3816 matches found
Honeyd: Insecure temporary file creation
Background Honeyd is a small daemon that creates virtual hosts on a network. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the "test.sh" script. Impact A local attacker could perform symlink attacks and overwrite arbitrary files with the privileges of the user...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been reported in lighttpd: Qhy reported a memory leak in the httprequestparse function in request.c CVE-2008-4298. Gaetan Bisson reported that URIs are not decoded before applying...
Bacula: Information disclosure
Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...
OpenOffice.org: User-assisted execution of arbitrary code
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Sean Larsson iDefense Labs reported an integer overflow in the function rtlallocateMemo...
X.Org X server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...
SILC: Multiple vulnerabilities
Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Description Nathan G. Grennan reported a boundary error in SILC Toolkit within the...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Julien Cayzax discovered that an insecure default setting exists in moduserdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the "nobody" user's $HOME is "/"...
International Components for Unicode: Multiple vulnerabilities
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Will Drewry Google Security reported a vulnerability in the regular expression engine when using back references to capture \0...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description An integer overflow has been reported in the "cliscanpe" function in file libclamav/pe.c CVE-2008-0318. Another unspecified vulnerability has been reported in fil...
unp: Arbitrary command execution
Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...
Opera: Multiple vulnerabilities
Background Opera is a fast Web browser that is available free of charge. Description David Bloom reported two vulnerabilities where plug-ins CVE-2007-6520 and Rich text editing CVE-2007-6522 could be used to allow cross domain scripting. Alexander Klink Cynops GmbH discovered an issue with TLS...
Bochs: Multiple vulnerabilities
Background Bochs is a IA-32 x86 PC emulator written in C++. Description Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver CVE-2007-2893. He also discovered a divide-by-zero error in the emulated floppy disk controller CVE-2007-2894. Impa...
Mono: Buffer overflow
Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...
gFTP: Multiple vulnerabilities
Background gFTP is an FTP client for the GNOME desktop environment. Description Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Impact A remote attacker could trigger these vulnerabilities by enticing a user...
Qt: Buffer overflow
Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Dirk Mueller from the KDE development team discovered a boundary error in file qutfcodec.cpp when processing Unicode strings. Impact A remote attacker could send a specially crafted Unicode string to a...
HPLIP: Privilege escalation
Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System CUPS and Scanner Access Now Easy SANE. Description Kees Cook from the Ubuntu Security team...
id3lib: Insecure temporary file creation
Background id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags. Description Nikolaus Schulz discovered that the function RenderV2ToFile in file src/tagfile.cpp creates temporary files in an insecure manner. Impact A loc...
Streamripper: Buffer overflow
Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...
XnView: Stack-based buffer overflow
Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...
Evolution: User-assisted execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...
libexif: Integer overflow vulnerability
Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...
Quagga: Denial of service
Background Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols. Description The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages. Impact A malicious peer inside a BGP area could send a specially...
Nexuiz: Multiple vulnerabilities
Background Nexuiz is a multi-player FPS game which uses a modified version of the Quake 1 engine. Description Nexuiz fails to correctly validate input within "clientcommands". There is also a failure to correctly handle connection attempts from remote hosts. Impact Using a specially crafted...
BIND: Denial of service
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to...
Tar: Directory traversal vulnerability
Background The Tar program provides the ability to create and manipulate tar archives. Description Tar does not properly extract archive elements using the GNUTYPENAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the...
GnuPG: Multiple vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Hugh Warrington has reported a boundary error in GnuPG, in the "askoutfilename" function from openfile.c: the makeprintablestring function could return a string longer than...
RPM: Buffer overflow
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly...
Cheese Tracker: Buffer Overflow
Background Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats. Description Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loaderXM::loadintrumentinternal function from...
LibXfont: Multiple integer overflows
Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the PCF font parser. Impact A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially...
Heimdal: Multiple local privilege escalation vulnerabilities
Background Heimdal is a free implementation of Kerberos 5. Description The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid. Impact A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. Workaround Ther...
libwmf: Buffer overflow vulnerability
Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...
Courier MTA: Denial of Service vulnerability
Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...
libpng: Buffer overflow
Background libpng is an open, extensible image format library, with lossless compression. Description In pngrutil.c, the function pngdecompresschunk allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Impact By enticing a user to lo...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact A remote attacker could craft malicious emails that would leverage...
Cscope: Many buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Cscope does not verify the length of file names sourced in include statements. Impact A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissio...
Mozilla Firefox: Potential remote code execution
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact If JavaScript is enabled, by tricking a us...
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. Impact An attacker could possibly exploit this vulnerability by sending...
Trac: Cross-site scripting vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...
CenterICQ: Multiple vulnerabilities
Background CenterICQ is a text-based instant messaging interface that supports multiple protocols. It includes the ktools library, which provides text-mode user interface controls. Description Gentoo developer Wernfried Haas discovered that when the "Enable peer-to-peer communications" option is...
Ethereal: Buffer overflow in OSPF protocol dissector
Background Ethereal is a feature-rich network protocol analyzer. It provides protocol analyzers for various network flows, including one for Open Shortest Path First OSPF Interior Gateway Protocol. Description iDEFENSE reported a possible overflow due to the lack of bounds checking in the...
Webmin, Usermin: Format string vulnerability
Background Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web server component is vulnerable to a Perl...
Scorched 3D: Multiple vulnerabilities
Background Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding features like a 3D island environment and Internet multiplayer capabilities. Description Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description iDefense labs discovered a problem within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. D...
PHP: Vulnerabilities in included PCRE and XML-RPC libraries
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description PHP makes use of a private copy of libpcre which is subject to an...
pam_ldap and nss_ldap: Plain text authentication leak
Background pamldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows...
Clam AntiVirus: Denial of Service vulnerability
Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Andrew Toller and Stefan Kanthak discovered that...
SquirrelMail: Several XSS vulnerabilities
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Impact By enticing a user to read a specially-crafted e-mail or using a manipulated...
LutelWall: Insecure temporary file creation
Background LutelWall is a high-level Linux firewall configuration tool. Description Eric Romang has discovered that the newversioncheck function in LutelWall insecurely creates a temporary file when updating to a new version. Impact A local attacker could create symbolic links in the temporary fi...
ImageMagick, GraphicsMagick: Denial of Service vulnerability
Background Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when...
gdb: Multiple vulnerabilities
Background gdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the B...