3816 matches found
OpenSC: Arbitrary code execution
Background OpenSC is a tools and libraries for smart cards. Description Multiple stack-based buffer overflow errors have been discovered in OpenSC. Impact A physically proximate attacker could possibly execute arbitrary code using a specially crafted smart card. Workaround There is no known...
Git: Privilege escalation
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...
cabextract: Multiple vulnerabilities
Background cabextract is free software for extracting Microsoft cabinet files. Description Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted archive ...
SWI-Prolog : Multiple vulnerabilities
Background SWI-Prolog is a free, small, and standard compliant Prolog compiler. Description Multiple vulnerabilities have been discovered in SWI-Prolog: An error in the canoniseFileName function could cause a stack-based buffer overflow CVE-2012-6089. An error in the expand function could cause a...
Unbound: Denial of service
Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition via a speciall...
HAProxy: Multiple vulnerabilities
Background HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. Description Multiple vulnerabilities have been discovered in HAProxy. Please review the CVE identifiers referenced below for details. Impact ...
libgdata: Man-in-the-Middle attack
Background libgdata is a GLib-based library for accessing online service APIs using the GData protocol. Description An error in the "gdataservicebuildsession" function of gdata-service.c prevents libgdata from properly validating certificates. Impact A remote attacker could perform...
Puppet: Multiple vulnerabilities
Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...
socat: Arbitrary code execution
Background socat is a multipurpose bidirectional relay, similar to netcat. Description A vulnerability in the "xioscanreadline" function in xio-readline.c could cause a heap-based buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the socat...
Perl DBD-Pg Module: Arbitrary code execution
Background DBD-Pg is a PostgreSQL interface module for Perl. Description Format string vulnerabilities have been found in the the "pgwarn" and "dbdstprepare" functions in dbdimp.c. Impact A remote PostgreSQL server could send specially crafted database warnings or DBD statements, possibly resulti...
Conky: Privilege escalation
Background Conky is an advanced, highly configurable system monitor for X. Description A privilege escalation vulnerability due to an insecure temporary file was found in Conky. Impact A local attacker could possibly overwrite arbitrary files with the privileges of the user running Conky...
irssi: Execution of arbitrary code
Background irssi is a modular textUI IRC client with IPv6 support. Description Nemo discovered an off-by-one error leading to a heap overflow in irssi's eventwallops parsing function. Impact A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack...
LMBench: Insecure temporary file usage
Background LMBench is a suite of simple, portable benchmarks for UNIX platforms. Description Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle "/tmp/sdiff." temporary files securely. NOTE: There might be further occurances of insecure temporary file usage. Impact A local...
Ruby: Denial of service
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes the "BigDecimal" class. Description Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers...
nfs-utils: Access restriction bypass
Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description Michele Marcionelli reported that nfs-utils invokes the hostsctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact A remote attacker could bypass...
Valgrind: Untrusted search path
Background Valgrind is an open-source memory debugger. Description Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Impact A local attacker could prepare a specially crafted .valgrindrc file and entice a user to ru...
Ampache: Insecure temporary file usage
Background Ampache is a PHP based tool for managing, updating and playing audio files via a web interface. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Impact A local attacker could perform symlink attacks to overwrite arbitrary...
Exiv2: Integer overflow
Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer...
Net-SNMP: Denial of service
Background Net-SNMP is a collection of tools for generating and retrieving SNMP data. Description The SNMP agent snmpd does not properly handle GETBULK requests with an overly large "max-repetitions" field. Impact A remote unauthenticated attacker could send a specially crafted SNMP request to th...
teTeX: Multiple vulnerabilities
Background teTeX is a complete TeX distribution for editing documents. Description Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats CVE-2007-5937,...
MadWifi: Denial of service
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large "length" value in the "xrates" element. Impact A remote attacker could act as an...
libsndfile: Buffer overflow
Background libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC. Description Robert Buchholz of the Gentoo Security team discovered that the flacbuffercopy function does not correctly handle FLAC streams with variable block sizes which leads to a...
Eggdrop: Buffer overflow
Background Eggdrop is an IRC bot extensible with C or Tcl. Description Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server. Impact A remote attacker could entice an Eggdrop user to connect the bot to a...
NVClock: Insecure file usage
Background NVClock is an utility for changing NVidia graphic chipsets internal frequency. Description Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Impact A local attacker could create a specially crafted...
PostgreSQL: Privilege escalation
Background PostgreSQL is an open source object-relational database management system. Description An error involving insecure searchpath settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Impact If allowed to call a SECURITY DEFINER function, an attacker could gain the SQ...
SpamAssassin: Long URI Denial of service
Background SpamAssassin is an extensible email filter used to identify junk email. Description SpamAssassin does not correctly handle very long URIs when scanning emails. Impact An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails...
McAfee VirusScan: Insecure DT_RPATH
Background McAfee VirusScan for Linux is a commercial antivirus solution for Linux. Description Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably intended. Impact...
OpenLDAP: Denial of Service vulnerability
Background OpenLDAP is a suite of LDAP-related applications and development tools. Description Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This...
TIN: Multiple buffer overflows
Background TIN is a threaded NNTP and spool based UseNet newsreader for a variety of platforms. Description Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflo...
TikiWiki: Multiple vulnerabilities
Background TikiWiki is an open source content management system written in PHP. Description In numerous files TikiWiki provides an empty sortmode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also...
Qt: Integer overflow
Background Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. Description An integer overflow flaw has been found in the pixmap handling of Qt. Impact By enticing a user to open a specially crafted pixmap image in an application using Qt, e.g. Konqueror, a remote attacker could be abl...
Python: Buffer Overflow
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr" function when handling UTF-32/UCS-4 encoded strings. Impact If a Python application processes...
Warzone 2100 Resurrection: Multiple buffer overflows
Background Warzone 2100 Resurrection is a real-time strategy game, developed by Pumpkin Studios and published by Eidos Interactive. Description Luigi Auriemma discovered two buffer overflow vulnerabilities in Warzone 2100 Resurrection. The recvTextMessage function of the Warzone 2100 Resurrection...
mpg123: Heap overflow
Background mpg123 is a real time audio player designed for the MPEG format. Description In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy will overwrite the data assigned next in memory. Impact...
Cacti: Multiple vulnerabilities in included ADOdb
Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...
cURL/libcurl: Buffer overflow in the handling of TFTP URLs
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. libcurl is the corresponding client-side library. Description Ulf Harnhammar reported a possible buffer overflow in the handling of TFTP URLs in libcurl due to the lack of boundary checks...
Cube: Multiple vulnerabilities
Background Cube is an open source first person shooter game engine supporting multiplayer via LAN or internet. Description Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length...
Dropbear: Privilege escalation
Background Dropbear is an SSH server and client with a small memory footprint. Description Under certain conditions Dropbear could fail to allocate a sufficient amount of memory, possibly resulting in a buffer overflow. Impact By sending specially crafted data to the server, authenticated users...
AbiWord: New RTF import buffer overflows
Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Impact An attacker...
KOffice, KWord: RTF import buffer overflow
Background KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. Description Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact An attacker could entice a user to open a specially-crafted RTF file, potentially...
Squid: Denial of Service vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many more features. Description Certain malformed...
sandbox: Insecure temporary file handling
Background sandbox is a Gentoo Linux utility used by the Portage package management system. Description The Gentoo Linux Security Audit Team discovered that the sandbox utility was vulnerable to multiple TOCTOU Time of Check, Time of Use file creation race conditions. Impact Local users may be ab...
Heimdal: Buffer overflow vulnerabilities
Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...
gFTP: Directory traversal vulnerability
Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...
Mailman: Directory traversal vulnerability
Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...
Newspost: Buffer overflow vulnerability
Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...
xine-lib: Multiple overflows
Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...
phpGroupWare: Various vulnerabilities
Background phpGroupWare is a web-based suite of group applications including a calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full...
Vim, gVim: Vulnerable options in modelines
Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...
imlib: Buffer overflows in image decoding
Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...