824 matches found
DEBIAN-CVE-2012-4025
Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted blocklog field in the superblock of a .sqsh file, leading to a heap-based buffer overflow...
CVE-2012-4024
Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...
CVE-2012-4024
Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...
Stack overflow
Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...
CVE-2012-4025
Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted blocklog field in the superblock of a .sqsh file, leading to a heap-based buffer overflow...
CVE-2012-4024
Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...
CVE-2012-4024
CVE-2012-4024 concerns a stack-based buffer overflow in the get_component function of unsquashfs.c in Squashfs tooling (unsquashfs) up to version 4.2. Exploitation via a crafted list file for the -ef option could allow remote arbitrary code execution. Connected advisories confirm the flaw affects...
CVE-2012-4025
Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted blocklog field in the superblock of a .sqsh file, leading to a heap-based buffer overflow...
CVE-2012-4024
Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...
CVE-2012-4025
CVE-2012-4025 affects Squashfs-tools (squashfs) up to version 4.2. The issue is an integer overflow in queue_init() inside unsquashfs.c, which can allow a remote attacker to cause a heap-based buffer overflow by supplying a crafted block_log in the superblock of a .sqsh file, enabling arbitrary c...
CVE-2012-4025
Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted blocklog field in the superblock of a .sqsh file, leading to a heap-based buffer overflow...
SuSE 11.1 Security Update : FUSE (SAT Patch Number 4095)
The following security issues were fixed : - FUSE allowed local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem. CVE-2010-3879 - Avoid mounting a directory including...
Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)
Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will foll...
Mandrake Linux Security Advisory : kernel (MDKSA-2007:047)
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem CVE-2006-5701. The zlibinflate function allows local users to cause a cra...
Linux Kernel SquashFS双重释放拒绝服务漏洞
Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux kernel的squashfs模块没有正确地处理被破坏的fs结构,如果用户受骗加载了特制的squashfs镜像并对文件系统执行了读操作的话,就会导致内核双重释放缓冲区,造成拒绝服务。 Linux kernel 2.6.x 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.kernel.org/ http://projects.info-pull.com/mokb/bug-files/MOKB-02-11-2006.img.gz...
USN-395-1: Linux kernel vulnerabilities
Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will foll...
CVE-2006-5701
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem...
CVE-2006-5701
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem...
CVE-2006-5701
CVE-2006-5701 is a real issue in the Linux kernel 2.6.x squashfs module where mounting a crafted squashfs filesystem can cause a local denial of service due to a double-free condition. Affected by this vulnerability are systems using the squashfs implementation in 2.6.x kernels (as referenced by ...
CVE-2006-5701
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem...