Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817Red Hat Security Advisory 2017-1712-01 - Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix: It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. The underlying container image was also rebuilt to resolve other security issues.
a7af4bd1f8c09fdc97fe5d258dbe002aa51401e2d6557029d5dfcf6178099e7aSlackware Security Advisory - New glibc packages are available for Slackware 14.2 and -current to fix security issues.
4600d19cc2f6edaef352944a686fb29304fca38dcf1ca6a8cab7a64d4766861eLinux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.
019f1ce6374470fd5095849ce9301acb133a3679244b764940a7e40a80e999dfLinux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
7c324e4c61aee597fae1e36e8fbd936e360099156578d347ef8a0c10d633cce6Ubuntu Security Notice 3323-2 - USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Various other issues were also addressed.
39e7f8f276dcc79f00dd5616e1101e41d073297143dedea3d186c76f8bf36f8eLinux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
e3bc684fbe0cc5c683f1e0aa4b3c0294f9ee713b3f50398609a3d2677cd20406Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.
a44f757946233e3a364bd96604e6658ea5f5335e5e0f8ec459d87aed6e053f59Gentoo Linux Security Advisory 201706-19 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code. Versions less than 2.23-r4 are affected.
b042a9fc410bfc48b07851567cd191a13e543080d34a0b9511fa8406a8e546b6Qualys has released a large amount of research surrounding the use of stack clash vulnerabilities and how stack guard on Linux can be bypassed.
a388b77480d7ab1132bd2ce877ddcf881022854bdff22370446258252e109e37Red Hat Security Advisory 2017-1481-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
c6c174c0d8ec6d669792bb5e4069958974e409436c5d7c7cdf697a20b28ebc53Red Hat Security Advisory 2017-1480-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
57a82b609015a1e89b98104aa548a0f25d740e0c01f7d6e71ec5a95e1f8c454cRed Hat Security Advisory 2017-1479-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
c96aacd26edf808674e2b3ef89e3fac87069c9ee982b3564a9ec6996c42facf2Debian Linux Security Advisory 3887-1 - The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack.
a2098bb273eeb41931f1e45c4552d521cc4e885f957c2e26355dc62033540a70Ubuntu Security Notice 3323-1 - It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges.
4cd1bdc2b2a6bc265d6224514dbece5aad33d163546a74c5ce54f6630aef9408
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed