USN-1231-1: PHP Vulnerabilities

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...

PHP 5.3.6 multiple null pointer dereference

PHP 5.3.6 multiple null pointer dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://securityreason.net/ http://cxib.net/ Date: - Dis.: 20.07.2011 - Pub.: 19.08.2011 Affected Software verified: PHP 5.3.6 and prior Fixed: PHP 5.3.7 Original URL:...

CVE-2011-3182

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash or trigger a buffer overflow by leveraging the ability to provide a...

Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software...

HP Data Protector Manager RDS DOS

This module causes a remote DOS on HP Data Protector's RDS service. By sending a malformed packet to port 1530, rm32.dll causes RDS to crash due to an enormous size for malloc. This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle Solaris CVE-2010-3503 'su' Local Solaris Vulnerability

Exploit for solaris platform in category local exploits ============================================================= Oracle Solaris CVE-2010-3503 'su' Local Solaris Vulnerability ============================================================= 521 for j = 0; initenvj != 0; j++ 1 522 if initvar =...

Oracle Solaris - su Crash

Oracle Solaris - su Crash From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su'...

Oracle Solaris - 'su' Crash

From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su' when creating new environme...

fetchmail -- heap overflow on verbose X.509 display

Matthias Andree reports: In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc buffer for that purpose. If the material to be displayed contains characters with high bit set and the platform treats the "char" type as...

Xpdf 3.01 - Local Heap Overflow Null Pointer Dereference

Xpdf 3.01 - Local Heap Overflow Null Pointer Dereference Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce Author: Adam Zabrocki / HISPASEC or Date: July 06, 2009 Issue: Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow...

FreeBSD IATA驱动本地拒绝服务漏洞

CVECAN ID: CVE-2009-2649 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD所使用的IATA（ATA）驱动中存在安全漏洞。如果本地用户能够读访问/dev的话，就可以通过特制的IOCTL请求触发用很大的值调用malloc，导致内核忙碌。 FreeBSD FreeBSD 8.0 FreeBSD FreeBSD 6.0 厂商补丁： FreeBSD ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Cross site request forgery (csrf)

The IATA ata driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service kernel panic via a certain IOCTL request with a large count, which triggers a malloc call with a large value...

CVE-2009-2649

The IATA ata driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service kernel panic via a certain IOCTL request with a large count, which triggers a malloc call with a large value...

FreeBSD 6/8 (ata device) Local Denial of Service Exploit

No description provided by source. / atapanic.c by Shaun Colley, 13 July 2009 this panics the freebsd kernel by passing a large value to malloc9 in one of fbsd's ata ioctl's. tested on freebsd 6.0 and 8.0. you need read access to the ata device in /dev to be able to open the device. chain with so...

FreeBSD 68 - ata Device Local Denial of Service

FreeBSD 68 - ata Device Local Denial of Service / atapanic.c by Shaun Colley, 13 July 2009 this panics the freebsd kernel by passing a large value to malloc9 in one of fbsd's ata ioctl's. tested on freebsd 6.0 and 8.0. you need read access to the ata device in /dev to be able to open the device...

FreeBSD 6/8 - ata Device Local Denial of Service

/ atapanic.c by Shaun Colley, 13 July 2009 this panics the freebsd kernel by passing a large value to malloc9 in one of fbsd's ata ioctl's. tested on freebsd 6.0 and 8.0. you need read access to the ata device in /dev to be able to open the device. chain with some race condition bug? - shaun /...

Mandrake Security Advisory MDVSA-2009:105 (memcached)

The remote host is missing an update to memcached announced via advisory MDVSA-2009:105. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2009-1786

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable...

Code injection

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable...

CVE-2009-1786

CVE-2009-1786 affects IBM AIX 5.3 and 6.1. The vulnerability resides in the libc malloc subsystem where the MALLOCDEBUG log file can be attacked via a symlink, enabling local users to create or overwrite arbitrary files. Multiple connected sources confirm local privilege implications and public P...