Next Page >>
Chris Evans
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Chris Evans discovered that LittleCMS did not properly handle certain error
conditions, resulting in a large memory leak. If a user or automated system
were tricked into processing an image with malicious ICC tags, a remote
attacker could cause a denial of service. (CVE-2009-0581)
Chris Evans discovered that LittleCMS contained multiple integer overflows.
the following problems:
CVE-2009-0581
Chris Evans discovered that lcms is affected by a memory leak, which
could result in a denial of service via specially crafted image files.
CVE-2009-0723
Chris Evans discovered that lcms is prone to several integer overflows
the following problems:
CVE-2009-0581
Chris Evans discovered that lcms is affected by a memory leak, which
could result in a denial of service via specially crafted image files.
CVE-2009-0723
Chris Evans discovered that lcms is prone to several integer overflows
Liu Die Yu discovered an information disclosure vulnerability in Firefox
when using saved .url shortcut files. If a user were tricked into
downloading a crafted .url file and a crafted HTML file, an attacker
could steal information from the user's cache. (CVE-2008-4582)
Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the
same-origin check in Firefox could be bypassed. If a user were tricked
into opening a malicious website, an attacker could obtain private
information from data stored in the images, or discover information
about software on the user's computer. This issue only affects Firefox 2.
(CVE-2008-5012)
alternative to MathML. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-1382
Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow.
An attacker could execute arbitrary code via a TeX file with long picture,
circle, input tags.
CVE-2009-2459
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin
check in Thunderbird could be bypassed. If a user were tricked into opening a
malicious website, an attacker could obtain private information from data
stored in the images, or discover information about software on the user's
computer. (CVE-2008-5012)
nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
(MFSA 2008-56)
CVE-2008-5024
Chris Evans discovered that quote characters were improperly
escaped in the default namespace of E4X documents. (MFSA 2008-58)
CVE-2008-5500
Jesse Ruderman discovered that the layout engine is vulnerable to
nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
(MFSA 2008-56)
CVE-2008-5024
Chris Evans discovered that quote characters were improperly
escaped in the default namespace of E4X documents. (MFSA 2008-58)
CVE-2008-4582
Liu Die Yu discovered an information leak through local shortcut
(CVE-2008-1185, CVE-2008-1186).
* John Heasman of NGSSoftware discovered that the Java Plug-in does
not properly enforce the same origin policy (CVE-2008-1192).
* Chris Evans of the Google Security Team discovered multiple
unspecified vulnerabilities within the Java Runtime Environment Image
Parsing Library (CVE-2008-1193, CVE-2008-1194).
* Gregory Fleischer reported that web content fetched via the "jar:"
protocol was not subject to network access restrictions
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Chris Evans discovered that mimeTeX incorrectly handled certain long tags.
An attacker could exploit this with a crafted mimeTeX expression and cause
a denial of service or possibly execute arbitrary code. (CVE-2009-1382)
Chris Evans discovered that mimeTeX contained certain directives that may
be unsuitable for handling untrusted user input. This update fixed the
Soroush Dalili discovered a vulnerability in the resource: protocol. This
could potentially allow an attacker to load arbitrary files that were
accessible to the user running Firefox. (CVE-2011-0071)
Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()
function. An attacker could possibly use this vulnerability to make other
attacks more reliable. (CVE-2011-1202)
Update instructions:
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0411
Chris Evans discovered a buffer overflow in the color space handling
code of the Ghostscript PostScript/PDF interpreter, which might result
in the execution of arbitrary code if a user is tricked into processing
a malformed file.
For the stable distribution (etch), this problem has been fixed in version
structure maybe reclaimed resulting in a bad pointer dereference causing
an oops during a readdir.
CVE-2007-4997
Chris Evans discovered an issue with certain drivers that make use of the
Linux kernel's ieee80211 layer. A remote user could generate a malicious
802.11 frame that could result in a denial of service (crash). The ipw2100
driver is known to be affected by this issue, while the ipw2200 is
believed not to be.
Sep 15, 2009 03:04 PM: Patch released by Google Security Team in
v3.0.195.21.
Sep XX, 2009 XX:XX XX: Patch planned by Opera Security Team for next minor
release.
I would like to thank Chris Evans from Google Chrome Security Team and
Sigbjrn Vik from Opera Security Team for their prompt responses, engaging
in insightful discussions and getting the fix ready in a timely manner. It
was a pleasure working with them.
ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.4.tar.gz
ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.4.tar.gz.asc
- --- 4. Greets ---
Chris Evans, sp3x, Infospec
- --- 5. Contact ---
Author: Maksymilian Arciemowicz [ SecurityReason.com ]
Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Chris Evans of the Google Security Team found a vulnerability in the
RC4 processing code in libxslt that did not properly handle corrupted
key information. A remote attacker able to make an application
linked against libxslt process malicious XML input could cause the
application to crash or possibly execute arbitrary code with the
privileges of the application in question (CVE-2008-2935).
Vulnerability : buffer overflows
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2935
Chris Evans discovered that a buffer overflow in the RC4 functions of
libexslt may lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 1.1.19-3.
Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-2751)
Chris Evans discovered that Firefox did not properly process improper CSS
selectors. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)
Soroush Dalili discovered that Firefox did not properly handle script error
Hugh Dickins discovered that hugetlbfs performed certain prio_tree
calculations using HPAGE_SIZE instead of PAGE_SIZE. A local user
could exploit this and cause a denial of service via kernel panic.
(CVE-2007-4133)
Chris Evans discovered an issue with certain drivers that use the
ieee80211_rx function. Remote attackers could send a crafted 802.11
frame and cause a denial of service via crash. (CVE-2007-4997)
Alex Smith discovered an issue with the pwc driver for certain webcam
devices. A local user with physical access to the system could remove
-------------------------------------------------------------------
Description
===========
Chris Evans (Google Security) discovered a stack-based buffer overflow
within the zseticcspace() function in the file zicc.c when processing a
PostScript file containing a long "Range" array in a .seticcscpate
operator.
Impact
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Chris Evans discovered that Ghostscript contained a buffer overflow in
its color space handling code. If a user or automated system were
tricked into opening a crafted Postscript file, an attacker could cause
a denial of service or execute arbitrary code with privileges of the
user invoking the program. (CVE-2008-0411)
Collin Jackson discovered that the -moz-binding property bypasses
security checks on codebase principals.
CVE-2008-5024
Chris Evans discovered that quote characters were improperly
escaped in the default namespace of E4X documents.
For the stable distribution (etch), these problems have been fixed in
version 2.0.0.18-0etch1.
http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf
We've got loads of awesome content lined up as always including a
feature article/interview with Joe Sullivan, Chief Security Officer at
social network behemoth Facebook and keynoter at the 2nd annual
HITBSecConf in Europe. Along side Joe, we also sat down with Chris Evans
who participated in the keynote panel discussion on the Economics of
Vulnerabilities to talk about Google's Vulnerability Rewards program.
While we're on the subject of our 2nd annual HITBSecConf, HITB2011AMS,
the .MY and .NL teams did a fantastic job as always with over 45
Marius Schilder discovered that it is possible to obtain sensible
data via a XMLHttpRequest. (MFSA 2008-64)
CVE-2008-5507
Chris Evans discovered that it is possible to obtain sensible data
via a JavaScript URL. (MFSA 2008-65)
CVE-2008-5508
Chip Salzenberg discovered possible phishing attacks via URLs with
overflow. If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)
Chris Evans discovered that the RC4 processing code in libxslt did not
correctly handle corrupted key information. If a remote attacker were
able to make an application linked against libxslt process malicious
XML input, they could crash the application, leading to a denial of
service. (CVE-2008-2935)
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0411
Chris Evans discovered a buffer overflow in the color space handling
code of the Ghostscript PostScript/PDF interpreter, which might result
in the execution of arbitrary code if a user is tricked into processing
a malformed file.
For the stable distribution (etch), this problem has been fixed in version
underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl
call.
CVE-2009-0028
Chris Evans discovered a situation in which a child process can
send an arbitrary signal to its parent.
CVE-2009-0029
Christian Borntraeger discovered an issue effecting the alpha,
Ian Beer discovered a vulnerability in the memory handling of a certain
types of documents. An attacker could exploit this to possibly run
arbitrary code as the user running Firefox. (CVE-2011-0070)
Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()
function. An attacker could possibly use this vulnerability to make other
attacks more reliable. (CVE-2011-1202)
Update instructions:
Marius Schilder discovered that it is possible to obtain sensible
data via a XMLHttpRequest. (MFSA 2008-64)
CVE-2008-5507
Chris Evans discovered that it is possible to obtain sensible data
via a JavaScript URL. (MFSA 2008-65)
CVE-2008-5508
Chip Salzenberg discovered possible phishing attacks via URLs with
Marius Schilder discovered that Firefox did not properly handle redirects to
an outside domain when an XMLHttpRequest was made to a same-origin resource.
It's possible that sensitive information could be revealed in the
XMLHttpRequest response. (CVE-2008-5506)
Chris Evans discovered that Firefox did not properly protect a user's data when
accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)
Next Page>>
|
