<< Previous Next >>
memory leaks
Bug Fixes:
- - Debugger Core
o The memory page protect information is correctly displayed now.
o Fixed Second Analysis pass repeated entries bug.
o Fixed thread state swap issue which was leading to a memory leak.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH7B7dnx8KWzmcRsERAjY0AJ9+B92B/8iqARKIB5yflfU0kkqf0ACeL6nN
A vulnerability in libclamav would allow attackers to cause a
denial of service via vectors related to an out-of-memory condition
(CVE-2008-3912).
Multiple memory leaks were found in ClamAV that could possibly allow
attackers to cause a denial of service via excessive memory consumption
(CVE-2008-3913).
A number of unspecified vulnerabilities in ClamAV were reported that
have an unknown impact and attack vectors related to file descriptor
* A buffer overflow in libavcodec/dca.c (CVE-2008-4867).
* An unspecified vulnerability in the avcodec_close() function in
libavcodec/utils.c (CVE-2008-4868).
* Unspecified memory leaks (CVE-2008-4869).
* Tobias Klein repoerted a NULL pointer dereference due to an integer
signedness error in the fourxm_read_header() function in
libavformat/4xm.c (CVE-2009-0385).
numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6
allows context-dependent attackers to cause a denial of service
(application crash) via an invalid argument, a related issue to
CVE-2010-4409 (CVE-2011-1467).
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6
might allow remote attackers to cause a denial of service (memory
consumption) via (1) plaintext data to the openssl_encrypt function or
(2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).
Unspecified vulnerability in the Streams component in PHP before
necessary changes.
Details follow:
Chris Evans discovered that LittleCMS did not properly handle certain error
conditions, resulting in a large memory leak. If a user or automated system
were tricked into processing an image with malicious ICC tags, a remote
attacker could cause a denial of service. (CVE-2009-0581)
Chris Evans discovered that LittleCMS contained multiple integer overflows.
If a user or automated system were tricked into processing an image with
available entropy. zero-entropy systems were seeded with the same
inputs at boot time, resulting in repeatable series of random numbers.
CVE-2007-2525
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
by releasing a socket before PPPIOCGCHAN is called upon it. This could
be used by a local user to DoS a system by consuming all available memory.
CVE-2007-2876
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)
http://www.debian.org/security/ dann frazier
May 15, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-0028 CVE-2009-0834 CVE-2009-0835 CVE-2009-0859
CVE-2009-1046 CVE-2009-1072 CVE-2009-1184 CVE-2009-1192
CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338
Hi,
LittleCMS (or lcms) prior to v1.18beta2 contains various integer
overflow, buffer overflow and memory leak errors. At least one of
these bugs is a stack-based buffer overflow which is good for
arbitrary code execution. I have an exploit that works on my
Ubuntu-8.10 laptop but am holding off on releasing it just yet.
The most serious bug is a stack-based buffer overflow in
ReadSetOfCurves() in cmsio1.c. With some code paths, validation of the
security impact.
CVE-2010-1162
Catalin Marinas reported an issue in the tty subsystem that allows
local attackers to cause a kernel memory leak, possibly resulting
in a denial of service.
CVE-2010-1173
Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from
for free.
II. Description
~~~~~~~~~~~~~~~
This bug is a simple design bug that results in an endless loop (and interesting
memory leaks).
Once upon a time Netscape thought it would be a great idea to add the keygen tag
(<keygen>) as a feature to their Browser. The keygen tag offers a simple way
of automatically generating key material using various algorithms. For instance
it is possible to generate RSA, DSA and EC key material.
Bug fixes
[JCR-1823] Repository.login throws IllegalStateException
[JCR-1838] Garbage collection deletes temporary files in FileDataStore
[JCR-1846] Jackrabbit thread contention issue due to fat lock
[JCR-1920] Custom LoginModule configurations broken in 1.5.0
[JCR-1931] SharedFieldCache$StringIndex memory leak causing OOM's
jackrabbit-jcr-commons
Bug fixes
[JCR-1926] Text.unescape("%") throws a StringIndexOutOfBoundsException
A similar issue exists in the IPV4 protocol handler and will be fixed
in a subsequent update.
CVE-2007-2525
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
by releasing a socket before PPPIOCGCHAN is called upon it. This could
be used by a local user to DoS a system by consuming all available memory.
CVE-2007-3848
Bug Fixes:
- - Debugger Core
o The memory page protect information is correctly displayed now.
o Fixed Second Analysis pass repeated entries bug.
o Fixed thread state swap issue which was leading to a memory leak.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH7B5Lnx8KWzmcRsERAvnjAKCrswcUWJlIbdsN6mH+LC6717bfhQCfT6Fu
shipped with IPSec Tools:
* Neil Kettle reported that racoon/isakmp_frag.c is prone to a
null-pointer dereference (CVE-2009-1574).
* Multiple memory leaks exist in (1) the eay_check_x509sign()
function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c
(CVE-2009-1632).
Impact
======
http://www.debian.org/security/ Nico Golde
May 20th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ipsec-tools
Vulnerability : null pointer dereference, memory leaks
Problem type : remote
Debian-specific: no
Debian bug : 527634 528933
CVE ID : CVE-2009-1574 CVE-2009-1632
RedHat reported a null-pointer dereference flaw while processing
monochrome ICC profiles (CVE-2009-0793).
Chris Evans of Google discovered the following vulnerabilities:
* LittleCMS contains severe memory leaks (CVE-2009-0581).
* LittleCMS is prone to multiple integer overflows, leading to a
heap-based buffer overflow (CVE-2009-0723).
* The ReadSetOfCurves() function is vulnerable to stack-based buffer
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)
The Linux kernel prior to 2.6.22.17, when using certain drivers
that register a fault handler that does not perform range checks,
allowed local users to access kernel memory via an out-of-range offset
(CVE-2008-0007).
Additionally, this kernel fixes a JBD checkpoint memory leak bug.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
permits local users on systems running the amd64 flavor kernel
to cause a system crash.
CVE-2008-2136
Paul Harks discovered a memory leak in the Simple Internet Transition
(SIT) code used for IPv6 over IPv4 tunnels. This can be exploited
by remote users to cause a denial of service condition.
CVE-2008-2137
HTTP Server, as distributed in Apache Subversion before 1.6.15,
allows remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via vectors that trigger the
walking of SVNParentPath collections (CVE-2010-4539).
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15
allow remote authenticated users to cause a denial of service (memory
consumption and daemon crash) via the -g option to the blame command
(CVE-2010-4644).
Packages for 2009.0 are provided as of the Extended Maintenance
Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users
can obtain access to sensitive kernel memory.
CVE-2011-1090
Neil Horman discovered a memory leak in the setacl() call on NFSv4
filesystems. Local users can exploit this to cause a denial of service
(Oops).
CVE-2011-1093
Affected: Corporate 4.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
attackers to cause a denial of service (memory consumption) via vectors
involving (1) signature verification during user authentication with
X.509 certificates, related to the eay_check_x509sign function in
src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T)
keepalive implementation, related to src/racoon/nattraversal.c
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
http://www.debian.org/security/ dann frazier
November 5, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612
CVE-2009-3620 CVE-2009-3621 CVE-2009-3638
1 net-proxy/squid < 2.6.17 >= 2.6.17
Description
===========
The Wikimedia Foundation reported a memory leak vulnerability when
performing cache updates.
Impact
======
This vulnerability is documented in Cisco Bug ID CSCsx03715 and
has been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2009-1164.
* SSH connections denial of service vulnerability
Affected devices may be susceptible to a memory leak when they
handle SSH management connections. An attacker could use this
behavior to cause an affected device to crash and reload.
Note: A three-way handshake is not required to exploit this
vulnerability.
users to cause a denial of service or potentially gain elevated
privileges.
CVE-2009-0031
Vegard Nossum discovered a memory leak in the keyctl subsystem
that allows local users to cause a denial of service by consuming
all available kernel memory.
CVE-2009-0065
The bug title says Denial of service, not information leak, or crypto
leak or whatever.
That's it, one might want to write a paper how, by indirect
means memory leaks can wreak havoc, that's an exercise
I happily leave to the reader. The point was that you
better analyse them instead of having them sit there a few months.
period, nothing more nothing less.
<<Previous Next>>
|
