Python < 2.5.2 Imageop Module - 'imageop.crop()' Buffer Overflow Vulnerability

No description provided by source. Python's 'imageop' module is prone to a buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of the underlying system...

S.u.S.E. Linux 6.3/6.4 Installed Package Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1707/info By submitting a specific url to the web server http://hosts.any/doc/packages/ , any user from any host may obtain a list of packages installed on a S.u.S.E 6.3 or 6.4 system. This problem is due to a configurati...

Debian Linux 2.1,Linux kernel 2.2/2.3,RedHat Linux 6.0,S.u.S.E. Linux 6.1 IP Options Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/302/info A vulnerability in the Linux Kernel's IPv4 option processing may allow a remote user to crash the system. The vulnerability is the result of the kernel freeing a socket buffer when it shouldn't while sending an...

S.u.S.E. Linux 6.3/6.4 Gnomelib Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1155/info A vulnerability exists in the handling of the DISPLAY variable, in versions of Gnomelib shipped with S.u.S.E. Linux, version 6.3. By supplying a long buffer containing machine executable code in the DISPLAY...

RedHat Linux 4.2/5.2/6.0,S.u.S.E. Linux 6.0/6.1 Cron Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/602/info The version of Vixie cron that ships with RedHat versions 4.2, 5.2 and 6.0 is vulnerable to a local buffer overflow attack. By utilizing the MAILTO environment variable, a buffer can be overflown in the cronpopen...

S.u.S.E. Linux 6.1/6.2 cwdtools Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/738/info cdwtools is a package of utilities for cd-writing. The linux version of these utilities, which ships with S.u.S.E linux 6.1 and 6.2, is vulnerable to several local root compromises. It is known that there are a...

S.u.S.E. Linux 6.x Arbitrary File Deletion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1130/info A vulnerability exists in SuSE Linux, version 6.3 and prior, that can allow arbitrary users to delete any file on the system. If the MAXDAYSINTMP variable is set in /etc/rc.config to be larger than 0, any local...

Python 2.5.2 Imageop Module - imageop.crop() Buffer Overflow

Python 2.5.2 Imageop Module - imageop.crop Buffer Overflow Python's 'imageop' module is prone to a buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of...

Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability

No description provided by source. Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHa...

Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service

Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat...

Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service

Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat...

LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability

No description provided by source. Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386...

CUPS '_cupsImageReadTIFF()'整数溢出漏洞

BUGTRAQ ID: 34571 CVE ID：CVE-2009-0163 CNCVE ID：CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。...

Ghostscript CCITTFax Decoding Filter - Denial of Service

Ghostscript CCITTFax Decoding Filter - Denial of Service Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has no...

OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞

BUGTRAQ ID: 33150 CVE ID：CVE-2008-5077 CNCVE ID：CNCVE-20085077 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 部分OpenSSL函数验证DSA和ECDSA密钥时不正确验证"EVPVerifyFinal"函数返回值，发送特殊构建的签名证书链给客户端，可绕过签名检查。 通过恶意服务器或中间人攻击，可使证书链中的畸形SSL/TLS签名绕过客户端软件检查，导致盲目信任并泄漏敏感信息。 成功利用此漏洞需要服务器使用包含DSA或者ECDSA密钥的证书。 Ubuntu Ubuntu Linux 8.10 spar...

Python 'Imageop'模块参数验证缓冲区溢出漏洞

BUGTRAQ ID: 31932 CNCAN ID：CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证，远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供，可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...

Python 'move-faqwiz.sh'不安全临时文件建立漏洞

BUGTRAQ ID: 31184 CNCAN ID：CNCAN-2008091609 Python是一款开放源代码的脚本编程语言。 Python以不安全方式建立临时文件，本地攻击者可以利用漏洞对设备进行拒绝服务攻击。 "Tools/faqwiz/move-faqwiz.sh"使用$RANDOM建立临时文件，攻击者可以通过建立符号链接指向tmpXXXXX.tmpX由$RANDOM生成5位数，在运行Python通用FAQ知道删除工具时可导致覆盖或截断目标文件，造成拒绝服务攻击或可能造成特权提升。 RedHat Fedora 9 0 RedHat Fedora 8 0 RedHat...

PHP Imap_Mail_Compose()函数缓冲区溢出漏洞

BUGTRAQ ID: 23234 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的imapmailcompose函数实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升权限。 imapmailcompose函数在名为tmp的栈缓冲区中创建固定大小的多部邮件： PHPFUNCTIONimapmailcompose ... char tmp8 MAILTMPLEN, mystring=NULL, t=NULL, tempstring=NULL;...

PHP会话数据反序列化代码执行漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP会话数据反序列化存在问题，远程攻击者可利用此漏洞以应用程序权限执行任意指令。 当registerglobals激活时，会话数据反序列化可以覆盖任意全局变量，包括SESSION数组。特殊的实现可导致任意代码执行。 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 + Trustix Secu...

LibWPD库多个缓冲区溢出漏洞

libwpd是一款用于读取和转换Word Perfect文档的函数库。 libwpd处理畸形文档存在漏洞，远程攻击者可利用漏洞以应用程序进程权限执行任意指令。 第一个问题存在于WP6GeneralTextPacket::readContents函数中，此函数读取一系列整数值然后相加，加的结果用于从堆中分配内存块。函数然后使用加法得到的operand作为拷贝数据字节大小，从文件中拷贝数据到缓冲区，不过求和操作可能导致整数溢出，在拷贝操作中溢出缓冲区。 另外问题是WP3TablesGroup::readContents和...