A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.
Month: January 2019
ASA-2019-00035 – phpMyAdmin: Arbitrary file read vulnerability
When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block the use of LOAD DATA INFILE, but due to a bug in PHP, this check is not honored. Additionally, when using the 'mysql' extension, mysql.allow_local_infile is enabled by default. Both of these conditions allow the attack to occur.
ASA-2019-00034 – OpenBSD: The mincore() system call can be used to observe memory access patterns of other processes
The mincore() system call can be used to observe memory access patterns of other processes.
ASA-2019-00033 – OpenBSD: The unveil() system call can leak memory
The unveil() system call can leak memory.
ASA-2019-00032 – Linux: Out-of-bounds write in get_rx_bufs() function in drivers/vhost/net.c
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
ASA-2019-00031 – Apache Subversion: Malicious SVN clients can crash mod_dav_svn
Subversion 1.10.0 introduced server-side support for recursive directory listing operations. The implementation in mod_dav_svn failed to validate the root path of the directory listing provided by the client. If the client omits the root path, mod_dav_svn will deference an uninitialized pointer variable and crash the HTTPD worker process handling the request.
ASA-2019-00030 – Go: CPU DoS vulnerability affecting P-521 and P-384 elliptic curves
A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.
ASA-2019-00029 – Linux: Missing access_ok() checks in IOCTL function i915_gem_execbuffer2_ioctl() [REJECTED]
Due to a lack of access_ok() checks in i915_gem_execbuffer2_ioctl(), it is possible to achieve escalation of privilege.