CVE-2007-4074

CVE-2007-4074 affects Festival 1.95 beta (aka 2.0 beta) in Gentoo/SUSE and possibly other distros. The festival daemon runs as root with a passwordless default config, exposing a local daemon on port 1314 that can be abused to execute arbitrary commands by local attackers, with remote access poss...

IBM AIX 5.25.3 - Capture Command Local Stack Buffer Overflow

IBM AIX 5.25.3 - Capture Command Local Stack Buffer Overflow // source: https://www.securityfocus.com/bid/25075/info IBM AIX is prone to a local, stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input to a program that is installed...

[USN-489-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-489-1 July 19, 2007 linux-source-2.6.15 vulnerability CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876,...

GNU GLibC LD.SO Mask动态装载器整数溢出漏洞

Glibc是一款提供系统调用和基本函数的C库。 Glibc包含的动态装载器ld.so存在整数溢出，本地攻击者可以利用漏洞提升特权执行任意指令。 在动态装载器ld.so处理硬件'capabilities mask'时存在缺陷，如果'mask'被指定为一个高计数值，在分配内存时可导致整数溢出，可能以高特权执行任意指令。 GNU glibc 2.3.10 + Debian Linux 2.2 GNU glibc 2.3.4 GNU glibc 2.3.3 + MandrakeSoft apcupsd 2006.0 + MandrakeSoft Linux Mandrake 10.1 x8664...

Red Hat Kernel SysFS_ReadDir NULL指针引用漏洞

Red Hat是一款Linux内核操作系统。 Red Hat内核中的sysfsreaddir函数存在NULL指针引用问题，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 目前没有详细漏洞细节提供。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux AS 4 可参考如下安全公告获得补丁信息： http://rhn.redhat.com/errata/RHSA-2007-0488.html...

GNU Locate旧格式locate数据库本地缓冲区溢出漏洞

GNU locate是可以在文件数据库里搜索那些匹配用户提供的文件名的程序。 GNU locate读取旧格式locate数据库的文件名存在缓冲区溢出，本地攻击者可以利用漏洞以应用程序权限执行任意指令。 当GNU locate读取旧格式locate数据库的文件名时会拷贝到分配在堆上的固定缓冲区中，文件名超过1026字节可导致缓冲区溢出，溢出的数据可以由用户选择来控制建立本地系统上的文件名。 GNU findutils 4.2.30 + Slackware Linux 8.0 + Slackware Linux 7.1 GNU findutils 4.2.29 + Slackware Lin...

Mac OS X vpnd local format string

======= Summary ======= Name: Mac OS X vpnd local format string Release Date: 29 May 2007 Reference: NGS00496 Discover: Chris Anley [email protected] Vendor: Apple Vendor Reference: 26417237 CVE-ID: CVE-2007-0753 Systems Affected: OS X Server 10.4.9 and prior Risk: High Status: Published...

MS Windows Vista forged ARP packet Network Stack DoS Exploit

Exploit for unknown platform in category dos / poc ============================================================ MS Windows Vista forged ARP packet Network Stack DoS Exploit ============================================================ !/usr/bin/env python :: Kristian Hermansen :: Date: 20070514...

MS Windows Vista forged ARP packet Network Stack DoS Exploit

No description provided by source. !/usr/bin/env python :: Kristian Hermansen :: Date: 20070514 Reference: CVE-2007-1531 Description: Microsoft Windows Vista SP0 dumps interfaces when it receives this ARP packet. This DoS is useful for an internet cafe, wireless venue, or legitimate local attack...

Multiple Personal Firewall Products - Local Protection Mechanism Bypass

source: https://www.securityfocus.com/bid/23987/info Multiple personal firewall products are prone to a vulnerability that lets attackers bypass protection mechanisms. This issue occurs because the applications fail to properly implement protection mechanisms based on valid process identifiers...

Mandrake Linux Security Advisory : php (MDKSA-2007:102)

A heap buffer overflow flaw was found in the xmlrpc extension for PHP. A script that implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the apache user. This flaw does not, however, affect PHP applications using the pure-PHP XMLRPC class...

Buffer overflow

Buffer overflow in the userfilterfactorycreate function in PHP before 5.2.2 has unknown impact and local attack vectors...

CVE-2007-2511

Buffer overflow in the userfilterfactorycreate function in PHP before 5.2.2 has unknown impact and local attack vectors...

CVE-2007-2511

Buffer overflow in the userfilterfactorycreate function in PHP before 5.2.2 has unknown impact and local attack vectors...

AFFLIB多个格式串处理漏洞

AFFLIB是用于操作高级取证格式（AFF）文件的开源函数库。 AFFLIB的一些命令行工具实现上存在格式串处理漏洞，本地攻击者可能利用此漏洞提升自己的权限。 这些工具以格式串参数向warn和err调用传输一些命令行参数。如果攻击者能够影响这些命令行参数的话，就可能导致执行任意指令。 s3格式串注入 文件：lib/s3.cpp 行数：207 err调用中的一个命令行参数用作了格式串，如果攻击者能够影响名称的话就可以导致格式串注入漏洞。192-207行说明了这个问题： void s3cpconst char fname,string key struct s3headers meta2 =...

Linux Kernel 2.6.x - NETLINK_FIB_LOOKUP Local Denial of Service

/ source: https://www.securityfocus.com/bid/23677/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted. A local attacker may exploit this issue to trigger an infinite-recursion stack-based overflow in the kernel. This...

CVE-2007-2134

Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01...

CVE-2007-2134

Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01...

ZoneAlarm Vsdatant.SYS驱动本地拒绝服务漏洞

ZoneAlarm是一款流行的个人防火墙系统。 ZoneAlarm 'vsdatant.sys'驱动处理参数存在问题，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 SSDT函数句柄执行在内核模式下执行，但他们的调用者执行在用户模式下，因此所有函数参数来自用户模式，所以必须严格验证这些参数，不正确使用这些函数可导致系统崩溃。 ZoneAlarm在SSDT中hook多个函数，其中至少有2个情况下缺少丢来自用户模式下的参数数据，由于Kerio驱动fwdrv.sys和khips.sys驱动的错误，用户调用不合法的NtCreateKey和NtDeleteFile参数值可导致系统崩溃。 Zon...

IBM Tivoli Business Service Manager NCISETUP.DB和MSI.LOG密码泄露漏洞

IBM Tivoli Business Service Manager是一款基于策略的电子商务访问控制解决方案。 IBM Tivoli Business Service Manager存在设计错误，本地攻击者可以利用漏洞获得密码信息。 问题是NCISETUP.DB和MSI.LOG文件会泄露密码信息。目前没有详细漏洞细节提供。 IBM Tivoli Business Service Manager 4.1 可参考如下安全公告获得补丁信息： http://www-1.ibm.com/support/docview.wss?uid=swg24015473...