Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long "Content-Type:" and long non-ASCII MIME headers. Additionally, Frederik Reiss discovered a heap-based...

DenyHosts: Denial of service

Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact A remote unauthenticated attacker ca...

Ruby: Denial of Service vulnerability

Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...

imlib2: Multiple vulnerabilities

Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description M. Joonas Pihlaja discovered several buffer overflows in loaderargb.c, loaderpng.c,...

pam_ldap: Authentication bypass vulnerability

Background pamldap is a Pluggable Authentication Module which allows authentication against LDAP directories. Description Steve Rigler discovered that pamldap does not correctly handle "PasswordPolicyResponse" control responses from an LDAP directory. This causes the pamauthenticate function to...

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Impact By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash...

Links: Arbitrary Samba command execution

Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...

McAfee VirusScan: Insecure DT_RPATH

Background McAfee VirusScan for Linux is a commercial antivirus solution for Linux. Description Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably intended. Impact...

GNU Radius: Format string vulnerability

Background GNU Radius is a GNU version of Radius, a server for remote user authentication and accounting. Description A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the "postgresql", "mysql" or...

F-PROT Antivirus: Multiple vulnerabilities

Background F-Prot Antivirus is a FRISK Software antivirus program that can used with procmail. Description F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Impact Among other weaker impacts, a remote attacker could send an...

libgsf: Buffer overflow

Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description "infamous41md" has discovered that the "oleinitinfo" function may allocate too little memory for storing...

Trac: Cross-site request forgery

Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...

Tar: Directory traversal vulnerability

Background The Tar program provides the ability to create and manipulate tar archives. Description Tar does not properly extract archive elements using the GNUTYPENAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the...

AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. Description Tavis Ormandy and Will Drewry, both of the Google...

MadWifi: Kernel driver buffer overflow

Background MadWifi Multiband Atheros Driver for Wireless Fidelity provides a Linux kernel device driver for Atheros-based Wireless LAN devices. Description Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encodeie and the giwscancb functions from...

SeaMonkey: Multiple vulnerabilities

Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution...

KOffice shared libraries: Heap corruption

Background KOffice is an integrated office suite for KDE. koffice-libs is a package containing shared librares used by KOffice programs. Description Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot' in klaola.cc fills 'numofbbdblocks' while reading a .ppt PowerPoint file without...

GnuPG: Multiple vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Hugh Warrington has reported a boundary error in GnuPG, in the "askoutfilename" function from openfile.c: the makeprintablestring function could return a string longer than...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary...

ModPlug: Multiple buffer overflows

Background ModPlug is a library for playing MOD-like music. Description Luigi Auriemma has reported various boundary errors in loadit.cpp and a boundary error in the "CSoundFile::ReadSample" function in sndfile.cpp. Impact A remote attacker can entice a user to read crafted modules or ITP files,...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in...

xine-lib: Buffer overflow

Background xine is a portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description A possible buffer overflow has been reported in the Real Media input plugin. Impact An attacker could exploit this vulnerability by enticing a user into loading a specially crafted...

wv library: Multiple integer overflows

Background wv is a library for conversion of MS Word DOC and RTF files. Description The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact An attacker could craft a malicious file that, when handled with the wv library, could lead to...

ProFTPD: Remote execution of arbitrary code

Background ProFTPD is a highly-configurable FTP server. Description Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two error related to the CommandBufferSize configuration...

LHa: Multiple vulnerabilities

Background LHa is a console-based program for packing and unpacking LHarc archives. Description Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The maketable function of unlzh.c contains an array index error and a buffer...

OpenLDAP: Denial of Service vulnerability

Background OpenLDAP is a suite of LDAP-related applications and development tools. Description Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This...

Mono: Insecure temporary file creation

Background Mono provides the necessary software to develop and run .NET client and server applications. Description Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. Impact A local attacker cou...

Kile: Incorrect backup file permission

Background Kile is a TeX/LaTeX editor for KDE. Description Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920. Impact A kile user may inadvertently grant access to sensitive information. Workaround There is no known workaround at this...

Ingo H3: Folder name shell command injection

Background Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules. Description Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact A remote authenticated attacker could craft a malicious rule which could lead to the execution of...

TIN: Multiple buffer overflows

Background TIN is a threaded NNTP and spool based UseNet newsreader for a variety of platforms. Description Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflo...

GNU gv: Stack overflow

Background GNU gv is a viewer for PostScript and PDF documents. Description GNU gv does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted document with GNU gv and execute arbitrary code with th...

ImageMagick: PALM and DCM buffer overflows

Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the imprope...

fvwm: fvwm-menu-directory fvwm command injection

Background fvwm is a highly configurable virtual window manager for X11 desktops. fvwm-menu-directory allows fvwm users to browse directories from within fvwm. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise...

Texinfo: Buffer overflow

Background Texinfo is the official documentation system of the GNU project. Description Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline" function of texindex.c. The "readline" function is called by the texi2dvi and texindex commands. Impact By enticing a user to open a...

qmailAdmin: Buffer overflow

Background qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. Description qmailAdmin fails to properly handle the "PATHINFO" variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user supplied...

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description In numerous files TikiWiki provides an empty sortmode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also...

Ruby: Denial of Service vulnerability

Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated...

Avahi: "netlink" message vulnerability

Background Avahi is a system that facilitates service discovery on a local network. Description Avahi does not check that the netlink messages come from the kernel instead of a user-space process. Impact A local attacker could exploit this vulnerability by crafting malicious netlink messages and...

TORQUE: Insecure temporary file creation

Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...

libpng: Denial of service

Background libpng is a free ANSI C library used to process and manipulate PNG images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read...

RPM: Buffer overflow

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly...

OpenSSH: Multiple Denial of Service vulnerabilities

Background OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Description Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been...

GraphicsMagick: PALM and DCM buffer overflows

Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the improper handling o...

Netkit FTP Server: Privilege escalation

Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Paul Szabo reported that an incorrect seteuid call after the chdir function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, for example when...

Bugzilla: Multiple Vulnerabilities

Background Bugzilla is a bug tracking system used to allow developers to more easily track outstanding bugs in products. Description The vulnerabilities identified in Bugzilla are as follows: Frederic Buclin and Gervase Markham discovered that input passed to various fields throughout Bugzilla we...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

Qt: Integer overflow

Background Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. Description An integer overflow flaw has been found in the pixmap handling of Qt. Impact By enticing a user to open a specially crafted pixmap image in an application using Qt, e.g. Konqueror, a remote attacker could be abl...

Screen: UTF-8 character handling vulnerability

Background Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling. Impact The vulnerability can be exploited by...

PHP: Integer overflow

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description A flaw in the PHP memory handling routines allows an unserialize call to be executed on non-allocated memory due to a previous integer...