3816 matches found
Vixie cron: Denial of service
Background Paul Vixie’s cron daemon, a fully featured crond implementation. Description Vixie cron contains a race condition relating to atime and mtime values of temporary files. Impact A local attacker could change the modification time of files, possibly resulting in a Denial of Service...
TPTEST: Arbitrary code execution
Background TPTEST is a tool to measure the speed of a user’s Internet connection. Description The GetStatsFromLine function in TPTEST is vulnerable to buffer overflows from STATS lines with long email and pwd fields. Impact A remote attacker could send a specially-crafted STATS line, possibly...
Perl Module-Signature module: Arbitrary code execution
Background The Perl Module::Signature module adds signing capabilities to CPAN modules. Description The ‘cpansign verify’ command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to replace this SHA1 with a special...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access CVE-2012-2186. An error in Asterisk could cause all RTP ports to be exhausted CVE-2012-3812. A double-free error could...
Atheme IRC Services: Denial of service
Background Atheme is a portable and secure set of open-source and modular IRC services. CertFP is certificate fingerprinting used to authenticate users to nicknames. Description The “myuserdelete” function in account.c does not properly remove CertFP entries when deleting user accounts. Impact A...
Logsurfer: Arbitrary code execution
Background Logsurfer is a real time log monitoring and analysis tool. Description Logsurfer log files may contain substrings used for executing external commands. The prepareexec function in src/exec.c contains a double-free vulnerability. Impact A remote attacker could inject specially-crafted...
Wget: User-assisted file creation or overwrite
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description It was discovered that Wget was unsafely trusting server-provided filenames. This allowed attackers to overwrite or create files on the user's system...
HTMLDOC: User-assisted execution of arbitrary code
Background HTMLDOC is a HTML indexer and HTML to PS and PDF converter. Description ANTHRAX666 reported an insecure call to the sscanf function in the setpagesize function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the writetype1 function in...
Screenie: Insecure temporary file usage
Background Screenie is a small screen frontend that is designed to be a session handler. Description Dmitry E. Oboukhov reported that Screenie does not handle "/tmp/.screenie." temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...
libvorbis: User-assisted execution of arbitrary code
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encodi...
GStreamer plug-ins: User-assisted execution of arbitrary code
Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been reported in several GStreamer plug-ins: Tobias Klein reported two heap-based buffer overflows and an array index error in the qtdemuxparsesamples functio...
libwmf: User-assisted execution of arbitrary code
Background libwmf is a library for converting WMF files. Description The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting...
IPSec Tools: Denial of service
Background The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. Description The following vulnerabilities have been found in the racoon daemon as shipped with...
Wireshark: Multiple Denials of Service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description The following vulnerabilities were reported: Multiple buffer overflows in the NCP dissector CVE-2008-3146. Infinite loop in the NCP dissector CVE-2008-3932. Invalid read in the tvbuncompress function when...
Git: User-assisted execution of arbitrary code
Background Git is a distributed version control system. Description Multiple boundary errors in the functions diffaddremove and diffchange when processing overly long repository path names were reported. Impact A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on...
R: Insecure temporary file creation
Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Description Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to...
OpenLDAP: Denial of Service vulnerability
Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the "bergetnext" function in libraries/liblber/io.c. Impact A remote unauthenticated...
xine-lib: User-assisted execution of arbitrary code
Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been discovered in xine-lib: Alin Rad Pop of Secunia reported an array indexing vulnerability in the...
PeerCast: Buffer overflow
Background PeerCast is a client and server for P2P-radio networks. Description Nico Golde reported a boundary error in the HTTP::getAuthUserPass function when processing overly long HTTP Basic authentication requests. Impact A remote attacker could send a specially crafted HTTP request to the...
GnuTLS: Execution of arbitrary code
Background GnuTLS is an implementation of Secure Sockets Layer SSL 3.0 and Transport Layer Security TLS 1.0, 1.1 and 1.2. Description Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS: "Client Hello" messages containing an invalid server name can...
Perl: Execution of arbitrary code
Background Perl is a stable, cross platform programming language. Description Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Impact A remote attacker could possibly explo...
policyd-weight: Insecure temporary file creation
Background policyd-weight is a Perl policy daemon for the Postfix MTA intended to eliminate forged envelope senders and HELOs. Description Chris Howells reported that policyd-weight creates and uses the "/tmp/.policyd-weight/" directory in an insecure manner. Impact A local attacker could exploit...
Mantis: Cross-Site Scripting
Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...
Xdg-Utils: Arbitrary command execution
Background Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Description Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell scripts do not properly sanitize their input before processing it. Impact A remote attacker...
CherryPy: Directory traversal vulnerability
Background CherryPy is a Python-based, object-oriented web development framework. Description CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact A remote attacker could exploit this...
OpenAFS: Denial of service
Background OpenAFS is a distributed network filesystem. Description Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Impact A remote attacker could construct cases which trigger the race condition,...
Syslog-ng: Denial of service
Background Syslog-ng is a flexible and scalable system logger. Description Oriol Carreras reported a NULL pointer dereference in the logmsgparse function when processing timestamps without a terminating whitespace character. Impact A remote attacker could send a specially crafted event to a...
SKK Tools: Insecure temporary file creation
Background SKK is a Japanese input method for Emacs. Description skkdic-expr.c insecurely writes temporary files to a location in the form $TMPDIR/skkdic$PID.pag,dir,db, where $PID is the process ID. Impact A local attacker could create symbolic links in the directory where the temporary files ar...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS packets CVE-2007-339...
Net::DNS: Multiple vulnerabilities
Background Net::DNS is a Perl implementation of a DNS resolver. Description hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dnexpand function which could lead to an endless loop. Impact A remote attacker could...
Fail2ban: Denial of service
Background Fail2ban is a tool for parsing log files and banning IP addresses which make too many password failures. Description A vulnerability has been discovered in Fail2ban when parsing log files. Impact A remote attacker could send specially crafted SSH login banners to the vulnerable host,...
MySQL: Two Denial of Service vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. Description mu-b discovered a NULL pointer dereference in itemcmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the...
DokuWiki: Cross-site scripting vulnerability
Background DokuWiki is a simple to use wiki aimed at creating documentation. Description DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file. Impact An attacker could entice a user to click a specially crafted link and inject CRLF characters into the variable...
SILC Server: Denial of service
Background SILC Server is a server for the Secure Internet Live Conferencing SILC protocol. Description Frank Benkstein discovered a possible NULL pointer dereference in apps/silcd/command.c if a new channel is created without specifying a valid hmac or cipher algorithm name. Impact A remote...
STLport: Possible remote execution of arbitrary code
Background STLport is a multi-platform C++ Standard Library implementation. Description Two buffer overflows have been discovered, one in "print floats" and one in the rope constructor. Impact Both of the buffer overflows could result in the remote execution of arbitrary code. Please note that th...
AMD64 x86 emulation Qt library: Integer overflow
Background The AMD64 x86 emulation Qt library for AMD64 emulates the x86 32-bit Qt library on the AMD64 64-bit architecture. Description An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Impact By enticing a user to...
MPlayer: Buffer overflow
Background MPlayer is a media player capable of playing multiple media formats. Description When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Impact An attacker can entice a user to...
Fail2ban: Denial of service
Background Fail2ban monitors log files for failed authentication attempts and can block hosts responsible for repeated attacks. Description A flaw in the method used to parse log entries allows remote, unauthenticated attackers to forge authentication attempts from other hosts. Impact A remote...
ELinks: Arbitrary Samba command execution
Background ELinks is a text mode web browser. Description Teemu Salmela discovered an error in the validation code of "smb://" URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact A remote attacker could entice a user to browse to a specially crafted "smb://"...
Centericq: Remote buffer overflow in LiveJournal handling
Background Centericq is a text mode menu-driven and window-driven instant messaging interface. Description When interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer overflow. Impact An attacker could entice a...
DokuWiki: Shell command injection and Denial of service
Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact A remote attack...
xine-lib: Buffer overflows
Background xine is a high performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description xine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin xinepluginphttp.so via a...
Wireshark: Multiple vulnerabilities
Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...
KDM: Symlink vulnerability
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDM is the KDE Display Manager and is part of the kdebase package. Description Ludwig Nussel discovered that KDM could be tricked into allowing users to read files that would otherwise not be...
Typespeed: Remote execution of arbitrary code
Background Typespeed is a game to test and practice 10-finger-typing. Network code allows two users to compete head-to-head. Description Niko Tyni discovered a buffer overflow in the addnewword function of Typespeed's network code. Impact By sending specially crafted network packets to a machine...
SpamAssassin: Execution of arbitrary code
Background SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin. Description When spamd is run with both the "--vpopmail" -v and "--paranoid" -P options, it is vulnerable to an unspecified issue. Impact With certain configuration...
PeerCast: Buffer overflow
Background PeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. Description INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg function. Impact By sending a...
Crypt::CBC: Insecure initialization vector
Background Crypt::CBC is a Perl module to encrypt data using cipher block chaining CBC. Description Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encryption because the second part ...
Freeciv: Denial of service
Background Freeciv is an open source turn-based multiplayer strategy game, similar to the famous Civilization series. Description Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly...
MyDNS: Denial of service
Background MyDNS is a DNS server using a MySQL database as a backend. It is designed to allow for fast updates and small resource usage. Description MyDNS contains an unspecified flaw that may allow a remote Denial of Service. Impact An attacker could cause a Denial of Service by sending malforme...