841 matches found
glibc security and bug fix update
2.3.4-2.57 - Use malloc as needed in fnmatch 769360 2.3.4-2.56 - Fix handling if newline in addmntent 769360 - Use correct type when casting dtag 769360. - Properly quite output of local 769360 - Check size of pattern in wide character representation in fnmatch 769360 - Report write error in addm...
CentOS 6 : glibc (CESA-2012:0058)
Updated glibc packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
glibc security and bug fix update
2.12-1.47.el62.5 - Avoid high cpu usage when accept fails with EMFILE 767692 2.12-1.47.el62.4 - Make implementation of ARENASTEST and ARENASMAX match documentation 769594 - Check malloc arena atomically 769594 2.12-1.47.el62.3 - Check values from TZ file header 767692 2.12-1.47.el62.2 - Correctly...
PHP 5.3.8 Multiple vulnerabilities
PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple NULL Pointer Dereference with zendstrndup CVE-2011-4153 --- As we can see in...
USN-1231-1: PHP Vulnerabilities
Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...
PHP 5.3.6 multiple null pointer dereference
PHP 5.3.6 multiple null pointer dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://securityreason.net/ http://cxib.net/ Date: - Dis.: 20.07.2011 - Pub.: 19.08.2011 Affected Software verified: PHP 5.3.6 and prior Fixed: PHP 5.3.7 Original URL:...
CVE-2011-3182
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash or trigger a buffer overflow by leveraging the ability to provide a...
Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software...
HP Data Protector Manager RDS DOS
This module causes a remote DOS on HP Data Protector's RDS service. By sending a malformed packet to port 1530, rm32.dll causes RDS to crash due to an enormous size for malloc. This module requires Metasploit: https://metasploit.com/download Current source:...
Oracle Solaris CVE-2010-3503 'su' Local Solaris Vulnerability
Exploit for solaris platform in category local exploits ============================================================= Oracle Solaris CVE-2010-3503 'su' Local Solaris Vulnerability ============================================================= 521 for j = 0; initenvj != 0; j++ 1 522 if initvar =...
Oracle Solaris - su Crash
Oracle Solaris - su Crash From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su'...
Oracle Solaris - 'su' Crash
From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su' when creating new environme...
fetchmail -- heap overflow on verbose X.509 display
Matthias Andree reports: In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc buffer for that purpose. If the material to be displayed contains characters with high bit set and the platform treats the "char" type as...
Xpdf 3.01 - Local Heap Overflow Null Pointer Dereference
Xpdf 3.01 - Local Heap Overflow Null Pointer Dereference Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce Author: Adam Zabrocki / HISPASEC or Date: July 06, 2009 Issue: Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow...
FreeBSD IATA驱动本地拒绝服务漏洞
CVECAN ID: CVE-2009-2649 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD所使用的IATA(ATA)驱动中存在安全漏洞。如果本地用户能够读访问/dev的话,就可以通过特制的IOCTL请求触发用很大的值调用malloc,导致内核忙碌。 FreeBSD FreeBSD 8.0 FreeBSD FreeBSD 6.0 厂商补丁: FreeBSD ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Cross site request forgery (csrf)
The IATA ata driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service kernel panic via a certain IOCTL request with a large count, which triggers a malloc call with a large value...
CVE-2009-2649
The IATA ata driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service kernel panic via a certain IOCTL request with a large count, which triggers a malloc call with a large value...
FreeBSD 6/8 (ata device) Local Denial of Service Exploit
No description provided by source. / atapanic.c by Shaun Colley, 13 July 2009 this panics the freebsd kernel by passing a large value to malloc9 in one of fbsd's ata ioctl's. tested on freebsd 6.0 and 8.0. you need read access to the ata device in /dev to be able to open the device. chain with so...
FreeBSD 6/8 - ata Device Local Denial of Service
/ atapanic.c by Shaun Colley, 13 July 2009 this panics the freebsd kernel by passing a large value to malloc9 in one of fbsd's ata ioctl's. tested on freebsd 6.0 and 8.0. you need read access to the ata device in /dev to be able to open the device. chain with some race condition bug? - shaun /...
FreeBSD 68 - ata Device Local Denial of Service
FreeBSD 68 - ata Device Local Denial of Service / atapanic.c by Shaun Colley, 13 July 2009 this panics the freebsd kernel by passing a large value to malloc9 in one of fbsd's ata ioctl's. tested on freebsd 6.0 and 8.0. you need read access to the ata device in /dev to be able to open the device...