Debian DSA-1642-1 : horde3 - XSS

Will Drewry discovered that Horde allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

GNU Emacs 'python.el'代码执行漏洞

BUGTRAQ ID: 31052 CNCAN ID：CNCAN-2008091008 Emacs是一款可扩展的实时显示编辑器。 GNU Emacs不正确处理Python脚本，本地攻击者可以利用漏洞以应用程序权限执行任意代码。 GNU Emacs命令run-python'启动交互的Python解析器，在Python启动后，Emacs自动发送： import emacs 用于导入Emacs分发的emacs.py脚本，这个脚本一般位于包含其他Emacs程序文件的写保护的安装目录中，定义各种函数帮助Python与Emacs通信处理。...

LibTIFF 'tif_lzw.c'远程整数下溢漏洞

BUGTRAQ ID:30832 CVE ID：CVE-2008-2327 CNCVE ID：CNCVE-20082327 LibTiff是一款负责对TIFF图象格式进行编码/解码的应用库。 LibTIFF 'tiflzw.c'存在整数下溢问题，远程攻击者可以利用漏洞以链接此库的应用程序权限执行任意指令。 libtiff/tiflzw.c代码中的"LZWDecode"和"LZWDecodeCompat"函数存在错误，通过构建特殊的TIFF文件，诱使用户访问，可触发缓冲区下溢，导致以链接此库的应用程序权限执行任意指令。 LibTIFF LibTIFF 3.8.2 + Debian Linu...

Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerabilit

CVE-2008-3272 The Linux kernel is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Linux kernel 2.6.27-rc2 are vulnerable. Linux kernel 2.6.27 -rc1 Debian Linux 4.0 sparc...

Debian DSA-1624-1 : libxslt - buffer overflows

Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1624. The text...

Debian OpenSSH SELinux Privilege Escalation Vulnerability

Debian Linux can be configured to utilize SELinux extensions. OpenSSH may also be configured to utilize SELinux, and to interface with the role-based privilege system. Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package. Specifically, when...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the ro...

PCRE 规则表达式堆缓冲区溢出漏洞

BUGTRAQ ID: 30087 CVE ID：CVE-2008-2371 CNCVE ID：CNCVE-20082371 PCREPerl兼容正则表达式库是一款开放源代码的软件，可提供正则表达式支持。 PCRE pcrecompile.c文件存在堆溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 当PCRE在启动模式下指定选项时，为了避免将其不需要编译到字节代码，如通过pcrecompile选项指定的方式传送回调用程序如/?ia|b/ ==...

Debian DSA-1601-1 : wordpress - several vulnerabilities

Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1599 WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain...

Debian DSA-1598-1 : libtk-img - buffer overflow

It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞

BUGTRAQ ID: 29796 CVE ID：CVE-2008-2666 CNCVE ID：CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题，远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下： - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...

Debian DSA-1579-1 : netpbm-free - insufficient input sanitizing

A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code. %NASLMINLEVEL...

Debian DSA-1554-2 : roundup - insufficient input sanitising

Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code typically JavaScript into a document that may be viewed in the victim's browser. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-1553-1 : ikiwiki - cross-site request forgery

It has been discovered that ikiwiki, a Wiki implementation, does not guard password and content changes against cross-site request forgery CSRF attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian DSA-1538-1 : alsaplayer - buffer overrun

Erik Sjolund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application. Successful exploitation of this vulnerability through the opening of a maliciously crafted Vorbis file could lead to the execution of arbitrary code. %NASLMINLEVEL...

Firebird关系数据库'protocol.cpp' XDR协议远程内存破坏漏洞

BUGTRAQ ID: 28403 CVE ID:CVE-2008-0387 CNCVE ID:CNCVE-20080387 Firebird Relational Database是一款关系型数据库。 Firebird Relational Database管理器处理XDR协议上部分标签时存在整数溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 当src/remote/protocol.cpp解析器接收到如下非法数据的操作时： opreceive opstart opstartandreceive opsend opstartandsend...

Debian DSA-1521-1 : lighttpd - file disclosure

Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1513-1 : lighttpd - information disclosure

It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

libmodplug 's3m' Remote Buffer Overflow Vulnerability

No description provided by source. /The libmodplug library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running ...

Debian DSA-1498-1 : libimager-perl - buffer overflow

It was discovered that libimager-perl, a Perl extension for generating 24-bit images, did not correctly handle 8-bit compressed images, which could allow the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...