Next Page >>
bounds checking
CVE-2011-1745
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
Local users can obtain elevated privileges or cause a denial of service due
to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-1746
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
CVE-2011-1745
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
Local users can obtain elevated privileges or cause a denial of service due
to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-1746
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
VLC media player is vulnerable to a memory corruption vulnerability,
which can be exploited by malicious remote attackers to compromise a
user's system, by providing a specially crafted XSPF playlist file. The
vulnerability exists because the VLC ('demux/playlist/xspf.c') library
does not properly perform bounds-checking on an 'identifier' tag from an
XSPF file before using it to index an array on the heap. This can be
exploited to overwrite an arbitrary memory address in the context of the
VLC media player process, and eventually get arbitrary code execution by
opening a specially crafted file.
Summary: CA ARCserve Backup for Laptops and Desktops contains
multiple vulnerabilities that can allow a remote attacker to cause
a denial of service condition or execute arbitrary code. The first
set of vulnerabilities, CVE-2007-3216, occur due to insufficient
bounds checking on multiple command arguments by the LGServer
service. The second set of vulnerabilities, CVE-2007-5003, occur
due to insufficient bounds checking on rxrLogin authentication
credentials and on a username by the GetUserInfo() function. The
third vulnerability, CVE-2007-5004, occurs due to insufficient
verification of an integer value used during authentication, which
#2009-002 OpenCORE insufficient bounds checking during MP3 decoding
Description:
OpenCORE, an open source multimedia decoding subsystem, suffers from an
integer underflow during Huffman decoding resulting in improper bounds
checking when writing to a heap allocated buffer. Decoding a specially
crafted mp3 file will result in unexpected process termination or,
potentially, arbitrary code execution due to heap corruption.
necessary changes.
Details follow:
Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
code via negative size values for certain strings in FontType42 font
files, leading to a heap-based buffer overflow.
CVE-2010-2807
FreeType uses incorrect integer data types during bounds checking,
which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file.
CVE-2010-2808
Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the eTrust Common Services Transport
(ECSQdmn.exe) running on port 1882. When making a request to this
service a user supplied DWORD value is used in a memory copy operation.
Due to the lack of bounds checking an integer can be improperly
calculated leading to a heap overflow. If successfully exploited this
vulnerability will result in a remote system compromise with SYSTEM
credentials.
-- Disclosure Timeline:
Summary: Multiple vulnerabilities exist in the CsAgent service
that can allow a remote attacker to execute arbitrary code or
cause a denial of service condition. The first set of
vulnerabilities, CVE-2007-5082, occur due to insufficient bounds
checking in multiple CsAgent service commands. The second set of
vulnerabilities, CVE-2007-5083, occur due to insufficient
validation of integer values in multiple CsAgent service commands,
which can lead to buffer overflow. The third set of
vulnerabilities, CVE-2007-5084, occur due to insufficient
validation of strings used in SQL statements in multiple CsAgent
with CA Directory. A vulnerability exists that can allow a remote
attacker to cause a denial of service condition. Remediation is
available to address the vulnerability.
The vulnerability, CVE-2011-3849, occurs due to insufficient bounds
checking. A remote attacker can send a SNMP packet that can cause a
crash.
Risk Rating
High
Debian bug : 538989
CVE ID : none assigned yet
It was discovered that squid3, a high-performance proxy caching server for
web clients, is prone to several denial of service attacks. Due to incorrect
bounds checking and insufficient validation while processing response and
request data an attacker is able to crash the squid daemon via crafted
requests or responses.
The squid package in the oldstable distribution (etch) is not affected
Remote exploitation of multiple buffer overflow vulnerabilities in
Oracle Corp.'s Outside In Technology, as included in various vendors'
software distributions, allow attackers to execute arbitrary code.
Two vulnerabilities exist due to a lack of bounds checking when
processing specially crafted Microsoft Excel spreadsheet files. The two
issues exist in two distinct functions. The two vulnerabilities are
nearly identical, with the differentiating factor being the value of a
flag bit within a record of the file. If the bit is set, the code path
to the first vulnerable function is taken. Otherwise, the code path to
Debian bug : 538989 539160
CVE ID : CVE-2009-2622 CVE-2009-2621
It was discovered that squid3, a high-performance proxy caching server for
web clients, is prone to several denial of service attacks. Due to incorrect
bounds checking and insufficient validation while processing response and
request data an attacker is able to crash the squid daemon via crafted
requests or responses.
This update to DSA-1843-1 includes updated upstream patches which add
checks for a corner-case in which an incomplete server reply could
is not required to exploit this vulnerability.
The specific flaw exists within the routine TMregChange() exported by
TMReg.dll which is reachable through the custom protocol subcode
"\x15\x00\x00\x00". The TCP socket bound to port 5005 receives
user-supplied data which is copied without proper bounds checking to a
stack-based buffer. Thereby resulting in an exploitable condition.
-- Vendor Response:
Trend Micro has issued an update to correct this vulnerability. More
details can be found at:
vulnerable installations of Hewlett-Packard Power Manager.
Authentication is not required to exploit this vulnerability.
The specific flaw exists in the handling of URL parameters when posting
to the login form of the web based management web server. Proper bounds
checking is not applied when parsing the Login variable which can result
in an exploitable stack overflow. Successful exploitation can lead to
complete system compromise under the SYSTEM credentials.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
Summary: Multiple vulnerabilities exist in BrightStor ARCserve
Backup that can allow a remote attacker to cause a denial of
service, execute arbitrary code, or take privileged action. The
first set of vulnerabilities, CVE-2007-5325, CVE-2007-5326, and
CVE-2007-5327, occur due to insufficient bounds checking by
multiple components. The second vulnerability, CVE-2007-5328,
occurs due to privileged functions being available for use without
proper authorization. The third set of vulnerabilities,
CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-5332,
are due to a memory corruption occurring with the processing of
OpenOffice, as included in various vendors' operating system
distributions, allows attackers to execute arbitrary code with the
privileges of the logged in user.
The first vulnerability occurs when parsing "Attribute" records from the
file. Due to a lack of bounds checking during a loop that reads these
records, an attacker can trigger a heap overflow by inserting more than
256 records.
The second vulnerability is nearly identical to the first one, but
involves the "Font Description" record instead of the "Attribute"
Summary: CA ARCserve Backup for Laptops and Desktops server
contains a vulnerability that can allow a remote attacker to
execute arbitrary code or cause a denial of service condition. CA
has issued updates to address the vulnerability. The vulnerability,
CVE-2008-3175, occurs due to insufficient bounds checking by the
LGServer service. An attacker can make a request that can result
in arbitrary code execution or crash the service.
Mitigating Factors: Only the server installation of BrightStor
malicious ICC tags, a remote attacker could crash applications linked
against liblcms1, leading to a denial of service, or possibly execute
arbitrary code with user privileges. (CVE-2009-0723)
Chris Evans discovered that LittleCMS did not properly perform bounds
checking, leading to a buffer overflow. If a user or automated system were
tricked into processing an image with malicious ICC tags, a remote attacker
could execute arbitrary code with user privileges. (CVE-2009-0733)
Updated packages for Ubuntu 6.06 LTS:
Summary: Multiple vulnerabilities exist in BrightStor ARCserve
Backup that can allow a remote attacker to cause a denial of
service, execute arbitrary code, or take privileged action. The
first set of vulnerabilities, CVE-2007-5325, CVE-2007-5326, and
CVE-2007-5327, occur due to insufficient bounds checking by
multiple components. The second vulnerability, CVE-2007-5328,
occurs due to privileged functions being available for use without
proper authorization. The third set of vulnerabilities,
CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-5332,
are due to a memory corruption occurring with the processing of
Vulnerabilities and Exposures project identifies the following three
problems:
CVE-2007-5824
Insufficient validation and bounds checking of the Authorization:
HTTP header enables a heap buffer overflow, potentially enabling
the execution of arbitrary code.
CVE-2007-5825
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
__________________________________________________________________
Problem Description:
Due to incorrect bounds checking Squid is vulnerable to
a denial of service check during some cache update reply
processing.
__________________________________________________________________
CVE-2010-1850
MySQL was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table
name, a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code.
protocol (SDP) handling allow an attacker to execute arbitrary
code if a maliciously-crafted RTSP stream is played.
CVE-2008-0073
Insufficient integer bounds checking in SDP handling allows the
execution of arbitrary code through a maliciously crafted SDP
stream ID parameter in an RTSP stream.
CVE-2008-0984
necessary changes.
Details follow:
Sean de Regge discovered that flac did not properly perform bounds
checking in many situations. An attacker could send a specially crafted
FLAC audio file and execute arbitrary code as the user or cause a denial
of service in flac or applications that link against flac.
Updated packages for Ubuntu 6.06 LTS:
vulnerable installations of Microsoft Office PowerPoint Viewer. User
interaction is required to exploit this vulnerability in that the target
must open a malicious presentation.
The specific flaw exists in the handling of TextBytesAtom records
contained in a PPT file. Due to the lack of bounds checking on the size
argument an unchecked memcpy() copies user data from the file to the
stack, overflowing key exception structures. Exploitation of this
vulnerability can lead to remote compromise of the affected system under
the context of the currently logged in user.
Advisory Issued: 4th August 2010
===============================ADVISORY===============================
Description
-----------
The Citrix Presentation Server Client (test on v10.150) does not perform bounds checking on the type field in an ICA "graphics" packet. This lack of checking allows for a remote exploitation of a user that has the client installed.
The exploit can be triggered by sending a user to a malicious webpage that causes an ICA file to be downloaded. This automatically connects to a simulated ICA server, which can trigger the remote code execution and take control over the client.
Analysis
vulnerable installations of Oracle Secure Backup. Authentication is not
required to exploit this vulnerability.
The specific flaw exists in the Oracle Secure Backup Services daemon
observiced.exe listening on TCP port 10000 by default. Due to the lack
of bounds checking on the reverse lookup of connections to the port a
stack overflow can occur leading to a complete compromise of the
affected system under the credentials of the SYSTEM account.
-- Vendor Response:
Oracle has issued an update to correct this vulnerability. More
Additional Information:
=======================
Sending a malformed NDMP client authentication(NDMP_CONECT_CLIENT_AUTH Command) packet will cause a overflow a buffer overflow due to
invalid bounds checking.
Solutions:
==========
Use the solution provided by Oracle http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
mapserver's template handling and error reporting routines leads
to cross-site scripting vulnerabilities.
CVE-2007-4629
Missing bounds checking in mapserver's template handling leads to
a stack-based buffer overrun vulnerability, allowing a remote
attacker to execute arbitrary code with the privileges of the CGI
or httpd user.
For the stable distribution (etch), these problems have been fixed in
Next Page>>
|
