1039 matches found
musl libc 'inet_pton.c' stack buffer overflow vulnerability
musl libc is a C standard library used in Linux kernel-based embedded systems and mobile devices. A stack buffer overflow vulnerability exists in musl libc, which could be exploited by a remote attacker to cause a denial-of-service attack by crashing an application that links to this library...
[SECURITY] [DSA 3251-2] dnsmasq regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3251-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 07, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3251-2] dnsmasq regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3251-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 07, 2015 http://www.debian.org/security/faq -...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libc-client2002edebian package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The Debian GNU/Linux operating system’s libc-client-dev package contains multiple vulnerabilities that, if exploited, may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
glibc, nscd security update
CentOS Errata and Security Advisory CESA-2015:0863 Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
Return-into-libc attack and Defense-bug warning-the black bar safety net
This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...
musl: arbitrary code execution
A stack-based buffer overflow has been found in musl libc's ipv6 address literal parsing code. Programs which call the inetpton or getaddrinfo function with AFINET6 or AFUNSPEC and untrusted address strings are affected. Successful exploitation yields control of the return address. Having enabled...
PRNG weakness allows for DNS poisoning on Android — Mozilla
Mozilla developer Daniel Stenberg reported that the DNS resolver in Firefox for Android uses an insufficiently random algorithm when generating random numbers for the unique identifier. This was derived from an old version of the Bionic libc library and suffered from insufficient randomness in th...
Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)
Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs...
Internet Bug Bounty: Heap overflow in H. Spencer’s regex library on 32 bit systems
The IBB's programs provide a great incentive for me to find vulnerabilities in open source software. With this one I set out to find a vulnerability in PHP and discovered that the vulnerability that I found exists in a wider constellation of applications, including BSD libc's. IBB's Alex Rice's...
Python-2.4.2-realpath()
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...
UBUNTU-CVE-2015-1473
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...
CVE-2 0 1 5-0 2 3 5: Linux Glibc Ghost vulnerability allows hackers remote access to system permissions-bug warning-the black bar safety net
! t01a998ea950583688b. png Ghost vulnerability in Linux glibc library appeared on the a serious security issue, he can keep the attacker in ignorance of the system in any case remote accessoperating systemthe control authority. He is currently the CVE number for CVE-2 0 1 5-0 2 3 5 to. What is...
CentOS 5 : glibc (CESA-2015:0090) (GHOST)
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...
RedHat Update for glibc RHSA-2015:0016-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Solaris Critical Patch Update : jan2015_SRU11_2_3_5_0
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: File System. The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to...
CVE-2015-0378
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc...
Design/Logic Flaw
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc...
CVE-2015-0378
CVE-2015-0378 is an Oracle Solaris 11 local vulnerability affecting the Libc component. The connected Nessus/SRU plugin explicitly ties CVE-2015-0378 to the Libc subsystem and describes an easily exploitable condition that can lead to partial denial of service (DOS) via local access. The Solaris ...