CVE-2007-1351

CVE-2007-1351 is an integer overflow in the FreeType/bdf loader path: bdfReadCharacters in bdfread.c causes a heap overflow when parsing crafted BDF fonts. Affected products include X.Org libXfont before 20070403 and FreeType 2.3.2 and earlier. Exploitation could lead to remote code execution on ...

CVE-2008-1078

CVE-2008-1078 affects the expn component of am-utils (and related net-fs usage) on Gentoo, rPath Linux, and other distros. The issue is an insecure temporary-file handling in expn that allows a local user to perform a symlink attack on expn[PID], enabling overwriting of arbitrary files. This vuln...

CVE-2008-3138

The CVE-2008-3138 issue affectsWireshark (Ethereal) versions 0.99.3–1.0.0, specifically the (1) PANA and (2) KISMET dissectors. The connected documents specify that remote attackers can trigger a denial of service, causing the application to stop, via unknown vectors. The root cause and affected ...

CVE-2007-5686

CVE-2007-5686 affects initscripts on rPath Linux 1. It sets insecure permissions on /var/log/btmp, allowing local users to read sensitive information about authentication attempts. The advisory notes that sshd logging of failed remote authentication attempts may also be affected because SSHD dete...

CVE-2008-3139

The CVE-2008-3139 issue affects Wireshark (formerly Ethereal) with the RTMPT dissector vulnerable in versions 0.99.8 through 1.0.0, allowing remote denial of service (crash). The description cites a possible use-after-free root cause, but the exact exploit vectors are not detailed here. Several O...

CVE-2007-0536

The CVE-2007-0536 issue affects rPath Linux 1: the rMake chroot helper fails to drop supplemental groups, causing packages to be installed with insecure permissions and potentially enabling local privilege escalation. Root cause: missing drop of supplemental groups in the chroot helper. Impact: l...