3816 matches found
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
OpenEXR: Multiple Vulnerabilities
Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact A...
OpenVPN: Multiple vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from an encrypted communication...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. Impact A remote attacker could sent a...
Adobe Reader: Arbitrary Code Execution
Background Adobe Reader is a closed-source PDF reader. Description An unspecified vulnerability exists in Adobe Reader. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Adobe Reader users...
Puppet: Multiple vulnerabilities
Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...
PyCrypto: Weak key generation
Background PyCrypto is the Python Cryptography Toolkit. Description An error in the generate function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact A remote attacker might be able to derive private keys. Workaround There is no known workaround at this time. Resolution All...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC...
ImageMagick: User-assisted execution of arbitrary code
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Two vulnerabilities have been found in ImageMagick: Incorrect offset and count values in the ResolutionUnit tag in EXIF IFD could cause memory corruption CVE-2012-0247. IOP tag offset...
Heimdal: Arbitrary code execution
Background Heimdal is a free implementation of Kerberos 5. Description A boundary error in the "encryptkeyid" function in appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could cause a buffer overflow. Impact An unauthenticated remote attacker may be able to execute arbitrary code...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
Perl Safe module: Arbitrary Perl code injection
Background Safe is a Perl module to compile and execute code in restricted compartments. Description Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact A remote attacker could entice a user to load ...
xine-lib: User-assisted execution of arbitrary code
Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact A remote...
BIND: Denial of service
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Matthias Urlichs reported that the dnsdbfindrdataset function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at...
Epiphany: Untrusted search path
Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description James Vega reported an untrusted search path vulnerability in the Python interface. Impact A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python...
D-Bus: Denial of service
Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description schelte reported that the dbussignaturevalidate function can trigger a failed assertion when processing a message containing a malformed signature. Impact A local user could send a...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Two heap-based buffer overflows when processing WMF files CVE-2008-2237 and EMF files...
CUPS: Multiple vulnerabilities
Background CUPS is the Common Unix Printing System. Description Several buffer overflows were found in: The readrle16 function in imagetops CVE-2008-3639, found by regenrecht, reported via ZDI The WriteProlog function in texttops CVE-2008-3640, found by regenrecht, reported via ZDI The...
Vobcopy: Insecure temporary file creation
Background Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk. Description Joey Hess reported that vobcopy appends data to the file "/tmp/vobcopy.bla" in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks and append data...
CUPS: Memory corruption
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact A...
MLDonkey: Privilege escalation
Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...
X.Org X server: Composite local privilege escalation
Background The X Window System is a graphical windowing system based on a client/server model. Description Aaron Plattner discovered a buffer overflow in the compNewPixmap function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Impact A local attacker could...
Xvid: Array indexing vulnerabilities
Background Xvid is a popular open source video codec licensed under the GPL. Description Trixter Jack discovered an array indexing error in the getintrablock function in the file src/bitstream/mbcoding.c. The getinterblockh263 and getinterblockmpeg functions in the same file were also reported as...
Blackdown Java: Applet privilege escalation
Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...
CUPS: Denial of service
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection...
Mozilla Network Security Service: Remote execution of arbitrary code
Background The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description iDefense has reported two potential buffer overflow vulnerabilities found by researcher "regenrecht" in the...
Fetchmail: Denial of Service and password disclosure
Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...
OpenOffice.org: EMF/WMF file handling vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered integer overflows in the EMRPOLYPOLYGON and...
MadWifi: Kernel driver buffer overflow
Background MadWifi Multiband Atheros Driver for Wireless Fidelity provides a Linux kernel device driver for Atheros-based Wireless LAN devices. Description Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encodeie and the giwscancb functions from...
fvwm: fvwm-menu-directory fvwm command injection
Background fvwm is a highly configurable virtual window manager for X11 desktops. fvwm-menu-directory allows fvwm users to browse directories from within fvwm. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise...
Mailman: Multiple vulnerabilities
Background Mailman is a Python based mailing list server with an extensive web interface. Description Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact An attacker cou...
libapreq2: Denial of Service vulnerability
Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A vulnerability has been reported in the apreqparseheaders and apreqparseurlencoded functions of Apache2::Request. Impact A remote attacker could possibly exploit t...
Sendmail: Race condition in the handling of asynchronous signals
Background Sendmail is a popular mail transfer agent MTA. Description ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact An attacker could exploit this via certain crafted timing conditions. Workaround There is no known workaround at thi...
KPdf: Heap based overflow
Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. Description KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Impact An attacker could entice a user to open a...
VMware Workstation: Vulnerability in NAT networking
Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP request...
XnView: Privilege escalation
Background XnView is an efficient multimedia viewer, browser and converter, distributed free for non-commercial use. Description Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DTRPATH field insecurely, causing the dynamic loader to search for shared libraries...
X.Org: Heap overflow in pixmap allocation
Background X.Org is X.Org Foundation's Public Implementation of the X Window System. Description X.Org is missing an integer overflow check during pixmap memory allocation. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workarou...
Gnumeric: Heap overflow in the included PCRE library
Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. libpcre is a library providing functions for Perl-compatible regular expressions. Description Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading t...
phpGroupWare: Multiple vulnerabilities
Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...
HT Editor: Multiple buffer overflows
Background HT is a hex editor, designed to help analyse and modify executable files. Description Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has...
Convert-UUlib: Buffer overflow
Background Convert-UUlib provides a Perl interface to the uulib library, allowing Perl applications to access data encoded in a variety of formats. Description A vulnerability has been reported in Convert-UUlib where a malformed parameter can be provided by an attacker allowing a read operation t...
Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox: Vladimir V...
Squid: Denial of Service through DNS responses
Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Handling of certa...
HylaFAX: hfaxd unauthorized login vulnerability
Background HylaFAX is a software package for sending and receiving facsimile messages. Description The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact If the HylaFAX installation uses a...
Ethereal: Multiple vulnerabilities
Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.8, including: Bug in DICOM dissection discovered by Bing could make Ethereal crash CAN 2004-1139. An invalid RTP timestamp could make Ethereal...
phpWebSite: HTTP response splitting vulnerability
Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...
Ghostscript: Insecure temporary file use in multiple scripts
Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...
Squid: Remote DoS vulnerability
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A parsing error exists in t...
ImageMagick, imlib, imlib2: BMP decoding buffer overflows
Background ImageMagick is a suite of image manipulation utilities and libraries used for a wide variety of image formats. imlib is a general image loading and rendering library. Description Due to improper bounds checking, ImageMagick and imlib are vulnerable to a buffer overflow when decoding...
Qt: Image loader overflows
Background Qt is a cross-platform GUI toolkit used by KDE. Description There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image types. Impact ...