12 matches found
SNMP Trap Translator: Multiple vulnerabilities
Background SNMP Trap Translator SNMPTT is an SNMP trap handler written in Perl. Description It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. Impact A remote attacker, by sending a malicious crafted SNMP...
Back In Time: Command injection
Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...
tnftp: Arbitrary code execution
Background tnftp is a NetBSD FTP client with several advanced features. Description The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact A remote attacker could possibly execute arbitrary code with the privileges of the process. Workaroun...
gdk-pixbuf: Denial of service
Background gdk-pixbuf is an image loading library for GTK+. Description Two vulnerabilities have been found in gdk-pixbuf: The "gdkpixbufgifimageload" function in io-gif.c fails to properly handle certain return values from subroutines CVE-2011-2485. The "readbitmapfiledata" function in io-xbm.c...
Muttprint: Insecure temporary file usage
Background Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Description Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact A local attacker could perform symlink attacks to overwrite arbitrar...
git: Multiple vulnerabilties
Background GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Description Multiple vulnerabilities have been reported in gitweb that is part of the git package: Shell metacharacters related to gitsearch are not properly sanitized CVE-2008-5516. Shell...
Gentoo Security Advisory GLSA 200404-09 (heimdal)
The remote host is missing updates announced in advisory GLSA 200404-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200410-19 (glibc)
The remote host is missing updates announced in advisory GLSA 200410-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system. Impact A remote attacker could entice a user to open a feed with speciall...
Linux Audit: Buffer overflow
Background Linux Audit is a set of userspace utilities for storing and processing auditing records. Description A stack-based buffer overflow has been reported in the auditlogusercommand function in the file lib/auditlogging.c when processing overly long arguments. Impact A local attacker could...
VLC media player: Format string vulnerability
Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...
netkit-telnetd: Buffer overflow
Background netkit-telnetd provides standard Linux telnet client and server. Description A buffer overflow has been identified in the slcaddreply function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Impact Successful explotation would require a...