3816 matches found
SELinux PAM: Local password guessing attack
Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...
Dia: Arbitrary code execution through SVG import
Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...
Hylafax: Insecure temporary file creation in xferfaxstats script
Background Hylafax is a client-server fax package for class 1 and 2 fax modems. Description Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact A local attacker could create symbolic links...
Evolution: Format string vulnerabilities
Background Evolution is a GNOME groupware application. Description Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers CAN-2005-2549. He als...
Qpopper: Multiple Vulnerabilities
Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...
sharutils: Insecure temporary file creation
Background sharutils is a collection of tools to deal with shar archives. Description Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact A local attacker could create symbolic links i...
Xzabite dyndnsupdate: Multiple vulnerabilities
Background dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" Haglund. Description Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows. Impact A remote attacker, posing as a dyndns.org server, could execute arbitrary code with the rights of the user...
mpg123: Buffer overflow
Background mpg123 is a real-time MPEG audio player. Description mpg123 improperly parses frame headers in input streams. Impact By inducing a user to play a malicious file, an attacker may be able to exploit a buffer overflow to execute arbitrary code with the permissions of the user running...
Shoutcast Server: Remote code execution
Background Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety of platforms, including Linux, and is extremely popular with Internet broadcasters. Description Part of the Shoutcast Server Linux binary has been found to improperly handle sprintf parsing. Impact A malicious...
ncpfs: Buffer overflow in ncplogin and ncpmap
Background ncpfs is a NCP protocol network filesystem that allows access to Netware services, for example to mount volumes of NetWare servers or print to NetWare print queues. Description Karol Wiesek discovered a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap...
ez-ipupdate: Format string vulnerability
Background ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. Description Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. Impact An attacker could exploit this to execute arbitrary...
mpg123: Buffer overflow vulnerabilities
Background mpg123 is a MPEG Audio Player. Description Buffer overflow vulnerabilities in the getauthfromURL and httpopen functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking. Impact By enticing a...
Netpbm: Multiple temporary file issues
Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...
gv: Exploitable Buffer Overflow
Background gv is a PostScript and PDF viewer for X which provides a user interface for the ghostscript interpreter. Description gv contains a buffer overflow vulnerability where an unsafe sscanf call is used to interpret PDF and PostScript files. Impact By enticing a user to view a malformed PDF ...
XChat 2.0.x SOCKS5 Vulnerability
Background XChat is a multiplatform IRC client. Description The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server...
Fetchmail 6.2.5 fixes a remote DoS
Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...
Python, PyPy: Multiple Vulnerabilities
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers f...
Perl: Multiple Vulnerabilities
Background Perl is Larry Wall’s Practical Extraction and Report Language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
PostgreSQL: Privilege Escalation
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...
stb: Multiple Vulnerabilities
Background A set of single-file public domain or MIT licensed libraries for C/C++ Description Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...
Mbed TLS: Multiple Vulnerabilities
Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...
pypy, pypy3: Multiple Vulnerabilities
Background A fast, compliant alternative implementation of the Python language. Description Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...
protobuf, protobuf-python: Denial of Service
Background Google's Protocol Buffers are an extensible mechanism for serializing structured data. Description A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Impact A parsing vulnerability for the MessageSet type...
PostgreSQL: Multiple Vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
TigerVNC: Multiple Vulnerabilities
Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
SDL_ttf: Arbitrary Memory Write
Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...
btrbk: Remote Code Execution
Background btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below...
MiniDLNA: Multiple Vulnerabilities
Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
slixmpp: Insufficient Certificate Validation
Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...
MPFR: User-assisted execution of arbitrary code
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
MirBSD Korn Shell: Arbitrary code execution
Background MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Description Improper sanitation of environment import allows for appending of values to passed parameters. Impact An attacker who alrea...
OptiPNG: User-assisted execution of arbitrary code
Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact A remote attacker could entice a user to open a specially crafted imag...
GEGL: User-assisted execution of arbitrary code
Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...
libotr: Arbitrary code execution
Background libotr is a portable off-the-record messaging library. Description Multiple heap-based buffer overflows are present in the Base64 decoder of libotr. Impact A remote attacker could send a specially crafted OTR message, resulting in arbitrary code execution with the privileges of the...
foomatic-filters: User-assisted execution of arbitrary code
Background The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description The foomatic-rip filter improperly handles command-line arguments, including those issued by FoomaticRIPCommandLine fields in PPD files. Impact A remote attacker could entice ...
Maildrop: privilege escalation
Background maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server. Description Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact A local attacker could create a specially crafted .mailfilter file, possib...
Blender: Untrusted search path
Background Blender is a 3D Creation/Animation/Publishing System. Description Steffen Joeris reported that Blender's BPYinterface calls PySysSetArgv in such a way that Python prepends sys.path with an empty string. Impact A local attacker could entice a user to run "blender" from a directory...
WeeChat: Denial of service
Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a...
Graphviz: User-assisted execution of arbitrary code
Background Graphviz is an open source graph visualization software. Description Roee Hay reported a stack-based buffer overflow in the pushsubg function in parser.y when processing a DOT file with a large number of Agrapht elements. Impact A remote attacker could entice a user or automated system...
mtr: Stack-based buffer overflow
Background mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. Description Adam Zabrocki reported a boundary error within the splitredraw function in the file split.c, possibly leading to a stack-based buffer overflow. Impact A remote attack...
libid3tag: Denial of service
Background libid3tag is an ID3 tag manipulation library. Description Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3FIELDTYPESTRINGLIST field that ends in '\0'. Impact A remote attacker could entice a user to open a specially crafted MP3 file, possib...
Linux Terminal Server Project: Multiple vulnerabilities
Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server GLSA 200705-06, GLSA 200710-16, GLSA 200801-09, libpng GLSA 200705-24, GLSA 200711-08, Freetype GL...
Boost: Denial of service
Background Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Description Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perlmatchernonrecursive.hpp CVE-2008-0171 and a NULL pointer dereferen...
Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...
po4a: Insecure temporary file creation
Background po4a is a set of tools for helping with the translation of documentation. Description The po4a development team reported a race condition in the gettextize function when creating the file "/tmp/gettextization.failed.po". Impact A local attacker could perform a symlink attack, possibly...
Amarok: User-assisted remote execution of arbitrary code
Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...
CHMlib: User-assisted remote execution of arbitrary code
Background CHMlib is a library for the MS CHM Compressed HTML file format plus extracting and HTTP server utils. Description When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca function resulting in a shift of t...
Links: Arbitrary Samba command execution
Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...
Tor: Several vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before...