3816 matches found
IPsec-Tools: Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY...
LibXfont, TightVNC: Multiple vulnerabilities
Background LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Description The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList, bdfReadCharacters and FontFileInitTable. TightVNC contains a local copy of this code and is also...
MySQL: Two Denial of Service vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. Description mu-b discovered a NULL pointer dereference in itemcmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the...
Lighttpd: Two Denials of Service
Background Lighttpd is a lightweight HTTP web server. Description Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd trie...
GIMP: Buffer overflow
Background GIMP is the GNU Image Manipulation Program. Description Marsu discovered that the "setcolortable" function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. Impact An attacker could entice a user to open a specially crafted .RAS file, possibly leading to the executio...
X.Org X11 library: Multiple integer overflows
Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple integer overflows have been reported in the XGetPixel function of the X.Org X11 library. Impact By enticing a user to open a specially crafted image, a...
Quagga: Denial of service
Background Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols. Description The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages. Impact A malicious peer inside a BGP area could send a specially...
Apache mod_perl: Denial of service
Background Modperl is an Apache module that embeds the Perl interpreter within the server, allowing Perl-based web-applications to be created. Description Alex Solvey discovered that the "pathinfo" variable used in file RegistryCooker.pm modperl 2.x or file PerlRun.pm modperl 1.x, is not properly...
Tomcat: Information disclosure
Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description Tomcat allows special characters like slash, backslash or URL-encoded backslash as a separator, while Apache does not. Impact A remote attacker could send a specially...
FreeType: User-assisted execution of arbitrary code
Background FreeType is a True Type Font rendering library. Description Greg MacManus of iDefense Labs has discovered an integer overflow in the function bdfReadCharacters when parsing BDF fonts. Impact A remote attacker could entice a user to use a specially crafted BDF font, possibly resulting i...
Ktorrent: Multiple vulnerabilities
Background Ktorrent is a Bittorrent client for KDE. Description Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Impact A remote attacker could entice a user to...
BEAST: Denial of service
Background BEdevilled Audio SysTem is an audio compositor, supporting a wide range of audio formats. Description BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid fails due to a user exceeding assigned resource limits. Impact A...
capi4k-utils: Buffer overflow
Background capi4k-utils is a set of utilities for accessing COMMON-ISDN-API software interfaces for ISDN devices. Description The bufprint function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets. Impact A local attacker could possibly escalate privileges or...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description iDefense Labs have reported a stack-based buffer overflow in the cabunstore function when processing negative values in .cab files. Multiple file descriptor leaks have also been reported in chmunpack.c, pdf.c and dblock.c when processing .chm...
NAS: Multiple vulnerabilities
Background NAS is a network transparent, client/server audio transport system. Description Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of which include a buffer overflow in the function acceptattlocal, an integer overflow in the function ProcAuWriteElement, and a null...
Blender: User-assisted remote execution of arbitrary code
Background Blender is a 3D creation, animation and publishing program. Description Stefan Cornelius of Secunia Research discovered an insecure use of the "eval" function in kmzImportWithMesh.py. Impact A remote attacker could entice a user to open a specially crafted Blender file .kmz or .kml,...
Aircrack-ng: Remote execution of arbitrary code
Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description Jonathan So reported that the airodump-ng module does not correctly check the size of 802.11 authentication packets before copying them into a...
3proxy: Buffer overflow
Background 3proxy is a multi-protocol proxy, including HTTP/HTTPS/FTP and SOCKS support. Description The 3proxy development team reported a buffer overflow in the logurl function when processing overly long requests. Impact A remote attacker could send a specially crafted transparent request to t...
Courier-IMAP: Remote execution of arbitrary code
Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...
File: Denial of service
Background file is a utility that identifies a file format by scanning binary data for patterns. Description Conor Edberg discovered an error in the way file processes a specific regular expression. Impact A remote attacker could entice a user to open a specially crafted file, using excessive CPU...
MadWifi: Multiple vulnerabilities
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description The driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211input function does not properly handle AUTH...
FreeRADIUS: Denial of service
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact A remote attacker could send a large amount of...
Inkscape: Two format string vulnerabilities
Background Inkscape is a vector graphics editor, using Scalable Vector Graphics SVG Format. Description Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format...
Vixie Cron: Denial of service
Background Vixie Cron is a command scheduler with extended syntax over cron. Description During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCal...
xine-lib: Heap-based buffer overflow
Background xine-lib is the core library package for the xine media player. Description xine-lib does not check boundaries on data being read into buffers from DMO video files in code that is shared with MPlayer DMOVideoDecoder.c. Impact An attacker could entice a user to play a specially crafted...
DokuWiki: Cross-site scripting vulnerability
Background DokuWiki is a simple to use wiki aimed at creating documentation. Description DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file. Impact An attacker could entice a user to click a specially crafted link and inject CRLF characters into the variable...
libwpd: Multiple vulnerabilities
Background libwpd is a library used to convert Wordperfect documents into other formats. Description libwpd contains heap-based overflows in two functions that convert WordPerfect document tables. In addition, it contains an integer overflow in a text-conversion function. Impact An attacker could...
Evince: Stack overflow in included gv code
Background Evince is a document viewer for multiple document formats, including PostScript. Description Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially...
zziplib: Buffer Overflow
Background The zziplib library is a lightweight library for extracting data from files archived in a single zip file. Description dmcox dmcox discovered a boundary error in the zzipopensharedio function from zzip/file.c . Impact A remote attacker could entice a user to run a zziplib function with...
MIT Kerberos 5: Arbitrary remote code execution
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account CVE-2007-0956. The Kerberos administration daemon, the KDC and possibly other...
OpenPBS: Multiple vulnerabilities
Background OpenPBS is the original version of the Portable Batch System. It is a flexible batch queueing system developed for NASA in the early to mid-1990s. Description SUSE reported vulnerabilities due to unspecified errors in OpenPBS. Impact By unspecified attack vectors an attacker might be...
OpenAFS: Privilege escalation
Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...
Asterisk: Two SIP Denial of Service vulnerabilities
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979...
Squid: Denial of service
Background Squid is a multi-protocol proxy server. Description Squid incorrectly handles TRACE requests that contain a "Max-Forwards" header field with value "0" in the clientProcessRequest function. Impact A remote attacker can send specially crafted TRACE HTTP requests that will terminate the...
CUPS: Denial of service
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection...
file: Integer underflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Jean-Sebastien Guay-Leroux reported an integer underflow in fileprintf function. Impact A remote attacker could entice a user to run the "file" program on a specially crafted file that would...
Ekiga: Format string vulnerability
Background Ekiga is an open source VoIP and video conferencing application. Description Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a...
mgv: Stack overflow in included gv code
Background mgv is a Postscript viewer with a Motif interface, based on Ghostview and GNU gv. Description mgv includes code from gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted...
WordPress: Multiple vulnerabilities
Background WordPress is a popular personal publishing platform with a web interface. Description WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3x in the "year" parameter of the wptitle function Alexander Concha in the "demo" parameter of...
Mozilla Network Security Service: Remote execution of arbitrary code
Background The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description iDefense has reported two potential buffer overflow vulnerabilities found by researcher "regenrecht" in the...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffe...
LSAT: Insecure temporary file creation
Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...
LTSP: Authentication bypass in included LibVNCServer code
Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05...
ulogd: Remote execution of arbitrary code
Background ulogd is a userspace daemon for netfilter related logging. Description SUSE reported unspecified buffer overflows in ulogd involving the calculation of string lengths. Impact A remote attacker could trigger a possible buffer overflow through unspecified vectors, potentially leading to...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engi...
Apache JK Tomcat Connector: Remote execution of arbitrary code
Background The Apache HTTP server is a very widely used web server. modjk provides the JK module for connecting Tomcat and Apache using the ajp13 protocol. Description ZDI reported an unsafe memory copy in modjk that was discovered by an anonymous researcher in the mapuritoworker function of...
Asterisk: SIP Denial of service
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. Impact A remote attacker could cause a...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact A remote...
SSH Communications Security's Secure Shell Server: SFTP privilege escalation
Background The SSH Secure Shell Server from SSH Communications Security www.ssh.com is a commercial SSH implementation available free for non-commercial use. Description The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2...