3816 matches found
cURL: Certificate validation error
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL \0 character. Specifically, the processing of such fields is...
Perl Compress::Raw modules: Denial of service
Background Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Description Leo Bergolth reported an off-by-one error in the inflate function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow...
udev: Multiple vulnerabilities
Background udev is the device manager used in the Linux 2.6 kernel series. Description Sebastian Krahmer of SUSE discovered the following two vulnerabilities: udev does not verify the origin of NETLINK messages properly CVE-2009-1185. A buffer overflow exists in the utilpathencode function in...
xterm: User-assisted arbitrary commands execution
Background xterm is a terminal emulator for the X Window system. Description Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String DECRQSS sequences. Impact A remote attacker could entice a user to display a file containing specially crafted...
Avahi: Denial of service
Background Avahi is a system that facilitates service discovery on a local network. Description Hugo Dias reported a failed assertion in the originatesfromlocallegacyunicastsocket function in avahi-core/server.c when processing mDNS packets with a source port of 0. Impact A remote attacker could...
libspf2: DNS response buffer overflow
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...
yelp: User-assisted execution of arbitrary code
Background yelp is the default help browser for GNOME. Description Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using...
MoinMoin: Privilege escalation
Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...
E2fsprogs: Multiple buffer overflows
Background E2fsprogs provides utilities for use with the ext2 and ext3 file systems including the libext2fs library that allows user-level programs to manipulate an ext2 or ext3 file system. Description Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that...
Perl: Buffer overflow
Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...
TRAMP: Insecure temporary file creation
Background TRAMP is a remote file editing package for GNU Emacs, a highly extensible and customizable text editor. Description Stefan Monnier discovered that the tramp-make-tramp-temp-file function creates temporary files in an insecure manner. Impact A local attacker could create symbolic links ...
DenyHosts: Denial of service
Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Impact A remote unauthenticated attacker can...
libvorbis: Multiple vulnerabilities
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description David Thiel of iSEC Partners discovered a heap-based buffer overflow in the 01inverse function in res0.c and a boundary...
GNU Tar: Directory traversal vulnerability
Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description Dmitry V. Levin discovered a directory traversal vulnerability in the containsdotdot function in file src/names.c. Impact By enticing a user to extract a special...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon. Description A stack buffer overflow CVE-2007-3999 has been reported in svcauthgssvalidate of the RPC library of kadmind. Another vulnerability...
ImageMagick: Multiple buffer overflows
Background ImageMagick is a collection of tools allowing various manipulations on image files. Description iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage and ReadXWDImage, that are used to process DCM and XWD files. Impact An attacker could...
Courier-IMAP: Remote execution of arbitrary code
Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...
zziplib: Buffer Overflow
Background The zziplib library is a lightweight library for extracting data from files archived in a single zip file. Description dmcox dmcox discovered a boundary error in the zzipopensharedio function from zzip/file.c . Impact A remote attacker could entice a user to run a zziplib function with...
RAR, UnRAR: Buffer overflow
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Impact A remote attacker could entice a user to...
VLC media player: Format string vulnerability
Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...
libgtop: Privilege escalation
Background libgtop facilitates the libgtopdaemon, which is used by GNOME to obtain information about remote systems. Description Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause...
Kronolith: Local file inclusion
Background Kronolith is a web-based calendar which relies on the Horde Framework for integration with other applications. Description Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact An authenticated...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in...
ModPlug: Multiple buffer overflows
Background ModPlug is a library for playing MOD-like music. Description Luigi Auriemma has reported various boundary errors in loadit.cpp and a boundary error in the "CSoundFile::ReadSample" function in sndfile.cpp. Impact A remote attacker can entice a user to read crafted modules or ITP files,...
qmailAdmin: Buffer overflow
Background qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. Description qmailAdmin fails to properly handle the "PATHINFO" variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user supplied...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...
ClamAV: Heap buffer overflow
Background ClamAV is a GPL virus scanner. Description Damian Put has discovered a boundary error in the pefromupx function used by the UPX extraction module, which unpacks PE Windows executable files. Both the "clamscan" command-line utility and the "clamd" daemon are affected. Impact By sending ...
GDM: Privilege escalation
Background GDM is the GNOME display manager. Description GDM allows a normal user to access the configuration manager. Impact When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description ClamAV contains format string vulnerabilities in the logging code CVE-2006-1615. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser CVE-2006-1614 and David Luyer discovered that ClamAV can be tricked into...
Pngcrush: Buffer overflow
Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...
ADOdb: PostgresSQL command injection
Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact By sending specifically crafted requests to an application that uses ADOdb and a...
LibAST: Privilege escalation
Background LibAST is a utility library that was originally intended to accompany Eterm, but may be used by various other applications. Description Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact The vulnerability can be exploited to gain...
Smb4k: Local unauthorized file access
Background Smb4K is a SMB/CIFS share browser for KDE. Description A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as...
MPlayer: Heap overflow in ad_pcm.c
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Sven Tantau discovered a heap overflow in the code handling the strf chunk of PCM audio streams. Impact An attacker could craft a malicious video or audio file which, when opened using MPlayer,...
nbSMTP: Format string vulnerability
Background nbSMTP is an SMTP client suitable to run in chroot jails, in embedded systems, laptops and workstations. Description Niels Heinen discovered a format string vulnerability. Impact An attacker can setup a malicious SMTP server and exploit this vulnerability to execute arbitrary code with...
Ethereal: Multiple vulnerabilities
Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.12, including: The SMB dissector could overflow a buffer or exhaust memory CAN-2005-2365. iDEFENSE discovered that several dissectors are vulnerabl...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request...
SilverCity: Insecure file permissions
Background SilverCity provides lexical analysis for over 20 programming and markup languages. Description The SilverCity package installs three executable files with insecure permissions. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the...
OpenOffice.Org: DOC document Heap Overflow
Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load" function when processing D...
Smarty: Template vulnerability
Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description A vulnerability has been discovered within the regexreplace modifier of the Smarty...
IPsec-Tools: racoon Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing cod...
enscript: Multiple vulnerabilities
Background enscript is a powerful ASCII to PostScript file converter. Description Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames CAN-2004-1185, and it supporte...
poppassd_pam: Unauthorized password changing
Background poppassdpam is a PAM-enabled server for changing system passwords that can be used to change POP server passwords. Description Gentoo Linux developer Marcus Hanwell discovered that poppassdpam did not check that the old password was valid before changing passwords. Our investigation...
Mozilla, Firefox, Thunderbird: Various vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...
PHProjekt: Remote code execution vulnerability
Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...
Zwiki: XSS vulnerability
Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...
OpenSSL, Groff: Insecure tempfile handling
Background OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the derchop script, which is used to convert DER-encoded certificates to PEM format. Groff GNU Troff is a typesetting package...
ImageMagick: EXIF buffer overflow
Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description ImageMagick fails to do proper bounds checking when handling image files with EXIF information. Impact An attacker could use an image file with specially-crafted EXIF information to...
libxml2: Remotely exploitable buffer overflow
Background libxml2 is an XML parsing library written in C. Description Multiple buffer overflows have been detected in the nanoftp and nanohttp modules. These modules are responsible for parsing URLs with ftp information, and resolving names via DNS. Impact An attacker could exploit an applicatio...
rssh: Format string vulnerability
Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in rssh syslogging of...