Next Page >>
NULL pointer
memory corruption resulting from a resource liberation bug that can be
triggered with a malformed '.ics' calendar file specially crafted by a
would-be attacker.
The other two vulnerabilities lead to abnormal termination (crash) of
the iCal application due to null-pointer dereference bugs triggered
while parsing a malformed '.ics' files. The ability to inject and
execute arbitrary code on vulnerable systems using these two
vulnerabilities was researched but not proven possible.
Exploitation of these vulnerabilities in a client-side attack scenario
memory corruption resulting from a resource liberation bug that can be
triggered with a malformed '.ics' calendar file specially crafted by a
would-be attacker.
The other two vulnerabilities lead to abnormal termination (crash) of
the iCal application due to null-pointer dereference bugs triggered
while parsing a malformed '.ics' files. The ability to inject and
execute arbitrary code on vulnerable systems using these two
vulnerabilities was researched but not proven possible.
Exploitation of these vulnerabilities in a client-side attack scenario
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
1. *Advisory Information*
Title: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
Versions: <= 0.1.15
Platforms: *nix
Bugs: A] first buffer-overflow in RTSP_valid_response_msg
B] second buffer-overflow in RTSP_valid_response_msg
C] crash in RTSP_remove_msg
D] NULL pointer in parse_transport_header
E] NULL pointer in parse_play_time_range
F] NULL pointer in log_user_agent
G] NULL pointer in Netembryo 0.0.4
Exploitation: remote
Date: 27 Dec 2007
node that is not part of the kernel node set. (CVE-2010-0415)
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly gain
privileges via unspecified ioctl calls. (CVE-2009-3620)
The wake_futex_pi function in kernel/futex.c in the Linux kernel
before 2.6.33-rc7 does not properly handle certain unlock operations
for a Priority Inheritance (PI) futex, which allows local users to
node that is not part of the kernel node set. (CVE-2010-0415)
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly gain
privileges via unspecified ioctl calls. (CVE-2009-3620)
The wake_futex_pi function in kernel/futex.c in the Linux kernel
before 2.6.33-rc7 does not properly handle certain unlock operations
for a Priority Inheritance (PI) futex, which allows local users to
Original release: 2011-10-18
Last update: 2011-10-18
Topic: KDC denial of service vulnerabilities
CVE-2011-1527: null pointer dereference in KDC LDAP back end
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C
CVSSv2 Base Score: 7.8
[ PHP 5.3.6 multiple null pointer dereference ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://securityreason.net/
http://cxib.net/
Date:
- Dis.: 20.07.2011
- Pub.: 19.08.2011
http://www.3s-software.com/index.shtml?en_CoDeSysV3_en
Versions: <= 3.4 SP4 Patch 2
Platforms: Windows
Bugs: A] GatewayService integer overflow
B] CmpWebServer stack overflow
C] CmpWebServer Content-Length NULL pointer
D] CmpWebServer invalid HTTP request NULL pointer
E] CmpWebServer folders creation
Exploitation: remote
Date: 29 Nov 2011
Author: Luigi Auriemma
Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce
Author: Adam Zabrocki / HISPASEC (<pi3@itsec.pl> or <adam@hispasec.com>)
Date: July 06, 2009
Issue:
Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow vulnerability.
Xpdf is prone to NULL pointer dereference attack.
http://www.lfs.net
Versions: <= 0.5X10
Platforms: Windows
Bugs: A] nickname buffer-overflow
B] partial track buffer-overflow
C] NULL pointer access in internet/hidden S1/S2 servers
D] memcpy() NULL pointer in internet/hidden S1/S2 servers
Exploitation: remote, versus server
A] demo/S1/S2 in-game
B] demo/S1/S2 in-game
C] S1/S2 (internet/hidden)
Exploitability: Proof-of-Concept
Remediation Level: Official Fix
Report Confidence: Confirmed
[CVE-2009-0845]
SPNEGO implementation can dereference a null pointer
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 7.8
CVSSv2 Temporal Score: 6.1
Title:
======
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
Date:
=====
2012-04-23
The personality subsystem in the Linux kernel has a PER_CLEAR_ON_SETID
setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO
flags when executing a setuid or setgid program, which makes it
easier for local users to leverage the details of memory usage to (1)
conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr
protection mechanism, or (3) defeat address space layout randomization
(ASLR). (CVE-2009-1895)
The load_flat_shared_library function in fs/binfmt_flat.c in the
flat subsystem in the Linux kernel allows local users to cause a
MIT krb5 Security Advisory 2011-007
Original release: 2011-12-06
Last update: 2011-12-06
Topic: KDC null pointer dereference in TGS handling
CVE-2011-1530
KDC null pointer dereference in TGS handling
http://www.openview.hp.com/products/nnm/
Versions: <= 7.53
Platforms: Windows (tested), Solaris, Linux, HP-UX
Bugs: A] CGIs directory traversal
B] Denial of Service in ovalarmsrv
C] NULL pointer in ovalarmsrv
D] process termination in ovtopmd
Exploitation: remote
Date: 11 Apr 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
: Advisory URL: http://www.coresecurity.com/?action=item&id=2219
: Bugtraq ID: 28629 28632 28633
: CVE Name: CVE-2008-1035 CVE-2008-2006 CVE-2008-2007
: 1) Null pointer de-reference #1 (Bugtraq ID 28629, CVE-2008-2006)
:
: The 'COUNT' value causes an integer overflow, which leads to a null
: 2) Null pointer dereference #2 (Bugtraq ID 28632, CVE-2008-2006)
:
3.1.1 and 3.1.0
Vulnerability:
Null Pointer
Description:
Hellcode Research discovered a null pointer vulnerability in Openoffice for
Windows.
execute arbitrary code via a crafted PDF file (CVE-2009-1179).
A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).
A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).
Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
http://www.solidtech.com/en/products/relationaldatabasemanagementsoftware/embed.asp
Versions: <= 06.00.1018
Platforms: Windows (tested), Solaris, AIX, HP-UX and Linux
Bugs: A] format string in logging function
B] crash caused by arbitrary array index
C] NULL pointer
D] server termination through allocation error
Exploitation: remote
Date: 26 Mar 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Application: TinTin++ / WinTin++
http://tintin.sourceforge.net
Versions: <= 1.97.9
Platforms: Windows, Linux and Mac
Bugs: A] chat buffer-overflow
B] chat YES NULL pointer
C] chat home folder empty files creation
Exploitation: remote
Date: 06 Feb 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Tested Vulnerable Versions:
3.1.1 and 3.1.0
Vulnerability:
Null Pointer
Description:
Hellcode Research discovered a null pointer vulnerability in Openoffice for Windows.
NOTE: ONLY the products and versions listed as affected above are vulnerable to these issues. This issue impacts the
server only. Client agents are NOT affected.
Details
Secunia Research notified Symantec of three DoS issues involving erroneous packet handling affecting components of the
Symantec Backup Exec for Windows Servers Job Engine. One is a null-pointer dereference issue that crashes the listening
service, and two additional issues involving integer overflows that can force the service into an infinite loop resulting in
memory exhaustion or high CPU utilization. Successful exploitation requires access to the affected port. In normal installations
this would require the attacker to have authorized but non-privileged access to the network on which the targeted server resides
to leverage network communications. A successful attack could result in termination of the targeted service and loss of scheduling
services or potentially loss of access to the application until the service is restarted or the targeted activity ceases.
Versions: <= 3.7.2
Platforms: Windows
Bugs: A] directory traversal
B] scripts source visualization
C] arbitrary files deleting by users
D] NULL pointer crash in chat.ehintf by users
E] html injection in the trace viewer
Exploitation: remote
Date: 10 Dec 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)
Multiple race conditions in fs/pipe.c in the Linux kernel before
2.6.32-rc6 allow local users to cause a denial of service (NULL pointer
dereference and system crash) or gain privileges by attempting to
open an anonymous pipe via a /proc/*/fd/ pathname. (CVE-2009-3547)
The tcf_fill_node function in net/sched/cls_api.c in the netlink
subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6
MITKRB5-SA-2010-005
MIT krb5 Security Advisory 2010-005
Original release: 2010-05-18
Topic: GSS-API library null pointer dereference
CVE-2010-1321
CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
http://www.doubletake.com
Versions: <= 5.0.0.2865
(version 4.5.x tested with success too)
Platforms: Windows
Bugs: A] server termination through "vector<T> too long" exception
B] NULL pointer crash
C] termination through memory allocation
D] informations disclosure
E] other exceptions
Exploitation: remote
Date: 22 Feb 2008
Application: Acronis PXE Server
http://www.acronis.com/enterprise/products/snapdeploy/
Versions: <= 2.0.0.1076
Platforms: Windows
Bugs: A] directory traversal
B] NULL pointer
Exploitation: remote
Date: 08 Mar 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
Application: Acronis PXE Server
http://www.acronis.com/enterprise/products/snapdeploy/
Versions: <= 2.0.0.1076
Platforms: Windows
Bugs: A] directory traversal
B] NULL pointer
Exploitation: remote
Date: 08 Mar 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
context switch, or reset the flags when creating new threads, which
allowed local users to cause a denial of service (process crash)
(CVE-2006-5755).
The compat_sys_mount function in fs/compat.c allowed local users
to cause a denial of service (NULL pointer dereference and oops)
by mounting a smbfs file system in compatibility mode (CVE-2006-7203).
The nfnetlink_log function in netfilter allowed an attacker to cause a
denial of service (crash) via unspecified vectors which would trigger
a NULL pointer dereference (CVE-2007-1496).
Next Page>>
|
