45 matches found
CVE-2007-2053
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...
Format string
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
CVE-2007-2055
AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving 1 certain command line parameters in tools/afconvert.cpp and 2 arguments to the getparameter function in aimage/ident.cpp. NOTE: it is unknown if the getparameter vector 2 is ever called...
Stack overflow
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...
CVE-2007-2054
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
Format string
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...
CVE-2007-2053
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...
CVE-2007-2056
Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files aka "time-of-check-time-of-use file race". NOTE: the researcher has retracted the original advisory, stating that "th...
CVE-2007-2352
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...
Command injection
AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving 1 certain command line parameters in tools/afconvert.cpp and 2 arguments to the getparameter function in aimage/ident.cpp. NOTE: it is unknown if the getparameter vector 2 is ever called...
CVE-2007-2055
AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving 1 certain command line parameters in tools/afconvert.cpp and 2 arguments to the getparameter function in aimage/ident.cpp. NOTE: it is unknown if the getparameter vector 2 is ever called...
CVE-2007-2054
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
CVE-2007-2054
AFFLIB 2.2.6 and earlier contains multiple format-string vulnerabilities exposing several command-line utilities (lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/aimage.cpp, aimage/imager.cpp, tools/afxml.cpp) to remote code execution via parameters used as format stri...
CVE-2007-2352
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...
CVE-2007-2056
AFFLIB (AFFLIB) vulnerability CVE-2007-2056 affects the getlock function in aimage/aimage.cpp, with a time-of-check-to-time-of-use file race that could allow a local attacker to overwrite an arbitrary file. The issue is reported for AFFLIB versions 2.2.8 and earlier. The race condition occurs whe...
CVE-2007-2055
CVE-2007-2055 affects AFFLIB 2.2.8 and earlier, with confirmed shell metacharacter injection in two code paths: (1) command line parameters used in tools/afconvert.cpp, and (2) arguments to get_parameter in aimage/ident.cpp. The vulnerability arises from unvalidated inputs passed to subprocesses ...
CVE-2007-2053
AFFLIB (before 2.2.6) contains multiple stack-based buffer overflows that can be triggered remotely via: (1) a long LastModified value in an S3 XML response (lib/s3.cpp), (2) a long path or bucket in an S3 URL (lib/vnode_s3.cpp), and (3) a long EFW/AFD/aimage file path (various files). The aimage...
CVE-2007-2352
Summary (CVE-2007-2352): AFFLIB before 2.2.6 contains multiple format-string vulnerabilities exploitable via command-line inputs that are used as format strings in warn/err calls. Affected components include lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/imager.cpp, a...
CVE-2007-2053
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...
AFFLIB多个格式串处理漏洞
AFFLIB是用于操作高级取证格式(AFF)文件的开源函数库。 AFFLIB的一些命令行工具实现上存在格式串处理漏洞,本地攻击者可能利用此漏洞提升自己的权限。 这些工具以格式串参数向warn和err调用传输一些命令行参数。如果攻击者能够影响这些命令行参数的话,就可能导致执行任意指令。 s3格式串注入 文件:lib/s3.cpp 行数:207 err调用中的一个命令行参数用作了格式串,如果攻击者能够影响名称的话就可以导致格式串注入漏洞。192-207行说明了这个问题: void s3cpconst char fname,string key struct s3headers meta2 =...