3816 matches found
XEmacs: User-assisted execution of arbitrary code
Background XEmacs is a highly extensible and customizable text editor. Description Tielei Wang reported multiple integer overflow vulnerabilities in the tiffinstantiate, pnginstantiate and jpeginstantiate functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Impact A...
lighttpd: Denial of service
Background lighttpd is a lightweight high-performance web server. Description Li Ming reported that lighttpd does not properly process packets that are sent overly slow. Impact A remote attacker might send specially crafted packets to a server running lighttpd, possibly resulting in a Denial of...
GD: User-assisted execution of arbitrary code
Background GD is a graphic library for fast image creation. Description Tomas Hoger reported that the gdGetColors function in gdgd.c does not properly verify the colorsTotal struct member, possibly leading to a buffer overflow. Impact A remote attacker could entice a user to open a specially...
Smarty: Multiple vulnerabilities
Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL character CVE-2008-1066. The vendor reported that the...
Newt: User-assisted execution of arbitrary code
Background Newt is a library for displaying text mode user interfaces. Description Miroslav Lichvar reported that Newt is prone to a heap-based buffer overflow in textbox.c. Impact A remote attacker could entice a user to enter a specially crafted string into a text dialog box rendered by Newt,...
BIND: Multiple vulnerabilities
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note:...
CamlImages: User-assisted execution of arbitrary code
Background CamlImages is an image processing library for Objective Caml. Description Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the 1 readpngfile and readpngfileasrgb24 functions, when processing a PNG image CVE-2009-2295 and 2 gifread.c an...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH...
SILC: Multiple vulnerabilities
Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, and SILC Client is an IRSSI-based text client. Description Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client. For further information please consult the CVE...
Transmission: Multiple vulnerabilities
Background Transmission is a cross-platform BitTorrent client. Description Multiple stack-based buffer overflows in the trmagnetParse function in libtransmission/magnet.c have been discovered. Impact A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafte...
multipath-tools: World-writeable socket
Background multipath-tools are used to drive the Device Mapper multipathing driver. Description multipath-tools uses world-writable permissions for the socket file /var/run/multipathd.sock. Impact Local users could send arbitrary commands to the multipath daemon, causing cluster failures and data...
ImageMagick: User-assisted execution of arbitrary code
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Tielei Wang has discovered that the XMakeImage function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact A remote attacker could enti...
xine-lib: User-assisted execution of arbitrary code
Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact A remote...
nano: Multiple vulnerabilities
Background nano is a GNU GPL'd Pico clone with more functionality. Description Multiple race condition vulnerabilities have been discovered in nano. For further information please consult the CVE entries referenced below. Impact Under certain conditions, a local, user-assisted attacker could...
Wireshark: Multiple vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact A remote attacker could cause...
Fetchmail: Multiple vulnerabilities
Background Fetchmail is a remote mail retrieval and forwarding utility. Description Multiple vulnerabilities have been reported in Fetchmail: The sdump function might trigger a heap-based buffer overflow during the escaping of non-printable characters with the high bit set from an X.509 certifica...
FreeType 1: User-assisted execution of arbitrary code
Background FreeType is a True Type Font rendering library. Description Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Impact A remote attacker could entic...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command...
Ruby: Terminal Control Character Injection
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instanc...
Blender: Untrusted search path
Background Blender is a 3D Creation/Animation/Publishing System. Description Steffen Joeris reported that Blender's BPYinterface calls PySysSetArgv in such a way that Python prepends sys.path with an empty string. Impact A local attacker could entice a user to run "blender" from a directory...
aria2: Multiple vulnerabilities
Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc CVE-2009-3575 and a format string vulnerability in the AbstractCommand::onAbort...
SquirrelMail: Multiple vulnerabilities
Background SquirrelMail is a standards-based webmail package written in PHP. Description Multiple vulnerabilities were found in SquirrelMail: Niels Teusink reported multiple input sanitation flaws in certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php, PHPSELF and t...
net-snmp: Authorization bypass
Background net-snmp bundles software for generating and retrieving SNMP data. Description The netsnmpudpfmtaddr function snmplib/snmpUDPDomain.c, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Impact A remote, unauthenticated attacker could bypass the...
VirtualBox: Multiple vulnerabilities
Background The VirtualBox family provides powerful x86 virtualization products. Description Thomas Biege of SUSE discovered multiple vulnerabilities: A shell metacharacter injection in popen CVE-2009-3692 and a possible buffer overflow in strncpy in the VBoxNetAdpCtl configuration tool. An...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: An anonymous researcher working with the Zero Day Initiative reported that Adobe Flash...
NTP: Denial of service
Background NTP is a set of the Network Time Protocol programs. Description Robin Park and Dmitri Vinokurov discovered that ntprequest.c in ntpd does not handle MODEPRIVATE packets correctly, causing a continuous exchange of MODEPRIVATE error responses between two NTP daemons or causing high CPU...
Ruby on Rails: Multiple vulnerabilities
Background Ruby on Rails is a web-application and persistence framework. Description The following vulnerabilities were discovered: sameer reported that lib/actioncontroller/cgiprocess.rb removes the :cookieonly attribute from the default session options CVE-2007-6077, due to an incomplete fix fo...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP...
PEAR Net_Traceroute: Command injection
Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...
UW IMAP toolkit: Multiple vulnerabilities
Background The UW IMAP toolkit is a daemon for the IMAP and POP3 network mail protocols. The c-client library provides an API for IMAP, POP3 and other protocols. Description Multiple vulnerabilities were found in the UW IMAP toolkit: Aron Andersson and Jan Sahlin of Bitsec reported boundary error...
dstat: Untrusted search path
Background dstat is a versatile system resource monitor written in Python. Description Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path sys.path before calling "import". Impact A local attack...
Wireshark: Multiple vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c CVE-2009-3829. The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS,...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details...
Horde: Multiple vulnerabilities
Background Horde is a web application framework written in PHP. Description Multiple vulnerabilities have been discovered in Horde: Stefan Esser of Sektion1 reported an error within the form library when handling image form fields CVE-2009-3236. Martin Geisler and David Wharton reported that an...
Adobe Reader: Multiple vulnerabilities
Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletin referenced below. Impact A remote attacker might entice...
Pidgin: Multiple vulnerabilities
Background Pidgin is a client for a variety of instant messaging protocols. Description Multiple vulnerabilities were found in Pidgin: Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an...
Wget: Certificate validation error
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description The vendor reported that Wget does not properly handle Common Name CN fields in X.509 certificates that contain an ASCII NUL \0 character...
cURL: Certificate validation error
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL \0 character. Specifically, the processing of such fields is...
Dnsmasq: Multiple vulnerabilities
Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It includes support for Trivial FTP TFTP. Description Multiple vulnerabilities have been reported in the TFTP functionality included in Dnsmasq: Pablo Jorge and Alberto Solino discovered a heap-based buffer...
nginx: Remote execution of arbitrary code
Background nginx is a robust, small and high performance HTTP and reverse proxy server. Description Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact A remote attacker might send a specially crafted...
ZNC: Directory traversal
Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...
Wireshark: Denial of service
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities were discovered in Wireshark: A buffer overflow in the IPMI dissector related to an array index error CVE-2009-2559. Multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP...
Horde: Multiple vulnerabilities
Background Horde is a web application framework written in PHP. Horde IMP, the "Internet Messaging Program", is a Webmail module and Horde Passwd is a password changing module for Horde. Description Multiple vulnerabilities have been discovered in Horde: Gunnar Wrobel reported an input sanitation...
HTMLDOC: User-assisted execution of arbitrary code
Background HTMLDOC is a HTML indexer and HTML to PS and PDF converter. Description ANTHRAX666 reported an insecure call to the sscanf function in the setpagesize function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the writetype1 function in...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using th...
irssi: Execution of arbitrary code
Background irssi is a modular textUI IRC client with IPv6 support. Description Nemo discovered an off-by-one error leading to a heap overflow in irssi's eventwallops parsing function. Impact A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack...
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...
LMBench: Insecure temporary file usage
Background LMBench is a suite of simple, portable benchmarks for UNIX platforms. Description Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle "/tmp/sdiff." temporary files securely. NOTE: There might be further occurances of insecure temporary file usage. Impact A local...
Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Matt...