Lucene search
SuseSUSE-SA:2004:041HistoryNov 17, 2004 - 4:17 p.m.
remote system compromise in xshared, XFree86-libs, xorg-x11-libs
2004-11-1716:17:43
lists.opensuse.org
9
0.009 Low
EPSS
Percentile
80.4%
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows - out-of-bounds memory access - shell command execution - path traversal - endless loops By providing a special image these bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges.
Solution
No workaround exists to protect against these bugs.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.0 | x86_64 | xfree86-libs | < 4.3.0.1-57 | XFree86-libs-4.3.0.1-57.x86_64.rpm |
| openSUSE | 9.1 | x86_64 | xfree86-libs | < 4.3.99.902-43.35.3 | XFree86-libs-4.3.99.902-43.35.3.x86_64.rpm |
| openSUSE | 8.1 | i586 | xshared | < 4.2.0-269 | xshared-4.2.0-269.i586.rpm |
| openSUSE | 9.2 | i586 | xorg-x11-libs | < 6.8.1-15.3 | xorg-x11-libs-6.8.1-15.3.i586.rpm |
| openSUSE | 8.2 | i586 | xfree86-libs | < 4.3.0-132 | XFree86-libs-4.3.0-132.i586.rpm |
| openSUSE | 9.2 | x86_64 | xorg-x11-libs-32bit | < 9.2-200411100529 | xorg-x11-libs-32bit-9.2-200411100529.x86_64.rpm |
| openSUSE | 9.1 | i586 | xfree86-libs | < 4.3.99.902-43.35.3 | XFree86-libs-4.3.99.902-43.35.3.i586.rpm |
| openSUSE | 9.0 | i586 | xfree86-libs | < 4.3.0.1-57 | XFree86-libs-4.3.0.1-57.i586.rpm |
Related
slackware
slackware
[slackware-security] apache+mod_ssl
2004-11-01 08:00:31
[slackware-security] apache, mod_ssl, php
2004-10-26 00:40:01
openvas
openvas
SLES9: Security update for apache
2009-10-10 00:00:00
SLES9: Security update for apache
2009-10-10 00:00:00
Slackware Advisory SSA:2004-305-01 apache+mod_ssl
2012-09-11 00:00:00
nessus
nessus
Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache, mod_ssl, php (SSA:2004-299-01)
2005-07-13 00:00:00
RHEL 2.1 : apache, mod_ssl (RHSA-2004:600)
2004-12-14 00:00:00
Apache mod_include get_tag() Function Local Overflow
2004-10-25 00:00:00
redhat
redhat
(RHSA-2004:600) apache, mod_ssl security update
2004-12-13 00:00:00
(RHSA-2004:245) apache, mod_ssl security update
2004-06-14 00:00:00
(RHSA-2004:562) httpd security update
2004-11-12 00:00:00
f5
f5
Buffer overflow in mod_include - CAN-2004-0940
2007-05-17 04:00:00
K3279 : Heap-based buffer overflow in mod_proxy - CAN-2004-0492
2013-03-29 00:00:00
SOL3279 - Heap-based buffer overflow in mod_proxy - CAN-2004-0492
2007-05-16 00:00:00
osv
osv
apache - buffer overflows
2004-11-17 00:00:00
apache - buffer overflow
2004-06-24 00:00:00
ubuntucve
ubuntucve
cve
cve
freebsd
freebsd
apache mod_include buffer overflow vulnerability
2004-10-22 00:00:00
mod_ssl -- SSLCipherSuite bypass
2004-10-01 00:00:00
apache -- heap overflow in mod_proxy
2004-06-10 00:00:00
debian
debian
[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution
2004-11-17 12:05:54
[SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy
2004-06-25 21:04:06
[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution
2004-11-17 12:05:54
httpd
httpd
Apache Httpd < 1.3.33 : mod_include overflow
2004-10-21 00:00:00
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
2004-10-01 00:00:00
Apache Httpd < 1.3.32 : mod_proxy buffer overflow
2003-06-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache mod_include Buffer Overflow (CVE-2004-0940)
2010-07-07 00:00:00
gentoo
gentoo
Apache 1.3: Buffer overflow vulnerability in mod_include
2004-11-02 00:00:00
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
2004-10-21 00:00:00
Apache 1.3: Buffer overflow in mod_proxy
2004-06-21 00:00:00
debiancve
debiancve
CVE-2004-0885
2004-11-03 05:00:00
suse
suse
potential remote buffer overflow in samba
2004-11-15 22:07:05
securityvulns
securityvulns
[SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy
2004-06-26 00:00:00
cert
cert
Apache HTTP Server contains a buffer overflow in the mod_proxy module
2004-10-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00