Errata ALT-PU-2018-2814-1: Information
Fixes
Published: Nov. 30, 2000
BDU:2015-07788
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: Nov. 30, 2000
BDU:2015-07831
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: April 26, 2018
BDU:2019-01343
Уязвимость функции cdrom_ioctl_drive_status() операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Links:
Published: Feb. 3, 2009
BDU:2020-02817
Уязвимость программы для установки SSL сертификатов в стандартизированной инструментарии Linux Sblim-sfcb, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Jan. 31, 2008
BDU:2020-02841
Уязвимость агента обновления Novell ZENworks Patch Management клиента обновления PatchLink, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.3) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Links:
Published: Aug. 14, 2007
BDU:2020-02848
Уязвимость функции sysstat.in утилиты для измерения и анализа производительности системы sysstat, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.3) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Links:
Published: Dec. 14, 2011
BDU:2020-02951
Уязвимость функции GetInstalledPackages менеджера установки Application Lifestyle Management, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 13, 2017
BDU:2020-02957
Уязвимость модуля modules/serverdensity_device.py системы управления конфигураций и удаленного выполнения операций SaltStack, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Severity: MEDIUM (5.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Jan. 2, 2016
BDU:2020-02959
Уязвимость компонента consoleinst.sh менеджера установки Installation Manager IBM, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 9, 2001
Modified: Oct. 19, 2017
Modified: Oct. 19, 2017
CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Severity: HIGH (7.2)
Links:
- 2006
- FreeBSD-SA-00:76
- 20001128 /bin/sh creates insecure tmp files
- 20001111a
- MDKSA-2000-069
- CSSA-2000-043.0
- CSSA-2000-042.0
- RHSA-2000:117
- RHSA-2000:121
- MDKSA-2000:075
- 1926
- SSRT1-41U
- 20011103-02-P
- VU#10277
- 20001028 tcsh: unsafe tempfile in << redirects
- CLSA-2000:354
- CLA-2000:350
- 20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
- oval:org.mitre.oval:def:4047
Published: Aug. 14, 2007
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2007-3852
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Severity: MEDIUM (4.4)
Links:
Published: Jan. 31, 2008
Modified: Oct. 16, 2018
Modified: Oct. 16, 2018
CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
Severity: MEDIUM (4.6)
Links:
- 1019272
- 28665
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530
- https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html
- 27458
- 28657
- 3599
- ADV-2008-0426
- patchlinkupdate-reboottask-symlink(39958)
- patchlinkupdate-logtrimmer-symlink(39956)
- 20080125 Two vulnerabilities for PatchLink Update Client for Unix.
Published: Feb. 4, 2009
Modified: Feb. 20, 2009
Modified: Feb. 20, 2009
CVE-2009-0416
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
Links:
Published: Dec. 15, 2011
Modified: Oct. 9, 2018
Modified: Oct. 9, 2018
CVE-2011-4834
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
Severity: MEDIUM (4.6)
Links:
Published: April 13, 2017
Modified: April 19, 2017
Modified: April 19, 2017
CVE-2015-1838
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Jan. 2, 2016
Modified: Nov. 28, 2016
Modified: Nov. 28, 2016
CVE-2015-7442
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 10, 2016
Modified: Dec. 3, 2016
Modified: Dec. 3, 2016
CVE-2016-7489
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 9, 2018
Modified: Oct. 31, 2018
Modified: Oct. 31, 2018
CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6
- https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- 104154
- [debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update
- USN-3676-2
- USN-3676-1
- USN-3695-2
- USN-3695-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3754-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: July 10, 2018
Modified: Nov. 17, 2020
Modified: Nov. 17, 2020
CVE-2018-1128
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
- https://bugzilla.redhat.com/show_bug.cgi?id=1575866
- http://tracker.ceph.com/issues/24836
- RHSA-2018:2179
- RHSA-2018:2177
- RHSA-2018:2274
- RHSA-2018:2261
- DSA-4339
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- openSUSE-SU-2019:1284
- [oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost
- [oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost
Published: July 10, 2018
Modified: Aug. 29, 2019
Modified: Aug. 29, 2019
CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
- https://bugzilla.redhat.com/show_bug.cgi?id=1576057
- http://tracker.ceph.com/issues/24837
- RHSA-2018:2179
- RHSA-2018:2177
- RHSA-2018:2274
- RHSA-2018:2261
- DSA-4339
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- openSUSE-SU-2019:1284
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
Published: Sept. 7, 2018
Modified: Aug. 6, 2019
Modified: Aug. 6, 2019
CVE-2018-16658
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4
- DSA-4308
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3797-2
- USN-3797-1
- 105334
- USN-3822-2
- USN-3820-3
- USN-3820-2
- USN-3820-1
- USN-3822-1
- RHSA-2019:2043
- RHSA-2019:2029
- RHSA-2019:4154