BibTeX - '.bib' File Handling Memory Corruption

Bugtraq ID: 34332 Class: Failure to Handle Exceptional Conditions Published: Apr 01 2009 12:00AM Updated: Nov 13 2009 03:46PM Credit: Vincent Lafevre Vulnerable: RedHat Linux 2.1 RedHat Fedora 9 0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat...

LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability

Exploit for unknown platform in category dos / poc ================================================================= LibTIFF 'LZWDecodeCompat' Remote Buffer Underflow Vulnerability ================================================================= Title: LibTIFF 'LZWDecodeCompat' Remote Buffer...

LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability

No description provided by source. Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386...

Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability

No description provided by source. Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHa...

Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service

Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat...

CamlImages JPEG处理远程缓冲区溢出漏洞

Bugraq ID: 36713 CVE ID：CVE-2009-3296 CamlImages是一款开放源代码的图像处理库。 CamlImages存在多个整数溢出，可导致可利用的堆溢出，可以应用程序权限执行任意指令。 处理TIFF和JPEG图像文件都存在此漏洞。 CamlImages 2.2 厂商解决方案 Debian linux可参考如下升级程序： Debian Linux 4.0 amd64 Debian libcamlimages-ocaml2.20-8+etch1amd64.deb...

nginx HTTP请求远程缓冲区溢出漏洞

Bugraq ID: 36384 CVE ID：CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngxhttpparsecomplexuri函数存在缓冲区下溢错误，可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中，可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor...

Memcached多个基于堆的缓冲区溢出漏洞

Bugraq ID: 35989 CVE ID：CVE-2009-2415 Danga Interactive memcached是一款高性能的分布式内存缓存解决方案。 memcached在解析部分长度属性时存在由整数转换而造成基于堆的缓冲区溢出，远程攻击者可以利用漏洞以memcached运行进程权限执行任意代码。 目前没有更多详细信息系统。 Danga Interactive memcached 1.2.8 Danga Interactive memcached 1.2.7 Debian Linux用户可参考如下升级程序： Debian GNU/Linux 4.0 etch Debia...

Compface '.xbm'文件缓冲区溢出漏洞

Bugraq ID: 35863 CVE ID：CVE-2009-2286 Compface是一款X-face格式转换的工具和库。 Compface处理'.xbm'文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 构建包含超长条目的'.xbm'文件，诱使用户解析，可导致任意代码执行。 MandrakeSoft Enterprise Server 5 x8664 MandrakeSoft Enterprise Server 5 James Ashton compface 1.5.2 Debian Linux 5.0 sparc Debian Linux 5.0 s/3...

ISC DHCP服务器主机定义远程拒绝服务漏洞

Bugraq ID: 35669 CVE ID：CVE-2009-1892 ISC DHCP是一款开源的DHCP服务实现。 ISC DHCP服务器不正确处理DHCP请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 ISC DHCPD 3.0.1 rc9 + Conectiva Linux Enterprise Edition 1.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Lin...

Debian DSA-1798-1 : pango1.0 - integer overflow

Will Drewry discovered that pango, a system for layout and rendering of internationalized text, is prone to an integer overflow via long glyphstrings. This could cause the execution of arbitrary code when displaying crafted data through an application using the pango library. %NASLMINLEVEL 70300 ...

Debian DSA-1796-1 : libwmf - pointer use-after-free

Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles WMF, makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this...

DBD::Pg 'pg_getline()'和'getline()'堆缓冲区溢出漏洞

BUGTRAQ ID: 34755 CVE ID：CVE-2009-0663 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg存在基于堆的缓冲区溢出，远程攻击者可以利用漏洞执行任意代码。 使用pggetline和getline函数可从数据库中读取行信息的应用程序可通过触发堆溢出而执行任意代码。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux...

DBD::Pg BYTEA值内存泄漏拒绝服务漏洞

BUGTRAQ ID: 34757 CVE ID：CVE-2009-1341 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg从数据中返回的未加引号BYTEA值可导致函数内存泄漏，远程攻击者可以利用漏洞使应用程序崩溃。 目前没有详细漏洞细节提供。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4...

Debian DSA-1777-1 : git-core - file permission error

Peter Palfrader discovered that in the Git revision control system, on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges. This issue only...

CUPS '_cupsImageReadTIFF()'整数溢出漏洞

BUGTRAQ ID: 34571 CVE ID：CVE-2009-0163 CNCVE ID：CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。...

phpMyAdmin 'setup.php' PHP Code Injection Vulnerability

Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...

Debian DSA-1741-1 : psi - integer overflow

Jesus Olmos Gonzalez discovered that an integer overflow in the PSI Jabber client may lead to remote denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1741. The text itsel...

Debian DSA-1742-1 : libsndfile - integer overflow

Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-1706-1 : amarok - integer overflows

Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...