From 1114b15963a9e12a974549ee446b7c919c9dea68 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Dec 2017 14:05:15 -0500 Subject: [PATCH] - Synchronized data. --- 2017/1000xxx/CVE-2017-1000207.json | 4 +- 2017/1000xxx/CVE-2017-1000208.json | 4 +- 2017/1000xxx/CVE-2017-1000410.json | 122 ++++++++++++++--------------- 2017/1002xxx/CVE-2017-1002101.json | 36 ++++----- 2017/1002xxx/CVE-2017-1002102.json | 36 ++++----- 2017/14xxx/CVE-2017-14386.json | 51 +++++++++++- 6 files changed, 149 insertions(+), 104 deletions(-) diff --git a/2017/1000xxx/CVE-2017-1000207.json b/2017/1000xxx/CVE-2017-1000207.json index 90487a530da..5470eae4372 100644 --- a/2017/1000xxx/CVE-2017-1000207.json +++ b/2017/1000xxx/CVE-2017-1000207.json @@ -55,10 +55,10 @@ "references" : { "reference_data" : [ { - "url" : "https://github.com/swagger-api/swagger-parser/pull/481" + "url" : "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208" }, { - "url" : "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208" + "url" : "https://github.com/swagger-api/swagger-parser/pull/481" } ] } diff --git a/2017/1000xxx/CVE-2017-1000208.json b/2017/1000xxx/CVE-2017-1000208.json index 0130846089c..8f5085b55fc 100644 --- a/2017/1000xxx/CVE-2017-1000208.json +++ b/2017/1000xxx/CVE-2017-1000208.json @@ -55,10 +55,10 @@ "references" : { "reference_data" : [ { - "url" : "https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31" + "url" : "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208" }, { - "url" : "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208" + "url" : "https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31" } ] } diff --git a/2017/1000xxx/CVE-2017-1000410.json b/2017/1000xxx/CVE-2017-1000410.json index a27d95ff2f5..4872496e519 100644 --- a/2017/1000xxx/CVE-2017-1000410.json +++ b/2017/1000xxx/CVE-2017-1000410.json @@ -1,65 +1,65 @@ { - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2017-12-05", - "ID": "CVE-2017-1000410", - "REQUESTER": "ben@armis.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Linux Kernel", - "version": { - "version_data": [ - { - "version_value": "3.3-rc1 and later" - }, - { - "version_value": "introduced in git commits 42dceae2819b5ac6fc9a0d414ae05a8960e2a1d9 and 66af7aaf9edff55b7995bbe1ff508513666d0671" - } + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2017-12-05", + "ID" : "CVE-2017-1000410", + "REQUESTER" : "ben@armis.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "3.3-rc1 and later" + }, + { + "version_value" : "introduced in git commits 42dceae2819b5ac6fc9a0d414ae05a8960e2a1d9 and 66af7aaf9edff55b7995bbe1ff508513666d0671" + } + ] + } + } ] - } - } - ] - }, - "vendor_name": "Linux Kernel" - } + }, + "vendor_name" : "Linux Kernel" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes)." + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. \n By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; \n In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: \n...\n\t\tcase L2CAP_CONF_EFS:\n\t\t\tif (olen == sizeof(efs))\n\t\t\t \t memcpy(&efs, (void *)val, olen);\n...\nThe olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built:\nl2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs);\nSo by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes)." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "uninitialized stack variables" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://seclists.org/oss-sec/2017/q4/357" - } - ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "uninitialized stack variables" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/oss-sec/2017/q4/357" + } + ] + } } diff --git a/2017/1002xxx/CVE-2017-1002101.json b/2017/1002xxx/CVE-2017-1002101.json index 0cb7065749b..d381dfc5f87 100644 --- a/2017/1002xxx/CVE-2017-1002101.json +++ b/2017/1002xxx/CVE-2017-1002101.json @@ -1,19 +1,19 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "DATE_ASSIGNED": "2017-12-06", - "STATE": "RESERVED", - "ID": "CVE-2017-1002101", - "ASSIGNER": "jordan@liggitt.net" - }, - "description": { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "DATE_ASSIGNED" : "2017-12-06", + "ID" : "CVE-2017-1002101", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2017/1002xxx/CVE-2017-1002102.json b/2017/1002xxx/CVE-2017-1002102.json index e80ef034b18..afbaed28fce 100644 --- a/2017/1002xxx/CVE-2017-1002102.json +++ b/2017/1002xxx/CVE-2017-1002102.json @@ -1,19 +1,19 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "DATE_ASSIGNED": "2017-12-06", - "STATE": "RESERVED", - "ID": "CVE-2017-1002102", - "ASSIGNER": "jordan@liggitt.net" - }, - "description": { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "DATE_ASSIGNED" : "2017-12-06", + "ID" : "CVE-2017-1002102", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2017/14xxx/CVE-2017-14386.json b/2017/14xxx/CVE-2017-14386.json index a7cd05bb7fa..3d0c291b5b1 100644 --- a/2017/14xxx/CVE-2017-14386.json +++ b/2017/14xxx/CVE-2017-14386.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security_alert@emc.com", "ID" : "CVE-2017-14386", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13", + "version" : { + "version_data" : [ + { + "version_value" : "Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3" + }, + { + "url" : "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V" } ] }