Next Page >>
Stack Smashing
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
NASA BigView Stack Buffer Overflow
*Advisory Information*
Title: NASA BigView Stack Buffer Overflow
NSFOCUS Security Advisory (SA2009-01)
UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability
Release Date: 2009-10-16
CVE ID: CVE-2009-2970
http://www.nsfocus.com/en/advisories/0901.html
Microsoft Agent Crafted URL Stack Buffer Overflow
Assurent ID: FSC20070911-11
1. Affected Software
Microsoft Agent, version 2.0.0.3425 (bundled with Windows 2000 Service Pack 4)
Reference: http://www.microsoft.com/msagent/
ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-043
July 17, 2008
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
I am in need of some Information for the below mentioned Vulnerability.
CVE-2008-5616
MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow
Description:
MPlayer contains a stack buffer overflow vulnerability while parsing
malformed TwinVQ media files, where TwinVQ (transform-domain weighted
interleaved vector quantization) is an audio compression technique
developed by Nippon Telegraph and Telephone Corporation (NTT). The
vulnerability may be exploited by the remote attacker to execute
arbitrary code in the context of MPlayer. The vulnerable function is
ZDI-08-010: Java Web Start encoding Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-010
March 12, 2008
-- CVE ID:
CVE-2008-1188
-- Affected Vendors:
Sun Microsystems
ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-009
March 12, 2008
-- CVE ID:
CVE-2008-1188
-- Affected Vendors:
Sun Microsystems
http://office.microsoft.com/en-us/word/default.aspx
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Word could allow attackers to execute arbitrary code
with the privileges of the targeted user.
This vulnerability occurs when Word parses the File Information Block
(FIB) structure inside a Word document. When a malformed FIB structure
for some functions. It's enabled by default in many cases. In
particular, when FORTIFY_SOURCE detects an overflow, it aborts
execution and prints an error message that might look similar to the
following:
*** stack smashing detected ***: ./strcpy terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x40)[0x502b30]
/lib/libc.so.6(__fortify_fail+0x0)[0x502af0]
./strcpy[0x80484d5]
[0x41414141]
IBM AIX lquerypv Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lquerypv utility is used to examine the properties of a physical
volume in a volume group. It is installed set-uid root by default on
3. *Vulnerability Description*
Amaya is the W3C's Web editor/browser, a tool used to create and update
documents directly on the Web. Multiple stack buffer overflow
vulnerabilities have been discovered in Amaya, which can be exploited by
unauthorized people using crafted web pages to compromise a user's system.
4. *Vulnerable packages*
IBM AIX lqueryvg Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lqueryvg utility is used to examine the properties of disk volume
groups. It is installed set-uid root by default on multiple versions of
phion Security Advisory 21/10/2008
Microsoft VISTA TCP/IP stack buffer overflow
Summary
-----------------------------
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.
Affected Systems
-----------------------------
Description
===========
Multiple vulnerabilities have been found in Asterisk:
* Russel Bryant reported a stack buffer overflow in the IAX2 channel
driver (chan_iax2) when bridging calls between chan_iax2 and any
channel driver that uses RTP for media (CVE-2007-3762).
* Chris Clark and Zane Lackey (iSEC Partners) reported a NULL pointer
dereference in the IAX2 channel driver (chan_iax2) (CVE-2007-3763).
Cisco Security Agent is a security software agent that provides threat protection
for server and desktop computing systems.
A driver bundled with Cisco Security Agent for Windows does not correctly
check the data length provided by users when processing a SMB packet, which
might trigger a stack buffer overflow in the system kernel. A remote attacker
might cause system with CSA installed to restart or BSOD. By sending carefully
crafted data an attacker might cause remote code execution, thus gains complete
control over the system.
By default CSA allows access to TCP ports 139 and 445. After establishing a
>Regarding the paper, well, it can be useful for people who want to
>find a similar issue in their firewall/proxy appliances. Don't you
>think?
Aleph One's paper on stack smashing, Tim Newsham's on format strings,
Shaun Clowes' on PHP issues - not to mention a bunch of others -
demonstrate how successful a white paper can be for raising widespread
awareness about an issue. Aleph One was hardly the first to discover
and exploit buffer overflows, but few would disagree about how
important his paper was to the industry.
Hi,
Also crashes Firefox 3.06 (latest), Stack overflow. (to not be confused
with stack buffer overflow)
Thu Feb 5 18:46:13.828 2009 (GMT+1): (15d8.17ec): Stack overflow - code c00000fd (first chance)
eax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60
eip=604fcc8f esp=00032fa0 ebp=0003304c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow
TSL ID: FSC20100701-01
1. Affected Software
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
A remotely exploitable vulnerability has been found in the file name
parsing code.
More specifically, passing a long file name to the CarbonCore framework
file management API will trigger a stack buffer overflow.
Impact:
This problem can lead to remote arbitrary code execution if an attacker
see the vendor's site found at the following link:
http://www.libtiff.org
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in version
3.9.2 of LibTIFF, as included in various vendors' operating system
distributions, could allow an attacker to execute arbitrary code with
the privileges of the current user.
This vulnerability is due
Microsoft Office Excel Malformed Records Stack Buffer Overflow
TSL ID : FSC20090609-01
Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01
1. Affected Software
Microsoft Office Excel 2000
Microsoft Office Excel 2002
http://msdn2.microsoft.com/en-us/library/bb248347.aspx
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s DirectShow could allow an attacker to execute
arbitrary code in the context of the current user.
This vulnerability exists in the DirextShow SAMI parser, which is
implemented in quartz.dll. When the SAMI parser copies parameters into
Amaya is planning to release a newer version (11.2 snapshot) [1]
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Technical Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
A stack buffer overflow have been discovered in the Amaya [1] Web Editor's XHTML parser function:
ParseCharsetAndContentType(), wich can be used to compromise the victim's system via arbitrary code execution.
The overflow occurs when the application process the "charset" type from a crafted HTML page.If the charset
has a large amount of chars can lead to a stack buffer overflow and, maybe, be exploited using printable ASCII
characters. When the application was debugged, it showed that the overflow occurs in the function
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-076
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability while
handling specific HTML tags in Microsoft Corp.'s Internet Explorer web
browser allows attackers to execute arbitrary code within the context
of the affected user.
On Internet Explorer 5.01 a function return address can be overwritten
Multiple vulnerabilities have been identified in git-core, the core of
the git distributed revision control system. Improper path length
limitations in git's diff and grep functions, in combination with
maliciously crafted repositories or changes, could enable a stack
buffer overflow and potentially the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies this
vulnerabilitiy as CVE-2008-3546.
For the stable distribution (etch), this problem has been fixed in
~ II Service Console package security updates
~ a. Samba
~ Alin Rad Pop of Secunia Research found a stack buffer overflow
~ flaw in the way Samba authenticates remote users. A remote
~ unauthenticated user could trigger this flaw to cause the Samba
~ server to crash or to execute arbitrary code with the
~ permissions of the Samba server.
http://msdn.microsoft.com/en-us/library/aa506181.aspx
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Windows 2000 operating system could allow an
unauthenticated attacker to execute arbitrary code with system-level
privileges.
This vulnerability exists in the EnumeratePrintShares function in
14h00-15h00 ? Fingerprinting hardware devices using clock-skewing ?
Renaud Lifchitz
15h00-16h00 ? A5/1 application & crack via GPU ? Gloire Gwendal
(Kalkulator?s Knights Project)
16h00-17h00 ? Stack Smashing Protector in FreeBSD ? Paul Rascagneres
17h00-18h00 ? Static analysis of a new kind of heap vulnerability ?
Julien Vanegue (Microsoft)
Party!
- --[ Workshops & Activities
The Current State of Wifi - Arhont
The Life of a Security Manager - Chris Sumner
Java Stack Smashing - Subere
There will also be a couple of workshops running in-between/after speakers:
Data extraction via Firewire/demo - Guillaume
Next Page>>
|
