3816 matches found
grep: User-assisted execution of arbitrary code
Background grep is the GNU regular expression matcher. Description An integer overflow flaw has been discovered in grep. Impact An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial...
Gajim: Information disclosure
Background Gajim is a Jabber/XMPP client which uses GTK+. Description The sslverifycallback function in tlsnb.py does not properly validate SSL certificates, causing any certificate to be accepted as valid as long as the root CA is valid. Impact A remote attacker might employ a specially crafted...
libtheora: Arbitrary code execution
Background libtheora is the reference implementation of Theora, a free and open video compression format from the Xiph.org Foundation. Description An integer overflow flaw has been discovered in libtheora. Impact A remote attacker could execute arbitrary code or cause a Denial of Service conditio...
LibRaw, libkdcraw: Multiple vulnerabilities
Background LibRaw is a library for reading RAW files obtained from digital photo cameras. libkdcraw is a wrapper for LibRaw within KDE. Description Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. Please review the CVE identifiers referenced below for details. Impact A remot...
Libtasn1: Denial of service
Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Description Libtasn1 does not properly handle length fields when performing DER decoding. Impact A remote attacker could entice a user to open a...
Background International Components for Unicode ICU is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description An error in the canonicalize function in uloc.cpp could cause a stack-based buffer overflow. Impact A remote attacker could...
Perl Config-IniFiles Module: Insecure temporary file usage
Background Config-IniFiles is a Perl module for reading .ini-style configuration files. Description The Perl Config-IniFiles module uses predicatable temporary file names. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running th...
ConnMan: Multiple vulnerabilities
Background ConnMan provides a daemon for managing Internet connections. Description Multiple vulnerabilities have been found in ConnMan: Errors in inet.c and rtnl.c prevent ConnMan from checking the origin of netlink messages CVE-2012-2320. ConnMan does not properly check for shell escapes when...
Audacious Plugins: User-assisted execution of arbitrary code
Background Plugins for the Audacious music player. Description Multiple vulnerabilities have been found in Audacious Plugins: The "CSoundFile::ReadWav" function in loadwav.cpp contains an integer overflow which could cause a heap-based buffer overflow CVE-2011-2911. The "CSoundFile::ReadS3M"...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document...
CamlImages: User-assisted execution of arbitrary code
Background CamlImages is an image processing library for Objective Caml. Description Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the 1 readpngfile and readpngfileasrgb24 functions, when processing a PNG image CVE-2009-2295 and 2 gifread.c an...
nginx: Remote execution of arbitrary code
Background nginx is a robust, small and high performance HTTP and reverse proxy server. Description Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact A remote attacker might send a specially crafted...
Linux-PAM: Privilege escalation
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Marcus Granado repoted that Linux-PAM does not properly handle user...
Cyrus-SASL: Execution of arbitrary code
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Impact A remote...
Honeyd: Insecure temporary file creation
Background Honeyd is a small daemon that creates virtual hosts on a network. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the "test.sh" script. Impact A local attacker could perform symlink attacks and overwrite arbitrary files with the privileges of the user...
Bacula: Information disclosure
Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...
OpenOffice.org: User-assisted execution of arbitrary code
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Sean Larsson iDefense Labs reported an integer overflow in the function rtlallocateMemo...
X.Org X server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...
SILC: Multiple vulnerabilities
Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Description Nathan G. Grennan reported a boundary error in SILC Toolkit within the...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Julien Cayzax discovered that an insecure default setting exists in moduserdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the "nobody" user's $HOME is "/"...
International Components for Unicode: Multiple vulnerabilities
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Will Drewry Google Security reported a vulnerability in the regular expression engine when using back references to capture \0...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description An integer overflow has been reported in the "cliscanpe" function in file libclamav/pe.c CVE-2008-0318. Another unspecified vulnerability has been reported in fil...
unp: Arbitrary command execution
Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...
Opera: Multiple vulnerabilities
Background Opera is a fast Web browser that is available free of charge. Description David Bloom reported two vulnerabilities where plug-ins CVE-2007-6520 and Rich text editing CVE-2007-6522 could be used to allow cross domain scripting. Alexander Klink Cynops GmbH discovered an issue with TLS...
Bochs: Multiple vulnerabilities
Background Bochs is a IA-32 x86 PC emulator written in C++. Description Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver CVE-2007-2893. He also discovered a divide-by-zero error in the emulated floppy disk controller CVE-2007-2894. Impa...
Mono: Buffer overflow
Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...
gFTP: Multiple vulnerabilities
Background gFTP is an FTP client for the GNOME desktop environment. Description Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Impact A remote attacker could trigger these vulnerabilities by enticing a user...
Qt: Buffer overflow
Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Dirk Mueller from the KDE development team discovered a boundary error in file qutfcodec.cpp when processing Unicode strings. Impact A remote attacker could send a specially crafted Unicode string to a...
HPLIP: Privilege escalation
Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System CUPS and Scanner Access Now Easy SANE. Description Kees Cook from the Ubuntu Security team...
id3lib: Insecure temporary file creation
Background id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags. Description Nikolaus Schulz discovered that the function RenderV2ToFile in file src/tagfile.cpp creates temporary files in an insecure manner. Impact A loc...
Streamripper: Buffer overflow
Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...
XnView: Stack-based buffer overflow
Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...
Evolution: User-assisted execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...
libexif: Integer overflow vulnerability
Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...
Nexuiz: Multiple vulnerabilities
Background Nexuiz is a multi-player FPS game which uses a modified version of the Quake 1 engine. Description Nexuiz fails to correctly validate input within "clientcommands". There is also a failure to correctly handle connection attempts from remote hosts. Impact Using a specially crafted...
Tar: Directory traversal vulnerability
Background The Tar program provides the ability to create and manipulate tar archives. Description Tar does not properly extract archive elements using the GNUTYPENAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the...
GnuPG: Multiple vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Hugh Warrington has reported a boundary error in GnuPG, in the "askoutfilename" function from openfile.c: the makeprintablestring function could return a string longer than...
RPM: Buffer overflow
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly...
Cheese Tracker: Buffer Overflow
Background Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats. Description Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loaderXM::loadintrumentinternal function from...
Heimdal: Multiple local privilege escalation vulnerabilities
Background Heimdal is a free implementation of Kerberos 5. Description The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid. Impact A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. Workaround Ther...
libwmf: Buffer overflow vulnerability
Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...
Courier MTA: Denial of Service vulnerability
Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...
libpng: Buffer overflow
Background libpng is an open, extensible image format library, with lossless compression. Description In pngrutil.c, the function pngdecompresschunk allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Impact By enticing a user to lo...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact A remote attacker could craft malicious emails that would leverage...
Cscope: Many buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Cscope does not verify the length of file names sourced in include statements. Impact A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissio...
Mozilla Firefox: Potential remote code execution
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact If JavaScript is enabled, by tricking a us...
Trac: Cross-site scripting vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...
CenterICQ: Multiple vulnerabilities
Background CenterICQ is a text-based instant messaging interface that supports multiple protocols. It includes the ktools library, which provides text-mode user interface controls. Description Gentoo developer Wernfried Haas discovered that when the "Enable peer-to-peer communications" option is...
Ethereal: Buffer overflow in OSPF protocol dissector
Background Ethereal is a feature-rich network protocol analyzer. It provides protocol analyzers for various network flows, including one for Open Shortest Path First OSPF Interior Gateway Protocol. Description iDEFENSE reported a possible overflow due to the lack of bounds checking in the...
Webmin, Usermin: Format string vulnerability
Background Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web server component is vulnerable to a Perl...