3816 matches found
aMule: Parameter injection
Background aMule is an eMule-like client for the eD2k and Kademlia networks, supporting multiple platforms. Description Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact A remote attacker could entice a user to download a file with a specially...
GCC-XML: Insecure temporary file usage
Background GCC-XML is an XML output extension to the C++ front-end of GCC. Description Dmitry E. Oboukhov reported that findflags in GCC-XML does not handle "/tmp/.cxx" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges...
C* music player: Insecure temporary file usage
Background The C Music Player cmus is a modular and very configurable ncurses-based audio player. Description Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely. Impact A local attacker could perform symlink attacks to overwrite...
Clam AntiVirus: Multiple vulnerabilities
Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been found in ClamAV: The vendor reported a Divide-by-zero error in the PE "Portable Executable"; Windows .exe file handli...
TkMan: Insecure temporary file usage
Background TkMan is a graphical, hypertext manual page and Texinfo browser for UNIX. Description Dmitry E. Oboukhov reported that TkMan does not handle the "/tmp/tkman" and "/tmp/ll" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with...
Screenie: Insecure temporary file usage
Background Screenie is a small screen frontend that is designed to be a session handler. Description Dmitry E. Oboukhov reported that Screenie does not handle "/tmp/.screenie." temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...
Linux-PAM: Privilege escalation
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Marcus Granado repoted that Linux-PAM does not properly handle user...
libvorbis: User-assisted execution of arbitrary code
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encodi...
Dillo: User-assisted execution of arbitrary code
Background Dillo is a graphical web browser known for its speed and small footprint. Description Tilei Wang reported an integer overflow in the Pngdatainfocallback function, possibly leading to a heap-based buffer overflow. Impact A remote attacker could entice a user to open an HTML document...
CDF: User-assisted execution of arbitrary code
Background CDF is a library for the Common Data Format which is a self-describing data format for the storage and manipulation of scalar and multidimensional data. It is developed by the NASA. Description Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList6...
ISC DHCP: dhcpd Denial of service
Background ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131. Description Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using "dhcp-client-identifier" and "hardware ethernet"...
Subversion: Remote execution of arbitrary code
Background Subversion is a versioning system designed to be a replacement for CVS. Description Matt Lewis of Google reported multiple integer overflows in the libsvndelta library, possibly leading to heap-based buffer overflows. Impact A remote attacker with commit access could exploit this...
Perl Compress::Raw modules: Denial of service
Background Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Description Leo Bergolth reported an off-by-one error in the inflate function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow...
DokuWiki: Local file inclusion
Background DokuWiki is a standards compliant Wiki system written in PHP. Description girex reported that data from the "configcascade" parameter in inc/init.php is not properly sanitized before being used. Impact A remote attacker could exploit this vulnerability to execute PHP code from arbitrar...
libTIFF: User-assisted execution of arbitrary code
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat function CVE-2009-2285. Tielei Wang of ICST-ERCIS, Peking University...
Adobe products: Multiple vulnerabilities
Background Adobe Flash Player is a closed-source playback software for Flash SWF files. Adobe Reader is a closed-source PDF reader that plays Flash content as well. Description Multiple vulnerabilities have been reported in Adobe Flash Player: lakehu of Tencent Security Center reported an...
OpenSC: Multiple vulnerabilities
Background OpenSC provides a set of libraries and utilities to access smart cards. Description Multiple vulnerabilities were found in OpenSC: b.badrignans discovered that OpenSC incorrectly initialises private data objects CVE-2009-0368. Miquel Comas Marti discovered that src/tools/pkcs11-tool.c ...
BIND: Denial of service
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Matthias Urlichs reported that the dnsdbfindrdataset function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at...
Python: Integer overflows
Background Python is an interpreted, interactive, object-oriented programming language. Description Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by 1 the stringexpandtabs function in Objects/stringobject.c and 2 the unicodeexpandtabs function in...
Nagios: Execution of arbitrary code
Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been reported in Nagios: Paul reported that statuswml.cgi does not properly sanitize shell metacharacters in the 1 ping and 2 traceroute parameters CVE-2009-2288. Nagios doe...
Rasterbar libtorrent: Directory traversal
Background Rasterbar libtorrent is a C++ BitTorrent implementation focusing on efficiency and scalability. Deluge is a BitTorrent client that ships a copy of libtorrent. Description census reported a directory traversal vulnerability in src/torrentinfo.cpp that can be triggered via .torrent files...
PulseAudio: Local privilege escalation
Background PulseAudio is a network-enabled sound server with an advanced plug-in system. Description Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerabili...
ISC DHCP: dhcpclient Remote execution of arbitrary code
Background ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131. Description The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Impact A remote attacker might set up a rogu...
Cyrus-SASL: Execution of arbitrary code
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Impact A remote...
git: git-daemon Denial of service
Background git - the stupid content tracker, the revision control system used by the Linux kernel team. Description Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments. Impact A remote unauthenticated attacker could send a...
ModPlug: User-assisted execution of arbitrary code
Background ModPlug is a library for playing MOD-like music. Description Two vulnerabilities have been reported in ModPlug: dummy reported an integer overflow in the CSoundFile::ReadMed function when processing a MED file with a crafted song comment or song name, which triggers a heap-based buffer...
Multiple Ralink wireless drivers: Execution of arbitrary code
Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in the Apache HTTP server: Jonathan Peatfield reported that the "Options=IncludesNoEXEC" argument to the "AllowOverride" directive is not processed...
Adobe Reader: User-assisted execution of arbitrary code
Background Adobe Reader is a PDF reader released by Adobe. Description Multiple vulnerabilities have been reported in Adobe Reader: Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter CVE-2009-0198. Mark Dowd of the IBM Internet Security Systems X-Force and...
Syslog-ng: Chroot escape
Background Syslog-ng is a flexible and scalable system logger. Description Florian Grandel reported that Syslog-ng does not call chdir before chroot which leads to an inherited file descriptor to the current working directory. Impact A local attacker might exploit a separate vulnerability in...
GStreamer plug-ins: User-assisted execution of arbitrary code
Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been reported in several GStreamer plug-ins: Tobias Klein reported two heap-based buffer overflows and an array index error in the qtdemuxparsesamples functio...
APR Utility Library: Multiple vulnerabilities
Background The Apache Portable Runtime Utility Library aka apr-util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Multiple vulnerabilities have been discovered in the APR Utility Library: Matthew Palmer reported a heap-based...
ModSecurity: Denial of service
Background ModSecurity is a popular web application firewall for the Apache HTTP server. Description Multiple vulnerabilities were discovered in ModSecurity: Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name...
libwmf: User-assisted execution of arbitrary code
Background libwmf is a library for converting WMF files. Description The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting...
Wireshark: Multiple vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark: David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block URB CVE-2008-4680. Florent Drouin and David...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code into the configuration file...
Apache Tomcat JK Connector: Information disclosure
Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...
Ruby: Denial of service
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes the "BigDecimal" class. Description Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers...
libpng: Information disclosure
Background libpng is the official PNG reference library used to read, write and manipulate PNG images. Description Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits ...
libsndfile: User-assisted execution of arbitrary code
Background libsndfile is a C library for reading and writing files containing sampled sound. Description The following vulnerabilities have been found in libsndfile: Tobias Klein reported that the headerread function in src/common.c uses user input for calculating a buffer size, possibly leading ...
NTP: Remote execution of arbitrary code
Background NTP contains the client and daemon implementations for the Network Time Protocol. Description Multiple vulnerabilities have been found in the programs included in the NTP package: Apple Product Security reported a boundary error in the cookedprint function in ntpq/ntpq.c, possibly...
Pidgin: Multiple vulnerabilities
Background Pidgin formerly Gaim is an instant messaging client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin: Veracode reported a boundary error in the "XMPP SOCKS5 bytestream server" when initiating an outgoing file transfer...
acpid: Denial of service
Background acpid is a daemon for the Advanced Configuration and Power Interface ACPI. Description The acpid daemon allows opening a large number of UNIX sockets without closing them, triggering an infinite loop. Impact Remote attackers can cause a Denial of Service CPU consumption and connectivit...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Tavis Ormandy reported multiple integer overflows in the cffcharsetcomputecids function in cff/cffload.c, sfnt/tccmap.c and the ftsmoothrendergeneric function in smooth/ftsmooth.c, possibly leading to heap or stack-based...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...
IPSec Tools: Denial of service
Background The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. Description The following vulnerabilities have been found in the racoon daemon as shipped with...
Cscope: User-assisted execution of arbitrary code
Background Cscope is a developer's tool for browsing source code. Description James Peach of Apple discovered a stack-based buffer overflow in cscope's handling of long file system paths CVE-2009-0148. Multiple stack-based buffer overflows were reported in the putstring function when processing a...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in the IAX2 channel driver when performing the 3-way handshake CVE-2008-1897, when handling a large number of POKE requests CVE-2008-3263, when handling authentication...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaro...
LittleCMS: Multiple vulnerabilities
Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description RedHat reported a null-pointer dereference flaw while processing monochrome ICC profiles CVE-2009-0793. Chris Evans of Google...