New User, Welcome!     Login

pointer arithmetic

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]

Exploitability:         Proof-of-Concept
Remediation Level:      Official Fix
Report Confidence:      Confirmed

The asn1buf_imbed() function incorrectly checks lengths by comparing
pointers after performing pointer arithmetic using an unchecked input
length.  In addition, the functions asn1buf_remove_charstring() and
asn1buf_remove_octetstring() rely on an invariant that is violated
when asn1buf_imbed() incorrectly validates lengths, performing pointer
arithmetic using the invalid length.  Consequently, malloc() receives
a very large number as its argument.  If the malloc() call somehow

[ MDVSA-2009:098 ] krb5

 
 The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
 cause a denial of service (application crash) via a crafted length
 value that triggers an erroneous malloc call, related to incorrect
 calculations with pointer arithmetic (CVE-2009-0847).
 
 The updated packages have been patched to correct these issues.

 Update:

[ MDVSA-2009:098-1 ] krb5

 
 The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
 cause a denial of service (application crash) via a crafted length
 value that triggers an erroneous malloc call, related to incorrect
 calculations with pointer arithmetic (CVE-2009-0847).
 
 The updated packages have been patched to correct these issues.

 Update:

[ MDVSA-2010:005 ] krb5

 
 The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
 cause a denial of service (application crash) via a crafted length
 value that triggers an erroneous malloc call, related to incorrect
 calculations with pointer arithmetic (CVE-2009-0847).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

[ GLSA 200812-23 ] Imlib2: User-assisted execution of arbitrary code

    1  media-libs/imlib2     < 1.4.2-r1                      >= 1.4.2-r1

Description
===========

Julien Danjou reported a pointer arithmetic error and a heap-based
buffer overflow within the load() function of the XPM image loader.

Impact
======

[ MDVSA-2011:112 ] blender

 Problem Description:

 Multiple vulnerabilities have been identified and fixed in blender:
 
 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
 pointer arithmetic, which might allow remote attackers to obtain
 sensitive memory contents and cause a denial of service via a crafted
 file that triggers an out-of-bounds read. (CVE-2009-4632)
 
 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
 comparison operator was intended, which might allow remote attackers

[ MDVSA-2011:088 ] mplayer

 Problem Description:

 Multiple vulnerabilities have been identified and fixed in mplayer:
 
 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
 pointer arithmetic, which might allow remote attackers to obtain
 sensitive memory contents and cause a denial of service via a crafted
 file that triggers an out-of-bounds read. (CVE-2009-4632)
 
 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
 comparison operator was intended, which might allow remote attackers

[ MDVSA-2011:061 ] ffmpeg

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in ffmpeg:
 
 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
 pointer arithmetic, which might allow remote attackers to obtain
 sensitive memory contents and cause a denial of service via a crafted
 file that triggers an out-of-bounds read. (CVE-2009-4632)
 
 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
 comparison operator was intended, which might allow remote attackers

[ MDVSA-2011:060 ] ffmpeg

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in ffmpeg:
 
 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
 pointer arithmetic, which might allow remote attackers to obtain
 sensitive memory contents and cause a denial of service via a crafted
 file that triggers an out-of-bounds read. (CVE-2009-4632)
 
 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
 comparison operator was intended, which might allow remote attackers

[ MDVSA-2011:114 ] blender

 Problem Description:

 Multiple vulnerabilities have been identified and fixed in blender:
 
 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
 pointer arithmetic, which might allow remote attackers to obtain
 sensitive memory contents and cause a denial of service via a crafted
 file that triggers an out-of-bounds read. (CVE-2009-4632)
 
 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
 comparison operator was intended, which might allow remote attackers


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!