3816 matches found
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...
Multiple Ralink wireless drivers: Execution of arbitrary code
Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...
Avahi: Denial of service
Background Avahi is a system that facilitates service discovery on a local network. Description Rob Leslie reported that the originatesfromlocallegacyunicastsocket function in avahi-core/server.c does not account for the network byte order of a port number when processing incoming multicast...
Analog: Denial of service
Background Analog is a a webserver log analyzer. Description Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 GLSA 200804-02. Impact A local attacker could place specially crafted log files into a log directory...
Openswan: Insecure temporary file creation
Background Openswan is an implementation of IPsec for Linux. Description Dmitry E. Oboukhov reported that the IPSEC livetest tool does not handle the ipseclive.conn and ipsec.olts.remote.log temporary files securely. Impact A local attacker could perform symlink attacks to execute arbitrary code...
Streamripper: Multiple vulnerabilities
Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Stefan Cornelius from Secunia Research reported multiple buffer overflows in the httpparsescheader, httpgetpls and httpgetm3u functions in lib/http.c when parsing overly long HTTP headers...
OpenSC: Insufficient protection of smart card PIN
Background OpenSC is a smart card application that allows reading and writing via PKCS11. Description Chaskiel M Grundman reported that OpenSC uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Impact A...
WordNet: Execution of arbitrary code
Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...
Motion: Execution of arbitrary code
Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description Nico Golde reported an off-by-one error within the readclient function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius Secunia...
Comix: Multiple vulnerabilities
Background Comix is a GTK comic book viewer. Description Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs CVE-2008-1568. Comix also creates directories with predictable names CVE-2008-1796. Impact A remote...
JRockit: Multiple vulnerabilities
Background JRockit is BEA WebLogic's J2SE Development Kit. Description Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Impact A remote attacker could entice a user to run a specially crafted applet on a website or start an application ...
Ghostscript: Buffer overflow
Background Ghostscript is a suite of software based on an interpreter for PostScript and PDF. Description Chris Evans Google Security discovered a stack-based buffer overflow within the zseticcspace function in the file zicc.c when processing a PostScript file containing a long "Range" array in a...
PeerCast: Buffer overflow
Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...
PEAR::MDB2: Information disclosure
Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...
Hugin: Insecure temporary file creation
Background Hugin is a GUI for creating and processing panoramic images. Description Suse Linux reported that Hugin creates the "hugindebugoptimresults.txt" temporary file in an insecure manner. Impact A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting...
nss_ldap: Information disclosure
Background nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Description Josh Burley reported that nssldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded...
rsync: Two buffer overflows
Background rsync is a file transfer program to keep remote directories synchronized. Description Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function "fname" in file sender.c when processing overly long directory names. Impact A remote attacker could enti...
pam_ldap: Authentication bypass vulnerability
Background pamldap is a Pluggable Authentication Module which allows authentication against LDAP directories. Description Steve Rigler discovered that pamldap does not correctly handle "PasswordPolicyResponse" control responses from an LDAP directory. This causes the pamauthenticate function to...
ClamAV: Denial of service
Background ClamAV is a GPL virus scanner. Description Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Impact By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash...
libgsf: Buffer overflow
Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description "infamous41md" has discovered that the "oleinitinfo" function may allocate too little memory for storing...
SeaMonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution...
TORQUE: Insecure temporary file creation
Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...
libmusicbrainz: Multiple buffer overflows
Background libmusicbrainz is a client library used to access MusicBrainz music meta data. Description Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact A remote attacker could ...
CAPI4Hylafax fax receiver: Execution of arbitrary code
Background CAPI4Hylafax makes it possible to send and receive faxes via CAPI and AVM Fritz!Cards. Description Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact A remote attacker can send null \0 and shell...
Heimdal: rshd privilege escalation
Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...
GStreamer FFmpeg plugin: Heap-based buffer overflow
Background The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. Description The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap...
Netpbm: Buffer overflow in pnmtopng
Background Netpbm is a package of 220 graphics programs and a programming library, including pnmtopng, a tool to convert PNM image files to the PNG format. Description RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact An attacker could craft a malicious PNM file and entice ...
Xpdf, Kpdf, GPdf: Denial of Service vulnerability
Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...
Shorewall: Security policy bypass
Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall fails to enforce security policies if configured with "MACLISTDISPOSITION" set to "ACCEPT" or "MACLISTTTL" set to a value greater or equal to 0. Impact A...
dhcpcd: Denial of Service vulnerability
Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...
RealPlayer: Heap overflow vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact By enticing a user to play a specially crafted RealMedia file an attacker coul...
SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...
OpenSLP: Multiple buffer overflows
Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple buffer overflows have been found in OpenSLP, when handling malformed SLP packets. Impact By sending specially crafted SLP packets, a remote attacker could potentially execute arbitrary code...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...
tnftp: Arbitrary file overwriting
Background tnftp is a NetBSD FTP client with several advanced features. Description The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact An attacker running an FTP server could supply clients with malicious filenames, potentially allowing the...
shadow: Unauthorized modification of account information
Background shadow provides a set of utilities to deal with user accounts. Description Martin Schulze reported a flaw in the passwdcheck function in "libmisc/pwdcheck.c" which is used by chfn and chsh. Impact A logged-in local user with an expired password may be able to use chfn and chsh to chang...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...
eGroupWare: Multiple XSS vulnerabilities
Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book,...
MoinMoin: Group ACL bypass
Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...
SpamAssassin: Denial of Service vulnerability
Background SpamAssassin is an extensible email filter which is used to identify spam. Description SpamAssassin contains an unspecified Denial of Service vulnerability. Impact By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service...
PuTTY: Pre-authentication arbitrary code execution
Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...
mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
Background mit-krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The library function krb5anametolocalname contains multiple buffer overflows. This is only exploitable if explicit mapping or rules-based mappin...
Multiple Vulnerabilities in pwlib
Background pwlib is a multi-platform library designed for OpenH323. Description Multiple vulnerabilities have been found in the implimentation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
Slurm: Multiple Vulnerabilities
Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
PJSIP: Heap Buffer Overflow
Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier...
Nokogiri: Denial of Service
Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details. Impact Nokogiri fails to check the return value from xmlTextReaderExpand in the method...
Liferea: Remote Code Execution
Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...
GLib: Privilege Escalation
Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...