3816 matches found
Gaim: Multiple vulnerabilities
Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
Background The Apache HTTP server is one of the most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description A flaw has been found in modssl where the "SSLCipherSuite" directive could be bypassed in certain...
glibc: Insecure tempfile handling in catchsegv script
Background glibc is a package that contains the GNU C library. Description The catchsegv script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere o...
Xpdf, CUPS: Multiple integer overflows
Background Xpdf is an open source viewer for Portable Document Format PDF files. The Common UNIX Printing System CUPS is a cross-platform print spooler that includes some Xpdf code. Description Chris Evans discovered multiple integer overflow issues in Xpdf. Impact An attacker could entice an use...
Ghostscript: Insecure temporary file use in multiple scripts
Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...
OpenOffice.org: Temporary files disclosure
Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When ...
Squid: Remote DoS vulnerability
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A parsing error exists in t...
PostgreSQL: Insecure temporary file use in make_oidjoins_check
Background PostgreSQL is an open source database based on the POSTGRES database management system. It includes several contributed scripts including the makeoidjoinscheck script. Description The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with...
phpMyAdmin: Vulnerability in MIME-based transformation system
Background phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode,...
BNC: Input validation flaw
Background BNC is an IRC proxying server Description A flaw exists in the input parsing of BNC where part of the sbufgetmsg function handles the backspace character incorrectly. Impact A remote user could issue commands using fake authentication credentials and possibly gain access to scripts...
WordPress: HTTP response splitting and XSS vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact A malicious user could inject...
tiff: Buffer overflows in image decoding
Background The tiff library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE, to help in displaying TIFF images. xv is a multi-format image manipulation utility that is statically linked to the tiff library...
gettext: Insecure temporary file handling
Background gettext is a set of utilities for the GNU Translation Project which provides a set of tools and documentation to help produce multi-lingual messages in programs. Description gettext insecurely creates temporary files in world-writeable directories with predictable names. Impact A local...
ed: Insecure temporary file handling
Background ed is a line-oriented text editor, used to create or modify text files, both interactively and via shell scripts. Description ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by...
LessTif: Integer and stack overflows in libXpm
Background LessTif is a clone of OSF/Motif, which is the standard user interface toolkit available on Unix and Linux. Description Chris Evans has discovered various integer and stack overflows in libXpm, which is shipped as a part of the X Window System. LessTif, an application that includes this...
ncompress: Buffer overflow
Background ncompress is a utility handling compression and decompression of Lempel-Ziv archives, compatible with the original nix compress and uncompress utilities .Z extensions. Description compress and uncompress do not properly check bounds on command line options, including the filename. Larg...
CUPS: Leakage of sensitive information
Background The Common UNIX Printing System CUPS is a cross-platform print spooler. Description When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile. Impact A local user could gain knowledge of sensitive authentication data. Workaround...
Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASLPATH...
PHP: Memory disclosure and arbitrary location file upload
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefano Di Paola discovered two bugs in PHP. The first is a parse...
NetKit-telnetd: buffer overflows in telnet and telnetd
Background NetKit-telnetd is a standard Linux telnet client and server from the NetKit utilities. Description A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer. Additionaly, another possibl...
Netpbm: Multiple temporary file issues
Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...
sharutils: Buffer overflows in shar.c and unshar.c
Background sharutils contains utilities to manage shell archives. Description sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow i...
Subversion: Metadata information leak
Background Subversion is a versioning system designed to be a replacement for CVS. modauthzsvn is an Apache module to do path-based authentication for Subversion repositories. Description There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas...
X.org, XFree86: Integer and stack overflows in libXpm
Background XFree86 and X.org are both implementations of the X Window System. Description Chris Evans has discovered multiple integer and stack overflow vulnerabilities in the X Pixmap library, libXpm, which is a part of the X Window System. These overflows can be exploited by the execution of a...
Apache: Exposure of protected directories
Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...
getmail: Filesystem overwrite vulnerability
Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...
jabberd 1.x: Denial of Service vulnerability
Background Jabber is a set of streaming XML protocols enabling message, presence, and other structured information exchange between two hosts. jabberd is the original implementation of the Jabber protocol server. Description Jose Antonio Calvo found a defect in routines handling XML parsing of...
FreeRADIUS: Multiple Denial of Service vulnerabilities
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description There are undisclosed defects in the way FreeRADIUS handles incorrect received packets. Impact A remote attacker could send specially-crafted packets to the FreeRADIUS server to deny service to other...
xine-lib: Multiple vulnerabilities
Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description xine-lib contains two stack-based overflows and one heap-based overflow. In the code reading VCD disc labels, the ISO disc label is copied into an unprotected stack buffer of fixed size...
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities
Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library as well as shipped with GTK+ 2. Description A vulnerability has been discovered in the BMP image preprocessor...
glFTPd: Local buffer overflow vulnerability
Background glFTPd is a highly configurable FTP server with many features. Description The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' program. This vulnerability is due to an unsafe strcpy call which can cause the program to crash when a large argument is passed. Impact A...
CUPS: Denial of service vulnerability
Background The Common UNIX Printing System CUPS is a cross-platform print spooler. Description Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing Protocol IPP implementation that allows remote attackers to cause CUPS to stop listening on the IPP port. Impact A remote user...
Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description...
Foomatic: Arbitrary command execution in foomatic-rip filter
Background Foomatic is a system for connecting printer drivers with spooler systems such as CUPS and LPD. The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description There is a vulnerability in the foomatic-filters package. This vulnerability is...
SnipSnap: HTTP response splitting
Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...
Heimdal: ftpd root escalation
Background Heimdal is an implementation of Kerberos 5. Description Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution...
phpGroupWare: XSS vulnerability in wiki module
Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...
Apache 2, mod_dav: Multiple vulnerabilities
Background The Apache HTTP server is one of most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for it and moddav is the Apache module for Distributed Authoring and Versioning DAV. Description A potential infinite loop has been found in the input filter of modss...
mpg123: Buffer overflow vulnerability
Background mpg123 is a MPEG Audio Player. Description mpg123 contains a buffer overflow in the code that handles layer2 decoding of media files. Impact An attacker can possibly exploit this bug with a specially-crafted mp3 or mp2 file to execute arbitrary code with the permissions of the user...
cdrtools: Local root vulnerability in cdrecord if set SUID root
Background The cdrtools package is a set of tools for CD recording, including the popular cdrecord command-line utility. Description Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By default,...
SUS: Local root vulnerability
Background SUS is a utility that allows regular users to be able to execute certain commands as root. Description Leon Juranic found a bug in the logging functionality of SUS that can lead to local privilege escalation. A format string vulnerability exists in the log function due to an incorrect...
Samba: Denial of Service vulnerabilities
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. smbd and nmbd are two daemons used by the Samba server. Description There is a defect in smbd's ASN.1 parsing. A bad packet received during t...
Webmin, Usermin: Multiple vulnerabilities in Usermin
Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also...
Samba: Remote printing non-vulnerability
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Due to a bug in the printernotifyinfo function, authorized users could potentially crash their smbd process by sending improperly...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...
ImageMagick, imlib, imlib2: BMP decoding buffer overflows
Background ImageMagick is a suite of image manipulation utilities and libraries used for a wide variety of image formats. imlib is a general image loading and rendering library. Description Due to improper bounds checking, ImageMagick and imlib are vulnerable to a buffer overflow when decoding...
star: Suid root vulnerability
Background star is an enhanced tape archiver, much like tar, that is recognized for it's speed as well as it's enhanced mt/rmt support. Description A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access. Impact Attackers with local user level...
multi-gnome-terminal: Information leak
Background multi-gnome-terminal is an enhanced terminal emulator that is derived from gnome-terminal. Description multi-gnome-terminal contains debugging code that has been known to output active keystrokes to a potentially unsafe location. Output has been seen to show up in the '.xsession-errors...
MIT krb5: Multiple vulnerabilities
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The implementation of the Key Distribution Center KDC and the MIT krb5 library contain double-free vulnerabilities, making client programs as we...
Ruby: CGI::Session creates files insecurely
Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...