GNU shtool, ocaml-mysql: Insecure temporary file creation

Background GNU shtool is a compilation of small shell scripts into a single shell tool. The ocaml-mysql package includes the GNU shtool code. Description Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames CAN-2005-1751. On closer inspection,...

gedit: Format string vulnerability

Background gedit is the official text editor of the GNOME desktop environement. Description A format string vulnerability exists when opening files with names containing format specifiers. Impact A specially crafted file with format specifiers in the filename can cause arbitrary code execution...

LutelWall: Insecure temporary file creation

Background LutelWall is a high-level Linux firewall configuration tool. Description Eric Romang has discovered that the newversioncheck function in LutelWall insecurely creates a temporary file when updating to a new version. Impact A local attacker could create symbolic links in the temporary fi...

Ettercap: Format string vulnerability

Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description The cursesmsg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Impact A remote attacker could craft a malicious network flow tha...

libextractor: Multiple overflow vulnerabilities

Background libextractor is a library used to extract meta-data from files. It makes use of Xpdf code to extract information from PDF files. Description Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors...

SilverCity: Insecure file permissions

Background SilverCity provides lexical analysis for over 20 programming and markup languages. Description The SilverCity package installs three executable files with insecure permissions. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the...

Dzip: Directory traversal vulnerability

Background Dzip is a compressor and uncompressor especially made for demo recordings of id's Quake. Description Dzip is vulnerable to a directory traversal attack when extracting archives. Impact An attacker could exploit this vulnerability by creating a specially crafted archive to extract files...

Mailutils: SQL Injection

Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...

Wordpress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact An attacker could use the SQL injection vulnerabilities to gain information from the database...

Binutils, elfutils: Buffer overflow

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Tavis...

Mailutils: Multiple vulnerabilities in imap4d and mail

Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags CAN-2005-1523, fails...

gxine: Format string vulnerability

Background gxine is a GTK+ and xine-lib based media player. Description Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the...

Net-SNMP: fixproc insecure temporary file creation

Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description The fixproc application of Net-SNMP creates temporary files with predictable filenames. Impact A malicious local attacker could exploit a race condition to change the content of th...

Qpopper: Multiple Vulnerabilities

Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...

ImageMagick, GraphicsMagick: Denial of Service vulnerability

Background Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when...

gdb: Multiple vulnerabilities

Background gdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the B...

Cheetah: Untrusted module search path

Background Cheetah is a Python powered template engine and code generator. Description Brian Bird discovered that Cheetah searches for modules in the world-writable /tmp directory. Impact A malicious local user could place a module containing arbitrary code in /tmp, which when imported would run...

FreeRADIUS: SQL injection and Denial of Service vulnerability

Background FreeRADIUS is an open source RADIUS authentication server implementation. Description Primoz Bratanic discovered that the sqlescapefunc function of FreeRADIUS may be vulnerable to a buffer overflow BID 13541. He also discovered that FreeRADIUS fails to sanitize user-input before using ...

Mozilla Suite, Mozilla Firefox: Remote compromise

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The Mozilla Suite and Firefox do not properly protect "IFRAME" JavaScript URLs from being executed in context...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments CAN-2005-1409. It has also been reported that the...

phpBB: Cross-Site Scripting Vulnerability

Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...

Gaim: Denial of Service and buffer overflow vulnerabilties

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very...

HT Editor: Multiple buffer overflows

Background HT is a hex editor, designed to help analyse and modify executable files. Description Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has...

libTIFF: Buffer overflow

Background libTIFF provides support for reading and manipulating TIFF Tag Image File Format images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Impac...

TCPDump: Decoding routines Denial of Service vulnerability

Background TCPDump is a tool for network monitoring and data acquisition. Description TCPDump improperly handles and decodes ISIS CAN-2005-1278, BGP CAN-2005-1267, CAN-2005-1279, LDP CAN-2005-1279 and RSVP CAN-2005-1280 packets. TCPDump might loop endlessly after receiving malformed packets. Impa...

gzip: Multiple vulnerabilities

Background gzip GNU zip is a popular compression program. The included zgrep utility allows you to grep gzipped files in place. Description The gzip and gunzip programs are vulnerable to a race condition when setting file permissions CAN-2005-0988, as well as improper handling of filename...

GnuTLS: Denial of Service vulnerability

Background GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU project. Description A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact A remote attacker could exploit...

Ethereal: Numerous vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.11, including: The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF,...

Oops!: Remote code execution

Background Oops! is an advanced, multithreaded caching web proxy. Description A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact A remote attacker could send a specially crafted HTTP...

Horde Framework: Multiple XSS vulnerabilities

Background The Horde Framework is a PHP based framework for building web applications. It provides many modules including calendar, address book, CVS viewer and Internet Messaging Program. Description Cross-site scripting vulnerabilities have been discovered in various modules of the Horde...

Pound: Buffer overflow vulnerability

Background Pound is a reverse proxy, load balancer and HTTPS front-end. Description Steven Van Acker has discovered a buffer overflow vulnerability in the "addport" function in Pound. Impact A remote attacker could send a request for an overly long hostname parameter, which could lead to the remo...

phpMyAdmin: Insecure SQL script installation

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnet client program. Description Buffer overflow vulnerabilities in the slcaddreply and envoptadd functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact Successful exploitation would...

xine-lib: Two heap overflow vulnerabilities

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use i...

Convert-UUlib: Buffer overflow

Background Convert-UUlib provides a Perl interface to the uulib library, allowing Perl applications to access data encoded in a variety of formats. Description A vulnerability has been reported in Convert-UUlib where a malformed parameter can be provided by an attacker allowing a read operation t...

Rootkit Hunter: Insecure temporary file creation

Background Rootkit Hunter is a scanning tool to detect rootkits, backdoors and local exploits on a local machine. Rootkit Hunter uses downloaded data files to check file integrity. These files are updated via the checkupdate.sh script. Description Sune Kloppenborg Jeppesen and Tavis Ormandy of th...

eGroupWare: XSS and SQL injection vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...

KDE kimgio: PCX handling buffer overflow

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kimgio is the KDE image handler provided by kdelibs. Description kimgio fails to properly validate input when handling PCX files. Impact By enticing a user to load a specially-crafted PCX ima...

Kommander: Insecure remote script execution

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kommander is a visual dialog editor and interpreter for KDE applications, part of the kdewebdev package. Description Kommander executes data files from possibly untrusted locations without us...

RealPlayer, Helix Player: Buffer overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is the Open Source version of RealPlayer. Description Piotr Bania has discovered a buffer overflow vulnerability in RealPlayer and Helix Player when processing malicious RAM files. Impa...

openMosixview: Insecure temporary file creation

Background The openMosixview package contains several tools used to manage openMosix clusters, including openMosixview the main monitoring and administration application and openMosixcollector a daemon collecting cluster and node information. Description Gangstuck and Psirac from Rexotec discover...

MPlayer: Two heap overflow vulnerabilities

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use its...

XV: Multiple vulnerabilities

Background XV is an interactive image manipulation program for the X Window System. Description Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS Planetary Data...

Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox: Vladimir V...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description An integer overflow and an unbound recursion were discovered in the...

CVS: Multiple vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...

monkeyd: Multiple vulnerabilities

Background monkeyd is a fast, efficient, small and easy to configure web server for Linux. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a double expansion error in monkeyd, resulting in a format string vulnerability. Ciaran McCreesh of Gentoo Linux discovered a...

OpenOffice.Org: DOC document Heap Overflow

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load" function when processing D...

Gld: Remote execution of arbitrary code

Background Gld is a standalone greylisting server for Postfix. Description dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the...

JunkBuster: Multiple vulnerabilities

Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...