6 matches found
Unicon-imc2环境变量本地缓冲区溢出漏洞
BUGTRAQ ID: 24719 CVECAN ID: CVE-2007-2835 unicon-imc2是Debian操作系统中所使用的中文输入法库。 unicon-imc2在使用环境变量数据时存在缓冲区溢出漏洞,本地攻击者可能利用此漏洞提升自己的权限。 unicon-imc2库没有安全地使用HOME环境变量,如果用户使用了链接到该函数库的应用程序的话就可能触发缓冲区溢出,导致以root用户权限执行任意指令。漏洞代码位于/unicon/ImmModules/cce/CCEpinyin.c文件中: static int IMMFlush char name256;...
CVE-2007-2835
Multiple stack-based buffer overflows in 1 CCEpinyin.c and 2 xlpinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable...
CVE-2007-2835
This CVE-2007-2835 affects unicon-imc2 3.0.4 (ImmModules/cce/; CCE_pinyin.c and xl_pinyin.c) where multiple stack-based buffer overflows can be triggered by a long HOME environment variable, allowing local users to gain privileges. The vulnerability is local and involves improper handling of envi...
Debian DSA-1328-1 : unicon-imc2 - buffer overflow
Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[Full-disclosure] [SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1328 [email protected] http://www.debian.org/security/ Steve Kemp July 01, 2007 -...
[SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow
------------------------------------------------------------------------ Debian Security Advisory DSA-1328 [email protected] http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : unicon-imc2 Vulnerability :...