CVE-2016-4323

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image...

DSA-3742-1 flightgear - security update

Bulletin has no description...

FlightGear Arbitrary File Overwrite Vulnerability

FlightGear is an open source multi-platform flight simulator. The main goal is to create a cutting-edge flight simulator framework for the academic research field, which can also be expanded to include flight training, flight simulation, flight simulation games, and more. FlightGear suffers from ...

GLSA-201612-24 : Binutils: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-24 Binutils: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a...

Binutils: Multiple vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...

USN-3132-1: tar vulnerability

Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files...

[ASA-201611-11] tar: arbitrary file overwrite

Arch Linux Security Advisory ASA-201611-11 ========================================== Severity: Medium Date : 2016-11-03 CVE-ID : CVE-2016-6321 Package : tar Type : arbitrary file overwrite Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tar before version...

[SECURITY] [DLA 690-1] tar security update

Package : tar Version : 1.26+dfsg-0.1+deb7u1 CVE ID : CVE-2016-6321 Debian Bug : 842339 A vulnerability has been discovered in the tar package that could allow an attacker to overwrite arbitrary files through crafted files. For Debian 7 "Wheezy", these problems have been fixed in version...

Multiple Apple products libarchive file modification vulnerability

Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libarchive is a multi-format archive and compression library component. A security vulnerability exists in libarchive in several Apple products. An attack...

GNU tar 1.29 Extract Pathname Bypass

---------------- t2'16 special vulnerability release ----------------- Vulnerability: POINTYFEATHER aka Tar extract pathname bypass Credits: Harry Sintonen / FSC1V Cyber Security Services Date: 2016-10-27 Impact: File overwrite in certain situations Classifier: Full spectrum cyber CVSS: 4.3.2...

Linux Dirty COW Local File Overwrite

Added: 10/27/2016 CVE: CVE-2016-5195 BID: 93793 Background This tool allows you to overwrite an arbitrary file on Linux systems. Problem A race condition exists in the way the Linux kernel's memory subsystem handles the copy-on-write COW breakage of private read-only memory mappings. An...

Linux Dirty COW Local File Overwrite

Added: 10/27/2016 CVE: CVE-2016-5195 BID: 93793 Background This tool allows you to overwrite an arbitrary file on Linux systems. Problem A race condition exists in the way the Linux kernel's memory subsystem handles the copy-on-write COW breakage of private read-only memory mappings. An...

Linux Dirty COW Local File Overwrite

Added: 10/27/2016 CVE: CVE-2016-5195 BID: 93793 Background This tool allows you to overwrite an arbitrary file on Linux systems. Problem A race condition exists in the way the Linux kernel's memory subsystem handles the copy-on-write COW breakage of private read-only memory mappings. An...

Ubuntu 14.04 LTS / 16.04 LTS : NTP vulnerabilities (USN-3096-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3096-1 advisory. Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a...

USN-3096-1: NTP vulnerabilities

Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. CVE-2015-7973 Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue ...

Dotclear Directory Traversal Vulnerability

Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A directory traversal vulnerability exists in the media.php script in Dotclear version v2.9.1. An attacker can exploit this vulnerability by sending a request with the directory...

Amazon Linux AMI : libarchive (ALAS-2016-743)

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. CVE-2016-5418 Multiple...

JCraft JSch Directory Traversal Vulnerability

JCraft JSch is a set of secure channels for connecting to sshd servers from JCraft Japan. A directory traversal vulnerability exists in versions of JCraft JSch prior to 0.1.53, which can be exploited by an attacker to overwrite arbitrary files in an application by sending a request with the...

[SECURITY] [DSA 3677-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3677-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2016 https://www.debian.org/security/faq -...

CentOS 7 : libarchive (CESA-2016:1844)

An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...