3816 matches found
PLIB: User-assisted execution of arbitrary code
Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A stack-based buffer overflow within the error function of...
OptiPNG: Multiple vulnerabilities
Background OptiPNG is a PNG optimizer that re-compresses image files to a smaller size, without losing any information. Description Multiple vulnerabilities have been discovered in OptiPNG. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to...
ImageWorsener: Multiple vulnerabilities
Background ImageWorsener is a cross-platform command-line utility and library for image scaling and other image processing. Description Multiple vulnerabilities have been discovered in ImageWorsener. Please review the CVE identifiers referenced below for details. Impact A remote attacker could...
Graphviz: Multiple vulnerabilities
Background Graphviz is an open source graph visualization software. Description Multiple vulnerabilities in Graphviz were discovered. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to control input matched against a regular expression or by enticing...
RTMPDump: Multiple vulnerabilities
Background RTMPDump is an RTMP client intended to stream audio or video flash content Description Multiple vulnerabilities have been discovered in RTMPDump. The following is a list of vulnerabilities fixed: Additional decode input size checks Ignore zero-length packets Potential integer overflow ...
Xdg-Utils: Command injection
Background Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Description An eval injection vulnerability was discovered in Xdg-Utils. Impact A context-dependent attacker could execute arbitrary code via the URL argument to xdg-open...
Zabbix: Multiple vulnerabilities
Background Zabbix is software for monitoring applications, networks, and servers. Description Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges...
Pixman: Buffer overflow
Background Pixman is a pixel manipulation library. Description In pixman-general, careless computations done with the ‘destbuffer’ pointer may overflow, failing the buffer upper limit check. Impact A remote attacker could possibly cause a Denial of Service condition, or execute arbitrary code wit...
libksba: Multiple vulnerabilities
Background Libksba is a X.509 and CMS PKCS7 library. Description libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Please read the references for additional details. Impact Remote attackers could cause Denial of Service or unspecified other vectors through...
hivex: User-assisted execution of arbitrary code
Background hivex is a library for reading and writing Windows Registry ‘hive’ binary files. Description Manipulating a short or truncated hive file may trigger an out-of-bounds read or write in hivex. Impact A context-dependent attacker could cause an application linked against hivex to pass a...
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description A NULL pointer dereference has been found in Openswan. Impact A remote attacker could create a Denial of Service condition. Workaround There is no known workaround at this time. Resolution Gentoo has discontinued support for...
GNU Wget: Arbitrary code execution
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description An absolute path traversal vulnerability has been found in GNU Wget. Impact A remote FTP server is able to write to arbitrary files, and consequently...
TigerVNC: User-assisted execution of arbitrary code
Background TigerVNC is a high-performance VNC server/client. Description Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code...
file: Denial of service
Background file is a utility that guesses a file format by scanning binary data for patterns. Description BEGIN regular expression in the awk script detector in magic/Magdir/commands uses multiple wildcards with unlimited repetitions. Impact A context-dependent attacker could entice a user to ope...
TCPTrack: Arbitrary code execution
Background TCPTrack is a simple libpcap based program for live TCP connection monitoring. Description A heap-based buffer overflow vulnerability exists in TCPTrack’s parsing of command line arguments. This is only a vulnerability in limited scenarios in which TCPTrack is “configured as a handler...
GNU Midnight Commander: User-assisted execution of arbitrary code
Background GNU Midnight Commander is a text based file manager. Description GNU Midnight Commander does not properly sanitize environment variables. Impact A remote attacker could entice a user to open a specially crafted archive file using GNU Midnight Commander, possibly resulting in execution ...
Roundcube: Arbitrary code execution
Background Roundcube is a browser-based multilingual IMAP client with an application-like user interface. Description A vulnerability in steps/utils/savepref.inc allows remote attackers to use the session parameter to change configuration settings. Impact A remote attacker could possibly execute...
Apache mod_fcgid: Arbitrary code execution
Background Apache modfcgid is a binary-compatible alternative to modfastcgi with better process management. Description Apache modfcgid fails to perform a boundary check on user-supplied input, potentially resulting in a heap-based buffer overflow. Impact A remote attacker can supply a crafted...
libsmi: Arbitrary code execution
Background libsmi is a library that allows management applications to access SMI MIB module definitions. Description libsmi contains a buffer overflow vulnerability in the smiGetNode function in lib/smi.c. Impact A context-dependent attacker could possibly execute arbitrary code by way of a...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description D-Bus’ dbusprintfstringupperbound function crashes if it returns exactly 1024 bytes. Impact A local attacker could provide specially-crafted input to an application using D-Bus which would cause...
JRuby: Denial of service
Background JRuby is a Java-based Ruby interpreter implementation. Description JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround...
Logwatch: Arbitrary code execution
Background Logwatch analyzes and reports on system logs. Description logwatch.pl does not properly sanitize log filenames against shell metacharacters before passing them to the "system" function. Impact A remote attacker could pass a specially crafted log filename to Logwatch, possibly resulting...
ModPlug: User-assisted execution of arbitrary code
Background ModPlug is a library for playing MOD-like music. Description Multiple vulnerabilities have been found in ModPlug: The ReadS3M method in loads3m.cpp fails to validate user-supplied information, which could cause a stack-based buffer overflow CVE-2011-1574. The "CSoundFile::ReadWav"...
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description Two vulnerabilities have been found in Openswan: Improper permissions are used on /var/run/starter.pid and /var/lock/subsys/ipsec CVE-2011-2147. Openswan contains a use-after-free error in the cryptographic helper handler...
spamdyke: Arbitrary code execution
Background spamdyke is a drop-in connection-time spam filter for qmail. Description Boundary errors related to the "snprintf" and "vsnprintf" functions in spamdyke could cause a buffer overflow. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Workaroun...
Asterisk: Denial of service
Background Asterisk is an open source telephony engine and toolkit. Description A vulnerability has been found in Asterisk's handling of certain encrypted streams where the ressrtp module has been loaded but video support has not been enabled. Impact A remote attacker could send a specially craft...
bip: Multiple vulnerabilities
Background bip is a multi-user IRC proxy with SSL support. Description Multiple vulnerabilities have been discovered in bip: Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash CVE-2010-3071. Julien Tinnes reported that bip doe...
OpenTTD: Multiple vulnerabilities
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple vulnerabilities have been discovered in OpenTTD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the OpenTTD process or cause...
libvpx: User-assisted execution of arbitrary code
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description libvpx is vulnerable to an integer overflow vulnerability when processing crafted VP8 video streams. Impact A remote attacker could entice a user to open a...
wxGTK: User-assisted execution of arbitrary code
Background wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI toolkit. Description wxGTK is prone to an integer overflow error in the wxImage::Create function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact A remote attacker might entice a user to...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: An anonymous researcher working with the Zero Day Initiative reported that Adobe Flash...
ZNC: Directory traversal
Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using th...
DokuWiki: Local file inclusion
Background DokuWiki is a standards compliant Wiki system written in PHP. Description girex reported that data from the "configcascade" parameter in inc/init.php is not properly sanitized before being used. Impact A remote attacker could exploit this vulnerability to execute PHP code from arbitrar...
Apache Tomcat JK Connector: Information disclosure
Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...
mpg123: User-assisted execution of arbitrary code
Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description The vendor reported a signedness error in the storeid3text function in id3.c, allowing for out-of-bounds memory access. Impact A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 MP3...
Xpdf: Untrusted search path
Background Xpdf is a PDF file viewer that runs under the X Window System. Description Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definiti...
Muttprint: Insecure temporary file usage
Background Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Description Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact A local attacker could perform symlink attacks to overwrite arbitrar...
Shadow: Privilege escalation
Background Shadow is a set of tools to deal with user accounts. Description Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gai...
Online-Bookmarks: Multiple vulnerabilities
Background Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links. Description The following vulnerabilities were reported: Authentication bypass when directly requesting certain pages CVE-2004-2155. Insufficient input validation in the login...
Archive::Tar: Directory traversal vulnerability
Background Archive::Tar is a Perl module for creation and manipulation of tar files. Description Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names. Impact A remote attacker could entice a user or automated system to extract a specially crafted tar archive,...
IPsec-Tools: racoon Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Two Denial of Service vulnerabilities have been reported in racoon: The vendor reported a memory leak in...
libspf2: DNS response buffer overflow
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...
Wireshark: Denial of service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector CVE-2008-3137, the PANA and KISMET dissectors CVE-2008-3138, the RTMPT dissector CVE-2008-3139, the syslog...
Perl: Execution of arbitrary code
Background Perl is a stable, cross platform programming language. Description Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Impact A remote attacker could possibly explo...
Firebird: Data disclosure
Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...
Netkit FTP Server: Denial of service
Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose function call on an uninitialized stream in ftpd.c. Impact A...
libexif: Multiple vulnerabilities
Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...
Pioneers: Multiple Denials of Service
Background Pioneers formerly gnocatan is a clone of the popular board game "The Settlers of Catan". Description Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones CVE-2007-5933. Bas Wijnen discovered...
libvorbis: Multiple vulnerabilities
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description David Thiel of iSEC Partners discovered a heap-based buffer overflow in the 01inverse function in res0.c and a boundary...