere_mq
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.
2017-03-20
imagemagick -- imagemagick
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

他に、特定ソースコードでメモリーリークし、リモートアタッカーが細工したXMLファイルや画像ファイルでDoS攻撃できてしまうもの、等。 下記はいずれもCVSS Score 7.1
2017-03-17
juniper -- junos_space
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
2017-03-20
juniper -- junos_space
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
2017-03-20
kinsey -- infor-lawson
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
2017-03-20
linux -- linux_kernel
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.
2017-03-20
netiq -- access_governance_suite
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.
2017-03-23
netiq -- access_manager
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
2017-03-23
oneplus -- oxygenos
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.
2017-03-19
openinfosecfoundation -- suricata
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
2017-03-20
pluck-cms -- pluck
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
2017-03-17
qdpm -- qdpm
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.
2017-03-17
wondercms -- wondercms
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.
2017-03-17
wondercms -- wondercms
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.
2017-03-17
xrdp -- xrdp
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
2017-03-17

No comments: