|
|
| |
|
| |
Security
In many environments, it's sufficient to set up a firewall to filter
traffic based on IP address. However, in some situations, an administrator
may wish to set up a firewall that can actually filter packets based on the
user, rather than the IP address that packets are coming from. A typical
firewall using Netfilter is capable of filtering traffic and setting QoS
rules only by the originating IP address, and doesn't recognize the concept
of users at all.
Now User Filtering
Works (NuFW) is a package that promises the ability to do a lot
more. NuFW is a package that runs on top of Netfilter and allows packet
filtering and quality of service (QoS) rules to be assigned by user or
application, rather than by the machine or IP address that packets
originate from. This makes it possible to apply finer-grained permissions
than are possible with Netfilter alone.
There are two daemons that run to provide NuFW's services. The nuauth
daemon - the authentication server for NuFW - and the nufw daemon, which runs
on the firewall and works in conjunction with Netfilter to actually filter
traffic. It is not necessary for the nuauth and nufw daemons to run on the
same server, so an administrator can set up nufw on the firewall, and nuauth on any
other machine that the firewall can communicate with.
We contacted the NuFW developers, Eric Leblond and Vincent Deffontaines
about the project, and asked about the performance impact of
NuFW. According to the developers, NuFW uses Netfilter's connection
tracking features, and only authenticates the SYN packet of each TCP
connection. This means NuFW has no impact on bandwidth, since it is removed
from the equation once a connection is open.
Leblond and Deffontaines said that NuFW's impact on performance is minimal:
We also worked on the concern of performance for the SYN packets, as this
is very important, too. Both daemons, nufw and nuauth, are multithreaded
for max performance. We incorporated from v0.9 on an internal ACL cache
into the authentication server, so it doesn't need to perform ACL checks
when they were just fetched.
There remains, of course, a measurable impact on the time it takes to open
TCP connections. We performed a small, basic bench, to measure this. We
built a very basic process that opens a TCP connection to a host, then
closes it, in loop for 1000 times. Running that process behind a NuFW
firewall took 34 seconds. Running that process behind a "conventional"
Netfilter firewall (same hardware) took 20 seconds. So, we're pretty happy
with NuFW's behaviour on DoS conditions, and quite confident about the
performance matter.
In addition to the nufw and nuauth daemons, each client system must be
running the NuFW client -- Nutcpc for Linux, and NuWINc for
Windows. Note that the Windows application is governed by a proprietary
license, whereas NuFW is available under the GPL. Leblond and Deffontaines
said that it should be easy to port the Linux client to Mac OS X and BSD
OSes -- and it may run as-is. "What we mostly lack on this is
testing. We are, of course, very open to contributions."
When clients send packets through the firewall or gateway, the nufw daemon
checks with the nuauth daemon to authenticate the user and verify whether a
particular user has the appropriate permissions to send traffic through the
firewall.
NuFW distinguishes protocols as well, so users could be allowed (for
example) to send HTTP traffic, but not SSH or POP3. Nuauth supports several
authentication methods, including LDAP, system authentication with PAM, dbm
or a plain text file with user credentials.
NuFW uses an Access Control List (ACL) to determine which services users
and groups can access. In the event that two groups have conflicting
permissions -- for example, if a user belongs to a group that can access
SSH and a group that cannot -- NuFW can be configured to either allow
access or deny it.
NuFW also offers detailed logging of activity, so that it's possible to
track which users are sending traffic through the server and what traffic
has been rejected or accepted. NuFW can log to syslog, or a MySQL or
PostgreSQL database.
There is also a Web interface which works with NuFW called Nuface, and a
firewall log analysis application called Nulog, which
provides a friendly interface for viewing NuFW's logs in detail.
One limitation of NuFW is that it only filters TCP. The developers said
that they want to implement UDP, ICMP and other protocols. There are a few
other features that they're looking at for the long term as well:
We have to go into IPv6 support, too. We're looking for greater integration
into Netfilter with NFQUEUE (yay! it will/should be in 2.6.14!) and all the
current work of Netfilter's team on NETLINK, which will allow for even
finer filtering. We're in contact with the Netfilter team for this.
We also asked Leblond and Deffontaines if there was any chance of NuFW
being ported to any of the BSD OSes. They said that they have looked at
this, but that none of the BSD IP filter packages have a feature like
Netfilter's QUEUE target, which is used by NuFW. "When/if there is
one, we'll be happy to port the nufw daemon to BSD. Right now, the nuauth
daemon should run on BSDs, as it is POSIX C."
While NuFW provides a rich set of features, it also adds quite a bit of
complexity to the setup. In addition to installing and maintaining an
additional set of packages, administrators will need to set up the
appropriate groups and define permissions for those groups to determine
which users can utilize which services.
Admins will also need to install the NuFW client on all machines that need
to authenticate with NuFW, and this means that (for the moment) NuFW is
an option only for organizations that restrict their systems to Windows and Linux. It is
possible to set up NuFW to ignore one or more subnets on your network, but
this does defeat the purpose of using NuFW to some extent.
As Leblond and Deffontaines point out, most of the complexity "comes
not from internals, but rather from the fact that NuFW is a glue between
systems that don't know about each other: the firewall in the center of the
network, and the user directory in the center of organisation." They
are working on a "appliance" solution with NuFW that will make it easier to
deploy. It's also worth noting that NuFW is now available in Debian sid and the
developers say that other distributions are looking at packaging NuFW as
well. This could go a long way towards making NuFW much easier to deploy.
Comments (10 posted)
New vulnerabilities
apt-cacher: remote command execution
| Package(s): | apt-cacher |
CVE #(s): | CAN-2005-1854
|
| Created: | August 3, 2005 |
Updated: | August 3, 2005 |
| Description: |
The Debian apt-cacher utility has a vulnerability which can allow a remote attacker to run arbitrary code on the host system.
|
| Alerts: |
|
Comments (none posted)
epiphany: Mozilla regression vulnerability
| Package(s): | epiphany |
CVE #(s): | |
| Created: | July 28, 2005 |
Updated: | August 29, 2005 |
| Description: |
The epiphany web browser had a vulnerability regression that was
caused by fixes to the Mozilla suite. This is specific to
Ubuntu Linux, the Mozilla fix was: USN-155-1. |
| Alerts: |
|
Comments (none posted)
ethereal: dissector vulnerabilities
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
gopher: insecure tmpfile creation
| Package(s): | gopher |
CVE #(s): | CAN-2005-1853
|
| Created: | July 29, 2005 |
Updated: | August 3, 2005 |
| Description: |
John Goerzen discovered that gopher, a client for the Gopher
Distributed Hypertext protocol, creates temporary files in an insecure
fashion. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 10, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
libtiff: insufficient validation
| Package(s): | libtiff |
CVE #(s): | |
| Created: | July 29, 2005 |
Updated: | August 18, 2005 |
| Description: |
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client. |
| Alerts: |
|
Comments (none posted)
nbSMTP: format string vulnerability
| Package(s): | nbsmtp |
CVE #(s): | |
| Created: | August 2, 2005 |
Updated: | August 3, 2005 |
| Description: |
A format string vulnerability in nbSMTP may allow an attacker to
execute arbitrary code with the permissions of the user running nbSMTP. |
| Alerts: |
|
Comments (none posted)
NetworkManager: format string bug in nm_info_handler
| Package(s): | networkmanager |
CVE #(s): | |
| Created: | August 1, 2005 |
Updated: | August 3, 2005 |
| Description: |
Network Manager passes logging messages straight to syslog as the format
string. This causes it to crash when connecting to access points that
contain format string characters. This was reported
initially by Ian Jackson. |
| Alerts: |
|
Comments (none posted)
PowerDNS: denial of service
| Package(s): | pdns |
CVE #(s): | CAN-2005-2301
CAN-2005-2302
|
| Created: | August 1, 2005 |
Updated: | August 3, 2005 |
| Description: |
PowerDNS before 2.9.18 has several vulnerabilities. The LDAP backend does
not properly escape all queries, allowing it to fail and not answer queries
anymore. Queries from clients without recursion permission can temporarily
blank out domains to clients with recursion permitted. This enables
outside users to blank out a domain temporarily to normal users. |
| Alerts: |
|
Comments (none posted)
ProFTPD: format string vulnerabilities
| Package(s): | proftpd |
CVE #(s): | CAN-2005-2390
|
| Created: | August 1, 2005 |
Updated: | September 6, 2005 |
| Description: |
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow
attackers to cause a denial of service or obtain sensitive information via
certain inputs to the shutdown message from ftpshut, or the SQLShowInfo
mod_sql directive. |
| Alerts: |
|
Comments (none posted)
pstotext: remote execution of arbitrary code
| Package(s): | pstotext netpbm |
CVE #(s): | CAN-2005-2471
|
| Created: | August 1, 2005 |
Updated: | March 28, 2006 |
| Description: |
Max Vozeler reported that pstotext calls the GhostScript interpreter on
untrusted PostScript files without specifying the -dSAFER option. An
attacker could craft a malicious PostScript file and entice a user to run
pstotext on it, resulting in the execution of arbitrary commands with the
permissions of the user running pstotext. See this Secunia advisory for more information. |
| Alerts: |
|
Comments (2 posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
affix: two remote vulnerabilities
| Package(s): | affix |
CVE #(s): | CAN-2005-2250
CAN-2005-2277
|
| Created: | July 19, 2005 |
Updated: | September 2, 2005 |
| Description: |
A buffer overflow in the Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2
and 3.2.0 allows remote attackers to execute arbitrary code via a long
filename in an OBEX file share. Also remote attackers may execute
arbitrary commands via shell metacharacters in the filename argument of a
PUT command. |
| Alerts: |
|
Comments (none posted)
httpd: off-by-one overflow and cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CAN-2005-1268
CAN-2005-2088
|
| Created: | July 25, 2005 |
Updated: | November 7, 2005 |
| Description: |
Watchfire reported a flaw that occurred when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL). |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
ClamAntiVirus: integer overflows
| Package(s): | clamav |
CVE #(s): | CAN-2005-2450
|
| Created: | July 26, 2005 |
Updated: | August 16, 2005 |
| Description: |
Clam AntiVirus versions < 0.86.2 is vulnerable to integer overflows when
handling the TNEF, CHM and FSG file formats. By sending a
specially-crafted file an attacker could execute arbitrary code with the
permissions of the user running Clam AntiVirus. |
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
CUPS: multiple vulnerabilities
| Package(s): | CUPS |
CVE #(s): | CAN-2004-2154
|
| Created: | July 14, 2005 |
Updated: | September 20, 2005 |
| Description: |
The CUPS printing system has a problem with queue name
case-sensitivity matching that can cause a security policy override. An
unauthorized user can use this to gain print to a protected queue. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 10, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dbus: information disclosure
| Package(s): | dbus |
CVE #(s): | CAN-2005-0201
|
| Created: | June 8, 2005 |
Updated: | August 30, 2005 |
| Description: |
From the Red Hat alert: "Dan Reed discovered that a user can send and listen to messages on another
user's per-user session bus if they know the address of the socket." At current usage levels, this vulnerability is not particularly threatening. |
| Alerts: |
|
Comments (none posted)
dhcpcd: denial of service
| Package(s): | dhcpcd |
CVE #(s): | CAN-2005-1848
|
| Created: | July 13, 2005 |
Updated: | September 13, 2005 |
| Description: |
The dhcpcd DHCP client can be tricked into reading past the end of a buffer, causing it to crash.
|
| Alerts: |
|
Comments (none posted)
ekg: multiple vulnerabilities
| Package(s): | ekg |
CVE #(s): | CAN-2005-1850
CAN-2005-1851
CAN-2005-1916
|
| Created: | July 18, 2005 |
Updated: | August 8, 2005 |
| Description: |
Several vulnerabilities have been discovered in the ekg
contributed scripts. These include an
insecure temporary file creation problem, a
potential shell command injection problem, and an
arbitrary command execution problem. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
evolution: message crash vulnerability
| Package(s): | evolution |
CVE #(s): | CAN-2005-0806
|
| Created: | March 17, 2005 |
Updated: | August 11, 2005 |
| Description: |
The Evolution mail client can be crashed when reading
certain types of messages. |
| Alerts: |
|
Comments (none posted)
fetchmail: buffer overflow
| Package(s): | fetchmail |
CVE #(s): | CAN-2005-2335
|
| Created: | July 21, 2005 |
Updated: | August 12, 2005 |
| Description: |
The fetchmail POP3 client has an arbitrary code execution vulnerability
that may be triggered by a malicious POP server. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnupg: information leak
| Package(s): | gnupg |
CVE #(s): | CAN-2005-0366
|
| Created: | March 16, 2005 |
Updated: | August 19, 2005 |
| Description: |
GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see." |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
heartbeat: insecure temporary files
| Package(s): | heartbeat |
CVE #(s): | CAN-2005-2231
|
| Created: | July 19, 2005 |
Updated: | August 15, 2005 |
| Description: |
Eric Romang discovered several insecure temporary file creations in
the High Availability Linux Project Heartbeat 1.2.3. |
| Alerts: |
|
Comments (none posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 10, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
infozip: privilege escalation, directory-traversal
| Package(s): | infozip |
CVE #(s): | CAN-2003-0282
CAN-2004-1010
CAN-2005-0602
|
| Created: | May 2, 2005 |
Updated: | August 1, 2005 |
| Description: |
InfoZip reports that Zip 2.3 and
(presumably) all previous versions have a buffer-overrun vulnerability
relating to deep directory paths that could potentially lead to local
privilege escalation (e.g., in the case of automated, Zip-based backups).
All versions of UnZip through 5.50 have a number of directory-traversal
vulnerabilities. |
| Alerts: |
|
Comments (1 posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: ELF loader core dump vulnerability
| Package(s): | kernel |
CVE #(s): | CAN-2005-1263
|
| Created: | May 11, 2005 |
Updated: | August 25, 2005 |
| Description: |
Paul Starzetz has posted an
advisory for yet another kernel vulnerability.
In this case, by using a specially manipulated ELF binary, a local attacker
can compromise the system (via the core dump code) and obtain root access.
This vulnerability affects all kernels from 2.2 through 2.6.12-rc4. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2005-1913
CAN-2005-1761
|
| Created: | July 1, 2005 |
Updated: | September 9, 2005 |
| Description: |
Several vulnerabilities in the 2.6 kernel have been
fixed, including a subthread exec problem (CAN-2005-1913)
and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761). |
| Alerts: |
|
Comments (1 posted)
kernel: multiple vulnerabilities
Comments (none posted)
krb5: double-free flaw
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0175
CAN-2005-0488
CAN-2005-1175
CAN-2005-1689
|
| Created: | July 12, 2005 |
Updated: | December 6, 2005 |
| Description: |
The krb5 authentication has a double-free flaw which may be
initiated by a remote unauthenticated attacker.
Also, a single byte heap overflow in the krb5_unparse_name() function
can lead to a denial of service and an information disclosure may
be caused by a malicious telnet server. See
This report for more
information. |
| Alerts: |
|
Comments (none posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
Comments (none posted)
libgadu: integer overflows
| Package(s): | libgadu |
CVE #(s): | CAN-2005-1852
|
| Created: | July 22, 2005 |
Updated: | July 27, 2005 |
| Description: |
libgadu, a library implementing the Gadu messaging protocol, suffers from a set of integer overflow vulnerabilities. This vulnerability affects a number of other packages; see, for example, this KDE advisory for kdenetwork and Kopete. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libnet-ssleay-perl: weakened cryptographic operations
| Package(s): | libnet-ssleay-perl |
CVE #(s): | CAN-2005-0106
|
| Created: | May 3, 2005 |
Updated: | January 27, 2006 |
| Description: |
Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content. |
| Alerts: |
|
Comments (none posted)
libTIFF: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CAN-2005-1544
|
| Created: | May 10, 2005 |
Updated: | February 18, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
stack based buffer overflow in the libTIFF library when reading a TIFF
image with a malformed BitsPerSample tag. Successful exploitation would
require the victim to open a specially crafted TIFF image, resulting in the
execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
libXpm: new buffer overflows
| Package(s): | libXpm |
CVE #(s): | CAN-2005-0605
|
| Created: | March 4, 2005 |
Updated: | March 8, 2006 |
| Description: |
A new vulnerability has been discovered in libXpm, which is included in
OpenMotif and LessTif, that can potentially lead to remote code
execution. |
| Alerts: |
|
Comments (none posted)
mc: buffer overflow
| Package(s): | mc |
CVE #(s): | CAN-2005-0763
|
| Created: | March 29, 2005 |
Updated: | August 11, 2005 |
| Description: |
An unfixed buffer overflow has been discovered by Andrew V. Samoilov
in mc, the midnight commander, a file browser and manager. |
| Alerts: |
|
Comments (none posted)
mod_python: remote access vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2005-0088
|
| Created: | February 10, 2005 |
Updated: | April 10, 2006 |
| Description: |
mod_python has a vulnerability in the publisher handler that may allow
a remote user to use a specially crafted URL to allow access to
objects that should be protected. An information leak can result. |
| Alerts: |
|
Comments (none posted)
movemail: arbitrary code execution
| Package(s): | movemail |
CVE #(s): | |
| Created: | July 21, 2005 |
Updated: | July 27, 2005 |
| Description: |
The emacs movemail POP utility has an arbitrary code execution vulnerability
that can be activated by connecting to a malicious POP server. |
| Alerts: |
|
Comments (none posted)
mysql: low-impact security fix
| Package(s): | mysql |
CVE #(s): | CAN-2005-1636
|
| Created: | July 20, 2005 |
Updated: | February 22, 2006 |
| Description: |
An update to MySQL version 4.1.12 fixes a low-impact security
problem (bz#158689). |
| Alerts: |
|
Comments (1 posted)
ncpfs: multiple vulnerabilities
| Package(s): | ncpfs |
CVE #(s): | CAN-2005-0013
CAN-2005-0014
|
| Created: | January 31, 2005 |
Updated: | May 15, 2006 |
| Description: |
Erik Sjolund discovered two vulnerabilities in the programs bundled
with ncpfs: there is a potentially exploitable buffer overflow in
ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities
using the NetWare client functions insecurely access files with
elevated privileges (CAN-2005-0013). |
| Alerts: |
|
Comments (none posted)
nfs-utils: arbitrary code execution
| Package(s): | nfs-utils |
CVE #(s): | CAN-2004-0946
|
| Created: | January 11, 2005 |
Updated: | February 27, 2006 |
| Description: |
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit
architectures; an improper integer conversion could lead to a buffer
overflow. An attacker with access to an NFS share could send a specially
crafted request which could then lead to the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
OpenSSL: information leak
| Package(s): | openssl |
CVE #(s): | CAN-2005-0109
|
| Created: | May 23, 2005 |
Updated: | October 11, 2005 |
| Description: |
Hyper-Threading technology, as used in FreeBSD other operating systems and
implemented on Intel Pentium and other processors, allows local users to
use a malicious thread to create covert channels, monitor the execution of
other threads, and obtain sensitive information such as cryptographic keys,
via a timing attack on memory cache misses. See this LWN article for more information. |
| Alerts: |
|
Comments (none posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
pam_ldap: plain text authentication leak
| Package(s): | pam_ldap |
CVE #(s): | CAN-2005-2069
|
| Created: | July 14, 2005 |
Updated: | October 17, 2005 |
| Description: |
pam_ldap
and nss_ldap ignore the "ssl start_tls" ldap.conf setting, allowing an
attacker to sniff unencrypted passwords and other information. |
| Alerts: |
|
Comments (none posted)
perl: setuid vulnerabilities
| Package(s): | perl |
CVE #(s): | CAN-2005-0155
CAN-2005-0156
|
| Created: | February 2, 2005 |
Updated: | August 11, 2006 |
| Description: |
There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access. |
| Alerts: |
|
Comments (none posted)
perl: symlink vulnerability
| Package(s): | perl |
CVE #(s): | CAN-2005-0448
|
| Created: | March 9, 2005 |
Updated: | January 30, 2006 |
| Description: |
The rmtree() function in the File:Path.pm module has a symlink vulnerability which could be exploited to create setuid binaries. |
| Alerts: |
|
Comments (none posted)
phpbb2: cross-site scripting
| Package(s): | phpbb2 |
CVE #(s): | CAN-2005-2161
|
| Created: | July 27, 2005 |
Updated: | July 27, 2005 |
| Description: |
The phpbb2 package suffers from a cross-site scripting vulnerability. |
| Alerts: |
|
Comments (none posted)
php-pear: remote code execution
| Package(s): | php-pear |
CVE #(s): | CAN-2005-1921
|
| Created: | July 1, 2005 |
Updated: | July 29, 2005 |
| Description: |
The PEAR XMLRPC implementation has a vulnerability that can
be exploited for remote code execution. See this report from GulfTech Security Research. This vulnerability affects a large number of PHP web applications.
|
| Alerts: |
|
Comments (none posted)
phpsysinfo: cross-site-scripting
| Package(s): | phpsysinfo |
CVE #(s): | CAN-2005-0870
|
| Created: | May 18, 2005 |
Updated: | November 15, 2005 |
| Description: |
The phpsysinfo program contains several cross-site scripting vulnerabilities. |
| Alerts: |
|
Comments (none posted)
postgresql: database initialization errors
| Package(s): | postgresql |
CVE #(s): | CAN-2005-1409
CAN-2005-1410
|
| Created: | May 4, 2005 |
Updated: | February 28, 2006 |
| Description: |
PostgreSQL suffers from two vulnerabilities in how databases are set up by default; they allow a local attacker (one with access to the database) to crash the back end and, perhaps, execute code with the privileges of the server process. See this advisory for details and workarounds.
|
| Alerts: |
|
Comments (none posted)
Pound: buffer overflow
| Package(s): | pound |
CVE #(s): | CVE-2005-1391
|
| Created: | May 2, 2005 |
Updated: | January 10, 2006 |
| Description: |
Steven Van Acker has discovered a buffer overflow vulnerability in the
"add_port()" function in Pound 1.8.2+. A remote attacker could send a
request for an overly long hostname parameter, which could lead to the
remote execution of arbitrary code with the rights of the Pound daemon
process. |
| Alerts: |
|
Comments (none posted)
rp-pppoe, pppoe: missing privilege dropping
| Package(s): | rp-pppoe, pppoe |
CVE #(s): | CAN-2004-0564
|
| Created: | October 4, 2004 |
Updated: | November 15, 2005 |
| Description: |
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root
(which is not the case in a default Debian installation), an attacker
could overwrite any file on the file system. |
| Alerts: |
|
Comments (none posted)
ruby: arbitrary command execution
| Package(s): | ruby |
CVE #(s): | CAN-2005-1992
|
| Created: | June 21, 2005 |
Updated: | October 6, 2005 |
| Description: |
Ruby (versions < 1.8.2) is vulnerable to arbitrary command execution on
XMLRPC servers. |
| Alerts: |
|
Comments (none posted)
sandbox: insecure temporary file handling
| Package(s): | sandbox |
CVE #(s): | |
| Created: | July 25, 2005 |
Updated: | July 27, 2005 |
| Description: |
The Gentoo Linux Security Audit Team discovered that the sandbox
utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
file creation race conditions. Local users may be able to create or overwrite arbitrary files with the permissions of the root user. |
| Alerts: |
|
Comments (none posted)
shorewall: rule bypass vulnerability
| Package(s): | shorewall |
CVE #(s): | CAN-2005-2317
|
| Created: | July 21, 2005 |
Updated: | October 10, 2005 |
| Description: |
Shorewall has a vulnerability in which a client that is accepted by
MAC address filtering can bypass other rules, allowing access to
all open services on the firewall. |
| Alerts: |
|
Comments (none posted)
SpamAssassin: Denial of Service vulnerability
| Package(s): | spamassassin |
CVE #(s): | CAN-2004-0796
|
| Created: | August 9, 2004 |
Updated: | August 11, 2005 |
| Description: |
SpamAssassin contains an unspecified Denial of Service vulnerability. By
sending a specially crafted message an attacker could cause a Denial of
Service attack against the SpamAssassin service. |
| Alerts: |
|
Comments (none posted)
SpamAssassin: denial of service
| Package(s): | spamassassin |
CVE #(s): | CAN-2005-1266
|
| Created: | June 17, 2005 |
Updated: | July 28, 2005 |
| Description: |
SpamAssassin 3.0.4 was released
to fix a denial of service vulnerability in versions 3.0.1, 3.0.2, and
3.0.3. The vulnerability allows certain mis-formatted long message headers
to cause spam checking to take a very long time. |
| Alerts: |
|
Comments (none posted)
SquirrelMail: several XSS vulnerabilities
| Package(s): | squirrelmail |
CVE #(s): | CAN-2005-1769
|
| Created: | June 21, 2005 |
Updated: | September 16, 2005 |
| Description: |
Several cross site scripting (XSS) vulnerabilities have been
discovered in SquirrelMail versions 1.4.0 - 1.4.4. |
| Alerts: |
|
Comments (none posted)
sudo: race condition
| Package(s): | sudo |
CVE #(s): | CAN-2005-1993
|
| Created: | June 21, 2005 |
Updated: | February 24, 2006 |
| Description: |
Charles Morris discovered a race condition in sudo which could lead to
privilege escalation. If /etc/sudoers allowed a user the execution of
selected programs, and this was followed by another line containing
the pseudo-command "ALL", that user could execute arbitrary commands
with sudo by creating symbolic links at a certain time. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 10, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tcpdump: denial of service
| Package(s): | tcpdump |
CVE #(s): | CAN-2005-1267
|
| Created: | June 9, 2005 |
Updated: | October 10, 2005 |
| Description: |
Several tcpdump protocol decoders contain programming errors which can
cause them to go into infinite loops. |
| Alerts: |
|
Comments (none posted)
tcpdump: multiple DoS issues
| Package(s): | tcpdump |
CVE #(s): | CAN-2005-1280
CAN-2005-1279
CAN-2005-1278
|
| Created: | May 2, 2005 |
Updated: | April 10, 2006 |
| Description: |
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote
attackers to cause a denial of service (infinite loop) via a crafted RSVP
packet of length 4. (CAN-2005-1280)
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a crafted BGP packet, which is not properly
handled by RT_ROUTING_INFO, or LDP packet, which is not properly
handled by the ldp_print function. (CAN-2005-1279)
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and
earlier allows remote attackers to cause a denial of service (infinite
loop) via a zero length, as demonstrated using a GRE packet.
(CAN-2005-1278) |
| Alerts: |
|
Comments (none posted)
telnet: buffer overflows
| Package(s): | telnet |
CVE #(s): | CAN-2005-0468
CAN-2005-0469
|
| Created: | March 28, 2005 |
Updated: | August 1, 2005 |
| Description: |
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. |
| Alerts: |
|
Comments (none posted)
thunderbird mozilla firefox: multiple vulnerabilities
| Package(s): | thunderbird firefox mozilla |
CVE #(s): | CAN-2005-0989
CAN-2005-1159
CAN-2005-1160
CAN-2005-1532
CAN-2005-2261
CAN-2005-2265
CAN-2005-2266
CAN-2005-2269
CAN-2005-2270
|
| Created: | July 20, 2005 |
Updated: | September 1, 2005 |
| Description: |
Multiple vulnerabilities have been found in the Mozilla Thunderbird email
client, as well as the Mozilla Suite and Firefox and Mozilla based other
browsers. Bugs include an anonymous function handling bug, a JavaScript
validation problem, privileged UI code handling DOM nodes, a JavaScript
privilege escalation, a problem with Javascript in XBL controls, improper
handling of child frames, a DOM name code execution vulnerability, and
a base object clone problem.
|
| Alerts: |
|
Comments (none posted)
Tor: information disclosure
| Package(s): | tor |
CVE #(s): | |
| Created: | June 21, 2005 |
Updated: | August 25, 2005 |
| Description: |
A bug in Tor allows attackers to view arbitrary memory contents from an
exit server's process space. A remote attacker could exploit the memory
disclosure to gain sensitive information and possibly even private keys. |
| Alerts: |
|
Comments (none posted)
vim: arbitrary command execution
| Package(s): | vim |
CVE #(s): | CAN-2005-2368
|
| Created: | July 26, 2005 |
Updated: | August 23, 2005 |
| Description: |
Georgi Guninski discovered
that it was possible to construct Vim 6.3 modelines that execute arbitrary
shell commands by wrapping them in glob() or expand() function calls. If an
attacker tricked an user to open a file with a specially crafted modeline,
he could exploit this to execute arbitrary commands with the user's
privileges. |
| Alerts: |
|
Comments (1 posted)
vixie-cron: crontab allows any user to read another users crontabs
| Package(s): | vixie-cron |
CVE #(s): | CAN-2005-1038
|
| Created: | April 15, 2005 |
Updated: | March 15, 2006 |
| Description: |
crontab in Vixie cron 4.1, when running with the -e option, allows local
users to read the cron files of other users by changing the file being
edited to a symlink. NOTE: there is insufficient information to know
whether this is a duplicate of CVE-2001-0235. See also this Security Focus
report. |
| Alerts: |
|
Comments (none posted)
webcalendar: information disclosure
| Package(s): | webcalendar |
CVE #(s): | CAN-2005-2320
|
| Created: | July 27, 2005 |
Updated: | July 27, 2005 |
| Description: |
The webcalendar utility suffers from an information disclosure vulnerability. |
| Alerts: |
|
Comments (none posted)
wget: file overwrites and arbitrary code execution
| Package(s): | wget |
CVE #(s): | CAN-2004-1487
CAN-2004-1488
|
| Created: | June 9, 2005 |
Updated: | September 27, 2005 |
| Description: |
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite
certain files via a redirection URL containing a ".." that resolves to the
IP address of the malicious server, which bypasses wget's filtering for
".." sequences.
wget 1.8.x and 1.9.x does not filter or quote control characters when
displaying HTTP responses to the terminal, which may allow remote malicious
web servers to inject terminal escape sequences and execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
XChat 2.0.x SOCKS5 Vulnerability
| Package(s): | xchat |
CVE #(s): | CAN-2004-0409
|
| Created: | April 19, 2004 |
Updated: | November 15, 2005 |
| Description: |
XChat is vulnerable to a stack overflow that may allow a remote attacker to
run arbitrary code. The SOCKS 5 proxy code in XChat is vulnerable to a
remote exploit. Users would have to be using XChat through a SOCKS 5
server, enable SOCKS 5 traversal which is disabled by default and also
connect to an attacker's custom proxy server. This vulnerability may allow
an attacker to run arbitrary code within the context of the user ID of the
XChat client. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CAN-2004-1379
|
| Created: | September 22, 2004 |
Updated: | April 10, 2006 |
| Description: |
xine-lib (through version 1_rc6) contains buffer overflows in the subtitle parsing and DVD sub-picture decoder code. |
| Alerts: |
|
Comments (none posted)
xine-ui - insecure temporary file creation
| Package(s): | xine-ui |
CVE #(s): | CAN-2004-0372
|
| Created: | April 6, 2004 |
Updated: | April 27, 2006 |
| Description: |
Shaun Colley discovered a problem in xine-ui, the xine video player
user interface. A script contained in the package to possibly remedy
a problem or report a bug does not create temporary files in a secure
fashion. This could allow a local attacker to overwrite files with
the privileges of the user invoking xine. |
| Alerts: |
|
Comments (none posted)
xorg-x11: integer overflows
| Package(s): | xorg-x11 |
CVE #(s): | CAN-2004-0914
|
| Created: | November 18, 2004 |
Updated: | September 12, 2005 |
| Description: |
The X.Org libXpm library has several integer overflow vulnerabilities
An attacker can modify XPM images to execute malicious code. |
| Alerts: |
|
Comments (none posted)
xpdf: buffer overflow
| Package(s): | xpdf |
CVE #(s): | CAN-2005-0064
|
| Created: | January 19, 2005 |
Updated: | March 15, 2007 |
| Description: |
iDEFENSE has found yet another xpdf buffer overflow; see this advisory for details. |
| Alerts: |
|
Comments (1 posted)
zlib: buffer overflow
| Package(s): | zlib |
CVE #(s): | CAN-2005-2096
|
| Created: | July 6, 2005 |
Updated: | October 27, 2005 |
| Description: |
zlib has a buffer overflow vulnerability that can be exploited
by inflation of corrupted files, this can be used to crash zlib
or possibly remotely execute code. |
| Alerts: |
|
Comments (6 posted)
zlib: buffer overflow
| Package(s): | zlib |
CVE #(s): | CAN-2005-1849
|
| Created: | July 21, 2005 |
Updated: | April 11, 2006 |
| Description: |
zlib has a vulnerability that can cause code that executes it to crash
if a corrupted file is opened. |
| Alerts: |
|
Comments (none posted)
Resources
Phrack #63 - said to be the last issue
- has been published. A wide variety of subjects is covered, including
rootkit hiding, hacking Grub, process hiding on Linux, and more.
The whole issue is downloadable as a compressed
tarball.
Comments (1 posted)
Page editor: Jonathan Corbet
Next page: Kernel development>>
|
|
|