BIND: Cache poisoning

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Dan Kaminsky of IOActive has reported a weakness in the DNS protocol related to insufficient randomness of DNS transaction IDs and query source ports. Impact An attacker could...

OpenOffice.org: User-assisted execution of arbitrary code

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Sean Larsson iDefense Labs reported an integer overflow in the function rtlallocateMemo...

NX: User-assisted execution of arbitrary code

Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...

Apache: Denial of service

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the modssl module can leak memory when the client reports support for a compression algorithm CVE-2008-1678...

Poppler: User-assisted execution of arbitrary code

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Felipe Andres Manzano reported a memory management issue in the Page class constructor/destructor. Impact A remote attacker could entice a user to open a specially crafted PDF file with a...

PCRE: Buffer overflow

Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing "Internal Option Settings" such as "?i ". Impact A remot...

Motion: Execution of arbitrary code

Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description Nico Golde reported an off-by-one error within the readclient function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius Secunia...

Python: Multiple integer overflows

Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities were discovered in Python: David Remahl reported multiple integer overflows in the file imageop.c, leading to a heap-based buffer overflow CVE-2008-1679. This issue is due ...

IBM JDK/JRE: Multiple vulnerabilities

Background The IBM Java Development Kit JDK and the IBM Java Runtime Environment JRE provide the IBM Java platform. Description Because of sharing the same codebase, IBM JDK and JRE are affected by the vulnerabilities mentioned in GLSA 200804-20. Impact A remote attacker could entice a user to ru...

libvorbis: Multiple vulnerabilities

Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Will Drewry of the Google Security Team reported multiple vulnerabilities in libvorbis: A zero value for "codebook.dim" ...

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Ossi Herrala and Jukka Taimisto of Codenomicon discovered two vulnerabilities: A double free call in the...

FreeType: User-assisted execution of arbitrary code

Background FreeType is a font rendering library for TrueType Font TTF and Printer Font Binary PFB. Description Regenrecht reported multiple vulnerabilities in FreeType via iDefense: An integer overflow when parsing values in the Private dictionary table in a PFB file, leading to a heap-based buff...

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...

cbrPager: User-assisted execution of arbitrary code

Background cbrPager is a comic book pager. Description Mamoru Tasaka discovered that filenames of the image archives are not properly sanitized before being passed to decompression utilities like unrar and unzip, which use the system libc library call. Impact A remote attacker could entice a user...

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Alin Rad Pop Secunia Research reported two vulnerabilities in Evolution: A boundary error exists when parsing overly long timezone strings contained within iCalendar attachments and when the ITip formatter is...

rdesktop: Multiple vulnerabilities

Background rdesktop is an open source Remote Desktop Protocol RDP client. Description An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs: An integer underflow error exists in the function isorecvmsg in the file iso.c which can be triggered via a specially...

Imlib 2: User-assisted execution of arbitrary code

Background Imlib 2 is an advanced replacement library for libraries like libXpm. Description Stefan Cornelius Secunia Research reported two boundary errors in Imlib2: One of them within the load function in the file src/modules/loaders/loaderpnm.c when processing the header of a PNM image file,...

mtr: Stack-based buffer overflow

Background mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. Description Adam Zabrocki reported a boundary error within the splitredraw function in the file split.c, possibly leading to a stack-based buffer overflow. Impact A remote attack...

libxslt: Execution of arbitrary code

Background Libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Description Anthony de Almeida Lopes reported a vulnerability in libxslt when handling XSL style-sheet files, which could be exploited to trigger the use of...

MPlayer: User-assisted execution of arbitrary code

Background MPlayer is a media player including support for a wide range of audio and video formats. Description ksOSe reported an integer overflow vulnerability in the sdpplinparse function in the file stream/realrtsp/sdpplin.c, which can be exploited to overwrite arbitrary memory regions via an...

Samba: Heap-based buffer overflow

Background Samba is a suite of SMB and CIFS client/server programs. Description Alin Rad Pop Secunia Research reported a vulnerability in Samba within the receivesmbraw function in the file lib/utilsock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly lar...

Roundup: Permission bypass

Background Roundup is an issue-tracking system with command-line, web and e-mail interfaces. Description Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions CVE-2008-1475. Furthermore, Roland Meister discovered multiple vulnerabilities caused by...

GnuTLS: Execution of arbitrary code

Background GnuTLS is an implementation of Secure Sockets Layer SSL 3.0 and Transport Layer Security TLS 1.0, 1.1 and 1.2. Description Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS: "Client Hello" messages containing an invalid server name can...

Mozilla products: Multiple vulnerabilities

Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla...

Perl: Execution of arbitrary code

Background Perl is a stable, cross platform programming language. Description Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Impact A remote attacker could possibly explo...

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been reported: Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries CVE-2008-0314. Alin Rad Po...

libid3tag: Denial of service

Background libid3tag is an ID3 tag manipulation library. Description Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3FIELDTYPESTRINGLIST field that ends in '\0'. Impact A remote attacker could entice a user to open a specially crafted MP3 file, possib...

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based...

Common Data Format library: User-assisted execution of arbitrary code

Background The Common Data Format library is a scientific data management package which allows programmers and application developers to manage and manipulate scalar, vector, and multi-dimensional data arrays in a platform independent fashion. Description Alfredo Ortega Core Security Technologies...

Chicken: Multiple vulnerabilities

Background Chicken is a Scheme interpreter and native Scheme to C compiler. Description Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities GLSA 200711-30. Impact An attacker could entice a user to process specially crafted regula...

PTeX: Multiple vulnerabilities

Background PTeX is a TeX distribution with Japanese support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that PTeX builds upon GLSA 200709-17, GLSA 200711-26. PTeX also includes vulnerable code from the GD library GLSA...

Blender: Multiple vulnerabilities

Background Blender is a 3D creation, animation and publishing program. Description Stefan Cornelius Secunia Research reported a boundary error within the imbloadhdr function in in the file source/blender/imbuf/intern/radiancehdr.c when processing RGBE images CVE-2008-1102. Multiple vulnerabilitie...

MoinMoin: Privilege escalation

Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...

Pngcrush: User-assisted execution of arbitrary code

Background Pngcrush is a multi platform optimizer for PNG Portable Network Graphics files. Description It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption GLSA 200804-15. Impact A remote attacker could entice a user to process a specially crafted...

InspIRCd: Denial of service

Background InspIRCd Inspire IRCd is a modular C++ IRC daemon. Description The "namesx" and "uhnames" modules do not properly validate network input, leading to a buffer overflow. Impact A remote attacker can send specially crafted IRC commands to the server, causing a Denial of Service. Workaroun...

Linux Terminal Server Project: Multiple vulnerabilities

Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server GLSA 200705-06, GLSA 200710-16, GLSA 200801-09, libpng GLSA 200705-24, GLSA 200711-08, Freetype GL...

Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

eGroupWare: Multiple vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has...

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Errors exist in: the X.509sat dissector because of an uninitialized variable and the Roofnet dissector because a NULL pointer may be passed to the gvsnprintf function CVE-2008-1561. the LDAP dissector...

Multiple X11 terminals: Local privilege escalation

Background Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 terminal emulators. Description Bernhard R. Link discovered that RXVT opens a terminal on :0 if the "-display" option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo...

Horde Application Framework: Multiple vulnerabilities

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Multiple vulnerabilities have been reported in the Horde Applicatio...

phpMyAdmin: Information disclosure

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...

KDE start_kdeinit: Multiple vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. startkdeinit is a wrapper for kdeinit. Description Vulnerabilities have been reported in the processing of user-controlled data by startkdeinit, which is setuid root by default. Impact A loca...

Comix: Multiple vulnerabilities

Background Comix is a GTK comic book viewer. Description Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs CVE-2008-1568. Comix also creates directories with predictable names CVE-2008-1796. Impact A remote...

JRockit: Multiple vulnerabilities

Background JRockit is BEA WebLogic's J2SE Development Kit. Description Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Impact A remote attacker could entice a user to run a specially crafted applet on a website or start an application ...

SILC: Multiple vulnerabilities

Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Description Nathan G. Grennan reported a boundary error in SILC Toolkit within the...

VLC: User-assisted execution of arbitrary code

Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities were found in VLC: Luigi Auriemma discovered that the stack-based buffer overflow when reading subtitles, which has been reported as CVE-2007-6681 in GLSA 200803-13, was not properly fixed...

Openfire: Denial of service

Background Openfire formerly Wildfire is a Java implementation of a complete Jabber server. Description Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Impact Remote authenticat...

DBmail: Data disclosure

Background DBMail is a mail storage and retrieval daemon that uses SQL databases as its data store. IMAP and POP3 can be used to retrieve mails from the database. Description A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash: Secunia Research and Zero Day Initiative...