<< Previous Next >>
leading
Affected: 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Failure on Ogg files manipulation can lead remote attackers to cause
a denial of service by using crafted files (CVE-2008-3231).
Failure on manipulation of either MNG or Real or MOD files can lead
remote attackers to cause a denial of service by using crafted files
(CVE: CVE-2008-5233).
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0017
Justin Schuh discovered that a buffer overflow in the http-index-format
parser could lead to arbitrary code execution.
CVE-2008-4582
Liu Die Yu discovered an information leak through local shortcut
files.
team revealed several other vulnerabilities in WordNet:
* Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary
errors within the searchwn() function in src/wn.c, the wngrep()
function in lib/search.c, the morphstr() and morphword() functions in
lib/morph.c, and the getindex() in lib/search.c, which lead to
stack-based buffer overflows.
* Rob Holland (oCERT) reported two boundary errors within the
do_init() function in lib/morph.c, which lead to stack-based buffer
overflows via specially crafted "WNSEARCHDIR" or "WNHOME" environment
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-0304
It was discovered that a buffer overflow in MIME decoding can lead
to the execution of arbitrary code.
CVE-2008-2785
It was discovered that missing boundary checks on a reference
following problems:
CVE-2007-5760
"regenrecht" discovered that missing input sanitising within
the XFree86-Misc extension may lead to local privilege escalation.
CVE-2007-5958
It was discovered that error messages of security policy file
handling may lead to a minor information leak disclosing the
By modifying the width and height values in the PICTURE Metadata block,
a heap-based overflow could be achieved. When a vulnerable application
that supports FLAC images attempts to render the excessively large
image, the application allocates memory based on the dimension fields,
which could be used to overwrite memory values and pointers with
arbitrary values that could lead to code execution.
Vulnerability #7: Picture Description Size Heap Overflow
Overly large Description Size values such as 0xFFFFFFFF can lead to a
heap based memory corruption and execute arbitrary code on vulnerable
applications that support the Picture Metadata block. Successful
based on Firefox:
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing, which
could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
unbranded version of Seamonkey:
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing,
which could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
version of the Thunderbird mail/news client.
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing,
which could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
Synopsis
========
Multiple vulnerabilities have been found in the UW IMAP toolkit and the
c-client library, the worst of which leading to the execution of
arbitrary code.
Background
==========
web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026,
MSA-09-0004, MSA-09-0007)
It was discovered that the HotPot module in Moodle did not correctly
filter SQL inputs. An authenticated remote attacker could execute
arbitrary SQL commands as the moodle database user, leading to a loss
of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)
Kevin Madura discovered that the forum actions and messaging settings
in Moodle were not protected from cross-site request forgery (CSRF).
If an authenticated user were tricked into visiting a malicious
perform this as well.
Details follow:
NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. (CVE-2008-4307)
Sparc syscalls did not correctly check mmap regions. A local attacker could
cause a system panic, leading to a denial of service. (CVE-2008-6107)
Details follow:
Hugo Dias discovered that the ATM subsystem did not correctly manage
socket counts. A local attacker could exploit this to cause a system hang,
leading to a denial of service. (CVE-2008-5079)
It was discovered that the inotify subsystem contained watch removal
race conditions. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2008-5182)
Details:
Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If
a system was using X.25, a remote attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4164)
Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)
and Exposures project identifies the following problems:
CVE-2010-0183
"wushi" discovered that incorrect pointer handling in the frame
processing code could lead to the execution of arbitrary code.
CVE-2010-1196
"Nils" discovered that an integer overflow in DOM node parsing could
lead to the execution of arbitrary code.
privileges by accessing the pre-compiled "fastload" file.
CVE-2008-2803
"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead to the
execution of arbitrary code. Iceweasel itself is not affected, but
some addons are.
CVE-2008-2805
Exploitation allows an attacker to gain sensitive information from the toothbrush. No authentication is required to reach the affected application. The attacker only needs to be able to monitor the wireless transmission.
The attacker can determine the users brushing habits. It is possible to report on the location of the mouth that is being brushed and the amount of time spent on each of four defined “quantrants”.
An attacker could also conduct a serious DoS attack. Flooding the wireless communications causes the unit to stop responding. This can result in the following actions:
A. A continued DoS could cause the bristle monitor to not send an end of life signal to the SmartMonitor system leaving the user to continue using an old toothbrush head which could eventually lead to dental failure. The failure to monitor the most effective head life could result in bristle failure.
B. Dental statistics could be erased from the monitor unit. This would leave the user unable to determine and report on their brushing habits. This could lead to user confusion and over or under brushing leading to tooth wear.
C. Fake battery life transmissions can be sent making the user believe that the battery life is in fact longer than is truly stored. This could lead to a catastrophic brushing failure where the toothbrush runs out of power in mid-clean. A continued long term attack could lead to the creation of cavities in the user’s teeth.
A forensic analysis of the SmartMonitor unit can be conducted to recover deleted brushing sessions. A user who was attempting to cover a period of lapsed dental care could be investigated and the deleted data recovered. In some cases it is feasible that this could result in a reduction of user privileges and possible punitive action (especially where the analysis is conducted by the parent administrative body).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in libvorbis might lead to the execution of
arbitrary code.
Background
==========
Problem Description:
A number of vulnerabilities were found and fixed in the Apache 2.2.x
packages:
A flaw found in the mod_imagemap module could lead to a cross-site
scripting attack on sites where mod_imagemap was enabled and an
imagemap file was publically available (CVE-2007-5000).
A flaw found in the mod_status module could lead to a cross-site
scripting attack on sites where mod_status was enabled and the status
Wladimir Palant discovered that security checks in XML processing
were insufficiently enforced.
CVE-2010-0654
Chris Evans discovered that insecure CSS handling could lead to
reading data across domain boundaries.
CVE-2010-1205
Aki Helin discovered a buffer overflow in the internal copy of
CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191
Debian Bug : 633738
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-4067
Mariusz Mlynski discovered that privileges could be escalated through
a Javascript URL as the home page.
CVE-2012-0461
Bob Clary discovered memory corruption bugs, which may lead to the
execution of arbitrary code.
CVE-2012-0467
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary
Details follow:
It was discovered that Pidgin did not properly handle certain topic
messages in the IRC protocol handler. If a user were tricked into
connecting to a malicious IRC server, an attacker could cause Pidgin to
crash, leading to a denial of service. This issue only affected Ubuntu 8.04
LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)
It was discovered that Pidgin did not properly enforce the "require
TLS/SSL" setting when connecting to certain older Jabber servers. If a
remote attacker were able to perform a man-in-the-middle attack, this flaw
Details follow:
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
Details follow:
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
3. *Vulnerability Description*
A vulnerability exists in MSO.DLL affecting Excel 9 (Office 2000) and
Excel 10 (Office XP) in the code responsible for parsing OfficeArtSpgr
(recType 0xF003) containers that allows an attacker to cause a class
pointer to be interpreted incorrectly, leading to code execution in the
context of the currently logged on user.
4. *Vulnerable packages*
add-in for PowerPoint to create rich-media presentations.
A vulnerability was found in Windows Movie Maker and Microsoft Producer,
which can be triggered by a remote attacker by sending a specially
crafted file and enticing the user to open it. This vulnerability
results in a write access violation and can lead to remote code execution.
4. *Vulnerable packages*
. Windows Movie Maker
Subversion clients and servers, versions 1.6.0 - 1.6.3 and all
versions < 1.5.7, are vulnerable to several heap overflow problems
which may lead to remote code execution. The official advisory
(mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt)
follows:
Subversion clients and servers up to 1.6.3 (inclusive) have heap
overflow issues in the parsing of binary deltas.
3. *Vulnerability Description*
Openfire is a real time collaboration (RTC) server licensed under the
Open Source GPL. It uses the widely adopted open protocol for instant
messaging XMPP, also called Jabber. Multiple cross-site scripting
vulnerabilities have been found, which may lead to arbitrary remote code
execution on the server running the application due to unauthorized
upload of Java plugin code.
4. *Vulnerable packages*
could exploit these flaws to cause a denial of service. (CVE-2008-5348,
CVE-2008-5349)
It was discovered that Java accepted UTF-8 encodings that might be
handled incorrectly by certain applications. A remote attacker could
bypass string filters, possible leading to other exploits. (CVE-2008-5351)
Overflows were discovered in Java JAR processing. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2008-5352, CVE-2008-5354)
<<Previous Next>>
|
