UBUNTU-CVE-2014-8091

X.Org X Window System aka X11 and X X11R5 and X.Org Server aka xserver and xorg-server before 1.16.3, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service NULL pointer dereference a...

CVE-2014-8091

X.Org X Window System aka X11 and X X11R5 and X.Org Server aka xserver and xorg-server before 1.16.3, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service NULL pointer dereference a...

libvncserver: remote code execution, denial of service

CVE-2014-6051 Integer overflow in MallocFrameBuffer on client side. A malicious VNC server could advertise a very large screen size by RFB protocol, width and height are 16-bit integers, resulting in an integer overflow during malloc on client-side. Heap corruption, and possibly remote code...

UBUNTU-CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...

UBUNTU-CVE-2014-6051

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service crash and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow...

UBUNTU-CVE-2014-6053

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service memory consumption or daemon crash via a crafted...

libvncserver -- multiple security vulnerabilities

Nicolas Ruff reports: Integer overflow in MallocFrameBuffer on client side. Lack of malloc return value checking on client side. Server crash on a very large ClientCutText message. Server crash when scaling factor is set to zero. Multiple stack overflows in File Transfer feature...

glibc - NUL Byte gconv_translit_find Off-by-One

glibc - NUL Byte gconvtranslitfind Off-by-One // // Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit //...

AIX 7.1 TL 3 : malloc (IV62808)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

AIX 6.1 TL 9 : malloc (IV62805)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

AIX 7.1 TL 1 : malloc (IV62806)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

Updated glibc packages fix security issues

Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC and LANG variables. Together with typical OpenSSH configurations with suitable AcceptEnv settings in sshdconfig, this could conceivably be used to...

Dropbear SSH <= 0.34 Remote Root Exploit

No description provided by source. / Linux x86 Dropbear SSH = 0.34 remote root exploit coded by live You'll need a hacked ssh client to try this out. I included a patch to openssh-3.6.p1 somewhere below this comment. The point is: the buffer being exploited is too small25 bytes to hold our...

GNU glibc < 2.12.2 'fnmatch()' Function Stack Corruption Vulnerability

No description provided by source. / Source: http://www.securityfocus.com/bid/46563/info GNU glibc is prone to a stack-corruption vulnerability. An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit...

dislocate 1.3 - Local i386 Exploit

No description provided by source. / MasterSecuritY www.mastersecurity.fr dislocate.c - Local i386 exploit in v1.3 Secure Locate v2.3 Copyright C 2000 Michel MaXX Kaempf [email protected] Updated versions of this exploit and the corresponding advisory will be made available at:...

Freeciv <= 2.0.7 (Jumbo Malloc) Denial of Service Crash

/ by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h include errno.h void stderrvoid char...

LBL traceroute 1.4 a5 Heap Corruption Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets...

AIX 6.1 TL 8 : malloc (IV61311)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

Asterisk <= 1.0.12 / 1.2.12.1 (chan_skinny) Remote Heap Overflow (PoC)

No description provided by source. !/usr/bin/perl Beyond Security Copyright Noam Rathaus [email protected] The following proof of concept causes the chanskippy to crash in different locations and due to memory corruption as well as double free calls, this is based on the finding of...

MPG123 0.59 Remote File Play Heap Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8680/info A problem in the handling of some types of remote files has been reported in mpg123. Because of this, it may be possible for a remote attacker to execute arbitrary code with the privileges of the mpg123 user. /...