Next Page >>
stack based buffer overflow
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
NASA BigView Stack Buffer Overflow
*Advisory Information*
Title: NASA BigView Stack Buffer Overflow
+-----------------------+
|Advisories and Exploits|
+-----------------------+
Final Draft < 8.02 Multiple Stack Buffer Overflows
PDF:
http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf
TXT:
http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.txt
POC: http://security-assessment.com/files/finaldraft8poc.zip
Asterisk Project Security Advisory - AST-2012-003
Product Asterisk
Summary Stack Buffer Overflow in HTTP Manager
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On 03/15/2012
Reported By Russell Bryant
Microsoft Windows 2000 Agent URL Canonicalizing Stack Based Buffer
Overflow Vulnerability
iDefense Security Advisory 09.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 11, 2007
I. BACKGROUND
Microsoft Agent allows websites and programs to display animated
The specific flaw exists in the useEncodingDecl() function used while
parsing the xml header character encoding attribute. When a user
downloads a malicious JNLP file, the charset value is read into a static
buffer. If an overly charset name in the xml header is included, a stack
based buffer overflow occurs, resulting in an exploitable condition.
-- Vendor Response:
Sun Microsystems has issued an update to correct this vulnerability. More
details can be found at:
http://www.emc.com/products/detail/software/alphastor.htm
II. DESCRIPTION
Remote exploitation of multiple stack based buffer overflow
vulnerabilities in EMC Corp.'s AlphaStor could allow an attacker to
execute arbitrary code with SYSTEM privileges.
AlphaStor consists of multiple applications, one of which is the Server
Agent. The Server Agent is one of the core components of AlphaStor, and
IBM AIX lqueryvg Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lqueryvg utility is used to examine the properties of disk volume
groups. It is installed set-uid root by default on multiple versions of
Description:
This is nothing special - there is just flaw in Rosoft Media Player 4.1.8, similar to one discovered by Juan Pablo Lopez Yacubian.
This one concerns RML file. This is Stack Based Buffer Overflow vulerability - we can ovewrite EIP. I hope that it was not reported before.
Author: Wiktor Sierociński
POC:
#!/usr/bin/python
content = (
shellcode.
-[ Attack Vector
For this vulnerability there are three vectors [5]:
1. 0x04: Stack Based Buffer Overflow;
2. 0x08: Heap Based Buffer Overflow;
3. 0x0a: Denial of Service.
-[ Buffer [6]
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
I am in need of some Information for the below mentioned Vulnerability.
CVE-2008-5616
MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow
Description:
MPlayer contains a stack buffer overflow vulnerability while parsing
malformed TwinVQ media files, where TwinVQ (transform-domain weighted
interleaved vector quantization) is an audio compression technique
developed by Nippon Telegraph and Telephone Corporation (NTT). The
vulnerability may be exploited by the remote attacker to execute
arbitrary code in the context of MPlayer. The vulnerable function is
[ NetBSD 5.1 libc/net multiple functions stack buffer overflow ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
Date:
- Dis.: 01.04.2011
- Pub.: 01.07.2011
CVE: CVE-2011-1656
part is a powerful PHP extension that implements all the other
protections.."
During an internal audit of the Suhosin PHP extension, which is
often confused with the Suhosin PHP Patch, although they are not
the same, a possible stack based buffer overflow inside the
transparent cookie encryption feature was discovered.
If successfully exploited this vulnerability can lead to arbitrary
remote code execution. However further investigation into the
vulnerability revealed that it can only be triggered if the admin
The specific flaw exists in the GetVMArgsOption() function used while
parsing the java-vm-args attribute of the j2se tag in xml based JNLP
files. When a user downloads a malicious JNLP file, the vulnerable
attribute is read into a static buffer. If an overly long value is
defined by the java-vm-args attribute, a stack based buffer overflow
occurs, resulting in an exploitable condition.
-- Vendor Response:
Sun Microsystems has issued an update to correct this vulnerability. More
http://office.microsoft.com/en-us/word/default.aspx
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Word could allow attackers to execute arbitrary code
with the privileges of the targeted user.
This vulnerability occurs when Word parses the File Information Block
(FIB) structure inside a Word document. When a malformed FIB structure
Rich-Text Format (RTF) is a document file format developed by Microsoft
for cross-platform document interchange.
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
Microsoft Corp.'s Word could allow attackers to execute arbitrary code
under the privileges of the targeted user.
This vulnerability specifically exists in the handling of a specific
control word in an RTF document. Under certain circumstances, Word will
NSFOCUS Security Advisory (SA2009-01)
UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability
Release Date: 2009-10-16
CVE ID: CVE-2009-2970
http://www.nsfocus.com/en/advisories/0901.html
Multiple stack buffer overflow vulnerabilities have been discovered in
Amaya web editor/browser [1], which can be exploited by unauthorized
people using crafted web pages to compromise a user's system.
A boundary error when processing 'input' HTML tags can be exploited to
cause a stack-based buffer overflow via an overly long 'type' parameter
(Bugtraq ID 33046). Code analysis of the Amaya XHTML parser reveals
multiple unchecked buffers declared on the stack, one of which is used
in the function 'EndOfXmlAttributeValue()':
/-----------
The specific flaw exists in the useEncodingDecl() function used while
checking xml based JNLP files for UTF8 characters. When a user downloads
a malicious JNLP file, the data immediately preceding the opening of the
xml tag is read into a static buffer. If an overly long key name in the
xml header is included, a stack based buffer overflow occurs, resulting
in an exploitable condition.
-- Vendor Response:
Sun Microsystems has issued an update to correct this vulnerability. More
details can be found at:
Microsoft Agent Crafted URL Stack Buffer Overflow
Assurent ID: FSC20070911-11
1. Affected Software
Microsoft Agent, version 2.0.0.3425 (bundled with Windows 2000 Service Pack 4)
Reference: http://www.microsoft.com/msagent/
IBM AIX lquerypv Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lquerypv utility is used to examine the properties of a physical
volume in a volume group. It is installed set-uid root by default on
Reported By:
iDefense Labs
Ingres Database for Linux verifydb Insecure File Permissions
Modification Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
Ingres Database for Linux libbecompat Stack Based Buffer Overflow
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732
Ingres Database for Linux ingvalidpw Untrusted Library Path
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
http://enterprise.alcatel-lucent.com/?product=OmniPCXEnterprise&page=overview
II. DESCRIPTION
Remote exploitation of a stack based buffer overflow vulnerability in
Alcatel-Lucent's OmniPCX Enterprise Communication Server could allow an
attacker to execute arbitrary code with the privileges of the affected
service.
The Alcatel-Lucent OmniPCX Enterprise Communication Server (CS) is used
Multiple vulnerabilities have been identified in git-core, the core of
the git distributed revision control system. Improper path length
limitations in git's diff and grep functions, in combination with
maliciously crafted repositories or changes, could enable a stack
buffer overflow and potentially the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies this
vulnerabilitiy as CVE-2008-3546.
For the stable distribution (etch), this problem has been fixed in
This vulnerability exists in the DirextShow SAMI parser, which is
implemented in quartz.dll. When the SAMI parser copies parameters into
a stack buffer, it does not properly check the length of the parameter.
As such, parsing a specially crafted SAMI file can cause a stack-based
buffer overflow. This allows an attacker to execute arbitrary code.
III. ANALYSIS
Exploitation allows an attacker to execute arbitrary code in the context
of the current user.
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-076
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
numerous operating systems. The Helix DNA Server can support various
formats including RealVideo, RealAudio, and MP3.
II. DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability in
RealNetworks Inc.'s Helix DNA Server could allow an attacker to execute
arbitrary code with the privileges of the affected service. <BR> <BR>
The Helix DNA Server contains a vulnerability that can be triggered by
an unauthenticated attacker. The vulnerability results due to the
parsing of a certain type of Real Time Streaming Protocol (RTSP)
=====[ Vulnerability
When IBM TSM communicates with the suid root backup client
dsmtca, it is handled through pipes. The function
GeneratePassword() does not perform boundary checking, which can
lead to a classic stack based buffer overflow - making local
code execution possible.
=====[ Exploitation
Details.
TheGreenBow is an IPsec VPN client that sets up a secure channel
for data transport.
TheGreenBow VPN Client is vulnerable to a local stack based buffer
overflow, which can lead to the compromise of a vulnerable system.
The vulnerability is caused due to a boundary error when processing
certain sections of tgb (policy) files. Passing an overly long
string to "OpenScriptAfterUp" will trigger the overflow.
http://www.symantec.com/enterprise/products/overview.jsp?pcid=1008&pvid=836_1
II. DESCRIPTION
Remote exploitation of a stack based buffer overflow vulnerability in
Symantec Scan Engine version 5.1.2 could allow an unauthenticated
attacker to execute arbitrary code with the privileges of the scan
engine process.
Symantec Scan Engine listens on TCP port 1344 to accept files for
Next Page>>
|
