integer value
Remote exploitation of an integer overflow vulnerability in Adobe
Systems Inc.'s Flash Player could allow an attacker to execute arbitrary
code with the privileges of the current user.
During the allocation of an array within a certain internal ActionScript
function, a size calculation may cause an integer value to overflow.
This condition may lead to the bounds of an undersized array being
overflown during a memory copy operation. This can result in arbitrary
code execution.
III. ANALYSIS
vulnerable installations of Novell NetMail. User interaction is not
required to exploit this vulnerability.
The specific flaws exist in the AntiVirus agent which listens on a
random high TCP port. The avirus.exe service protocol reads a
user-supplied ASCII integer value as an argument to a memory allocation
routine. The specified size is added to without any integer overflow
checks and can therefore result in an under allocation. A subsequent
memory copy operation can then corrupt the heap and eventually result
in arbitrary code execution.
Problem Description:
Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,
allow context-dependent attackers to have an unknown impact via
bounds checking on multiple command arguments by the LGServer
service. The second set of vulnerabilities, CVE-2007-5003, occur
due to insufficient bounds checking on rxrLogin authentication
credentials and on a username by the GetUserInfo() function. The
third vulnerability, CVE-2007-5004, occurs due to insufficient
verification of an integer value used during authentication, which
can lead to integer overflow. The fourth vulnerability,
CVE-2007-5005, occurs due to insufficient verification of file
uploads by the NetBackup service. The fifth vulnerability,
CVE-2007-5006, occurs due to insufficient verification of
authorization credentials, which can enable an attacker to bypass
call with a large numerical argument, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document (CVE-2009-1698).
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).
The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in
libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows
context-dependent attackers to cause a denial of service (application
Remote exploitation of an integer underflow vulnerability within
Microsoft Corp.'s SQL Server could allow a remote attacker to execute
arbitrary code with the privileges of the SQL Server.
The vulnerability exists within the code responsible for parsing a
stored backup file. A 32-bit integer value, representing the size of a
record, is taken from the file and used to calculate the number of
bytes to read into a heap buffer. This calculation can underflow, which
leads to insufficient memory being allocated. The buffer is subsequently
overfilled leading to an exploitable condition.
iL> The vulnerability exists in the kernel ioctl() handler for FIFOs. The
iL> I_PEEK ioctl is used to peek at a number of bytes contained in the FIFO
iL> without actually removing them from the queue. One of the arguments to
iL> this command, which represents the number of bytes to peek, is a signed
iL> integer value. Since this parameter is not properly validated, a
iL> negative value can cause large amounts of kernel memory to be leaked.
Can you please clarify this issue? According to subject it looks like
information leak (information disclosure) issue, while according to
description, it looks more like memory leak (Denial of Service) issue.
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).
The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in
libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows
context-dependent attackers to cause a denial of service (application
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists within the way Java handles color profiles.
When parsing a color profile containing a invalid 'rcs2' tag, the
process can be forced to overflow an integer value during an arithmetic
operation. The newly calculated value is then used to allocate memory on
the heap. By providing specific values it is possible to cause a memory
corruption that can lead to remote code being executed under to user
running the browser.
unsigned int ldt_count;
kern_return_t err;
The vulnerable function does not validate the number of entries to set
num_sels
properly. When setting a valid integer value as starting selector number
start_sel, and a integer value higher than 0xffffffff - start_sel as
number of
entries to set num_sels, it results in a integer overflow in start_sel +
num_sels expression, with its value being lower than LDTSZ.
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).
CSS style. When totaling the length of it's string elements, the library
will store the result into a 32bit integer. This value will be used for
an allocation and then later will be used to initialize the allocated
buffer. Due to the number of elements being totaled being variable, this
will allow an aggressor to provide as many elements as necessary in
order to cause the integer value to wrap causing an under-allocation.
Initialization of this data will then cause a heap-based buffer
overflow. This can lead to code execution under the context of the
application.
-- Vendor Response:
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).
numeric character references, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted HTML document. (CVE-2009-1725)
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692. (CVE-2009-2537)
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
'\0' (NUL) character in a domain name in the Subject Alternative Name
field of an X.509 certificate, which allows man-in-the-middle attackers
Problem Description:
Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)
Multiple integer overflows in Python 2.5.2 and earlier allow
context-dependent attackers to have an unknown impact via vectors
|
