Next Page >>
Stack Buffer Overflow
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
NASA BigView Stack Buffer Overflow
*Advisory Information*
Title: NASA BigView Stack Buffer Overflow
+-----------------------+
|Advisories and Exploits|
+-----------------------+
Final Draft < 8.02 Multiple Stack Buffer Overflows
PDF:
http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf
TXT:
http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.txt
POC: http://security-assessment.com/files/finaldraft8poc.zip
I am in need of some Information for the below mentioned Vulnerability.
CVE-2008-5616
MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow
Description:
MPlayer contains a stack buffer overflow vulnerability while parsing
malformed TwinVQ media files, where TwinVQ (transform-domain weighted
interleaved vector quantization) is an audio compression technique
developed by Nippon Telegraph and Telephone Corporation (NTT). The
vulnerability may be exploited by the remote attacker to execute
arbitrary code in the context of MPlayer. The vulnerable function is
Microsoft Agent Crafted URL Stack Buffer Overflow
Assurent ID: FSC20070911-11
1. Affected Software
Microsoft Agent, version 2.0.0.3425 (bundled with Windows 2000 Service Pack 4)
Reference: http://www.microsoft.com/msagent/
NSFOCUS Security Advisory (SA2009-01)
UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability
Release Date: 2009-10-16
CVE ID: CVE-2009-2970
http://www.nsfocus.com/en/advisories/0901.html
ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-009
March 12, 2008
-- CVE ID:
CVE-2008-1188
-- Affected Vendors:
Sun Microsystems
Rich-Text Format (RTF) is a document file format developed by Microsoft
for cross-platform document interchange.
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Word could allow attackers to execute arbitrary code
under the privileges of the targeted user.
This vulnerability specifically exists in the handling of a specific
control word in an RTF document. Under certain circumstances, Word will
IBM AIX lqueryvg Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lqueryvg utility is used to examine the properties of disk volume
groups. It is installed set-uid root by default on multiple versions of
ZDI-08-010: Java Web Start encoding Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-010
March 12, 2008
-- CVE ID:
CVE-2008-1188
-- Affected Vendors:
Sun Microsystems
ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-043
July 17, 2008
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
IBM AIX lquerypv Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lquerypv utility is used to examine the properties of a physical
volume in a volume group. It is installed set-uid root by default on
http://office.microsoft.com/en-us/word/default.aspx
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Word could allow attackers to execute arbitrary code
with the privileges of the targeted user.
This vulnerability occurs when Word parses the File Information Block
(FIB) structure inside a Word document. When a malformed FIB structure
[ NetBSD 5.1 libc/net multiple functions stack buffer overflow ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
Date:
- Dis.: 01.04.2011
- Pub.: 01.07.2011
CVE: CVE-2011-1656
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
3. *Vulnerability Description*
Amaya is the W3C's Web editor/browser, a tool used to create and update
documents directly on the Web. Multiple stack buffer overflow
vulnerabilities have been discovered in Amaya, which can be exploited by
unauthorized people using crafted web pages to compromise a user's system.
4. *Vulnerable packages*
Hi,
Also crashes Firefox 3.06 (latest), Stack overflow. (to not be confused
with stack buffer overflow)
Thu Feb 5 18:46:13.828 2009 (GMT+1): (15d8.17ec): Stack overflow - code c00000fd (first chance)
eax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60
eip=604fcc8f esp=00032fa0 ebp=0003304c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
documents into RTF format used by WordPad, and is present in all
current versions of WordPad except Vista and Server 2008.
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s WordPad could allow an attacker to execute arbitrary
code with the privileges of the current user.
The vulnerability occurs when parsing the content of a Word97 format
file. When reading in the data, the code uses a 32-bit integer from the
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Alin Rad Pop of Secunia Research discovered a stack buffer overflow in
how Samba authenticates remote users. A remote unauthenticated user
could trigger this flaw to cause the Samba server to crash, or possibly
execute arbitrary code with the permissions of the Samba server.
The updated packages have been patched to correct these issues.
Amaya is planning to release a newer version (11.2 snapshot) [1]
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Technical Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
A stack buffer overflow have been discovered in the Amaya [1] Web Editor's XHTML parser function:
ParseCharsetAndContentType(), wich can be used to compromise the victim's system via arbitrary code execution.
The overflow occurs when the application process the "charset" type from a crafted HTML page.If the charset
has a large amount of chars can lead to a stack buffer overflow and, maybe, be exploited using printable ASCII
characters. When the application was debugged, it showed that the overflow occurs in the function
IBM AIX bellmail Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
bellmail is a mail user-agent (MUA) and is commonly used for accessing
locally stored electronic mail messages. Under AIX, the bellmail
http://msdn.microsoft.com/en-us/library/aa506181.aspx
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Windows 2000 operating system could allow an
unauthenticated attacker to execute arbitrary code with system-level
privileges.
This vulnerability exists in the EnumeratePrintShares function in
Microsoft Office Excel Malformed Records Stack Buffer Overflow
TSL ID : FSC20090609-01
Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01
1. Affected Software
Microsoft Office Excel 2000
Microsoft Office Excel 2002
Domino server. More information can be found by visiting the URL below.
<BR> <BR> http://www-01.ibm.com/software/lotus/
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in IBM
Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in
the context of the current user. <BR> <BR> The vulnerability occurs
during the processing of hyperlink information contained within a Rich
Text Format (RTF) document. The hyperlink may be crafted in a manner
which can cause a strcpy function call to overflow the bounds of a stack
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-076
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Stack buffer overflow in nmbd's logon
== request processing.
==
== CVE ID#: CVE-2007-4572
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
~ II Service Console package security updates
~ a. Samba
~ Alin Rad Pop of Secunia Research found a stack buffer overflow
~ flaw in the way Samba authenticates remote users. A remote
~ unauthenticated user could trigger this flaw to cause the Samba
~ server to crash or to execute arbitrary code with the
~ permissions of the Samba server.
A remotely exploitable vulnerability has been found in the file name
parsing code.
More specifically, passing a long file name to the CarbonCore framework
file management API will trigger a stack buffer overflow.
Impact:
This problem can lead to remote arbitrary code execution if an attacker
Additionally, administrators of critical or major deployments of NetBSD (e.g.
dns root servers) were given advance notice in order to deploy appropriate
filter rules.
Exploitability of kernel stack overflows will vary by platform (n.b. a stack
overflow is not a stack buffer overflow, for a concise definition see
TAOCP3,V1,S2.2.2). Also note that a kernel stack overflow is very different
from a userland stack overflow.
For further discussion, including attacks on other operating systems,
see the notes section on ipcomp quines below.
Multiple vulnerabilities have been identified in git-core, the core of
the git distributed revision control system. Improper path length
limitations in git's diff and grep functions, in combination with
maliciously crafted repositories or changes, could enable a stack
buffer overflow and potentially the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies this
vulnerabilitiy as CVE-2008-3546.
For the stable distribution (etch), this problem has been fixed in
easier to exploit than CVE-2007-4000.
[CVE-2007-3999]
The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to
a stack buffer overflow in the RPCSEC_GSS authentication flavor of the
RPC library. Third-party applications using the RPC library provided
with MIT krb5 may also be affected.
We have received a proof-of-concept exploit that does not appear to
execute malicious code, and we believe that this exploit is not
Next Page>>
|
