3816 matches found
Heimdal: Buffer overflow vulnerabilities
Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...
curl: NTLM response buffer overflow
Background curl is a command line tool for transferring files via many different protocols. Description curl fails to properly check boundaries when handling NTLM authentication. Impact With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading...
gFTP: Directory traversal vulnerability
Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...
Mailman: Directory traversal vulnerability
Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...
Newspost: Buffer overflow vulnerability
Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...
xine-lib: Multiple overflows
Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...
phpGroupWare: Various vulnerabilities
Background phpGroupWare is a web-based suite of group applications including a calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full...
Vim, gVim: Vulnerable options in modelines
Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...
imlib: Buffer overflows in image decoding
Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...
Pavuk: Multiple buffer overflows
Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. Impact A remote attacker...
Cherokee: Format string vulnerability
Background Cherokee is an extra-light web server. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokeeloggerncsawritestring function. Impact Using a specially crafted URL when authenticating via authpam, a malicious user may ...
Squid ACL [url_regex] bypass vulnerability
Background Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A bug in Squid allows use...
Dnsmasq: Multiple Vulnerabilities
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Docker: Multiple Vulnerabilities
Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
file: Stack Buffer Overread
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact File has an stack-based buffer over-read in filecopystr ...
GnuPG: Multiple Vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Sofia-SIP: Multiple Vulnerabilities
Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE...
Rebar3: Command Injection
Background A sophisticated build-tool for Erlang projects that follows OTP principles. Description Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification. Impact A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced...
xar: Unsafe Extraction
Background xar provides an easily extensible archive format. Description A vulnerability has been discovered in xar. Please review the CVE identifier referenced below for details. Impact xar allows for a forward-slash separated path to be specified in the file name property, e.g. x/foo – as long ...
TACACS+: Remote Code Execution
Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...
libspf2: Multiple vulnerabilities
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Description Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers...
Ceph: Root Privilege Escalation
Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...
uptimed: Root Privilege Escalation
Background uptimed is a system uptime record daemon that keeps track of your highest uptimes. Description Via unnecessary file ownership modifications in the pkgpostinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time. Impact The uptimed...
Ming: Multiple vulnerabilities
Background A library for generating Macromedia Flash files. Description Multiple vulnerabilities have been discovered in Ming. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Portage: Man-in-the-middle
Background Portage is the package management and distribution system for Gentoo. Description A vulnerability was discovered in emerge-delta-webrsync and Portage that did not properly validate the revocation status of GPG keys. Impact A remote attacker could conduct a man-in-the-middle attack...
Ansible: Privilege escalation
Background Ansible is a radically simple IT automation platform. Description The createscript function in the lxccontainer module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack. Impact Local attackers could write arbitrary files or gain escalated...
arpwatch: Privilege escalation
Background The ethernet monitor program; for keeping track of ethernet/ip address pairings. Description Arpwatch does not properly drop supplementary groups. Impact Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround There is no known...
PLIB: Buffer overflow vulnerability
Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A buffer overflow in PLIB allows user-assisted remote attackers t...
Firebird: Buffer Overflow
Background Firebird is a multi-platform, open source relational database. Description The vulnerability is caused due to an error when processing requests from remote clients. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...
PyPAM: Arbitrary code execution
Background PyPAM is a PAM binding for Python. Description PyPAM does not handle passwords correctly if there is NULL byte in the string. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time...
Antiword: User-assisted execution of arbitrary code
Background Antiword is a free MS Word reader. Description A buffer overflow vulnerability has been found in wordole.c in Antiword. Impact A remote attacker could entice a user to open a specially crafted document using Antiword, possibly resulting in execution of arbitrary code with the privilege...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...
FreeType: Arbitrary code execution
Background FreeType is a high-quality and portable font engine. Description A stack-based buffer overflow exists in Freetype’s cf2hintmapbuild function in cff/cf2hints.c. Impact A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted fo...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Mumble: Multiple vulnerabilities
Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...
MCrypt: User-assisted execution of arbitrary code
Background MCrypt is a replacement of the old unix crypt1 utility. Description Multiple vulnerabilities have been discovered in MCrypt: A boundary error in MCrypt could cause a stack-based buffer overflow CVE-2012-4409. MCrypt contains multiple format string errors CVE-2012-4426. MCrypt does not...
libtar: Arbitraty code execution
Background libtar is a C library for manipulating POSIX tar files. Description An integer overflow error within the “thread” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive. Impact A remote attacker coul...
Links: Denial of service
Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...
CCID: Arbitrary code execution
Background CCID is a generic USB Chip/Smart Card Interface Devices driver. Description CCID contains an integer overflow vulnerability in ccidserial.c. Impact A physically proximate attacker could execute arbitrary code via a smart card with a specially crafted serial number. Workaround There is ...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process, caus...
Blender: Multiple vulnerabilities
Background Blender is a 3D Creation/Animation/Publishing System. Description Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifier referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, ...
pmake: Insecure temporary file usage
Background pmake is Debian’s version of NetBSD’s make, a tool to build programs in parallel. Description /usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names /tmp/dependPID, and without using $TMPDIR. Impact The make include files allow...
Aircrack-ng: User-assisted execution of arbitrary code
Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description A buffer overflow vulnerability has been discovered in Aircrack-ng. Impact A remote attacker could entice a user to open a specially crafted dum...
rdesktop: Directory Traversal
Background rdesktop is a Remote Desktop Protocol RDP Client. Description A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details. Impact Remote RDP servers may be able to read or overwrite arbitrary files via a .. dot dot in a pathname...
fastjar: Directory traversal
Background fastjar is a Java archiver written in C. Description Two directory traversal vulnerabilities have been discovered in fastjar. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JAR file, possibly...
SquidClamav: Denial of service
Background SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP. Description SquidClamav does not properly escape URLs before passing them to the system command call. Impact A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in a Denial of Servi...
SWFTools: User-assisted execution of arbitrary code
Background SWFTools is a collection of SWF manipulation and generation utilities written by Rainer Böhme and Matthias Kramm. Description Integer overflow errors in the "getPNG" function in png.c and the "jpegload" function in jpeg.c could cause a heap-based buffer overflow. Impact A remote attack...
stunnel: Arbitrary code execution
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description An unspecified heap vulnerability was discovered in stunnel. Impact The vulnerability may possibly be leveraged to perform remote code execution or a Denial o...
FontForge: User-assisted execution of arbitrary code
Background FontForge is a PostScript font editor and converter. Description FontForge is vulnerable to an error when processing the "CHARSETREGISTRY" header in font files, which could cause a stack-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted BDF...
rgmanager: Privilege escalation
Background rgmanager is a clustered resource group manager. Description A vulnerability has been discovered in rgmanager. Please review the CVE identifier referenced below for details. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time...