An integer underflow problem in the iptables firewall logging rules An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled. We would like to thank Richard Hart for reporting the [More...]
During the last months a number of security problems have been fixed During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include: in Mozilla and Mozilla based brwosers. These include: - CAN-2004-0718: content in unrelated windows could be modified- CAN-2004-0722: integer overflow in the SOAPParameter object constructor- CAN-2004-075 [More...]
The Samba server, which allows to share files and resources via The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be r [More...]
Chris Evans reported three vulnerabilities in libXpm which can Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well [More...]
gdk-pixbuf is an image loading and rendering library mostly used gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in [More...]
The Apache daemon is running on most of the web-servers used in the The Apache daemon is running on most of the web-servers used in the Internet today. Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while ha [More...]
The Common Unix Printing System (CUPS) enables local and remote users to The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote [More...]
The mod_ssl apache module, as part of our apache2 package, enables The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CA [More...]
zlib is a widely used data compression library. Programs linked against it zlib is a widely used data compression library. Programs linked against it include most desktop applications as well as servers such as Apache and include most desktop applications as well as servers such as Apache and OpenSSH. The 'inflate' function of zlib handles certain input data incorrectly which could lead to a deni [More...]
Various signedness issues and integer overflows have been fixed within Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6. kNFSd and the XDR decode functions of kernel 2.6. These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31. The resul [More...]
The QT-library is an environment for GUI-programming and is used in The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. various well-known projects, like KDE. Chris Evans found a heap overflow in the BMP image format parser (CAN-2004-0691) which can probably be abused by remote attackers to execute arbitrary code with the privileges of [More...]
The rsync-team released an advisory about a security problem in rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. As [More...]
Gaim is an instant messaging client which supports a wide range of Gaim is an instant messaging client which supports a wide range of protocols. protocols. Sebastian Krahmer of the SuSE Security Team discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code.
Paul Starzetz from iSEC informed us about a race condition in the 64bit Paul Starzetz from iSEC informed us about a race condition in the 64bit file offset handling code of the kernel. file offset handling code of the kernel. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file to point to the current position in a file. The Linux kernel offers a 3 [More...]
Several different security vulnerabilities were found in the PNG Several different security vulnerabilities were found in the PNG library which is used by applications to support the PNG image format. library which is used by applications to support the PNG image format. A remote attacker is able to execute arbitrary code by triggering a buffer overflow due to the incorrect handling of the [More...]
The Samba Web Administration Tool (SWAT) was found vulnerable to The Samba Web Administration Tool (SWAT) was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code. The same piece of vulnerable code [More...]
PHP is a well known, widely-used scripting language often used within PHP is a well known, widely-used scripting language often used within web server setups. web server setups. Stefan Esser found a problem with the "memory_limit" handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a prob [More...]
Multiple security vulnerabilities are being addressed with this security update of the Linux kernel.Kernel memory access vulnerabilities are fixed in the e1000, decnet,acpi_asus, alsa, airo/WLAN, pss and mpu401 drivers. Thesevulnerabilities can lead to kernel memory read access, write accessand local denial of service conditions, resulting in access to theroot account for an attacker with a loca [More...]
The Dynamic Host Configuration Protocol (DHCP) server is used to The Dynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN configure clients that dynamically connect to a network (WLAN hotspots, customer networks, ...). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by [More...]
Subversion is a version control system like the well known CVS. Subversion is a version control system like the well known CVS. The subversion code is vulnerable to a remotely exploitable buffer The subversion code is vulnerable to a remotely exploitable buffer overflow on the heap. The bug appears before any authentication took place. An attacker is able to execute arbitray code by abusing [More...]
