Halfdog

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 2.2.36.1 Dovecot versions prior to 2.3.4.1 **Description** The issue is related to errors in certificate authentication. A remote attacker with a valid certificate that has an empty username field could potentially use this to impersonate other users. This could allow an unauthorized access to protected information. **Recommendations** For versions prior to 2.2.36.1, update to version 2.2.36.1 or later. For versions prior to 2.3.4.1, update to version 2.3.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** glibc versions 2.26 and earlier **Description** The issue arises from the confusion in the usage of `getcwd()` by `realpath()` in glibc, leading to a buffer underflow. This can potentially allow for code execution. The vulnerability is caused by the operation exceeding the buffer boundaries in memory. Exploitation of this issue may enable an attacker to execute arbitrary code using a specially crafted SUID file. **Recommendations** For glibc versions 2.26 and earlier, consider updating to a version later than 2.26 to resolve the issue. As a temporary workaround, restrict the use of SUID files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Man-db versions prior to 2.7.6.1-1 **Description** The issue concerns the daily mandb cleanup job in Man-db, which allows local users with access to the 'man' account to gain privileges. This is achieved through vectors involving the insecure use of the `chown` function. **Recommendations** For Man-db versions prior to 2.7.6.1-1, update to version 2.7.6.1-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'man' account to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x through 4.x **Description** The issue concerns the aufs module in the Linux kernel, which fails to properly restrict the mount namespace. This allows local users to escalate privileges by mounting an aufs filesystem over a FUSE filesystem and then executing a specially crafted setuid program. **Recommendations** For Linux kernel versions 3.x through 4.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x through 4.x **Description** The issue concerns the aufs module in the Linux kernel, which fails to properly maintain POSIX ACL xattr data. This allows local users to gain privileges by exploiting a group-writable setgid directory. **Recommendations** For Linux kernel versions 3.x through 4.x, consider restricting access to group-writable setgid directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.3 **Description** The issue concerns the overlayfs implementation in the Linux kernel, which fails to properly maintain POSIX ACL xattr data. This allows local users to gain privileges by exploiting a group-writable setgid directory. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.2 **Description** The issue is related to the overlayfs implementation in the Linux kernel, which does not properly restrict the mount namespace. This allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem and then executing a crafted setuid program. **Recommendations** For Linux kernel versions prior to 4.5.2, update to a version that contains the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.19 **Description** The issue allows local users to cause a denial of service or possibly gain privileges via a symlink or hard link attack on /var/crash/vmcore.log. **Recommendations** For versions prior to 2.19, update to version 2.19 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ubuntu Upstart versions prior to 1.13.2-0ubuntu9 **Description** The issue allows local users to execute arbitrary commands and gain privileges via a crafted file in `/run/user/*/upstart/sessions/`. This is related to the logrotation script `/etc/cron.daily/upstart` in the Ubuntu Upstart package. **Recommendations** For versions prior to 1.13.2-0ubuntu9, update to version 1.13.2-0ubuntu9 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/run/user/*/upstart/sessions/` directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.7.2 **Description** The issue concerns the load script function in fs/binfmt script.c, which does not properly handle recursion. This allows local users to obtain sensitive information from kernel stack memory via a crafted application. **Recommendations** For versions prior to 3.7.2, update to version 3.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Virtualization versions 3.2, 4.0, and 4.1 **Description** The issue affects the availability of the system, related to the VirtualBox Core component. It is caused by an unspecified vulnerability that allows local users to impact the system via unknown vectors. There are claims from another vendor that this issue might be related to incorrect interrupt handling. **Recommendations** For versions 3.2, 4.0, and 4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.2.21 and earlier **Description** The issue allows local users to cause a denial of service, potentially leading to a daemon crash during shutdown, by modifying a certain type field within a scoreboard shared memory segment. This modification results in an invalid call to the `free` function. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly. **Recommendations** For Apache HTTP Server versions 2.2.21 and earlier, update to a version later than 2.2.21 to resolve the issue. As a temporary workaround, consider restricting access to the scoreboard shared memory segment to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.2.17 through 2.2.21 **Description** The issue is related to the mod log config module, specifically the log cookie function in mod log config.c. When a threaded MPM is used, it does not properly handle a %{cookiename}C format string. This allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value, or by sending a specific cookie. **Recommendations** For Apache HTTP Server versions 2.2.17 through 2.2.21, consider disabling the mod log config module or avoiding the use of the '%{cookiename}C' log format string until a patch is available. Restrict access to the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x through 2.2.21 **Description** The issue is related to an integer overflow in the `ap pregsub` function, which can be exploited when the `mod setenvif` module is enabled. This allows local users to gain privileges via a `.htaccess` file with a crafted `SetEnvIf` directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. **Recommendations** For Apache HTTP Server versions 2.0.x through 2.0.64, update to a version where this issue is fixed. For Apache HTTP Server versions 2.2.x through 2.2.21, update to a version where this issue is fixed. As a temporary workaround, consider disabling the `mod setenvif` module until a patch is available.