SILC Server: Denial of service

Background SILC Server is a server for the Secure Internet Live Conferencing SILC protocol. Description Frank Benkstein discovered a possible NULL pointer dereference in apps/silcd/command.c if a new channel is created without specifying a valid hmac or cipher algorithm name. Impact A remote...

Amarok: User-assisted remote execution of arbitrary code

Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...

KHTML: Cross-site scripting (XSS) vulnerability

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Description The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a relat...

Smb4K: Multiple vulnerabilities

Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Kees Cook of the Ubuntu Security Team has identified multiple vulnerabilities in Smb4K. The writeFile function of smb4k/core/smb4kfileio.cpp makes insecure usage of temporary files. The writeFile function also stores the...

SeaMonkey: Multiple vulnerabilities

Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. Description Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonke...

STLport: Possible remote execution of arbitrary code

Background STLport is a multi-platform C++ Standard Library implementation. Description Two buffer overflows have been discovered, one in "print floats" and one in the rope constructor. Impact Both of the buffer overflows could result in the remote execution of arbitrary code. Please note that th...

AMD64 x86 emulation Qt library: Integer overflow

Background The AMD64 x86 emulation Qt library for AMD64 emulates the x86 32-bit Qt library on the AMD64 64-bit architecture. Description An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Impact By enticing a user to...

Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Impact A remote attacker could entice a user to browse to ...

SpamAssassin: Long URI Denial of service

Background SpamAssassin is an extensible email filter used to identify junk email. Description SpamAssassin does not correctly handle very long URIs when scanning emails. Impact An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails...

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the "id" parameter string used to create local files when parsing MIME headers. Impact A remote attacker can send...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentiall...

CHMlib: User-assisted remote execution of arbitrary code

Background CHMlib is a library for the MS CHM Compressed HTML file format plus extracting and HTTP server utils. Description When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca function resulting in a shift of t...

MPlayer: Buffer overflow

Background MPlayer is a media player capable of playing multiple media formats. Description When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Impact An attacker can entice a user to...

Nexuiz: Multiple vulnerabilities

Background Nexuiz is a multi-player FPS game which uses a modified version of the Quake 1 engine. Description Nexuiz fails to correctly validate input within "clientcommands". There is also a failure to correctly handle connection attempts from remote hosts. Impact Using a specially crafted...

UFO2000: Multiple vulnerabilities

Background UFO2000 is a multi-player, turn-based tactical simulation. Description Five vulnerabilities were found: a buffer overflow in recvaddunit; a problem with improperly trusting user-supplied string information in decodestringmap; several issues with array manipulation via various commands...

Snort: Remote execution of arbitrary code

Background Snort is a widely deployed intrusion detection program. Description The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need...

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to...

Sun JDK/JRE: Execution of arbitrary code

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact An attacker could...

AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. The x86 emulation Sun's J2SE Development Kit for AMD64 contains a vulnerable version of Sun's JDK. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Su...

Fail2ban: Denial of service

Background Fail2ban monitors log files for failed authentication attempts and can block hosts responsible for repeated attacks. Description A flaw in the method used to parse log entries allows remote, unauthenticated attackers to forge authentication attempts from other hosts. Impact A remote...

Snort: Denial of service

Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...

ProFTPD: Local privilege escalation

Background ProFTPD is a powerful, configurable, and free FTP daemon. Description A flaw exists in the modctrls module of ProFTPD, normally used to allow FTP server administrators to configure the daemon at runtime. Impact An FTP server administrator permitted to interact with modctrls could...

RAR, UnRAR: Buffer overflow

Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Impact A remote attacker could entice a user to...

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Impact A user with permission to write to a...

thttpd: Unauthenticated remote file access

Background thttpd is a webserver designed to be simple, small, and fast. Description thttpd is vulnerable to an underlying change made to the start-stop-daemon command in the current stable Gentoo baselayout package version 1.12.6. In the new version, the start-stop-daemon command performs a "chd...

ELinks: Arbitrary Samba command execution

Background ELinks is a text mode web browser. Description Teemu Salmela discovered an error in the validation code of "smb://" URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact A remote attacker could entice a user to browse to a specially crafted "smb://"...

KSirc: Denial of Service vulnerability

Background KSirc is the default KDE IRC client. Description KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Impact A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the...

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...

Cacti: Command execution and SQL injection

Background Cacti is a web-based network graphing and reporting tool. Description rgod discovered that the Cacti cmd.php and copycactiuser.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php an...

VLC media player: Format string vulnerability

Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...

Squid: Multiple Denial of Service vulnerabilities

Background Squid is a multi-protocol proxy server. Description Squid fails to correctly handle ftp:// URI's. There is also an error in the externalacl queue which can cause an infinite looping condition. Impact An attacker could attempt to retrieve a specially crafted URI via a Squid server causi...

MIT Kerberos 5: Arbitrary Remote Code Execution

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to fr...

Centericq: Remote buffer overflow in LiveJournal handling

Background Centericq is a text mode menu-driven and window-driven instant messaging interface. Description When interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer overflow. Impact An attacker could entice a...

xine-ui: Format string vulnerabilities

Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Due to the improper handling and use of format strings, the errorscreatewindow function in errors.c does not...

OpenLDAP: Insecure usage of /tmp during installation

Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a...

libgtop: Privilege escalation

Background libgtop facilitates the libgtopdaemon, which is used by GNOME to obtain information about remote systems. Description Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause...

Fetchmail: Denial of Service and password disclosure

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an...

Adobe Acrobat Reader: Multiple vulnerabilities

Background Adobe Acrobat Reader is a PDF reader released by Adobe. Description Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. The browser plugin released with Adobe Acrobat Reader nppdf.so does not...

Mod_auth_kerb: Denial of service

Background Modauthkerb is an Apache authentication module using Kerberos. Description Modauthkerb improperly handles component byte encoding in the dergetoid function, allowing for a buffer overflow to occur if there are no components which require more than one byte for encoding. Impact An...

Kronolith: Local file inclusion

Background Kronolith is a web-based calendar which relies on the Horde Framework for integration with other applications. Description Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact An authenticated...

Mono: Information disclosure

Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize loc...

oftpd: Denial of service

Background oftpd is a small, anonymous only ftp daemon. Description By specifying an unsupported address family in the arguments to a LPRT or LPASV command, an assertion in oftpd will cause the daemon to abort. Impact Remote, unauthenticated attackers may be able to terminate any oftpd process,...

WordPress: Multiple vulnerabilities

Background WordPress is a popular personal publishing platform with a web interface. Description When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in...

KDE kfile JPEG info plugin: Denial of service

Background The KDE kfile-info JPEG plugin provides meta-information about JPEG files. Description Marcus Meissner of the SUSE security team discovered a stack overflow vulnerability in the code processing EXIF information in the kfile JPEG info plugin. Impact A remote attacker could entice a user...

OpenOffice.org: EMF/WMF file handling vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered integer overflows in the EMRPOLYPOLYGON and...

Opera: Two remote code execution vulnerabilities

Background Opera is a multi-platform web browser. Description Christoph Deal discovered that JPEG files with a specially crafted DHT marker can be exploited to cause a heap overflow. Furthermore, an anonymous person discovered that Opera does not correctly handle objects passed to the...

w3m: Format string vulnerability

Background w3m is a multi-platform text-based web browser. Description w3m in -dump or -backend mode does not correctly handle printf format string specifiers in the Common Name CN field of an X.509 SSL certificate. Impact An attacker could entice a user to visit a malicious website that would lo...

SeaMonkey: Multiple vulnerabilities

Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. Description An anonymous researcher found evidence of memory corruption in the way SeaMonkey handles certain types ...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description An anonymous researcher found evidence of memory corruption in the way Mozilla Firefox handles certain types of SVG comment DOM nodes. Additionally, Frederik Reiss discovered a heap-based buffer...