ClamAV VirusEvent parameter vulnerability

Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...

OpenOffice.org vulnerability when using DAV servers

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV...

Multiple vulnerabilities in LHa

Background LHa is a console-based program for packing and unpacking LHarc archives. Description Ulf Harnhammar found two stack overflows and two directory traversal vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurs when testing or extracting archives containing long file or...

Multiple format string vulnerabilities in neon 0.24.4 and earlier

Background neon provides an HTTP and WebDAV client library. Description There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the process using libneon. Impact An attacker may be able to execute arbitra...

Multiple Vulnerabilities in Samba

Background Samba is a package which allows UNIX systems to act as file servers for Windows computers. It also allows UNIX systems to mount shares exported by a Samba/CIFS/Windows server. smbmount is a program in the Samba package which allows normal users on a UNIX system to mount remote shares...

Multiple vulnerabilities in xine

Background xine is a multimedia player allowing to play back CDs, DVDs, and VCDs and decoding multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet. It is available in Gentoo as a reusable library xine-lib with a standard user...

Buffer overflows and format string vulnerabilities in LCDproc

Background LCDproc is a program that displays various bits of real-time system information on an LCD. It makes use of a local server LCDd to collect information to display on the LCD. Description Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer...

Multiple Vulnerabilities in ssmtp

Background SSMTP is a very simple mail transfer agent MTA that relays mail from the local machine to another SMTP host. It is not designed to function as a full mail server; its sole purpose is to relay mail. Description There are two format string vulnerabilities inside the logevent and die...

ipsec-tools and iputils contain a remote DoS vulnerability

Background From http://ipsec-tools.sourceforge.n et/ "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation." iputils is a collection of network monitoring tools, including racoon, ping and ping6. Description When racoon receives an ISAKMP header, it allocates memo...

Multiple new security vulnerabilities in monit

Background Monit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system. Description Monit has several vulnerabilities in its HTTP interface : a buffer overflow vulnerability in the authentication handling code and a...

Multiple format string vulnerabilities in cadaver

Background According to http://www.webdav.org/cadaver, cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations move/copy, collection creation and deletion, and locking operations. Description Cadaver code includes the neon...

XChat 2.0.x SOCKS5 Vulnerability

Background XChat is a multiplatform IRC client. Description The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server...

CVS Server and Client Vulnerabilities

Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...

Scorched 3D server chat box format string vulnerability

Background Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Description Scorched 3D build 36.2 a...

iproute local Denial of Service vulnerability

Background iproute is a set of tools for managing linux network routing and advanced features. Description It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition. Impact Local users cou...

Multiple Vulnerabilities in pwlib

Background pwlib is a multi-platform library designed for OpenH323. Description Multiple vulnerabilities have been found in the implimentation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously...

Cross-realm trust vulnerability in Heimdal

Background Heimdal is a free implementation of Kerberos 5. Description Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Impact Remote attackers with...

GNU Automake symbolic link vulnerability

Background Automake is a tool for automatically generating Makefile.in' files which is often used in conjuction with Autoconf and other GNU Autotools to ease portability among applications. It also provides a standardized and light way of writing complex Makefiles through the use of many built-in...

ipsec-tools contains an X.509 certificates vulnerability.

Background From http://ipsec-tools.sourceforge.net/ : "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation." Description racoon a utility in the ipsec-tools package does not verify digital signatures on Phase1 packets. This means that anybody holding the correct...

ClamAV RAR Archive Remote Denial Of Service Vulnerability

Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...

Util-linux login may leak sensitive data

Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...

Multiple vulnerabilities in sysstat

Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools Description There are two vulnerabilities in the way sysstat handles symlinks: 1. The isag utility, which displays sysstat data in a graphical format,...

KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability

Background KDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts. Description A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system. Impact A remote attacker may unauthorized...

Insecure sandbox temporary lockfile vulnerabilities in Portage

Background Portage is Gentoo's package management system which is responsible for installing, compiling and updating any ebuilds on the system through the Gentoo rsync tree. Under default configurations, most ebuilds run under a sandbox which prevent the build process writing to the "real" system...

Tcpdump Vulnerabilities in ISAKMP Parsing

Background Tcpdump is a program for monitoring IP network traffic. Libpcap is a supporting library which is responsibile for capturing packets off a network interface. Description There are two specific vulnerabilities in tcpdump, outlined in reference 1 . In the first scenario, an attacker may...

OpenLDAP DoS Vulnerability

Background OpenLDAP is a suite of LDAP-related application and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, and various LDAP libraries, utilities and example clients. Description A password extended operation password EXOP which...

Remote buffer overflow in MPlayer

Background Quote from http://mplayerhq.hu "MPlayer is a movie player for LINUX runs on many other Unices, and non-x86 CPUs, see the documentation. It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native,...

Multiple Security Vulnerabilities in Monit

Background Monit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system. Description A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation...

Fetchmail 6.2.5 fixes a remote DoS

Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...

Squid ACL [url_regex] bypass vulnerability

Background Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A bug in Squid allows use...

oftpd DoS vulnerability

Background Quote from http://www.time-travellers .org/oftpd/ "oftpd is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot command to hide most of the systems directories from external users - they cannot change...

Buffer overflow in Midnight Commander

Background Midnight Commander is a visual file manager. Description A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem. Impact This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process. Workaround While...

Multiple remote overflows and vulnerabilities in Ethereal

Background Quote from http://www.ethereal.com "Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in...

UUDeview MIME Buffer Overflow

Background UUDeview is a program which is used to transmit binary files over the Internet in a text-only format. It is commonly used for email and Usenet attachments. It supports multiple encoding formats, including Base64, BinHex and UUEncoding. Description By decoding a MIME archive with...

Multiple remote buffer overflow vulnerabilities in Courier

Background Courier MTA is a multiprotocol mail server suite that provides webmail, mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server that gives IMAP access to local mailboxes. Description The vulnerabilities have been found in the 'SHIFTJIS' converter in 'shiftjis.c' and...

Multiple security vulnerabilities in Apache 2

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description Thre...

Multiple OpenSSL Vulnerabilities

Background The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library...

Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Background Description Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096...

Linux kernel do_mremap local privilege escalation vulnerability

Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...

phpMyAdmin < 2.5.6-rc1: possible attack against export.php

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databased over the Web. Description One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to include...

Clam Antivirus DoS vulnerability

Background Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AV also provides a command line scanner and a tool for fetching updates of the virus database. Description Oliver Eikemeier of Fillmore Labs discovered the...

Updated kernel packages fix the AMD64 ptrace vulnerability

Background Description A vulnerability has been discovered by Andi Kleen in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges. The Common Vulnerabilities and Exposures project, http://cve.mitre.org, has assigned...

XFree86 Font Information File Buffer Overflow

Background XFree86, provides a client/server interface between display hardware and the desktop environment while also providing both the windowing infrastructure and a standardized API. XFree86 is platform independent, network-transparent and extensible. Description Exploitation of a buffer...

Monkeyd Denial of Service vulnerability

Background The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server. Description A bug in the URI processing of incoming requests allows for a Denial of Service to be launched agains...

Gallery 1.4.1 and below remote exploit vulnerability

Background Gallery is an open source image management system written in PHP. More information is available at http://gallery.sourceforge.net Description Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour of the PHP 'registerglobals' variable in environments where that...

PHP setting leaks from .htaccess files on virtual hosts

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...

Apache mod_python Denial of Service vulnerability

Background Modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description The Apache Foundation has reported that modpython may be prone to Denial of Service attacks when handling a malformed query. Modpython...

GAIM 0.75 Remote overflows

Background Gaim is a multi-platform and multi-protocol instant messaging client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, and the Zephyr networks. Description Yahoo changed the authentication methods to their IM servers, rendering GAIM useless. The GAIM team...

Honeyd remote detection vulnerability via a probe packet

Background Honeyd is a virtual honeypot daemon that can simulate virtual hosts on unallocated IP addresses. Description A bug in handling NMAP fingerprints caused Honeyd to reply to TCP packets with both the SYN and RST flags set. Watching for replies, it is possible to detect IP addresses...

Linux kernel do_mremap() local privilege escalation vulnerability

Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...