203 matches found
Debian DSA-3673-1 : openssl - security update
Several vulnerabilities were discovered in OpenSSL : - CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-p ointer-arithmetic/ - CVE-2016-2178 Cesar Pereida, Billy...
USN-3087-1: OpenSSL vulnerabilities
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. CVE-2016-6304 Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointe...
DSA-3673-1 openssl - security update
Bulletin has no description...
kernel security and bug fix update
3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...
FreeRadius EAP-PWD module buffer overflow vulnerability
FreeRadius is a suite of software that implements the RADIUS protocol from the FreeRADIUS Server project. The EAP-PWD module of FreeRadius fails to validate the length of the commit message load, allowing remote attackers to exploit the vulnerability to submit special requests for denial-of-servi...
TcpDump - rpki_rtr_pdu_print Out-of-Bounds Denial of Service
TcpDump - rpkirtrpduprint Out-of-Bounds Denial of Service Exploit Title: TcpDump rpkirtrpduprint Out-of-Bounds Denial of Service Date: 7.18.2015 Exploit Author: Luke Arntson [email protected] Vendor Homepage: http://www.tcpdump.org/ Software Link: http://www.tcpdump.org/ Version: 4.6.2, 4.5.1,...
DEBIAN-CVE-2014-8884
Stack-based buffer overflow in the ttusbdecfedvbsdiseqcsendmastercmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service system crash or possibly gain privileges via a large message length in an ioctl call...
FreeBSD : FreeBSD -- Insufficient message length validation for EAP-TLS messages (f115f693-36b2-11e2-a633-902b343deec9)
Problem description : The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...
FreeBSD Ports: FreeBSD
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fedora 16 : hostapd-0.7.3-10.fc16 (2012-15748)
EAP-TLS server: Fix TLS Message Length validation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 17 : hostapd-0.7.3-10.fc17 (2012-15759)
EAP-TLS server: Fix TLS Message Length validation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 18 : hostapd-1.0-3.fc18 (2012-15680)
EAP-TLS server: Fix TLS Message Length validation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2012-4445
Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...
CVE-2012-4445
Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...
Microsoft Windows Messenger Service Buffer Overrun Code Execution (CVE-2003-0717)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper validation of message length. A remote attacker may exploit this vulnerability by sending an overly long message to the target service. Successful exploitation may allow the attacker...
CVE-2004-0893
The Local Procedure Call LPC interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."...
[Full-Disclosure] Proof of concept for Windows Messenger Service overflow
/ DoS Proof of Concept for MS03-043 - exploitation shouldn't be too hard. Launching it one or two times against the target should make the machine reboot. Tested against a Win2K SP4. "The vulnerability results because the Messenger Service does not properly validate the length of a message before...
EveryBuddy 0.4.3 - Long Message Denial of Service
source: https://www.securityfocus.com/bid/8343/info EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. This could be exploited with a malicious instant messaging client. This condition may be due to a buffer overflow, though this has not...
CVE-2003-0163
decryptmsg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service crash via a negative length, which overwrites arbitrary heap memory with a zero byte...
CVE-2003-0163
decryptmsg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service crash via a negative length, which overwrites arbitrary heap memory with a zero byte...