iDefense Security Advisory 10.29.08 - Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service. A stack based buffer overflow vulnerability exists in the Apache Connector of Oracle (formerly BEA) WebLogic Server. When parsing a request with an invalid parameter the module uses a string without properly validating its length. This string is copied into a fixed sized stack buffer. This results in a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in WebLogic Server Apache Connector version 10.0. Previous versions may also be affected.
92646871e75b29ac768127a34b35cd0ed021ef5d8cb5332e1bcb8be06a4c49f1iDefense Security Advisory 06.10.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists due to the rtl_allocateMemory() function rounding up allocation requests to be aligned on an 8 byte boundary without checking if this rounding results in an integer overflow condition. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4. Previous versions may also be affected.
15340a7bbc8dd9478c22d89f115c6bb4901e3af89d82ce430bfc983d69017778iDefense Security Advisory 05.27.08 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Server Agent. The Server Agent is one of the core components of AlphaStor, and is used to initiate disk management requests. The Agent consists of several processes, one of which is the AlphaStor Command Line Interface process. This process listens on TCP port 41025, and is prone to multiple stack based buffer overflow vulnerabilities. iDefense has confirmed the existence of these vulnerabilities in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.
8da9b9e7f94fd0d1345754a53a84aca4080928bbb8dcd14ed122e9038bc29440iDefense Security Advisory 02.12.08 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Media Server 2 could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Flash Media Server 2 version 2.0.4 on Windows. Previous versions, as well as the Linux version, may also be affected.
c24c0422987a63d9ce3685d664e3001b3a73da5313e2c7262b6dde58f8a7b41eiDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted loop bounds vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests to control the number of iterations of several loops. Inside these loops, various memory operations are performed. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
7f196c84113ddcc385c5d70b854af7778a013336ae974c92f3479d023fc233d8iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer offset vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as offsets added to valid pointers. The resulting pointer values are then used in various memory operations. Since attackers can control these offset values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
0d4e1180975b5622df56fb55155580852ab845d3afcc3f51f3a7d74e8eddf4eeiDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as pointers. These pointer values are then used in various memory operations. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
3786ba1f2c0d443c5ba142c9250af385bc9b7d612652583004e74f0b46076165iDefense Security Advisory 12.17.07 - Local exploitation of a stack based buffer overflow vulnerability in Apple Inc.'s Mac OS X mount_smbfs utility could allow an attacker to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.4.10, on both the Server and Desktop versions. Previous versions may also be affected.
68e98a688f3efc75abfaeec608bc143f485c893470f9b457f1cead3618eb70d0iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
d3636fc385ddd79f2efb43a505c489290c2f0348f9f6f5f5b934e9c58f071cf2iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket. When allocating a buffer, the kernel uses a user provided integer to perform an arithmetic operation that calculates the number of bytes to allocate. This calculation can overflow, leading to the allocation of a buffer of insufficient size. This results in an exploitable heap based buffer overflow within the kernel. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
98ff4c86de36c7d39cd2880507a3d298ac1b6eba2990cfbad6dcb871ef57508fiDefense Security Advisory 11.02.07 - Local exploitation of a format string vulnerability in the srsexec binary, optionally included in Sun Microsystems Inc.'s Solaris 10, allows attackers to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.
f23ad8bd0ff050692c255d227228b062940d37121dd0cce0c71c9c51e79ecdb5iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
1152160dd4f6457dc8644941e7cf9fd4d5b9fa651d55372dea033af1fc1e7361iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
eb8cc170ed6bb2ea346bb5e6132e53f58af5bec2acd833b04f0b10e62fb9c848iDefense Security Advisory 10.02.07 - Remote exploitation of a multiple vulnerabilities in X.Org Foundation's X Font Server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities in XFS version X11R7.2-1.0.4. Previous versions may also be affected.
efa2e92184226bbbf67acb9bc96f53bb0476cd59fd1e3b59af0eef6729674b00iDefense Security Advisory 09.27.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s (CA) BrightStor HSM allows attackers to execute arbitrary code with SYSTEM privileges. These problems specifically exist within various command handlers in the CsAgent service. There are eleven command handlers that contain one or more stack based buffer overflow vulnerabilities each. All of these vulnerabilities are simple sprintf() calls that overflow fixed size stack buffers with attacker supplied data. Additionally, there are five command handlers that are vulnerable to integer overflow vulnerabilities. In addition to this, the function responsible for reading in and dispatching a request to the appropriate handler also contains an integer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in Computer Associates BrightStor HSM version r11.5. Previous versions may also be affected.
3d9fe570146e0a06df94ce7623638630d7d96e1cc82bd6f5fff193c4ce9c5e51iDefense Security Advisory 09.20.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. The LGServer contains multiple vulnerable functions that handle network requests, several of which contain more than one vulnerability. All together there are nearly 60 buffer overflows in the LGServer. The majority of these are the result of copying remotely supplied strings into fixed-size buffers without validating that enough space is available. iDefense has confirmed the existence of these vulnerabilities in ARCServe Backup for Laptops and Desktops version 11.1 (Build 900) for Windows. Other versions may also be affected.
72c9521d69485fd2d5531c5609c4b4e539ccce5161f2e3b44db5b10798d90e23iDefense Security Advisory 07.09.07 - Remote exploitation of multiple integer overflow vulnerabilities in several of the image loader plug-ins included with distributions of 'The GIMP' allow attackers to crash The GIMP or potentially execute arbitrary code with the privileges of the user. iDefense has confirmed that version 2.2.15 of The GIMP is vulnerable on both Linux and Windows platforms. It is suspected that all previous versions of the GIMP are also affected.
00db260f0059dca5f28a11f85c9a8750fe40b83b8a95462ae5862095e4114d96iDefense Security Advisory 06.13.07 - Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code. The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function. iDefense confirmed the existence of this vulnerability in versions 0.6.13 through 0.6.15 of libexif.
1bcc90101ec9fadb6112f82dea431a7c3852d675c609a10ac528b1524cda77a3iDefense Security Advisory 04.03.07 - Local exploitation of a memory corruption vulnerability in the multiple vendor's X server implementations could allow an attacker to execute arbitrary code with elevated privileges. The XC-MISC extension is used by the X Server to manage resource IDs. It is built in to the X server by default. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. Inside this function, the ALLOCATE_LOCAL() macro is used. This macro allocates memory on the stack or heap depending on the availability of the alloca() function. If alloca() is available, the stack is used, other wise the heap is used. Due to insufficient input validation, it is possible to cause memory corruption by passing specially crafted values to the ProcXCMiscGetXIDList() handler function. iDefense has confirmed the existence of this vulnerability in the X.org server version 7.1-1.1.0. Previous versions may also be affected.
92d6431bc2eac618696fe71be317a3e41abf731041247499cd91d9d0bc84454aiDefense Security Advisory 03.16.07 - Remote exploitation of multiple buffer overflow vulnerabilities in libwpd, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. One problem specifically exists in the WP6GeneralTextPacket::_readContents function. This function reads in a series of integer values and sums them. This sum is then used to allocate a block of memory from the heap. The function then copies data from the file into the buffer using each operand from the addition as the number of bytes to copy. The summing operation leads to an integer overflow, and the buffer can then be overflowed by the copy operations. Two additional problems exist in the WP3TablesGroup::_readContents() and WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup() functions. These functions read an integer value from an attacker supplied file, and uses the value as a loop counter. In the loop a statically sized buffer is filled with arbitrary data from the file. This leads to an exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in libwpd version 0.8.7. Previous versions may also be affected. This library is used by applications such as Abiword, Kword, and Open Office.
35c9b92151d5c22b47e301ead4d95cde8f7d58436bbd3c61f01ecf57656db772CHM files contain various tables and objects stored in "pages." When parsing a page of objects, CHMlib passes an unsanitized value from the file to the alloca() function. This allows an attacker to shift the stack pointer to point to arbitrary locations in memory. Consequently it is possible to write arbitrary data from the file to arbitrary memory locations. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the permissions of the user viewing the file. An attacker would have to first convince the user to view the CHM file through some type of social engineering. iDefense has confirmed the existence of this vulnerability in CHMlib version 0.38.
74680a0ac82f6ab9112f2baf2c1524efe089c3ad40b596afccd34cfe22c19e28iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeSwapBuffers" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
1c0f3d7a8d4c80341e8081cffa1b9e7a4a90fb00e6381eafc8321dc771916c7aiDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeGetVisualInfo" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
6f7d2967f3b57cf1a2e399b8cab64fc0ae97918e6823831c613f1400572609c9iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcRenderAddGlyphs" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the Render extension. Insufficient input validation exists when allocating memory for glyph management data structures. By sending a specially crafted X protocol request to the Render extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
a9a3e90e985e3a24f53e3b9c8dc3d5768294afdcfcc4efa07814157044fc6bb8iDefense Security Advisory 12.14.06 - Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. This vulnerability has been confirmed to exist in the gdm-2.14.1-1 RPM from Red Hat Fedora Core 5. The vulnerability was introduced into the gdmchooser.c file in version 1.78 of gdm2/gui/gdmchooser.c in the GNOME CVS source code repository.
60e13d7ba3ec336f69ef6b3c60e8c771e80e26eff375096edace3ed83b991b25
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed