3816 matches found
BIND: Weak random number generation
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable 1 chance to 8 query IDs in the resolver routine or in zone...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS packets CVE-2007-339...
MySQL: Denial of Service and information leakage
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Dormando reported a vulnerability within the handling of password packets in the connection protocol CVE-2007-3780. Andrei Elkin also found that the "CREATE TABLE LIKE" command didn't require SELECT privileges on the...
Lighttpd: Multiple vulnerabilities
Background Lighttpd is a lightweight HTTP web server. Description Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the modauth and modscgi modules, and th...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'...
SquirrelMail G/PGP plugin: Arbitrary code execution
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact An authenticated user could...
Net::DNS: Multiple vulnerabilities
Background Net::DNS is a Perl implementation of a DNS resolver. Description hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dnexpand function which could lead to an endless loop. Impact A remote attacker could...
Xfce Terminal: Remote arbitrary code execution
Background Xfce Terminal is a console tool for the Xfce desktop environment. Description Lasse Karkkainen discovered that the function terminalhelperexecute in file terminal-helper.c does not properly escape the URIs before processing. Impact A remote attacker could entice a user to open a...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Xavier Roche discovered an infinite loop in the gdPngReadData function when processing a truncated PNG file CVE-2007-2756. An integer overflow has been discovered in the gdImageCreateTrueColor function CVE-2007-3472. An error...
ClamAV: Denial of service
Background ClamAV is a GPL virus scanner. Description Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaroun...
Macromedia Flash Player: Remote arbitrary code execution
Background The Macromedia Flash Player is a renderer for the popular SWF file type which is commonly used to provide interactive websites, digital experiences and mobile content. Description Mark Hills discovered some errors when interacting with a browser for keystrokes handling CVE-2007-2022...
libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow CVE-2007-3641, an infinite loop...
Xvid: Array indexing vulnerabilities
Background Xvid is a popular open source video codec licensed under the GPL. Description Trixter Jack discovered an array indexing error in the getintrablock function in the file src/bitstream/mbcoding.c. The getinterblockh263 and getinterblockmpeg functions in the same file were also reported as...
VLC media player: Format string vulnerabilities
Background VLC media player is a multimedia player for various audio and video formats. Description David Thiel from iSEC Partners Inc. discovered format string errors in various plugins when parsing data. The affected plugins include Vorbis, Theora, CDDA and SAP. Impact A remote attacker could...
tcpdump: Integer overflow
Background tcpdump is a tool for capturing and inspecting network traffic. Description mu-b from Digital Labs discovered that the return value of a snprintf call is not properly checked before being used. This could lead to an integer overflow. Impact A remote attacker could send specially crafte...
Fail2ban: Denial of service
Background Fail2ban is a tool for parsing log files and banning IP addresses which make too many password failures. Description A vulnerability has been discovered in Fail2ban when parsing log files. Impact A remote attacker could send specially crafted SSH login banners to the vulnerable host,...
Festival: Privilege elevation
Background Festival is a text-to-speech accessibility program. Description Konstantine Shirow reported a vulnerability in default Gentoo configurations of Festival. The daemon is configured to run with root privileges and to listen on localhost, without requiring a password. Impact A local attack...
MIT Kerberos 5: Arbitrary remote code execution
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials CVE-2007-2442 and the RPC library...
GIMP: Multiple integer overflows
Background GIMP is the GNU Image Manipulation Program. Description Sean Larsson from iDefense Labs discovered multiple integer overflows in various GIMP plugins CVE-2006-4519. Stefan Cornelius from Secunia Research discovered an integer overflow in the seektoandunpackpixeldata function when...
MPlayer: Multiple buffer overflows
Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description Stefan Cornelius and Reimar Doffinger of Secunia Research discovered several boundary errors in the functions cddbqueryparse, cddbparsematcheslist and cddbreadparse, each allowing for a...
NVClock: Insecure file usage
Background NVClock is an utility for changing NVidia graphic chipsets internal frequency. Description Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Impact A local attacker could create a specially crafted...
XnView: Stack-based buffer overflow
Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...
Webmin, Usermin: Cross-site scripting vulnerabilities
Background Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description The pamlogin.cgi file does not properly sanitize user input before sending it back as output t...
GNU C Library: Integer overflow
Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...
Evolution: User-assisted remote execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...
OpenOffice.org: Two buffer overflows
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing th...
Firebird: Buffer overflow
Background Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems. Description Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing "connect" requests with an overly large "pcnctcount" value. Impact An unauthenticated...
emul-linux-x86-java: Multiple vulnerabilities
Background emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development Kit. Description Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an "incorrect use o...
libexif: Buffer overflow
Background libexif is a library for parsing, editing and saving EXIF metadata from images. Description iDefense Labs have discovered that the exifdataloaddataentry function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an...
PHProjekt: Multiple vulnerabilities
Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'...
ClamAV: Multiple Denials of Service
Background ClamAV is a GPL virus scanner. Description Several vulnerabilities were discovered in ClamAV by various researchers: Victor Stinner INL discovered that the OLE2 parser may enter in an infinite loop CVE-2007-2650. A boundary error was also reported by an anonymous researcher in the file...
MadWifi: Multiple vulnerabilities
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...
ELinks: User-assisted execution of arbitrary code
Background ELinks is a text-mode web browser. Description Arnaud Giersch discovered that the "addfilenametostring" function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Impact A local attacker could entice a user...
Evolution: User-assisted execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...
libexif: Integer overflow vulnerability
Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...
file: Integer overflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Colin Percival from FreeBSD reported that the previous fix for the fileprintf buffer overflow introduced a new integer overflow. Impact A remote attacker could entice a user to run the file...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security...
libpng: Denial of service
Background libpng is a free ANSI C library used to process and manipulate PNG images. Description Mats Palmgren fixed an error in file pngrutil.c in which the trans array might be not allocated because of images with a bad tRNS chunk CRC value. Impact A remote attacker could craft an image that...
MPlayer: Two buffer overflows
Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description A buffer overflow has been reported in the DMOVideoDecoderOpen function in file loader/dmo/DMOVideoDecoder.c. Another buffer overflow has been reported in the DSVideoDecoderOpen function...
FreeType: Buffer overflow
Background FreeType is a True Type Font rendering library. Description Victor Stinner discovered a heap-based buffer overflow in the function GetVMetrics in src/truetype/ttgload.c when processing TTF files with a negative npoints attribute. Impact A remote attacker could entice a user to open a...
Blackdown Java: Applet privilege escalation
Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these...
PPTPD: Denial of Service attack
Background PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. Description James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Impact A remote attacker could exploit this vulnerability to cause a Denial of Service on the PPTPD connection...
Apache mod_security: Rule bypass
Background modsecurity is an Apache module designed for enhancing the security of the Apache web server. Description Stefan Esser discovered that modsecurity processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers us...
PhpWiki: Remote execution of arbitrary code
Background PhpWiki is an open source content management system written in PHP. Description Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting i...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Samba contains a logical error in the smbd daemon when translating local SID to user names CVE-2007-2444. Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters CVE-2007-2446. Lastly...
XScreenSaver: Privilege escalation
Background XScreenSaver is a widely used screen saver collection shipped on systems running the X11 Window System. Description XScreenSaver incorrectly handles the results of the getpwuid function in drivers/lock.c when using directory servers during a network outage. Impact A local user can cras...
PostgreSQL: Privilege escalation
Background PostgreSQL is an open source object-relational database management system. Description An error involving insecure searchpath settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Impact If allowed to call a SECURITY DEFINER function, an attacker could gain the SQ...
ImageMagick: Multiple buffer overflows
Background ImageMagick is a collection of tools allowing various manipulations on image files. Description iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage and ReadXWDImage, that are used to process DCM and XWD files. Impact An attacker could...