4732 matches found
tcpdump - Print-bgp.C Remote Integer Underflow
// source: https://www.securityfocus.com/bid/24965/info The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary...
Heap overflow
Integer underflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to...
CVE-2007-0008
CVE-2007-0008 is an NSS heap-based overflow caused by an integer underflow when processing an SSLv2 server message with a key too short to encrypt the Master Secret. It affects SeaMonkey, Firefox, and Thunderbird around NSS usage and was addressed by updating to fixed NSS-containing packages (e.g...
iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability iDefense Security Advisory 02.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2007 I. BACKGROUND Network Security Services NSS is a set of libraries designed to support cross-platform development o...
iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability iDefense Security Advisory 02.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2007 I. BACKGROUND Network Security Services NSS is a set of libraries designed to support cross-platform development o...
xmms -- Integer Overflow And Underflow Vulnerabilities
Secunia reports: Secunia Research has discovered two vulnerabilities in XMMS, which can be exploited by malicious people to compromise a user's system. 1 An integer underflow error exists in the processing of skin bitmap images. This can be exploited to cause a stack-based buffer overflow via...
CVE-2007-0251
Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files...
CVE-2007-0251
Removed by vendor...
CVE-2007-0251
CVE-2007-0251 affects Snort 2.6.1.2, where an integer underflow in DecodeGRE (src/decode.c) can cause dereferencing of certain memory locations when processing crafted GRE packets. This may lead to log file corruption or leakage of sensitive information into logs. Connected sources confirm the vu...
CVE-2007-0251
Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files...
Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability
Calyptix Security Advisory CX-2007-001 Date: 01/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/advisories/CX-2007-01.txt Overview Snort 2.6.1.2 is vulnerable to an integer underflow that allows a remote attacker to cause Snort to read beyond a specified length of memory, potentially...
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)
Solaris 10 sysinfo2 - Local Kernel Memory Disclosure 2 / $Id: raptorsysinfo.c,v 1.2 2006/08/22 13:47:54 raptor Exp $ raptorsysinfo.c - Solaris sysinfo2 kernel memory leak Copyright c 2006 Marco Ivaldi systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count...
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)
/ $Id: raptorsysinfo.c,v 1.2 2006/08/22 13:47:54 raptor Exp $ raptorsysinfo.c - Solaris sysinfo2 kernel memory leak Copyright c 2006 Marco Ivaldi systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1...
security flaw
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow...
CVE-2006-3768
CVE-2006-3768 affects FileCOPA FTP Server (filecpnt.exe) prior to version 1.01; an integer underflow on long directory arguments to CWD, DELE, MDTM, or MKD triggers a stack-based buffer overflow, enabling arbitrary code execution. CERT reports remote exploitation possible with anonymous access; S...
CVE-2006-3804
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow...
CVE-2006-3804
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow...
CVE-2006-3804
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow...
CVE-2006-3824
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness...
Heap buffer overwrite on malformed VCard — Mozilla
A VCard attachment with a malformed base64 field such as a photo can trigger a heap buffer overwrite. These have proven exploitable in the past, though in this case the overwrite is accompanied by an integer underflow that would attempt to copy more data than the typical machine has, leading to a...