cmd5checkpw: Local password leak vulnerability

Background cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode. Description Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the...

Cyrus IMAP Server: Multiple overflow vulnerabilities

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Possible single byte overflows have been found in the imapd annotate extension and mailbox handling code. Furthermore stack buffer overflows have been found in fetchnews, the backend and imapd. Impac...

PuTTY: Remote code execution

Background PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Description Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the...

gFTP: Directory traversal vulnerability

Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...

GProFTPD: gprostats format string vulnerability

Background GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD is distributed with gprostats, a utility to parse ProFTPD transfer logs. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility. Impa...

Squid: Denial of Service through DNS responses

Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Handling of certa...

Midnight Commander: Multiple vulnerabilities

Background Midnight Commander is a visual console file manager. Description Midnight Commander contains several format string vulnerabilities CAN-2004-1004, buffer overflows CAN-2004-1005, a memory deallocation error CAN-2004-1092 and a buffer underflow CAN-2004-1176. Impact An attacker could...

wpa_supplicant: Buffer overflow vulnerability

Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. Description wpasupplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames. Impact An attacker could cause the crash of wpasupplicant using a specially...

KStars: Buffer overflow in fliccd

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KStars is a desktop planetarium for KDE. It includes support for the Instrument Neutral Distributed Interface INDI. Description Erik Sjolund discovered a buffer overflow in fliccd which is pa...

lighttpd: Script source disclosure

Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...

Emacs, XEmacs: Format string vulnerabilities in movemail

Background GNU Emacs and XEmacs are highly extensible and customizable text editors. movemail is an Emacs utility that can fetch mail on remote mail servers. Description Max Vozeler discovered that the movemail utility contains several format string errors. Impact An attacker could set up a...

Opera: Multiple vulnerabilities

Background Opera is a multi-platform web browser. Description Opera contains several vulnerabilities: fails to properly validate Content-Type and filename. fails to properly validate date: URIs. uses kfmclient exec as the Default Application to handle downloaded files when integrated with KDE...

VMware Workstation: Untrusted library search path

Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that VMware Workstation searches for gdk-pixbuf loadable modules in an untrusted, world-writable directory. Impact...

PostgreSQL: Buffer overflows in PL/PgSQL parser

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...

PowerDNS: Denial of Service vulnerability

Background The PowerDNS Nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been reported in the DNSPacket::expand method of dnspacket.cc. Impact An attacker could cause a temporary Denial of Service by sending a random stream...

ht://Dig: Cross-site scripting vulnerability

Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...

mod_python: Publisher Handler vulnerability

Background modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description Graham Dumpleton discovered a vulnerability in modpython's Publisher Handler. Impact By requesting a specially crafted URL for a publishe...

Webmin: Information leak in Gentoo binary package

Background Webmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree...

Perl: Vulnerabilities in perl-suid wrapper

Background Perl is a stable, cross-platform programming language created by Larry Wall. The perl-suid wrapper allows the use of setuid perl scripts, i.e. user-callable Perl scripts which have elevated privileges. This function is enabled only if you have the perlsuid USE flag set. Description...

Mailman: Directory traversal vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28. Impact An attacker could entice a user to convert a specially-crafted PDF file,...

Python: Arbitrary code execution through SimpleXMLRPCServer

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...

OpenMotif: Multiple vulnerabilities in libXpm

Background OpenMotif provides a free version of the Motif toolkit for open source applications. Description Multiple vulnerabilities, such as buffer overflows, out of bounds memory access or directory traversals, have been discovered in libXpm that is shipped as a part of the X Window System see...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL's contains several vulnerabilities: John Heasman discovered that the LOAD extension is vulnerable to local privilege escalation CAN-2005-0227. It is possible to bypass the...

LessTif: Multiple vulnerabilities in libXpm

Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. Description Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of...

Newspost: Buffer overflow vulnerability

Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...

enscript: Multiple vulnerabilities

Background enscript is a powerful ASCII to PostScript file converter. Description Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames CAN-2004-1185, and it supporte...

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...

UW IMAP: CRAM-MD5 authentication bypass

Background UW IMAP is the University of Washington IMAP toolkit which includes POP3 and IMAP daemons. Description A logic bug in the code handling CRAM-MD5 authentication incorrectly specifies the condition for successful authentication. Impact An attacker could exploit this vulnerability to...

FireHOL: Insecure temporary file creation

Background FireHOL is an iptables rules generator. Description FireHOL insecurely creates temporary files with predictable names. Impact A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten wit...

ClamAV: Multiple issues

Background ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and a command line scanner. Description ClamAV fails to properly scan ZIP files with special headers CAN-2005-0133 and base64 encoded images in URLs. Impact By sending a base64 encoded image file in a URL an attacker...

ncpfs: Multiple vulnerabilities

Background ncpfs is a NCP protocol network filesystem driver that allows access to NetWare services, to mount volumes of NetWare servers or print to NetWare print queues. Description Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable...

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

f2c: Insecure temporary file creation

Background f2c is a Fortran to C translator. Portage uses this package in some ebuilds to build Fortran sources. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact...

VDR: Arbitrary file overwriting issue

Background Video Disk Recorder VDR is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that V...

ngIRCd: Buffer overflow

Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description Florian Westphal discovered a buffer overflow caused by an integer underflow in the ListsMakeMask function of lists.c. Impact A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and...

SquirrelMail: Multiple vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...

GraphicsMagick: PSD decoding heap overflow

Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. GraphicsMagick is originally derived from ImageMagick 5.5.2. Description Andrei Nigmatulin discovered that handling a Photoshop Document PSD file with more than 24 layers in ImageMagick could...

Perl: rmtree and DBI tmpfile vulnerabilities

Background Perl is a cross platform programming language. The DBI is the standard database interface module for Perl. Description Javier Fernandez-Sanguino Pena discovered that the DBI library creates temporary files in an insecure, predictable way CAN-2005-0077. Paul Szabo found out that...

AWStats: Remote code execution

Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...

Evolution: Integer overflow in camel-lock-helper

Background Evolution is a GNOME groupware application similar to Microsoft Outlook. Description Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default. Impact A local attacker could exploit this vulnerability to execute...

Konversation: Various vulnerabilities

Background Konversation is a user-friendly IRC client for KDE. Description Wouter Coekaerts has discovered three vulnerabilities within Konversation: The Server::parseWildcards function, which is used by the "Quick Buttons", does not properly handle variable expansion CAN-2005-0129. Perl scripts...

MySQL: Insecure temporary file creation

Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the 'mysqlaccess' script creates temporary files in world-writeable directories with predictable names. Impact A local...

teTeX, pTeX, CSTeX: Multiple vulnerabilities

Background teTeX is a complete and open source TeX distribution. CSTeX is another TeX distribution including Czech and Slovak support. pTeX is another alternative that allows Japanese publishing with TeX. xdvizilla is an auxiliary script used to integrate DVI file viewing in Mozilla-based browser...

KPdf, KOffice: Stack overflow in included Xpdf code

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact An attacker cou...

Mailman: Cross-site scripting vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman. Impact By enticing a user to visiting a specially-crafted URL, an attacker c...

CUPS: Stack overflow in included Xpdf code

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...

Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2

Background Xpdf is an open source viewer for Portable Document Format PDF files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. Description iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Leng...

ImageMagick: PSD decoding heap overflow

Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description Andrei Nigmatulin discovered that a Photoshop Document PSD file with more than 24 layers could trigger a heap overflow. Impact An attacker could potentially design a mailicous PSD ima...