|
|
| |
|
| |
Security
The BitTorrent file sharing system is in the news this week for a couple of
reasons. The first of those is that BitTorrent has announced a beta with "Trackerless"
publishing, which allows users to share files without maintaining a
centralized tracker. The protocol is also in the news, predictably, due to
the release of "Star Wars III: Revenge of the Sith." The Motion Picture
Association of America (MPAA) has used the publicity around the movie to
launch another
attack on BitTorrent. Predictably, "Sith" did end up being available
via BitTorrent, and 20th Century FOX is already issuing takedown
notices to ISPs.
The trackerless technology is also getting attention as a tool
to share illegal content, with no mention of the legitimate uses of
BitTorrent.
Given the coverage of "trackerless" BitTorrents so far, some might think
that offering a "trackerless" BitTorrent would prevent detection by
companies like BayTSP. However,
"trackerless" is a far cry from anonymous. While a tracker site presents an
obvious target for entertainment industry lawyers, there's nothing about
so-called trackerless publishing that prevents detection.
As one might have surmised already, trackerless is actually a misnomer. In
fact, as the BitTorrent press release acknowledges, it's actually a
"lightweight tracker." To share a "trackerless" file, a user
generates a .torrent file in much the same way that one would generate a
normal .torrent tracker. This file still need to be published via a website
and public Internet connection. As the BitTorrent page says, "Anyone
with a website and an Internet connection can host a BitTorrent
download!"
Individuals who share files using trackerless BitTorrent may have a better
chance of flying under the radar, and once a file has been shared by the
original owner there's no need for that user to maintain their tracker, but
it's not anonymity.
BitTorrent isn't the first to offer trackerless support. The Azureus project, for example,
also offers an "embedded tracker" that
allows users to share torrents directly. However, the two technologies seem
to be incompatible at the moment.
The trackerless system is more convenient for users who are looking to
share content legally. Once a user has seeded the network with a file,
there's no need for that user to continue hosting their tracker, though
this also makes the trackerless system less reliable than having a
centralized tracker.
It should also be noted that users should think twice before sharing
movies, music or other content illegally. The entertainment industry has
traditionally gone after uploaders only, but BitTorrent users who share
files are uploaders
as well as downloaders.
While LWN would not encourage sharing copyrighted material illegally, there
are alternatives for users who want to remain anonymous for other
reasons. For example, the Electronic Frontier Foundation has sponsored
development of an anonymous system called Tor, which can be used for browsing,
publishing, SSH and BitTorrent. We'll be looking at Tor on this page
within the next couple of weeks.
Comments (1 posted)
New vulnerabilities
cdrdao: local root vulnerability
| Package(s): | cdrdao |
CVE #(s): | CAN-2002-0137
CAN-2002-0138
|
| Created: | May 19, 2005 |
Updated: | May 25, 2005 |
| Description: |
The cdrdao CD burning utility has two vulnerabilities.
Local users can use the show-data command to read arbitrary files,
and local users can overwrite arbitrary files via a symlink attack on
the ~/.cdrdao config file. This can be exploited to gain root
privileges. |
| Alerts: |
|
Comments (none posted)
cheetah: untrusted module search path
| Package(s): | cheetah |
CVE #(s): | |
| Created: | May 19, 2005 |
Updated: | May 25, 2005 |
| Description: |
Cheetah, a Python template engine and code generator,
has a vulnerability in the module importing code that can
be used by a local user to gain escalated privileges. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
Net-SNMP: fixproc insecure temporary file creation
| Package(s): | net-snmp |
CVE #(s): | CAN-2005-1740
|
| Created: | May 23, 2005 |
Updated: | July 13, 2005 |
| Description: |
The fixproc application of Net-SNMP creates temporary files with
predictable filenames. |
| Alerts: |
|
Comments (1 posted)
OpenSSL: information leak
| Package(s): | openssl |
CVE #(s): | CAN-2005-0109
|
| Created: | May 23, 2005 |
Updated: | October 11, 2005 |
| Description: |
Hyper-Threading technology, as used in FreeBSD other operating systems and
implemented on Intel Pentium and other processors, allows local users to
use a malicious thread to create covert channels, monitor the execution of
other threads, and obtain sensitive information such as cryptographic keys,
via a timing attack on memory cache misses. See this LWN article for more information. |
| Alerts: |
|
Comments (none posted)
pam: local vulnerability
| Package(s): | pam |
CVE #(s): | CAN-2003-0388
|
| Created: | May 19, 2005 |
Updated: | May 25, 2005 |
| Description: |
The pam_wheel module has a vulnerability involving the proper
manipulation of the /var/log/lastlog entry for users with high
UID numbers. Local users can use this to spoof the getlogin() username
and obtain root privileges. |
| Alerts: |
|
Comments (none posted)
ppxp: missing privilege release
| Package(s): | ppxp |
CVE #(s): | CAN-2005-0392
|
| Created: | May 19, 2005 |
Updated: | July 5, 2005 |
| Description: |
The ppxp PPP program has a log file vulnerability that can
allow the root privileges used by the software to remain active,
enabling the opening of a root shell by a local user. |
| Alerts: |
|
Comments (none posted)
Qpopper: multiple vulnerabilities
| Package(s): | qpopper |
CVE #(s): | CAN-2005-1151
CAN-2005-1152
|
| Created: | May 23, 2005 |
Updated: | May 26, 2005 |
| Description: |
Jens Steube discovered that Qpopper doesn't drop privileges to process
local files from normal users (CAN-2005-1151). The upstream developers
discovered that Qpopper can be forced to create group or world
writeable files (CAN-2005-1152). |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
cpio - file permissions error
| Package(s): | cpio |
CVE #(s): | CAN-1999-1572
|
| Created: | February 2, 2005 |
Updated: | July 19, 2005 |
| Description: |
Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions. |
| Alerts: |
|
Comments (none posted)
cURL: buffer overflow
| Package(s): | curl |
CVE #(s): | CAN-2005-0490
|
| Created: | February 28, 2005 |
Updated: | July 19, 2005 |
| Description: |
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and
possibly other versions, allow remote malicious web servers to execute
arbitrary code via base64 encoded replies that exceed the intended buffer
lengths when decoded. |
| Alerts: |
|
Comments (none posted)
cvs: multiple vulnerabilities
| Package(s): | cvs |
CVE #(s): | CAN-2005-0753
|
| Created: | April 18, 2005 |
Updated: | July 13, 2005 |
| Description: |
CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error.
These can be used to launch a remote denial of service or to remotely
execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 10, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dhcp: format string vulnerability
| Package(s): | dhcp |
CVE #(s): | CAN-2004-1006
|
| Created: | November 4, 2004 |
Updated: | July 13, 2005 |
| Description: |
Dhcp has a format string vulnerability in the log functions of dhcp 2.x
that may be exploited via a malicious DNS server. |
| Alerts: |
|
Comments (none posted)
Dnsmasq: poisoning and DoS
| Package(s): | dnsmasq |
CVE #(s): | |
| Created: | April 4, 2005 |
Updated: | July 21, 2005 |
| Description: |
Dnsmasq does not properly detect that DNS replies received do not
correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux
Security Audit team also discovered two off-by-one buffer overflows that
could crash DHCP lease files parsing. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
Ethereal: numerous vulnerabilities
Comments (none posted)
evolution: arbitrary code execution
| Package(s): | evolution |
CVE #(s): | CAN-2005-0102
|
| Created: | January 24, 2005 |
Updated: | May 19, 2005 |
| Description: |
Max Vozeler discovered an integer overflow in camel-lock-helper. A
user-supplied length value was not validated, so that a value of -1
caused a buffer allocation of 0 bytes; this buffer was then filled by
an arbitrary amount of user-supplied data. A local attacker or a malicious
POP3 server could exploit this to execute arbitrary code with root
privileges (because camel-lock-helper is installed as setuid root). |
| Alerts: |
|
Comments (1 posted)
evolution: message crash vulnerability
| Package(s): | evolution |
CVE #(s): | CAN-2005-0806
|
| Created: | March 17, 2005 |
Updated: | August 11, 2005 |
| Description: |
The Evolution mail client can be crashed when reading
certain types of messages. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
Comments (2 posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
FreeRADIUS: buffer overflow and SQL injection
| Package(s): | freeradius |
CVE #(s): | CAN-2005-1454
CAN-2005-1455
|
| Created: | May 17, 2005 |
Updated: | June 23, 2005 |
| Description: |
Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS
1.0.2 and earlier may be vulnerable to a buffer overflow. He also
discovered that FreeRADIUS fails to sanitize user-input before using it in
a SQL query, possibly allowing SQL command injection. |
| Alerts: |
|
Comments (1 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
gftp: missing input sanitizing
| Package(s): | gftp |
CVE #(s): | CAN-2005-0372
CAN-2004-1376
|
| Created: | February 17, 2005 |
Updated: | July 13, 2005 |
| Description: |
gftp has a directory traversal vulnerability.
A remote server could use specially crafted filenames to overwrite
local files.
|
| Alerts: |
|
Comments (none posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: Information leak with LD_DEBUG
| Package(s): | glibc |
CVE #(s): | CAN-2004-1453
|
| Created: | August 17, 2004 |
Updated: | May 26, 2005 |
| Description: |
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidential information.
An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precedence over those
symbols to gain information or perform further exploitation. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnupg: information leak
| Package(s): | gnupg |
CVE #(s): | CAN-2005-0366
|
| Created: | March 16, 2005 |
Updated: | August 19, 2005 |
| Description: |
GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see." |
| Alerts: |
|
Comments (none posted)
GnuTLS: Denial of Service vulnerability
| Package(s): | gnutls |
CVE #(s): | CAN-2005-1431
|
| Created: | May 9, 2005 |
Updated: | June 1, 2005 |
| Description: |
GnuTLS 1.2.3 and 1.0.25 have been
released, fixing a denial of service problem. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gzip: race condition and directory traversal
| Package(s): | gzip |
CVE #(s): | CAN-2005-0988
CAN-2005-1228
|
| Created: | May 4, 2005 |
Updated: | July 13, 2005 |
| Description: |
gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
|
| Alerts: |
|
Comments (none posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
ImageMagick: heap corruption
| Package(s): | ImageMagick |
CVE #(s): | CAN-2005-1275
|
| Created: | April 28, 2005 |
Updated: | May 25, 2005 |
| Description: |
ImageMagick 6.2.1 and earlier has a heap corruption problem
in the pnm coder. |
| Alerts: |
|
Comments (1 posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 10, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
infozip: privilege escalation, directory-traversal
| Package(s): | infozip |
CVE #(s): | CAN-2003-0282
CAN-2004-1010
CAN-2005-0602
|
| Created: | May 2, 2005 |
Updated: | August 1, 2005 |
| Description: |
InfoZip reports that Zip 2.3 and
(presumably) all previous versions have a buffer-overrun vulnerability
relating to deep directory paths that could potentially lead to local
privilege escalation (e.g., in the case of automated, Zip-based backups).
All versions of UnZip through 5.50 have a number of directory-traversal
vulnerabilities. |
| Alerts: |
|
Comments (1 posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdelibs: unsanitzied input
| Package(s): | kdelibs |
CVE #(s): | CAN-2004-1165
|
| Created: | January 10, 2005 |
Updated: | July 19, 2005 |
| Description: |
Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2005-0400
CAN-2005-0749
CAN-2005-0750
CAN-2005-0815
CAN-2005-0839
|
| Created: | April 1, 2005 |
Updated: | July 1, 2005 |
| Description: |
More kernel vulnerabilities have been discovered including:
- Mathieu Lafon discovered
an information leak in the ext2 file system driver. (CAN-2005-0400)
- Yichen Xie discovered a Denial of Service vulnerability in the ELF
loader. (CAN-2005-0749)
- Ilja van Sprundel discovered that the bluez_sock_create() function
did not check its "protocol" argument for negative values.
(CAN-2005-0750)
- Michal Zalewski discovered that the iso9660 file system driver fails
to check ranges properly in several cases. (CAN-2005-0815)
- Previous kernels did not restrict the use of the N_MOUSE line
discipline in the serial driver. (CAN-2005-0839)
|
| Alerts: |
|
Comments (1 posted)
kernel: ELF loader core dump vulnerability
| Package(s): | kernel |
CVE #(s): | CAN-2005-1263
|
| Created: | May 11, 2005 |
Updated: | August 25, 2005 |
| Description: |
Paul Starzetz has posted an
advisory for yet another kernel vulnerability.
In this case, by using a specially manipulated ELF binary, a local attacker
can compromise the system (via the core dump code) and obtain root access.
This vulnerability affects all kernels from 2.2 through 2.6.12-rc4. |
| Alerts: |
|
Comments (none posted)
kernel: extended attribute denial of service
| Package(s): | kernel |
CVE #(s): | CAN-2005-0757
|
| Created: | May 18, 2005 |
Updated: | May 18, 2005 |
| Description: |
The extended attribute code (at least as backported by Red Hat into the 2.4 kernel) suffers from an offset handling error which can be exploited to cause a system crash. |
| Alerts: |
|
Comments (1 posted)
kernel: multiple vulnerabilities
Comments (none posted)
kimgio input validation errors
| Package(s): | kimgio |
CVE #(s): | CAN-2005-1046
|
| Created: | April 22, 2005 |
Updated: | July 19, 2005 |
| Description: |
KDE has issued a security advisory for
kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including
KDE 3.4. kimgio contains a PCX image file format reader that does not
properly perform input validation. A source code audit performed by the KDE
security team discovered several vulnerabilities in the PCX and other image
file format readers, some of them exploitable to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
Kommander untrusted code execution
| Package(s): | kommander |
CVE #(s): | CAN-2005-0754
|
| Created: | April 22, 2005 |
Updated: | May 20, 2005 |
| Description: |
KDE has issued a security advisory for
Kommander. Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0 are
vulnerable. Kommander executes without user confirmation data files from
possibly untrusted locations. As they contain scripts, the user might
accidentally run arbitrary code. |
| Alerts: |
|
Comments (none posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libnet-ssleay-perl: weakened cryptographic operations
| Package(s): | libnet-ssleay-perl |
CVE #(s): | CAN-2005-0106
|
| Created: | May 3, 2005 |
Updated: | January 27, 2006 |
| Description: |
Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CAN-2004-1308
|
| Created: | December 22, 2004 |
Updated: | May 19, 2005 |
| Description: |
The libtiff image manipulation library contains several exploitable buffer overflows. |
| Alerts: |
|
Comments (none posted)
libTIFF: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CAN-2005-1544
|
| Created: | May 10, 2005 |
Updated: | February 18, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
stack based buffer overflow in the libTIFF library when reading a TIFF
image with a malformed BitsPerSample tag. Successful exploitation would
require the victim to open a specially crafted TIFF image, resulting in the
execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
libXpm: new buffer overflows
| Package(s): | libXpm |
CVE #(s): | CAN-2005-0605
|
| Created: | March 4, 2005 |
Updated: | March 8, 2006 |
| Description: |
A new vulnerability has been discovered in libXpm, which is included in
OpenMotif and LessTif, that can potentially lead to remote code
execution. |
| Alerts: |
|
Comments (none posted)
lvm10: creates insecure temporary directory
| Package(s): | lvm10 |
CVE #(s): | CAN-2004-0972
|
| Created: | November 1, 2004 |
Updated: | July 25, 2005 |
| Description: |
Trustix Secure Linux discovered a vulnerability in a supplemental script of
the lvm10 package. The program "lvmcreate_initrd" created a temporary
directory in an insecure way, which could allow a symlink attack to create
or overwrite arbitrary files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
mailman: path traversal
| Package(s): | mailman |
CVE #(s): | CAN-2005-0202
|
| Created: | February 9, 2005 |
Updated: | July 13, 2005 |
| Description: |
The "private" module in the mailman mailing list manager fails to sanitize path names adequately. An attacker could exploit this vulnerability to retrieve private information, including passwords and private list archives.
This vulnerability was used to compromise the Full-Disclosure list. |
| Alerts: |
|
Comments (none posted)
mc: buffer overflow
| Package(s): | mc |
CVE #(s): | CAN-2005-0763
|
| Created: | March 29, 2005 |
Updated: | August 11, 2005 |
| Description: |
An unfixed buffer overflow has been discovered by Andrew V. Samoilov
in mc, the midnight commander, a file browser and manager. |
| Alerts: |
|
Comments (none posted)
MediaWiki: multiple vulnerabilities
| Package(s): | mediawiki |
CVE #(s): | CAN-2005-0534
CAN-2005-0535
CAN-2005-0536
|
| Created: | February 28, 2005 |
Updated: | June 13, 2005 |
| Description: |
A security audit of the MediaWiki project discovered that MediaWiki is
vulnerable to several cross-site scripting and cross-site request
forgery attacks, and that the image deletion code does not sufficiently
sanitize input parameters. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: remote access vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2005-0088
|
| Created: | February 10, 2005 |
Updated: | April 10, 2006 |
| Description: |
mod_python has a vulnerability in the publisher handler that may allow
a remote user to use a specially crafted URL to allow access to
objects that should be protected. An information leak can result. |
| Alerts: |
|
Comments (none posted)
Mozilla Firefox, Mozilla Suite: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | CAN-2005-0989
|
| Created: | April 19, 2005 |
Updated: | July 18, 2005 |
| Description: |
The following vulnerabilities were found and fixed in the Mozilla Suite
and Mozilla Firefox:
- Vladimir V. Perepelitsa reported a memory disclosure bug in
JavaScript's regular expression string replacement when using an
anonymous function as the replacement argument (CAN-2005-0989).
- moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM
nodes from the content window, allowing privilege escalation via DOM
property overrides.
- Michael Krax reported a possibility to run JavaScript code with
elevated privileges through the use of javascript: favicons.
- Michael Krax also discovered that malicious Search plugins could
run JavaScript in the context of the displayed page or stealthily
replace existing search plugins.
- shutdown discovered a technique to pollute the global scope of a
window in a way that persists from page to page.
- Doron Rosenberg discovered a possibility to run JavaScript with
elevated privileges when the user asks to "Show" a blocked popup that
contains a JavaScript URL.
- Finally, Georgi Guninski reported missing Install object instance
checks in the native implementations of XPInstall-related JavaScript
objects.
The following Firefox-specific vulnerabilities have also been
discovered:
- Kohei Yoshino discovered a new way to abuse the sidebar panel to
execute JavaScript with elevated privileges.
- Omar Khan reported that the Plugin Finder Service can be tricked to
open javascript: URLs with elevated privileges.
|
| Alerts: |
|
Comments (none posted)
mozilla suite/ mozilla firefox: remote compromise
| Package(s): | mozilla firefox |
CVE #(s): | CAN-2005-1476
CAN-2005-1477
|
| Created: | May 16, 2005 |
Updated: | May 23, 2005 |
| Description: |
Several vulnerabilities
in the Mozilla Suite (versions before 1.7.8) and Firefox (versions before
1.0.4) allow an attacker to conduct cross-site scripting attacks or to
execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
MPlayer: heap overflows
| Package(s): | mplayer |
CVE #(s): | |
| Created: | April 20, 2005 |
Updated: | July 12, 2005 |
| Description: |
Heap overflows have been found in the code handling RealMedia RTSP and
Microsoft Media Services streams over TCP (MMST). By setting up a
malicious server and enticing a user to use its streaming data, a remote
attacker could possibly execute arbitrary code on the client computer with
the permissions of the user running MPlayer. |
| Alerts: |
|
Comments (none posted)
MySQL: input validation and temporary file vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2005-0709
CAN-2005-0710
CAN-2005-0711
|
| Created: | March 16, 2005 |
Updated: | July 19, 2005 |
| Description: |
MySQL (prior to version 4.0.24) suffers from two input validation errors and a temporary file vulnerability.
|
| Alerts: |
|
Comments (none posted)
nasm: buffer overflow in the ieee_putascii() function
| Package(s): | nasm |
CVE #(s): | CAN-2005-1194
|
| Created: | May 17, 2005 |
Updated: | May 19, 2005 |
| Description: |
Josh Bressers discovered a buffer overflow in the ieee_putascii()
function of nasm 0.98 and earlier. If an attacker tricked a user into
assembling a malicious source file, they could exploit this to execute
arbitrary code with the privileges of the user that runs nasm. |
| Alerts: |
|
Comments (2 posted)
ncpfs: multiple vulnerabilities
| Package(s): | ncpfs |
CVE #(s): | CAN-2005-0013
CAN-2005-0014
|
| Created: | January 31, 2005 |
Updated: | May 15, 2006 |
| Description: |
Erik Sjolund discovered two vulnerabilities in the programs bundled
with ncpfs: there is a potentially exploitable buffer overflow in
ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities
using the NetWare client functions insecurely access files with
elevated privileges (CAN-2005-0013). |
| Alerts: |
|
Comments (none posted)
nfs-utils: arbitrary code execution
| Package(s): | nfs-utils |
CVE #(s): | CAN-2004-0946
|
| Created: | January 11, 2005 |
Updated: | February 27, 2006 |
| Description: |
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit
architectures; an improper integer conversion could lead to a buffer
overflow. An attacker with access to an NFS share could send a specially
crafted request which could then lead to the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
Oops!: Remote code execution
| Package(s): | oops |
CVE #(s): | CAN-2005-1121
|
| Created: | May 6, 2005 |
Updated: | May 20, 2005 |
| Description: |
A format string flaw has been detected in the my_xlog() function of the
Oops! proxy (in versions prior to 1.5.23), which is called by the
passwd_mysql and passwd_pgsql module's auth() functions. |
| Alerts: |
|
Comments (none posted)
openssh: directory traversal
| Package(s): | openssh |
CVE #(s): | CAN-2004-0175
|
| Created: | May 18, 2005 |
Updated: | July 13, 2005 |
| Description: |
The OpenSSH scp client can, when connected to a hostile server, be instructed to overwrite arbitrary files.
|
| Alerts: |
|
Comments (1 posted)
openssl: der_chop script temp file vulnerability
| Package(s): | openssl |
CVE #(s): | CAN-2004-0975
|
| Created: | November 11, 2004 |
Updated: | July 19, 2005 |
| Description: |
The der_chop script in openssl has a temp file vulnerability that may allow
an attacker to overwrite arbitrary files with the permissions that
the script is running under. |
| Alerts: |
|
Comments (1 posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
Opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | |
| Created: | February 14, 2005 |
Updated: | June 22, 2005 |
| Description: |
Opera is vulnerable to several vulnerabilities which could result in
information disclosure and facilitate execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
perl: setuid vulnerabilities
| Package(s): | perl |
CVE #(s): | CAN-2005-0155
CAN-2005-0156
|
| Created: | February 2, 2005 |
Updated: | August 11, 2006 |
| Description: |
There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access. |
| Alerts: |
|
Comments (none posted)
perl: symlink vulnerability
| Package(s): | perl |
CVE #(s): | CAN-2005-0448
|
| Created: | March 9, 2005 |
Updated: | January 30, 2006 |
| Description: |
The rmtree() function in the File:Path.pm module has a symlink vulnerability which could be exploited to create setuid binaries. |
| Alerts: |
|
Comments (none posted)
php4: integer overflow and denial of service
| Package(s): | php4 |
CVE #(s): | CAN-2005-1042
CAN-2005-1043
|
| Created: | April 14, 2005 |
Updated: | July 13, 2005 |
| Description: |
The php4 EXIF module has two vulnerabilities. An
integer overflow in the exif_process_IFD_TAG() function
can be exploited to cause a buffer overflow for the
purpose of arbitrary code execution.
EXIF headers with a large IFD nesting level can be used
to cause a denial of service. Remote exploits are possible. |
| Alerts: |
|
Comments (none posted)
php4: denial of service vulnerabilities
| Package(s): | php4 |
CVE #(s): | CAN-2005-0524
CAN-2005-0525
|
| Created: | April 5, 2005 |
Updated: | May 26, 2005 |
| Description: |
Two DoS vulnerabilities exist in PHP versions 4.2.2, 4.3.9, 4.3.10 and
5.0.3. One in the php_handle_iff function in image.c allows remote
attackers to cause a denial of service (infinite loop) via a -8 size
value. The php_next_marker function in image.c allows remote attackers to
cause a denial of service (infinite loop) via a JPEG image with an invalid
marker value, which causes a negative length value to be passed to
php_stream_seek. This later vulnerability also exists in PHP 3. |
| Alerts: |
|
Comments (none posted)
phpBB: cross-site scripting
| Package(s): | phpbb |
CVE #(s): | |
| Created: | May 15, 2005 |
Updated: | May 17, 2005 |
| Description: |
Paul Laudanski reported a
vulnerability in phpBB (in versions prior to 2.0.15) in the processing
of BBCode. A remote user may be able to cause scripting code to be executed
by the target user. |
| Alerts: |
|
Comments (none posted)
phpsysinfo: cross-site-scripting
| Package(s): | phpsysinfo |
CVE #(s): | CAN-2005-0870
|
| Created: | May 18, 2005 |
Updated: | November 15, 2005 |
| Description: |
The phpsysinfo program contains several cross-site scripting vulnerabilities. |
| Alerts: |
|
Comments (none posted)
postgresql: EXECUTE privilege vulnerability
| Package(s): | postgresql |
CVE #(s): | CAN-2005-0244
CAN-2005-0245
CAN-2005-0246
CAN-2005-0247
|
| Created: | February 10, 2005 |
Updated: | July 19, 2005 |
| Description: |
postgresql has a vulnerability in which the EXECUTE privilege may
not be checked on custom functions. This may allow any database user to
circumvent the EXECUTE restriction on functions. |
| Alerts: |
|
Comments (none posted)
postgresql: database initialization errors
| Package(s): | postgresql |
CVE #(s): | CAN-2005-1409
CAN-2005-1410
|
| Created: | May 4, 2005 |
Updated: | February 28, 2006 |
| Description: |
PostgreSQL suffers from two vulnerabilities in how databases are set up by default; they allow a local attacker (one with access to the database) to crash the back end and, perhaps, execute code with the privileges of the server process. See this advisory for details and workarounds.
|
| Alerts: |
|
Comments (none posted)
Pound: buffer overflow
| Package(s): | pound |
CVE #(s): | CVE-2005-1391
|
| Created: | May 2, 2005 |
Updated: | January 10, 2006 |
| Description: |
Steven Van Acker has discovered a buffer overflow vulnerability in the
"add_port()" function in Pound 1.8.2+. A remote attacker could send a
request for an overly long hostname parameter, which could lead to the
remote execution of arbitrary code with the rights of the Pound daemon
process. |
| Alerts: |
|
Comments (none posted)
realplayer: arbitrary code execution
| Package(s): | realplayer helixplayer |
CVE #(s): | CAN-2005-0755
|
| Created: | April 20, 2005 |
Updated: | June 27, 2005 |
| Description: |
RealNetworks, Inc. has fixed a
security vulnerability that offered the potential for an attacker to
run arbitrary or malicious code on a customer's machine. Linux RealPlayer
10 (10.0.0 - 3) and Helix Player (10.0.0 - 3) are vulnerable. |
| Alerts: |
|
Comments (none posted)
rp-pppoe, pppoe: missing privilege dropping
| Package(s): | rp-pppoe, pppoe |
CVE #(s): | CAN-2004-0564
|
| Created: | October 4, 2004 |
Updated: | November 15, 2005 |
| Description: |
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root
(which is not the case in a default Debian installation), an attacker
could overwrite any file on the file system. |
| Alerts: |
|
Comments (none posted)
samba: integer overflow vulnerability
| Package(s): | samba |
CVE #(s): | CAN-2004-1154
|
| Created: | December 16, 2004 |
Updated: | July 19, 2005 |
| Description: |
Samba has an integer overflow vulnerability
that may allow an authenticated remote user to
execute arbitrary code on the Samba server. |
| Alerts: |
|
Comments (none posted)
SpamAssassin: Denial of Service vulnerability
| Package(s): | spamassassin |
CVE #(s): | CAN-2004-0796
|
| Created: | August 9, 2004 |
Updated: | August 11, 2005 |
| Description: |
SpamAssassin contains an unspecified Denial of Service vulnerability. By
sending a specially crafted message an attacker could cause a Denial of
Service attack against the SpamAssassin service. |
| Alerts: |
|
Comments (none posted)
squid: DNS spoofing
| Package(s): | squid |
CVE #(s): | CAN-2005-1519
|
| Created: | May 18, 2005 |
Updated: | July 13, 2005 |
| Description: |
The squid proxy server performs DNS lookups in a way which is susceptible to answers injected by a hostile user, and, thus, DNS spoofing attacks. |
| Alerts: |
|
Comments (none posted)
SquirrelMail: multiple vulnerabilities
| Package(s): | squirrelmail |
CVE #(s): | CAN-2005-0075
CAN-2005-0103
CAN-2005-0104
|
| Created: | January 28, 2005 |
Updated: | July 19, 2005 |
| Description: |
SquirrelMail 1.4.4 has been
released, fixing a number of security issues that have been resolved
since 1.4.3a. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 10, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tcpdump: multiple DoS issues
| Package(s): | tcpdump |
CVE #(s): | CAN-2005-1280
CAN-2005-1279
CAN-2005-1278
|
| Created: | May 2, 2005 |
Updated: | April 10, 2006 |
| Description: |
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote
attackers to cause a denial of service (infinite loop) via a crafted RSVP
packet of length 4. (CAN-2005-1280)
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a crafted BGP packet, which is not properly
handled by RT_ROUTING_INFO, or LDP packet, which is not properly
handled by the ldp_print function. (CAN-2005-1279)
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and
earlier allows remote attackers to cause a denial of service (infinite
loop) via a zero length, as demonstrated using a GRE packet.
(CAN-2005-1278) |
| Alerts: |
|
Comments (none posted)
telnet: buffer overflows
| Package(s): | telnet |
CVE #(s): | CAN-2005-0468
CAN-2005-0469
|
| Created: | March 28, 2005 |
Updated: | August 1, 2005 |
| Description: |
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. |
| Alerts: |
|
Comments (none posted)
UnAce: buffer overflow and directory traversal
| Package(s): | unace |
CVE #(s): | CAN-2005-0160
CAN-2005-0161
|
| Created: | February 28, 2005 |
Updated: | June 17, 2005 |
| Description: |
Ulf Harnhammar discovered that UnAce suffers from buffer overflows when
testing, unpacking or listing specially crafted ACE archives
(CAN-2005-0160). He also found out that UnAce is vulnerable to
directory traversal attacks, if an archive contains "./.." sequences or
absolute filenames (CAN-2005-0161). |
| Alerts: |
|
Comments (none posted)
vixie-cron: crontab allows any user to read another users crontabs
| Package(s): | vixie-cron |
CVE #(s): | CAN-2005-1038
|
| Created: | April 15, 2005 |
Updated: | March 15, 2006 |
| Description: |
crontab in Vixie cron 4.1, when running with the -e option, allows local
users to read the cron files of other users by changing the file being
edited to a symlink. NOTE: there is insufficient information to know
whether this is a duplicate of CVE-2001-0235. See also this Security Focus
report. |
| Alerts: |
|
Comments (none posted)
XChat 2.0.x SOCKS5 Vulnerability
| Package(s): | xchat |
CVE #(s): | CAN-2004-0409
|
| Created: | April 19, 2004 |
Updated: | November 15, 2005 |
| Description: |
XChat is vulnerable to a stack overflow that may allow a remote attacker to
run arbitrary code. The SOCKS 5 proxy code in XChat is vulnerable to a
remote exploit. Users would have to be using XChat through a SOCKS 5
server, enable SOCKS 5 traversal which is disabled by default and also
connect to an attacker's custom proxy server. This vulnerability may allow
an attacker to run arbitrary code within the context of the user ID of the
XChat client. |
| Alerts: |
|
Comments (none posted)
xine-lib: two heap overflow vulnerabilities
| Package(s): | xine-lib |
CVE #(s): | CAN-2005-1195
|
| Created: | April 26, 2005 |
Updated: | June 2, 2005 |
| Description: |
Heap overflows have been found in the code handling RealMedia RTSP and
Microsoft Media Services streams over TCP (MMST). See Xine Advisory
XSA-2004-8 for details. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CAN-2004-1379
|
| Created: | September 22, 2004 |
Updated: | April 10, 2006 |
| Description: |
xine-lib (through version 1_rc6) contains buffer overflows in the subtitle parsing and DVD sub-picture decoder code. |
| Alerts: |
|
Comments (none posted)
xine-ui - insecure temporary file creation
| Package(s): | xine-ui |
CVE #(s): | CAN-2004-0372
|
| Created: | April 6, 2004 |
Updated: | April 27, 2006 |
| Description: |
Shaun Colley discovered a problem in xine-ui, the xine video player
user interface. A script contained in the package to possibly remedy
a problem or report a bug does not create temporary files in a secure
fashion. This could allow a local attacker to overwrite files with
the privileges of the user invoking xine. |
| Alerts: |
|
Comments (none posted)
xorg-x11: integer overflows
| Package(s): | xorg-x11 |
CVE #(s): | CAN-2004-0914
|
| Created: | November 18, 2004 |
Updated: | September 12, 2005 |
| Description: |
The X.Org libXpm library has several integer overflow vulnerabilities
An attacker can modify XPM images to execute malicious code. |
| Alerts: |
|
Comments (none posted)
xpdf: buffer overflow
| Package(s): | xpdf |
CVE #(s): | CAN-2005-0064
|
| Created: | January 19, 2005 |
Updated: | March 15, 2007 |
| Description: |
iDEFENSE has found yet another xpdf buffer overflow; see this advisory for details. |
| Alerts: |
|
Comments (1 posted)
XV: multiple vulnerabilities
| Package(s): | xv |
CVE #(s): | |
| Created: | April 19, 2005 |
Updated: | July 19, 2005 |
| Description: |
Greg Roelofs has reported multiple input validation errors in XV image
decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has
reported insufficient validation in the PDS (Planetary Data System)
image decoder, format string vulnerabilities in the TIFF and PDS
decoders, and insufficient protection from shell meta-characters in
malformed filenames. Successful exploitation would require a victim to
view a specially created image file using XV, potentially resulting in the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
zlib: denial of service
| Package(s): | zlib |
CVE #(s): | CAN-2004-0797
|
| Created: | August 25, 2004 |
Updated: | June 10, 2005 |
| Description: |
Versions 1.2.x of the zlib library contain an error handling vulnerability which can enable denial of service attacks. |
| Alerts: |
|
Comments (none posted)
Page editor: Jonathan Corbet
Next page: Kernel development>>
|
|
|