3816 matches found
E2fsprogs: Multiple buffer overflows
Background E2fsprogs provides utilities for use with the ext2 and ext3 file systems including the libext2fs library that allows user-level programs to manipulate an ext2 or ext3 file system. Description Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that...
Portage: Information disclosure
Background Portage is the default Gentoo package management system. Description Mike Frysinger reported that the "etc-update" utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a default setup. Impact A local...
IRC Services: Denial of service
Background IRC Services is a system of services to be used with Internet Relay Chat networks. Description loverboy reported that the "defaultencrypt" function in file encrypt.c does not properly handle overly long passwords. Impact A remote attacker could provide an overly long password to the...
Samba: Execution of arbitrary code
Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Alin Rad Pop Secunia Research discovered a boundary checking error in the sendmailslot function which could lead to a stack-based buffer overflow. Impact A remote attacker could send a specially crafted...
Lookup: Insecure temporary file creation
Background Lookup is a search interface to books and dictionnaries for Emacs. Description Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporay files correctly. Impact A local attacker could use a symlink attack to overwrite files with the privileges of the user runnin...
GNU Emacs: Multiple vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Drake Wilson reported that the hack-local-variables function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override the...
Firebird: Multiple buffer overflows
Background Firebird is a multi-platfrom, open source relational database. Description Adriano Lima and Ramon de Carvalho Valle reported that functions iscattachdatabase and isccreatedatabase do not perform proper boundary checking when processing their input. Impact A remote attacker could send...
Cairo: User-assisted execution of arbitrary code
Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple integer overflows were reported, one of which Peter Valchev Google Security found to be leading to a heap-based buffer overflow in the cairoimagesurfacecreatefrompng function that processes PNG...
AMD64 x86 emulation Qt library: Multiple vulnerabilities
Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. The AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86 emulation on AMD64. Description The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws GLSA 200708-16, GLSA...
Ruby-GNOME2: Format string error
Background Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby programming language. Description Chris Rohlf discovered that the "Gtk::MessageDialog.new" method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the "message" parameter before passing it to the...
PEAR::MDB2: Information disclosure
Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...
Hugin: Insecure temporary file creation
Background Hugin is a GUI for creating and processing panoramic images. Description Suse Linux reported that Hugin creates the "hugindebugoptimresults.txt" temporary file in an insecure manner. Impact A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting...
Cacti: SQL injection
Background Cacti is a complete web-based frontend to rrdtool. Description It has been reported that the "localgraphid" variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Impact A remote attacker could send a specially crafted request to the...
nss_ldap: Information disclosure
Background nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Description Josh Burley reported that nssldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded...
CSTeX: Multiple vulnerabilities
Background CSTeX is a TeX distribution with Czech and Slovak support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon GLSA 200709-17, GLSA 200711-26. CSTeX also includes vulnerable code from the GD...
Samba: Execution of arbitrary code
Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Two vulnerabilities have been reported in nmbd. Alin Rad Pop Secunia Research discovered a boundary checking error in the replynetbiospacket function which could lead to a stack-based buffer overflow...
Net-SNMP: Denial of service
Background Net-SNMP is a collection of tools for generating and retrieving SNMP data. Description The SNMP agent snmpd does not properly handle GETBULK requests with an overly large "max-repetitions" field. Impact A remote unauthenticated attacker could send a specially crafted SNMP request to th...
Feynmf: Insecure temporary file creation
Background Feynmf is a combined LaTeX and Metafont package for easy drawing of professional quality Feynman and maybe other diagrams. Description Kevin B. McCarty discovered that the feynmf.pl script creates a temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", where $PID is t...
PCRE: Multiple vulnerabilities
Background PCRE is a library providing functions for Perl-compatible regular expressions. Description Tavis Ormandy Google Security discovered multiple vulnerabilities in PCRE. He reported an error when processing "\Q\E" sequences with unmatched "\E" codes that can lead to the compiled bytecode...
Perl: Buffer overflow
Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...
Link Grammar: User-assisted execution of arbitrary code
Background The Link Grammar parser is a syntactic parser of English, based on link grammar, an original theory of English syntax. Description Alin Rad Pop from Secunia Research discovered a boundary error in the function separatesentence in file tokenize.c when processing an overly long word whic...
MySQL: Denial of service
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Joe Gallo and Artem Russakovskii reported an error in the convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Impact A...
VMware Workstation and Player: Multiple vulnerabilities
Background VMware Workstation is a virtual machine for developers and system administrators. VMware Player is a freeware virtualization software that can run guests produced by other VMware products. Description Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta...
teTeX: Multiple vulnerabilities
Background teTeX is a complete TeX distribution for editing documents. Description Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats CVE-2007-5937,...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been reported in Mozilla Thunderbird's HTML browser engine CVE-2007-5339 and JavaScript engine CVE-2007-5340 that can be exploited to cause a memory corruption...
Poppler, KDE: User-assisted execution of arbitrary code
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Description Alin Rad Pop Secunia Research discovered sever...
Bochs: Multiple vulnerabilities
Background Bochs is a IA-32 x86 PC emulator written in C++. Description Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver CVE-2007-2893. He also discovered a divide-by-zero error in the emulated floppy disk controller CVE-2007-2894. Impa...
TikiWiki: Multiple vulnerabilities
Background TikiWiki is an open source content management system written in PHP. Description Stefan Esser reported that a previous vulnerability CVE-2007-5423, GLSA 200710-21 was not properly fixed in TikiWiki 1.9.8.1 CVE-2007-5682. The TikiWiki development team also added several checks to avoid...
Cpio: Buffer overflow
Background GNU cpio copies files into or out of a cpio or tar archive. Description A buffer overflow vulnerability in the safernamesuffix function in GNU cpio has been discovered. Impact A remote attacker could entice a user to open a specially crafted archive file resulting in a stack-based buff...
Pioneers: Multiple Denials of Service
Background Pioneers formerly gnocatan is a clone of the popular board game "The Settlers of Catan". Description Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones CVE-2007-5933. Bas Wijnen discovered...
Ruby on Rails: Multiple vulnerabilities
Background Ruby on Rails is a free web framework used to develop database-driven web applications. Description candlerb found that ActiveResource, when processing responses using the Hash.fromxml function, does not properly sanitize filenames CVE-2007-5380. The session management functionality...
CUPS: Memory corruption
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact A...
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...
FLAC: Buffer overflow
Background The Xiph.org Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. It contains encoders and decoders in library and executable form. Description Sean de Regge reported multiple integer overflows when processing FLAC media files that could...
Tomboy: User-assisted execution of arbitrary code
Background Tomboy is a GTK-based desktop note-taking application written in C and the Mono C. Description Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LDLIBRARYPATH" environment variable incorrectly, which might result in the current working directory . to be included when...
3proxy: Denial of service
Background 3proxy is a really tiny cross-platform proxy servers set, including HTTP, HTTPS, FTP, SOCKS and POP3 support. Description 3proxy contains a double free vulnerability in the ftpprchild function, which frees param-hostname and calls the parsehostname function, which in turn attempts to...
Nagios Plugins: Two buffer overflows
Background The Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program. Description fabiodds reported a boundary checking error in the "checksnmp" plugin when processing SNMP "GET" replies that could lead to a stack-based buffer overfl...
Python: User-assisted execution of arbitrary code
Background Python is an interpreted, interactive, object-oriented programming language. Description Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact...
Mono: Buffer overflow
Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function in...
libpng: Multiple Denials of Service
Background libpng is a free ANSI C library used to process and manipulate PNG images. Description An off-by-one error when handling ICC profile chunks in the pngsetiCCP function was discovered CVE-2007-5266. George Cook and Jeff Phillips reported several errors in pngrtran.c, the use of logical...
MadWifi: Denial of service
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large "length" value in the "xrates" element. Impact A remote attacker could act as an...
Evolution: User-assisted remote execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...
SiteBar: Multiple issues
Background SiteBar is a PHP application that allows users to store their bookmarks on a web server. Description Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the "dir" parameter CVE-2007-5491, CVE-2007-5694; the translation module also...
Gallery: Multiple vulnerabilities
Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...
gFTP: Multiple vulnerabilities
Background gFTP is an FTP client for the GNOME desktop environment. Description Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Impact A remote attacker could trigger these vulnerabilities by enticing a user...
OpenSSH: Security bypass
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it cannot create an untrusted one. Impact An attacker could bypass the SSH client security policy and gain...
Opera: Multiple vulnerabilities
Background Opera is a multi-platform web browser. Description Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly...
OpenSSL: Remote execution of arbitrary code
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified...
Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...