3816 matches found
bip: Multiple vulnerabilities
Background bip is a multi-user IRC proxy with SSL support. Description Multiple vulnerabilities have been discovered in bip: Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash CVE-2010-3071. Julien Tinnes reported that bip doe...
OpenTTD: Multiple vulnerabilities
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple vulnerabilities have been discovered in OpenTTD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the OpenTTD process or cause...
libvpx: User-assisted execution of arbitrary code
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description libvpx is vulnerable to an integer overflow vulnerability when processing crafted VP8 video streams. Impact A remote attacker could entice a user to open a...
wxGTK: User-assisted execution of arbitrary code
Background wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI toolkit. Description wxGTK is prone to an integer overflow error in the wxImage::Create function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact A remote attacker might entice a user to...
ZNC: Directory traversal
Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using th...
DokuWiki: Local file inclusion
Background DokuWiki is a standards compliant Wiki system written in PHP. Description girex reported that data from the "configcascade" parameter in inc/init.php is not properly sanitized before being used. Impact A remote attacker could exploit this vulnerability to execute PHP code from arbitrar...
Apache Tomcat JK Connector: Information disclosure
Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...
mpg123: User-assisted execution of arbitrary code
Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description The vendor reported a signedness error in the storeid3text function in id3.c, allowing for out-of-bounds memory access. Impact A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 MP3...
Xpdf: Untrusted search path
Background Xpdf is a PDF file viewer that runs under the X Window System. Description Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definiti...
Muttprint: Insecure temporary file usage
Background Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Description Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact A local attacker could perform symlink attacks to overwrite arbitrar...
Shadow: Privilege escalation
Background Shadow is a set of tools to deal with user accounts. Description Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gai...
Online-Bookmarks: Multiple vulnerabilities
Background Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links. Description The following vulnerabilities were reported: Authentication bypass when directly requesting certain pages CVE-2004-2155. Insufficient input validation in the login...
Archive::Tar: Directory traversal vulnerability
Background Archive::Tar is a Perl module for creation and manipulation of tar files. Description Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names. Impact A remote attacker could entice a user or automated system to extract a specially crafted tar archive,...
IPsec-Tools: racoon Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Two Denial of Service vulnerabilities have been reported in racoon: The vendor reported a memory leak in...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute...
libspf2: DNS response buffer overflow
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...
Wireshark: Denial of service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector CVE-2008-3137, the PANA and KISMET dissectors CVE-2008-3138, the RTMPT dissector CVE-2008-3139, the syslog...
Firebird: Data disclosure
Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...
MoinMoin: Multiple vulnerabilities
Background MoinMoin is an advanced, easy to use and extensible Wiki Engine. Description Multiple vulnerabilities have been discovered: A vulnerability exists in the file wikimacro.py because the macroGetval function does not properly enforce ACLs CVE-2008-1099. A directory traversal vulnerability...
Netkit FTP Server: Denial of service
Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose function call on an uninitialized stream in ftpd.c. Impact A...
libexif: Multiple vulnerabilities
Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...
Cairo: User-assisted execution of arbitrary code
Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple integer overflows were reported, one of which Peter Valchev Google Security found to be leading to a heap-based buffer overflow in the cairoimagesurfacecreatefrompng function that processes PNG...
Pioneers: Multiple Denials of Service
Background Pioneers formerly gnocatan is a clone of the popular board game "The Settlers of Catan". Description Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones CVE-2007-5933. Bas Wijnen discovered...
KDM: Local privilege escalation
Background KDM is the Display Manager for the graphical desktop environment KDE. It is part of the kdebase package. Description Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured fo...
GNU Tar: Directory traversal vulnerability
Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description Dmitry V. Levin discovered a directory traversal vulnerability in the containsdotdot function in file src/names.c. Impact By enticing a user to extract a special...
GNU C Library: Integer overflow
Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...
PPTPD: Denial of Service attack
Background PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. Description James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Impact A remote attacker could exploit this vulnerability to cause a Denial of Service on the PPTPD connection...
Evince: Stack overflow in included gv code
Background Evince is a document viewer for multiple document formats, including PostScript. Description Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially...
Asterisk: SIP Denial of service
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. Impact A remote attacker could cause a...
MIT Kerberos 5: Arbitrary Remote Code Execution
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to fr...
DenyHosts: Denial of service
Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact A remote unauthenticated attacker ca...
xine-lib: Buffer overflow
Background xine is a portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description A possible buffer overflow has been reported in the Real Media input plugin. Impact An attacker could exploit this vulnerability by enticing a user into loading a specially crafted...
Kile: Incorrect backup file permission
Background Kile is a TeX/LaTeX editor for KDE. Description Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920. Impact A kile user may inadvertently grant access to sensitive information. Workaround There is no known workaround at this...
Ruby: Denial of Service vulnerability
Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated...
Adobe Flash Player: Arbitrary code execution
Background The Adobe Flash Player is a renderer for Flash files - commonly used to provide interactive websites, digital experiences and mobile content. Description The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact An attacker could entice a user to view a malicious Fla...
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Description Unchecked calls to setuid in krshd and v4rcp, as well as unchecked calls ...
TunePimp: Buffer overflow
Background The TunePimp library also referred to as libtunepimp is a development library geared towards developers who wish to create MusicBrainz enabled tagging applications. Description Kevin Kofler has reported a vulnerability where three stack variables are allocated with 255, 255 and 100 byt...
Sendmail: Denial of service
Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...
JPEG library: Denial of service
Background The JPEG library is able to load, handle and manipulate images in the JPEG format. Description Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended. Impact By enticing a us...
Pound: HTTP request smuggling
Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description Pound fails to handle HTTP requests with conflicting "Content-Length" and...
phpWebSite: Local file inclusion
Background phpWebSite provides a complete web site content management system. Description rgod has reported that the "hubdir" parameter in "index.php" isn't properly verified. When "magicquotesgpc" is disabled, this can be exploited to include arbitrary files from local ressources. Impact If...
NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
Background NetHack is the classic single player dungeon exploration game. Slash'EM and Falcon's Eye are NetHack variants. Description NetHack, Slash'EM and Falcon's Eye have been found to be incompatible with the system used for managing games on Gentoo Linux. As a result, they cannot be played...
Pngcrush: Buffer overflow
Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. modimap provides support for server-side image maps; modssl provides secure HTTP connections. Description Apache's modimap fails to properly sanitize the "Referer" directive of imagemaps in some cases, leavi...
ADOdb: PostgresSQL command injection
Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact By sending specifically crafted requests to an application that uses ADOdb and a...
Horde Application Framework: XSS vulnerability
Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...
cURL: NTLM username stack overflow
Background cURL is a command line tool and library for transferring files via many different protocols. It supports NTLM authentication to retrieve files from Windows-based systems. Description iDEFENSE reported that insufficient bounds checking on a memcpy of the supplied NTLM username can resul...
Lynx: Buffer overflow in NNTP processing
Background Lynx is a text-mode browser for the World Wide Web. It supports multiple URL types, including HTTP and NNTP URLs. Description When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar...
Mantis: XSS and SQL injection vulnerabilities
Background Mantis is a web-based bugtracking system written in PHP. Description Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Impact An attacker could possibly use the SQL injection vulnerability...