3816 matches found
rsnapshot: Local privilege escalation
Background rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups. Description The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact Under certain...
Axel: Vulnerability in HTTP redirection handling
Background Axel is a console-based FTP/HTTP download accelerator. Description A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. Impact A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it...
phpMyAdmin: Cross-site scripting vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the "convcharset" variable, rendering it vulnerable to cross-site scripting...
GnomeVFS, libcdaudio: CDDB response overflow
Background GnomeVFS is a filesystem abstraction library for the GNOME desktop environment. libcdaudio is a multi-platform CD player development library. They both include code to query CDDB servers to get Audio CD track titles. Description Joseph VanAndel has discovered a buffer overflow in Grip...
sharutils: Insecure temporary file creation
Background sharutils is a collection of tools to deal with shar archives. Description Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact A local attacker could create symbolic links i...
Gaim: Denial of Service issues
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Multiple vulnerabilities have been addressed in the latest release of Gaim: A buffer overread in the gaimmarkupstriphtml function, which is used when logging conversatio...
mit-krb5: Multiple buffer overflows in telnet client
Background The MIT Kerberos 5 implementation provides a command line telnet client which is used for remote login via the telnet protocol. Description A buffer overflow has been identified in the envoptadd function, where a response requiring excessive escaping can cause a heap-based buffer...
Dnsmasq: Poisoning and Denial of Service vulnerabilities
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one...
Sylpheed, Sylpheed-claws: Buffer overflow on message display
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle messages containing attachments with MIME-encoded filenames. Impact An attacker can send a malicious email...
telnet-bsd: Multiple buffer overflows
Background telnet-bsd provides a command line telnet client which is used for remote login using the telnet protocol. Description A buffer overflow has been identified in the envoptadd function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow...
LimeWire: Disclosure of sensitive information
Background LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol. Description Two input validation errors were found in the handling of Gnutella GET requests CAN-2005-0788 and magnet requests CAN-2005-0789. Impact A remote attacker can craft a specific Gnutella...
netkit-telnetd: Buffer overflow
Background netkit-telnetd provides standard Linux telnet client and server. Description A buffer overflow has been identified in the slcaddreply function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Impact Successful explotation would require a...
Smarty: Template vulnerability
Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description A vulnerability has been discovered within the regexreplace modifier of the Smarty...
mpg321: Format string vulnerability
Background mpg321 is a GPL replacement for mpg123, a command line audio player with support for ID3. ID3 is a tagging system that allows metadata to be embedded within media files. Description A routine security audit of the mpg321 package revealed a known security issue remained unpatched. The...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape...
IPsec-Tools: racoon Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing cod...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...
GnuPG: OpenPGP protocol attack
Background GnuPG is complete and free replacement for PGP, a tool for secure communication and data storage. Description A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Impact An automated system using GnuPG that allows an attacker to repeatedly discover the...
Sun Java: Web Start argument injection vulnerability
Background Sun provides implementations of Java Development Kits JDK and Java Runtime Environments JRE. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. Description Jouko Pynnonen discovered that Java Web Start...
Xzabite dyndnsupdate: Multiple vulnerabilities
Background dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" Haglund. Description Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows. Impact A remote attacker, posing as a dyndns.org server, could execute arbitrary code with the rights of the user...
LTris: Buffer overflow
Background LTris is a Tetris clone. Description LTris is vulnerable to a buffer overflow when reading the global highscores file. Impact By modifying the global highscores file a malicious user could trick another user to execute arbitrary code. Workaround There is no known workaround at this tim...
rxvt-unicode: Buffer overflow
Background rxvt-unicode is a clone of the well known terminal emulator rxvt. Description Rob Holland of the Gentoo Linux Security Audit Team discovered that rxvt-unicode fails to properly check input length. Impact Successful exploitation would allow an attacker to execute arbitrary code with the...
Sylpheed, Sylpheed-claws: Message reply overflow
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Impact An attacker can send an email...
OpenSLP: Multiple buffer overflows
Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple buffer overflows have been found in OpenSLP, when handling malformed SLP packets. Impact By sending specially crafted SLP packets, a remote attacker could potentially execute arbitrary code...
KDE: Local Denial of service
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. Description Sebastian Krahmer discovered that it is possible to stall the dcopserver of other users. Impact An attacker could exploit this to cause a...
Grip: CDDB response overflow
Background Grip is a GTK+ based audio CD player/ripper. Description Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results. Impact A malicious CDDB server could cause Grip to crash by returning more then 16 matches, potentially allowing the execution of...
curl: NTLM response buffer overflow
Background curl is a command line tool for transferring files via many different protocols. Description curl fails to properly check boundaries when handling NTLM authentication. Impact With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading...
MySQL: Multiple vulnerabilities
Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges CAN-2005-0709 and CAN-2005-0710. Furthermore MySQL uses predictable filenames when creating temporary files with...
Ringtone Tools: Buffer overflow vulnerability
Background Ringtone Tools is a program for creating ringtones and logos for mobile phones. Description Qiao Zhang has discovered a buffer overflow vulnerability in the 'parseemelody' function in 'parseemelody.c'. Impact A remote attacker could entice a Ringtone Tools user to open a specially...
Ethereal: Multiple vulnerabilities
Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.10, including: The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer overflows CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739. Th...
libexif: Buffer overflow vulnerability
Background libexif is a library for parsing, editing and saving EXIF data. Description libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to cras...
X.org: libXpm vulnerability
Background libXpm is a pixmap manipulation library for the X Window System, included in X.org. Description Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm versions. Impact A carefully-crafted XPM file could crash X.org,...
KDE dcopidlng: Insecure temporary file creation
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. dcopidlng is a DCOP helper script. Description Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable...
mlterm: Integer overflow vulnerability
Background mlterm is a multi-lingual terminal emulator. Description mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support. Impa...
ImageMagick: Filename handling vulnerability
Background ImageMagick is a collection of tools and libraries for manipulating a wide variety of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities. Impact Successful exploitation may...
Hashcash: Format string vulnerability
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...
Mozilla Firefox: Various vulnerabilities
Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it...
xv: Filename handling vulnerability
Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...
OpenMotif, LessTif: New libXpm buffer overflows
Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications. Description Chris Gilbert discovered potentially exploitable buffer overflow cases in libXp...
BidWatcher: Format string vulnerability
Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description phpMyAdmin contains several security issues: Maksymilian Arciemowicz has discovered multiple variable injection vulnerabilities that can be exploited through...
xli, xloadimage: Multiple vulnerabilities
Background xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters ar...
phpBB: Multiple vulnerabilities
Background phpBB is an Open Source bulletin board package. Description It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the "Enable remote avatars" and "Enable avata...
Gaim: Multiple Denial of Service issues
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly CAN-2005-0472. Malformed HTML code could lead to invalid memory...
phpWebSite: Arbitrary PHP execution and path disclosure
Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...
Qt: Untrusted library search path
Background Qt is a cross-platform GUI toolkit used by KDE. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory. Impact A local attacker could create a malicious shared object that would be...
UnAce: Buffer overflow and directory traversal vulnerabilities
Background UnAce is an utility to extract, view and test the contents of an ACE archive. Description Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives CAN-2005-0160. He also found out that UnAce is vulnerable to...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code doe...
uim: Privilege escalation vulnerability
Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...