3816 matches found
BEAST: Denial of service
Background BEdevilled Audio SysTem is an audio compositor, supporting a wide range of audio formats. Description BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid fails due to a user exceeding assigned resource limits. Impact A...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCal...
Squid: Denial of service
Background Squid is a multi-protocol proxy server. Description Squid incorrectly handles TRACE requests that contain a "Max-Forwards" header field with value "0" in the clientProcessRequest function. Impact A remote attacker can send specially crafted TRACE HTTP requests that will terminate the...
Snort: Denial of service
Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...
GnuTLS: RSA Signature Forgery
Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...
Courier MTA: Denial of Service vulnerability
Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...
LibVNCServer: Authentication bypass
Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...
libpng: Buffer overflow
Background libpng is an open, extensible image format library, with lossless compression. Description In pngrutil.c, the function pngdecompresschunk allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Impact By enticing a user to lo...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact A remote attacker could craft malicious emails that would leverage...
Cscope: Many buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Cscope does not verify the length of file names sourced in include statements. Impact A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissio...
Opera: Buffer overflow
Background Opera is a multi-platform web browser. Description SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buff...
X.Org: Buffer overflow in XRender extension
Background X.Org is X.Org Foundation's public implementation of the X Window System. Description X.Org miscalculates the size of a buffer in the XRender extension. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround There ...
ClamAV: Buffer overflow in Freshclam
Background ClamAV is a GPL virus scanner. Freshclam is a utility to download virus signature updates. Description Ulf Harnhammar and an anonymous German researcher discovered that Freshclam fails to check the size of the header data returned by a webserver. Impact By enticing a user to connect to...
RealPlayer: Buffer overflow vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. Impact By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code...
Macromedia Flash Player: Arbitrary code execution
Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description The Macromedia Flash Player contains multiple unspecified vulnerabilities. Impact An attacker serving a...
Opera: Command-line URL shell command injection
Background Opera is a multi-platform web browser. Description Peter Zelezny discovered that the shell script used to launch Opera parses shell commands that are enclosed within backticks in the URL provided via the command line. Impact A remote attacker could exploit this vulnerability by enticin...
Ethereal: Buffer overflow in OSPF protocol dissector
Background Ethereal is a feature-rich network protocol analyzer. It provides protocol analyzers for various network flows, including one for Open Shortest Path First OSPF Interior Gateway Protocol. Description iDEFENSE reported a possible overflow due to the lack of bounds checking in the...
eix: Insecure temporary file creation
Background eix is a small utility for searching ebuilds with indexing for fast results. Description Eric Romang discovered that eix creates a temporary file with a predictable name. eix creates a temporary file in /tmp/eix..sync where is the process ID of the shell running eix. Impact A local...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description iDefense labs discovered a problem within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. D...
AbiWord: RTF import stack-based buffer overflow
Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. Impact An attacker could design a malicious RTF...
PhpWiki: Arbitrary command execution through XML-RPC
Background PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Description Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Impact A remote attacker could...
Tor: Information disclosure
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact By setting up a malicio...
bluez-utils: Bluetooth device name validation vulnerability
Background bluez-utils are the utilities for use with the BlueZ implementation of the Bluetooth wireless standards for Linux. Description The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact An attacker cou...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: "mozbugra4" and "shutdown" discovered that Thunderbird was improperly cloning base objects MFSA 2005-56. "mozbugra4"...
pam_ldap and nss_ldap: Plain text authentication leak
Background pamldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows...
Dzip: Directory traversal vulnerability
Background Dzip is a compressor and uncompressor especially made for demo recordings of id's Quake. Description Dzip is vulnerable to a directory traversal attack when extracting archives. Impact An attacker could exploit this vulnerability by creating a specially crafted archive to extract files...
LimeWire: Disclosure of sensitive information
Background LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol. Description Two input validation errors were found in the handling of Gnutella GET requests CAN-2005-0788 and magnet requests CAN-2005-0789. Impact A remote attacker can craft a specific Gnutella...
Grip: CDDB response overflow
Background Grip is a GTK+ based audio CD player/ripper. Description Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results. Impact A malicious CDDB server could cause Grip to crash by returning more then 16 matches, potentially allowing the execution of...
VMware Workstation: Untrusted library search path
Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that VMware Workstation searches for gdk-pixbuf loadable modules in an untrusted, world-writable directory. Impact...
pdftohtml: Vulnerabilities in included Xpdf
Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28. Impact An attacker could entice a user to convert a specially-crafted PDF file,...
Ethereal: Multiple vulnerabilities
Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including: The COPS dissector could go into an infinite loop CAN-2005-0006. The DLSw dissector could cause an assertion, making Ethereal exi...
Adobe Acrobat Reader: Buffer overflow vulnerability
Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the email processing of Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function, which checks if the input file is an email message containing a PDF file. Impact ...
pdftohtml: Vulnerabilities in included Xpdf
Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact An attacker could entice a user to convert a specially-crafted PDF fil...
GIMPS, SETI@home, ChessBrain: Insecure installation
Background GIMPS is a client for the distributed Great Internet Mersenne Prime Search. SETI@home is the client for the Search for Extraterrestrial Intelligence SETI project. ChessBrain is the client for the distributed chess supercomputer. Description GIMPS, SETI@home and ChessBrain ebuilds insta...
Davfs2, lvm-user: Insecure tempfile handling
Background Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM Logical Volume Management 1.x features. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2...
mtink: Insecure tempfile handling
Background mtink is a status monitor and inkjet cartridge changer for some Epson printers. Description Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure permissions on temporary files. Impact A local attacker could create symbolic links in the temporary files directory, pointing...
glibc: Insecure tempfile handling in catchsegv script
Background glibc is a package that contains the GNU C library. Description The catchsegv script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere o...
Multiple XSS Vulnerabilities in SquirrelMail
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description Several unspecified cross-site scripting XSS vulnerabilities and a well hidden SQL injection vulnerability were found. An XSS attack allows an...
neon heap-based buffer overflow
Background neon provides an HTTP and WebDAV client library. Description Stefan Esser discovered a vulnerability in the code of the neon library : if a malicious date string is passed to the nerfc1036parse function, it can trigger a string overflow into static heap variables. Impact Depending on t...
Exim verify=header_syntax buffer overflow
Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description When the option "verify = headersyntax" is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending...
KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability
Background KDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts. Description A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system. Impact A remote attacker may unauthorized...
QEMU: Multiple Vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
nghttp2: Multiple Vulnerabilities
Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
MIT krb5: Multiple Vulnerabilities
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description Multiple vulnerabilities have been discovered in MIT krb5. Please review the CVE identifiers referenced below for details. Impact Please review...
Setuptools: Denial of Service
Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...
Joblib: Arbitrary Code Execution
Background Joblib is a set of tools to provide lightweight pipelining in Python. In particular: 1. transparent disk-caching of functions and lazy re-evaluation memoize pattern 2. easy simple parallel computing Joblib is optimized to be fast and robust on large data in particular and has specific...
Tor: Multiple Vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
ProFTPd: Memory Disclosure
Background ProFTPD is an advanced and very configurable FTP server. Description ProFTPd unconditionally sends passwords to Radius servers for authentication in multiples of 16 bytes. If a password is not of a length that is a multiple of 16 bytes, ProFTPd will read beyond the end of the password...
sysstat: Arbitrary Code Execution
Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Description On 32 bit systems, an integer overflow can be triggered when displaying activity data files. Impact Arbitrary code execution can be achieved v...
Open Asset Import Library ("assimp"): Multiple Vulnerabilities
Background Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data. Description Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third...