udev: Multiple vulnerabilities

Background udev is the device manager used in the Linux 2.6 kernel series. Description Sebastian Krahmer of SUSE discovered the following two vulnerabilities: udev does not verify the origin of NETLINK messages properly CVE-2009-1185. A buffer overflow exists in the utilpathencode function in...

Adobe Reader: User-assisted execution of arbitrary code

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities have been discovered in Adobe Reader: Alin Rad Pop of Secunia Research reported a heap-based buffer overflow when processing PDF files containing a malformed JBIG2 symbol...

libsndfile: User-assisted execution of arbitrary code

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact A remote attacker could entice a user to...

mpg123: User-assisted execution of arbitrary code

Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description The vendor reported a signedness error in the storeid3text function in id3.c, allowing for out-of-bounds memory access. Impact A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 MP3...

Ventrilo: Denial of service

Background Ventrilo is a Voice over IP group communication server. Description Luigi Auriemma reported a NULL pointer dereference in Ventrilo when processing packets with an invalid version number followed by another packet. Impact A remote attacker could send specially crafted packets to the...

F-PROT Antivirus: Multiple Denial of Service vulnerabilities

Background F-PROT Antivirus is a multi-platform virus scanner for workstations and mail servers. Description The following vulnerabilities were found: Multiple errors when processing UPX, ASPack or Microsoft Office files CVE-2008-3243. Infinite Sergio Alvarez of n.runs AG reported an invalid memo...

Wicd: Information disclosure

Background Wicd is an open source wired and wireless network manager for Linux. Description Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object. Impact A local attacker could exploit this vulnerability to receive...

Tor: Multiple vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Theo de Raadt reported that the application does not properly drop privileges to the primary groups of the user specified via the "User" configuration optio...

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Description Multiple vulnerabilities have been reported in MIT Kerberos 5: A free call on an uninitialized...

Avahi: Denial of service

Background Avahi is a system that facilitates service discovery on a local network. Description Rob Leslie reported that the originatesfromlocallegacyunicastsocket function in avahi-core/server.c does not account for the network byte order of a port number when processing incoming multicast...

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description The ASN1STRINGprintex function does not properly check the provided length of a BMPString or...

Xpdf: Untrusted search path

Background Xpdf is a PDF file viewer that runs under the X Window System. Description Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definiti...

Eye of GNOME: Untrusted search path

Background The Eye of GNOME is the official image viewer for the GNOME Desktop environment. Description James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983. Impact A local attacker could...

ntp: Certificate validation error

Background ntp contains the client and daemon implementations for the Network Time Protocol. Description It has been reported that ntp incorrectly checks the return value of the EVPVerifyFinal, a vulnerability related to CVE-2008-5077 GLSA 200902-02. Impact A remote attacker could exploit this...

WeeChat: Denial of service

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a...

GLib: Execution of arbitrary code

Background The GLib is a library of C routines that is used by a multitude of programs. Description Diego E. Petteno reported multiple integer overflows in glib/gbase64.c when converting a long string from or to a base64 representation. Impact A remote attacker could entice a user or automated...

Gnumeric: Untrusted search path

Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. Description James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric. Impact A local attacker could entice a user to run Gnumeric...

Openfire: Multiple vulnerabilities

Background Ignite Realtime Openfire is a fast real-time collaboration server. Description Two vulnerabilities have been reported by Federico Muttis, from CORE IMPACT's Exploit Writing Team: Multiple missing or incomplete input validations in several .jsps CVE-2009-0496. Incorrect input validation...

gedit: Untrusted search path

Background gedit is a text editor for the GNOME desktop. Description James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact A local attacker could entice a user to open gedit from a specially crafted...

Analog: Denial of service

Background Analog is a a webserver log analyzer. Description Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 GLSA 200804-02. Impact A local attacker could place specially crafted log files into a log directory...

pam_krb5: Privilege escalation

Background pamkrb5 is a a Kerberos v5 PAM module. Description The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not properly handled when running setuid...

Squid: Multiple Denial of Service vulnerabilities

Background Squid is a full-featured web proxy cache. Description The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239 CVE-2008-1612. An invalid version number in a HTTP...

MLDonkey: Information disclosure

Background MLDonkey is a multi-network P2P application written in Ocaml, coming with its own Gtk GUI, web and telnet interface. Description Michael Peselnik reported that src/utils/lib/url.ml in the web interface of MLDonkey does not handle file names with leading double slashes properly. Impact ...

Muttprint: Insecure temporary file usage

Background Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Description Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact A local attacker could perform symlink attacks to overwrite arbitrar...

Ghostscript: User-assisted execution of arbitrary code

Background Ghostscript is an interpreter for the PostScript language and the Portable Document Format PDF. Description Jan Lieskovsky from the Red Hat Security Response Team discovered the following vulnerabilities in Ghostscript's ICC Library: Multiple integer overflows CVE-2009-0583. Multiple...

Amarok: User-assisted execution of arbitrary code

Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...

FFmpeg: Multiple vulnerabilities

Background FFmpeg is a complete solution to record, convert and stream audio and video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia player which also includes a vulnerable copy of the code. Description Multiple...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...

libcdaudio: User-assisted execution of arbitrary code

Background libcdaudio is a library of CD audio related routines. Description A heap-based buffer overflow has been reported in the cddbreaddiscdata function in cddb.c when processing overly long CDDB data. Impact A remote attacker could entice a user to connect to a malicious CDDB server, possibl...

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities were discovered in Opera: Vitaly McLain reported a heap-based buffer overflow when processing host names in file:// URLs CVE-2008-5178. Alexios Fakos reported a vulnerability in the HTML...

BlueZ: Arbitrary code execution

Background BlueZ is a set of Bluetooth tools and system daemons for Linux. Description It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Impact A physically proximate attacker using a Bluetooth device with an already established trust...

libpng: Multiple vulnerabilities

Background libpng is the official PNG reference library used to read, write and manipulate PNG images. Description Multiple vulnerabilities were discovered in libpng: A memory leak bug was reported in pnghandletEXt, a function that is used while reading PNG images CVE-2008-6218. A memory overwrit...

TMSNC: Execution of arbitrary code

Background TMSNC is a Textbased client for the MSN instant messaging protocol. Description Nico Golde reported a stack-based buffer overflow when processing a MSN packet with a UBX command containing a large UBX payload length field. Impact A remote attacker could send a specially crafted message...

ProFTPD: Multiple vulnerabilities

Background ProFTPD is an advanced and very configurable FTP server. Description The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql CVE-2009-0542. Some invalid,...

Courier Authentication Library: SQL Injection vulnerability

Background The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Description It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale...

Shadow: Privilege escalation

Background Shadow is a set of tools to deal with user accounts. Description Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gai...

Ganglia: Execution of arbitrary code

Background Ganglia is a scalable distributed monitoring system for clusters and grids. Description Spike Spiegel reported a stack-based buffer overflow in the processpath function when processing overly long pathnames in gmetad/server.c. Impact A remote attacker could send a specially crafted...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...

Epiphany: Untrusted search path

Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description James Vega reported an untrusted search path vulnerability in the Python interface. Impact A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python...

git: Multiple vulnerabilties

Background GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Description Multiple vulnerabilities have been reported in gitweb that is part of the git package: Shell metacharacters related to gitsearch are not properly sanitized CVE-2008-5516. Shell...

Xerces-C++: Denial of service

Background Xerces-C++ is a validating XML parser written in a portable subset of C++. Description Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the validatio...

MPFR: Denial of service

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...

WebSVN: Multiple vulnerabilities

Background WebSVN is a web-based browsing tool for Subversion repositories written in PHP. Description James Bercegay of GulfTech Security reported a Cross-site scripting XSS vulnerability in the getParameterisedSelfUrl function in index.php CVE-2008-5918 and a directory traversal vulnerability i...

OptiPNG: User-assisted execution of arbitrary code

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description Roy Tam reported a use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c leading to a memory corruption when reading a GIF...

PyCrypto: Execution of arbitrary code

Background PyCrypto is the Python Cryptography Toolkit. Description Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length. Impact A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an...

Openswan: Insecure temporary file creation

Background Openswan is an implementation of IPsec for Linux. Description Dmitry E. Oboukhov reported that the IPSEC livetest tool does not handle the ipseclive.conn and ipsec.olts.remote.log temporary files securely. Impact A local attacker could perform symlink attacks to execute arbitrary code...

cURL: Arbitrary file access

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...

Real VNC: User-assisted execution of arbitrary code

Background Real VNC is a remote desktop viewer display system. Description An unspecified vulnerability has been discovered int the CMsgReader::readRect function in the VNC Viewer component, related to the encoding type of RFB protocol data. Impact A remote attacker could entice a user to connect...

BIND: Incorrect signature verification

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description BIND does not properly check the return value from the OpenSSL functions to verify DSA CVE-2009-0025 and RSA CVE-2009-0265 certificates. Impact A remote attacker could bypass...

nfs-utils: Access restriction bypass

Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description Michele Marcionelli reported that nfs-utils invokes the hostsctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact A remote attacker could bypass...