3816 matches found
Lighttpd: Two Denials of Service
Background Lighttpd is a lightweight HTTP web server. Description Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd trie...
Ktorrent: Multiple vulnerabilities
Background Ktorrent is a Bittorrent client for KDE. Description Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Impact A remote attacker could entice a user to...
OpenPBS: Multiple vulnerabilities
Background OpenPBS is the original version of the Portable Batch System. It is a flexible batch queueing system developed for NASA in the early to mid-1990s. Description SUSE reported vulnerabilities due to unspecified errors in OpenPBS. Impact By unspecified attack vectors an attacker might be...
LTSP: Authentication bypass in included LibVNCServer code
Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Impact A user with permission to write to a...
KSirc: Denial of Service vulnerability
Background KSirc is the default KDE IRC client. Description KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Impact A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the...
Cacti: Command execution and SQL injection
Background Cacti is a web-based network graphing and reporting tool. Description rgod discovered that the Cacti cmd.php and copycactiuser.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php an...
Ingo H3: Folder name shell command injection
Background Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules. Description Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact A remote authenticated attacker could craft a malicious rule which could lead to the execution of...
ImageMagick: PALM and DCM buffer overflows
Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the imprope...
Samba: Denial of Service vulnerability
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a...
SHOUTcast server: Multiple vulnerabilities
Background SHOUTcast server is a streaming audio server. Description The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the "Description", "URL", "Genre", "AIM", and "ICQ"...
MySQL: Information leakage
Background MySQL is a popular multi-threaded, multi-user SQL database server. Description The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact By crafting specific malicious packets an attacker cou...
PEAR-Auth: Potential authentication bypass
Background PEAR-Auth is a PEAR package that provides methods to create a PHP based authentication system. Description Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact A remote attacker could possibly exploit this vulnerability t...
noweb: Insecure temporary file creation
Background noweb is a simple, extensible, and language independent literate programming tool. Description Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Impact A local attacker could create...
xine-lib, FFmpeg: Heap-based buffer overflow
Background xine is a GPL high-performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. FFmpeg is a very fast video and audio converter and is used in xine-lib. Description Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to ...
FUSE: mtab corruption through fusermount
Background FUSE Filesystem in Userspace allows implementation of a fully functional filesystem in a userspace program. The fusermount utility is used to mount/unmount FUSE file systems. Description Thomas Biege discovered that fusermount fails to securely handle special characters specified in...
GNUMP3d: Directory traversal and insecure temporary file creation
Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing fo...
SPE: Insecure file permissions
Background SPE is a cross-platform Python Integrated Development Environment IDE. Description It was reported that due to an oversight all SPE's files are set as world-writeable. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions ...
uw-imap: Remote buffer overflow
Background uw-imap is the University of Washington's IMAP and POP server daemons. Description Improper bounds checking of user supplied data while parsing IMAP mailbox names can lead to overflowing the stack buffer. Impact Successful exploitation requires an authenticated IMAP user to request a...
RealPlayer, Helix Player: Format string vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is an open source media player for Linux. Description "c0ntex" reported that RealPlayer and Helix Player suffer from a heap overflow. Impact By enticing a user to play a specially craft...
Zebedee: Denial of Service vulnerability
Background Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. Description "Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header. Impact By performing malformed...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...
Tor: Information disclosure
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description A bug in Tor allows attackers to view arbitrary memory contents from an exit server's process space. Impact A remote attacker could exploit the memory...
Ettercap: Format string vulnerability
Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description The cursesmsg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Impact A remote attacker could craft a malicious network flow tha...
GnuTLS: Denial of Service vulnerability
Background GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU project. Description A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact A remote attacker could exploit...
Oops!: Remote code execution
Background Oops! is an advanced, multithreaded caching web proxy. Description A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact A remote attacker could send a specially crafted HTTP...
Gld: Remote execution of arbitrary code
Background Gld is a standalone greylisting server for Postfix. Description dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the...
OpenMotif, LessTif: New libXpm buffer overflows
Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications. Description Chris Gilbert discovered potentially exploitable buffer overflow cases in libXp...
uim: Privilege escalation vulnerability
Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...
PuTTY: Remote code execution
Background PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Description Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the...
GProFTPD: gprostats format string vulnerability
Background GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD is distributed with gprostats, a utility to parse ProFTPD transfer logs. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility. Impa...
PowerDNS: Denial of Service vulnerability
Background The PowerDNS Nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been reported in the DNSPacket::expand method of dnspacket.cc. Impact An attacker could cause a temporary Denial of Service by sending a random stream...
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...
CUPS: Stack overflow in included Xpdf code
Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...
ImageMagick: PSD decoding heap overflow
Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description Andrei Nigmatulin discovered that a Photoshop Document PSD file with more than 24 layers could trigger a heap overflow. Impact An attacker could potentially design a mailicous PSD ima...
KPdf, KOffice: More vulnerabilities in included Xpdf
Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...
ViewCVS: Information leak and XSS vulnerabilities
Background ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser. Description The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...
kfax: Multiple overflows in the included TIFF library
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax part of kdegraphics is the KDE fax file viewer. Description Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known...
Cyrus IMAP Server: Multiple remote vulnerabilities
Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Multiple vulnerabilities have been discovered in the argument parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server CAN-2004-1012, CAN-2004-1013. There are also buffer overflows in t...
SquirrelMail: Encoded text XSS vulnerability
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...
zip: Path name buffer overflow
Background zip is a compression and file packaging utility. Description zip does not check the resulting path length when doing recursive folder compression. Impact An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path...
Portage, Gentoolkit: Temporary file vulnerabilities
Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...
Netatalk: Insecure tempfile handling in etc2ps.sh
Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...
SnipSnap: HTTP response splitting
Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...
phpGroupWare: XSS vulnerability in wiki module
Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...
Courier: Cross-site scripting vulnerability in SqWebMail
Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...
Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description An attacker can utili...
Squid: NTLM authentication helper buffer overflow
Background Squid contains a bug in the function ntlmcheckauth. It fails to do proper bounds checking on the values copyied to the 'pass' variable. Description Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, a...
Gallery: Privilege escalation vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description There is a vulnerability in the Gallery photo album...
Icecast denial of service vulnerability
Background Icecast is a program that streams audio data to listeners over the Internet. Description There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theorically be exploited by sending a specially crafted...