3816 matches found
libsamplerate: User-assisted execution of arbitrary code
Background Secret Rabbit Code aka libsamplerate is a Sample Rate Converter for audio. Description Russell O'Connor reported a buffer overflow in src/srcsinc.c related to low conversion ratios. Impact A remote attacker could entice a user or automated system to process a specially crafted audio fi...
OptiPNG: User-assisted execution of arbitrary code
Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A buffer overflow in the BMP reader in OptiPNG has been reported. Impact A remote attacker could entice a user to process a specially crafted BMP image, possibly...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been reported in lighttpd: Qhy reported a memory leak in the httprequestparse function in request.c CVE-2008-4298. Gaetan Bisson reported that URIs are not decoded before applying...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security...
FAAD2: User-assisted execution of arbitrary code
Background FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Description The ICST-ERCIS Peking University reported a heap-based buffer overflow in the decodeMP4file function in frontend/main.c. Impact A remote attacker could entice a user to open a specially crafted MPEG-4 MP4 file in an...
Graphviz: User-assisted execution of arbitrary code
Background Graphviz is an open source graph visualization software. Description Roee Hay reported a stack-based buffer overflow in the pushsubg function in parser.y when processing a DOT file with a large number of Agrapht elements. Impact A remote attacker could entice a user or automated system...
Gallery: Multiple vulnerabilities
Background Gallery is an open source web based photo album organizer. Description Multiple vulnerabilities have been discovered in Gallery 1 and 2: Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when registerglobals is...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera: Opera does not restrict the ability of a framed web page to change the address associated with a different frame CVE-2008-4195. Chris Weber Casaba Security...
libspf2: DNS response buffer overflow
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...
Portage: Untrusted search path local root vulnerability
Background Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Description The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/le...
WordNet: Execution of arbitrary code
Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...
Wireshark: Multiple Denials of Service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description The following vulnerabilities were reported: Multiple buffer overflows in the NCP dissector CVE-2008-3146. Infinite loop in the NCP dissector CVE-2008-3932. Invalid read in the tvbuncompress function when...
ClamAV: Multiple Denials of Service
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files CVE-2008-1389. Other unspecified vulnerabilities were also reported, including a...
Git: User-assisted execution of arbitrary code
Background Git is a distributed version control system. Description Multiple boundary errors in the functions diffaddremove and diffchange when processing overly long repository path names were reported. Impact A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on...
GNU ed: User-assisted execution of arbitrary code
Background GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Description Alfredo Ortega from Core Security Technologies reported a heap-based buffer overflow in the stripescapes function when processing overly long filenames. Impact A...
BitlBee: Security bypass
Background BitlBee is an IRC to IM gateway that support multiple IM protocols. Description Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround There is ...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system. Impact A remote attacker could entice a user to open a feed with speciall...
R: Insecure temporary file creation
Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Description Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to...
HAVP: Denial of service
Background HAVP is a HTTP AntiVirus Proxy. Description Peter Warasin reported an infinite loop in sockethandler.cpp when connecting to a non-responsive HTTP server. Impact A remote attacker could send requests to unavailable servers, resulting in a Denial of Service. Workaround There is no known...
Mantis: Multiple vulnerabilities
Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manageusercreate.php CVE-2008-2276, a Cross-Site Scripting vulnerability in returndynamicfilters.php CVE-2008-3331, and an...
Postfix: Denial of service
Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled...
Amarok: Insecure temporary file creation
Background Amarok is an advanced music player. Description Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp uses the albuminfo.xml temporary file in an insecure manner. Impact A local attacker could perform a symlink...
libTIFF: User-assisted execution of arbitrary code
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Drew Yao Apple Product Security and Clay Wood reported multiple buffer underflows in the LZWDecode and LZWDecodeCompat functions in tiflzw.c when processing TIFF files. Impact A remo...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description g reported the following vulnerabilities: An integer overflow leading to a heap-based buffer overflow in the Open function in modules/demux/tta.c CVE-2008-3732. A signedness error leading to a stack-based buffer...
Courier Authentication Library: SQL injection vulnerability
Background The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Description It has been discovered that some input e.g. the username passed to the library are not properly sanitised before being used in SQL queries. Impa...
MySQL: Privilege bypass
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Sergei Golubchik reported that MySQL imposes no restrictions on the specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE TABLE" statements. Impact An authenticated remote attacker could create MyISAM...
yelp: User-assisted execution of arbitrary code
Background yelp is the default help browser for GNOME. Description Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using...
dnsmasq: Denial of Service and DNS spoofing
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server CVE-2008-1447. Carlos Carvalho reported that dnsmasq in t...
RealPlayer: Buffer overflow
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash SWF frame handling. Impact By enticing a user to open a specially crafted SWF...
Postfix: Local privilege escalation vulnerability
Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under...
UUDeview: Insecure temporary file creation
Background UUdeview is encoder and decoder supporting various binary formats. NZBGet is a command-line based binary newsgrabber supporting .nzb files. Description UUdeview makes insecure usage of the tempnam function when creating temporary files. NZBGet includes a copy of the vulnerable code...
Adobe Reader: User-assisted execution of arbitrary code
Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact A remote attacker could entice a user to open a...
ClamAV: Multiple Denials of Service
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Damian Put has discovered an out-of-bounds memory access while processing Petite files CVE-2008-2713, CVE-2008-3215. Also, please note that the 0.93 ClamAV branch...
stunnel: Security bypass
Background The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP Online Certificate Status Protocol, as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate...
OpenLDAP: Denial of Service vulnerability
Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the "bergetnext" function in libraries/liblber/io.c. Impact A remote unauthenticated...
xine-lib: User-assisted execution of arbitrary code
Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been discovered in xine-lib: Alin Rad Pop of Secunia reported an array indexing vulnerability in the...
Net-SNMP: Multiple vulnerabilities
Background Net-SNMP is a collection of tools for generating and retrieving SNMP data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code HMAC to verify data integrity and authenticity of SNMP messages. Description Wes Hardaker reported that the SNMPv3 HMAC verification relies on th...
Wireshark: Denial of service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector CVE-2008-3137, the PANA and KISMET dissectors CVE-2008-3138, the RTMPT dissector CVE-2008-3139, the syslog...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla...
ISC DHCP: Denial of service
Background ISC DHCP is ISC's reference implementation of all aspects of the Dynamic Host Configuration Protocol. Description A buffer overflow error was found in ISC DHCP server, that can only be exploited under unusual server configurations where the DHCP server is configured to provide clients...
libxslt: Execution of arbitrary code
Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Chris Evans Google Security reported that the libexslt library that is part of libxslt is affected by a heap-based buffer overflow in the RC4...
Pan: User-assisted execution of arbitrary code
Background Pan is a newsreader for the GNOME desktop. Description Pavel Polischouk reported a boundary error in the PartsBatch class when processing .nzb files. Impact A remote attacker could entice a user to open a specially crafted .nzb file, possibly resulting in the remote execution of...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject,...
Linux Audit: Buffer overflow
Background Linux Audit is a set of userspace utilities for storing and processing auditing records. Description A stack-based buffer overflow has been reported in the auditlogusercommand function in the file lib/auditlogging.c when processing overly long arguments. Impact A local attacker could...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner CVE-2008-2147. Alin Rad Pop Secunia Research reported an integer overflow error in the Open function in the...
Bacula: Information disclosure
Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...
BitchX: Multiple vulnerabilities
Background BitchX is an IRC client. Description bannedit reported a boundary error when handling overly long IRC MODE messages CVE-2007-4584. Nico Golde reported an insecure creation of a temporary file within the ehostname function CVE-2007-5839. Impact A remote attacker could entice a user to...
PeerCast: Buffer overflow
Background PeerCast is a client and server for P2P-radio networks. Description Nico Golde reported a boundary error in the HTTP::getAuthUserPass function when processing overly long HTTP Basic authentication requests. Impact A remote attacker could send a specially crafted HTTP request to the...
Mercurial: Directory traversal
Background Mercurial is a distributed Source Control Management system. Description Jakub Wilk discovered a directory traversal vulnerabilty in the applydiff function in the mercurial/patch.py file. Impact A remote attacker could entice a user to import a specially crafted patch, possibly resulti...