CVE-2007-4622

Integer underflow in the dnsnamefromtext function in 1 libdnsnonsecure.a and 2 libdnssecure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" TSIG key command line argument to dig...

CVE-2007-4622

CVE-2007-4622 describes an integer underflow in the dns_name_fromtext function within IBM AIX 5.2’s dig program (libdns_nonsecure.a and libdns_secure.a). The vulnerability enables local users to gain root privileges by supplying a crafted -y TSIG key argument to dig, due to an underflow in dns_na...

iDefense Security Advisory 10.30.07: IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability

IBM AIX dig dnsnamefromtext Integer Underflow Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND dig is a utility that is commonly used for DNS diagnostics. Under AIX 5.2, the dig program is installed by default and ...

GLSA-200710-19 : The Sleuth Kit: Integer underflow

The remote host is affected by the vulnerability described in GLSA-200710-19 The Sleuth Kit: Integer underflow Jean-Sebastien Guay-Leroux reported an integer underflow in the fileprintf function of the 'file' utility which is bundled with The Sleuth Kit CVE-2007-1536, GLSA 200703-26. Note that...

The Sleuth Kit: Integer underflow

Background The Sleuth Kit is a collection of file system and media management forensic analysis tools. Description Jean-Sebastien Guay-Leroux reported an integer underflow in the fileprintf function of the "file" utility which is bundled with The Sleuth Kit CVE-2007-1536, GLSA 200703-26. Note tha...

openSUSE 10 Security Update : file (file-3033)

An integer underflow within the ELF header parsing has been fixed which could lead to arbitrary code execution. CVE-2007-1536 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Preemptive Protection against EMC VMware Workstation DHCP Service Integer Underflow Vulnerability

An integer underflow vulnerability has been reported in the VMware DHCP service. VMware Workstation is a virtualization technology that allows running multiple instances of virtual computers simultaneously with the hosting operating system. The Dynamic Host Configuration Protocol DHCP provides...

CVE-2007-0063

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528...

Integer overflow

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528...

cpuset information leak

Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...

Debian DSA-1363-1 : linux-2.6 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2172 Thomas Graf reported a typo in the IPv4...

Mandrake Linux Security Advisory : kernel (MDKSA-2007:171)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service process crash CVE-2006-5755. The...

CVE-2007-4643

The Doomsday Engine (deng) vulnerable component is the D_Net/packet handling path. CVE-2007-4643 is an Integer underflow in PKT_CHAT processing (data length

CVE-2007-4643

Integer underflow in Doomsday aka deng 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service daemon crash via a PKTCHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the SvHandlePacket function in svmain.c...

USN-510-1: Linux kernel vulnerabilities

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. CVE-2007-2525 An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel...

CVE-2007-1749

Integer underflow in the CDownloadSink class code in the Vector Markup Language VML component VGX.DLL, as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow...

CVE-2007-1749

Integer underflow in the CDownloadSink class code in the Vector Markup Language VML component VGX.DLL, as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow...

CVE-2007-1749

CVE-2007-1749 is a VML/VGX.DLL heap-buffer-overflow remote-code-execution vulnerability in Internet Explorer versions 5.01, 6 and 7 caused by an integer underflow in CDownloadSink::OnDataAvailable when processing compressed VML content. The vulnerability can be triggered by a specially crafted we...

Microsoft Windows VML compressed content integer underflow

Overview Microsoft Windows VML fails to properly handle compressed content, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML, which is a set of XML tags for...

CVE-2007-2405

Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file...