Next Page >>
large number
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
No CVE id yet
Bogdan Calin discovered that a remote attacker could cause a denial
of service by uploading a large number of files in using multipart/
form-data requests, causing the creation of a large number of
temporary files.
To address this issue, the max_file_uploads option introduced in PHP
5.3.1 has been backported. This option limits the maximum number of
following problems:
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
properly calculate the size of a file descriptor array, which allows
remote attackers to cause a denial of service (crash) via a large number
of connections, which triggers an out-of-bounds access.
CVE-2007-3948
connections.c in lighttpd before 1.4.16 might accept more connections
than the configured maximum, which allows remote attackers to cause a
Multiple vulnerabilities has been discovered and corrected in glibc:
Integer overflow in the vfprintf function in stdio-common/vfprintf.c
in glibc 2.14 and other versions allows context-dependent attackers to
bypass the FORTIFY_SOURCE protection mechanism, conduct format string
attacks, and write to arbitrary memory via a large number of arguments
(CVE-2012-0864).
Multiple errors in glibc's formatted printing functionality could
allow an attacker to bypass FORTIFY_SOURCE protections and execute
arbitrary code using a format string flaw in an application, even
Problem Description:
A vulnerability was discovered in the mod_proxy module in Apache where
it did not limit the number of forwarded interim responses, allowing
remote HTTP servers to cause a denial of service (memory consumption)
via a large number of interim responses (CVE-2008-2364).
This update also provides HTTP/1.1 compliance fixes.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
May 14, 2009
I. BACKGROUND
Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below.
May 14, 2009
I. BACKGROUND
Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5962
Description:
Previous versions of the vsftpd package are vulnerable to a Denial
of Service attack in which remote attackers may be able to trigger
excessive memory consumption by issuing a large number of commands.
vsftpd is not installed by default on rPath Linux 2 systems, and the
default vsftpd.conf file provided with vsftpd does not establish a
vulnerable configuration; therefore only systems customized to include
and reconfigure vsftpd may be vulnerable.
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti- aliasing steps in an argument to the
imagepstext function. (CVE-2010-4698)
It was discovered that PHP accepts the \0 character in a pathname,
which might allow an attacker to bypass intended access restrictions
by placing a safe file extension after this character. This issue
a compartment mismatch. This mismatch can cause garbage collection
to occur incorrectly and lead to a potentially exploitable crash
(CVE-2013-0746).
Using the Address Sanitizer tool, security researcher Atte Kettunen
from OUSPG discovered that the combination of large numbers
of columns and column groups in a table could cause the array
containing the columns during rendering to overwrite itself. This
can lead to a user-after-free causing a potentially exploitable crash
(CVE-2013-0744).
Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
allows user-assisted remote attackers to cause a denial of service
(memory corruption) or execute arbitrary code via a DOT file with a
large number of Agraph_t elements (CVE-2008-4555).
This update provides a fix for this vulnerability.
_______________________________________________________________________
References:
CVE ID : CVE-2011-0520
Debian Bug : 610834
Witold Baryluk discovered that MaraDNS, a simple security-focused
Domain Name Service server, may overflow an internal buffer when
handling requests with a large number of labels, causing a server
crash and the consequent denial of service.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.07.09-2.1.
Problem Description:
The daemon in acpid before 1.0.10 allows remote attackers to cause a
denial of service (CPU consumption and connectivity loss) by opening
a large number of UNIX sockets without closing them, which triggers
an infinite loop (CVE-2009-0798).
The updated packages have been patched to prevent this.
Update:
Hash: SHA1
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* There is a way to inject both headers and content to users, causing
a serious Cross-Site Scripting vulnerability.
Problem Description:
A buffer overflow in PCRE 7.x before 7.6 allows remote attackers
to execute arbitrary code via a regular expression that contains a
character class with a large number of characters with Unicode code
points greater than 255.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
Description
===========
Roee Hay reported a stack-based buffer overflow in the push_subg()
function in parser.y when processing a DOT file with a large number of
Agraph_t elements.
Impact
======
such corruption to result in database corruption or arbitrary code
execution, though we have no such exploit and are not aware of any
such exploits in use in the wild.
CVE-2008-0947: In 1.4 and later, this bug can only be triggered in
configurations that allow large numbers of open file descriptors in a
process.
CVE-2008-0948: In versions before 1.3, this bug can be triggered in
similar circumstances, but is further limited to platforms not
defining certain macros in certain C system header files. Solaris 10
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
modules in the Apache HTTP Server, allows remote attackers to
cause a denial of service (memory consumption) via a crafted XML
document containing a large number of nested entity references, as
demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564
(CVE-2009-1955).
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util
before 1.3.5 on big-endian platforms allows remote attackers to obtain
Buffer overflow in the gettoken function in
contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL
9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x
before 8.2.20 allows remote authenticated users to cause a denial of
service (crash) and possibly execute arbitrary code via integers with
a large number of digits to unspecified functions (CVE-2010-4015).
Packages for 2009.0 are provided as of the Extended Maintenance
Program.
Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
collection. (CVE-2011-0057)
Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
exception timing and a large number of string values, aka an atom
map issue. (CVE-2011-0056)
Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named
b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.
If you're running clamav on a mailserver, an attacker can DoS your Server
Summary
=======
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers two security issues that have recently been
fixed in the Bugzilla code:
+ Some files stored on the web server are not correctly protected
Gandlf, I'm working on a bizarrely similar project (you don't happen
to hail from New York, do you?) and have found that using the totient
function, you'd need an absurdly large number of CPU cycles to factor
RSA properly, slightly less than brute force... like, 2^5 cycles less.
The algorithm has such an absurdly high order of complexity that you'd
be wasting your time. You'd sooner solve the Riemann Hypothesis.
I have books of data on what is seemingly an identical algorithm;
please e-mail me directly if you're interested in doing this type of
research
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named
b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.
If you're running clamav on a mailserver, an attacker can DoS your Server
Problem Description:
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float
data type.
This update corrects the problem.
_______________________________________________________________________
infinite loop) by making two calls to svc_listen for the same socket,
and then reading a /proc/net/atm/*vc file, related to corruption of
the vcc table. (CVE-2008-5079)
Linux kernel 2.6.28 allows local users to cause a denial of service
(soft lockup and process loss) via a large number of sendmsg function
calls, which does not block during AF_UNIX garbage collection
and triggers an OOM condition, a different vulnerability than
CVE-2008-5029. (CVE-2008-5300)
Additionaly, wireless and hotkeys support for Asus EEE were fixed,
software products. The company's best-known hardware products include
Macintosh computers, the iPod and the iPhone."
II. Description
~~~~~~~~~~~~~~~
Calling a CSS attr attribute with a large number leads to memory corruption
III. Impact
~~~~~~~~~~~
Viewing a maliciously crafted web page may lead to an unexpected application
termination or arbitrary code execution.
Problem Description:
The daemon in acpid before 1.0.10 allows remote attackers to cause a
denial of service (CPU consumption and connectivity loss) by opening
a large number of UNIX sockets without closing them, which triggers
an infinite loop (CVE-2009-0798).
The updated packages have been patched to prevent this.
_______________________________________________________________________
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used
by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably
other versions before 1.3, when running on systems whose unistd.h
does not define the FD_SETSIZE macro, allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code by
triggering a large number of open file descriptors.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0948 to this issue.
RPM Updated:
Next Page>>
|
