Saturday, January 05, 2008
LINUX VULNERABILITY : January 2008
1. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
2. Retired: Adobe Flash Player Multiple Security Vulnerabilities
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26929
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.
The following individual records have been created to document these vulnerabilities:
Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
Adobe Flash Player HTTP Response Splitting Vulnerability
Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0 and prior versions.
3. Adobe Flash Player DNS Rebinding Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.
Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.
4. libexif Image Tag Remote Integer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26942
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.
5. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26943
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
6. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26946
Summary:
ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
7. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
8. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.
An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.
9. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.
An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.
10. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26965
Summary:
Adobe Flash Player is prone to a vulnerability that allows attackers to gain elevated privileges on affected computers.
Very few technical details are currently available. We will update this BID as more information emerges.
NOTE: This issue occurs only when the application is running on a Linux operating system.
Versions prior to Adobe Flash Player 9.0.115.0 are vulnerable.
11. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.
An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.
12. Adobe Flash Player HTTP Response Splitting Vulnerability
Remote: Yes
Date Published: 2007-12-20
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.
A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.
13. libexif Image Tag Remote Denial Of Service Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26976
Summary:
The libexif library is prone to a denial-of-service vulnerability because of an infinite-recursion error.
Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.
14. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.
An attacker can exploit this issue to append to or create arbitrary files.
This issue affects versions of Bitflu prior to 0.42.
15. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.
An attacker can exploit this issue to append to or create arbitrary files.
This issue affects versions of Bitflu prior to 0.42.
16. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
Remote: Yes
Date Published: 2007-12-29
Relevant URL: http://www.securityfocus.com/bid/27063
Summary:
ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.
Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These affects have not been confirmed.
Further information is not currently available; this BID will be updated as more information is disclosed.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
2. Retired: Adobe Flash Player Multiple Security Vulnerabilities
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26929
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.
The following individual records have been created to document these vulnerabilities:
Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
Adobe Flash Player HTTP Response Splitting Vulnerability
Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0 and prior versions.
3. Adobe Flash Player DNS Rebinding Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.
Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.
4. libexif Image Tag Remote Integer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26942
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.
5. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26943
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
6. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26946
Summary:
ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
7. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
8. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.
An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.
9. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.
An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.
10. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26965
Summary:
Adobe Flash Player is prone to a vulnerability that allows attackers to gain elevated privileges on affected computers.
Very few technical details are currently available. We will update this BID as more information emerges.
NOTE: This issue occurs only when the application is running on a Linux operating system.
Versions prior to Adobe Flash Player 9.0.115.0 are vulnerable.
11. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.
An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.
12. Adobe Flash Player HTTP Response Splitting Vulnerability
Remote: Yes
Date Published: 2007-12-20
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.
A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.
13. libexif Image Tag Remote Denial Of Service Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26976
Summary:
The libexif library is prone to a denial-of-service vulnerability because of an infinite-recursion error.
Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.
14. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.
An attacker can exploit this issue to append to or create arbitrary files.
This issue affects versions of Bitflu prior to 0.42.
15. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.
An attacker can exploit this issue to append to or create arbitrary files.
This issue affects versions of Bitflu prior to 0.42.
16. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
Remote: Yes
Date Published: 2007-12-29
Relevant URL: http://www.securityfocus.com/bid/27063
Summary:
ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.
Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These affects have not been confirmed.
Further information is not currently available; this BID will be updated as more information is disclosed.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
Labels: linux, vulnerability
0 Comments:
Make Money
Recent Posts
The Best Gaming Graphics : January 2008
Hitachi Unveils Half Terabyte Hard Disk Drive for ...
How fix "can't acess tty" in Feisty Fawn Live CD ?
Enhance security with file encryption tools
FreeBSD 6.3-RC2 released
Ten Firefox extensions to keep your browsing priva...
Ubuntu Weekly Newsletter Issue71
Nintendo Wii hacked
FreeBSD minor version upgrades
Linux traffic analysis, quick and simple
Hitachi Unveils Half Terabyte Hard Disk Drive for ...
How fix "can't acess tty" in Feisty Fawn Live CD ?
Enhance security with file encryption tools
FreeBSD 6.3-RC2 released
Ten Firefox extensions to keep your browsing priva...
Ubuntu Weekly Newsletter Issue71
Nintendo Wii hacked
FreeBSD minor version upgrades
Linux traffic analysis, quick and simple
Archive
January 2006April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
February 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
April 2008
May 2008
July 2008
August 2008
September 2008
October 2008
November 2008
January 2009
May 2009
June 2009
July 2009
August 2009
September 2009
December 2009
March 2010
June 2010
July 2010
September 2010
October 2010
November 2010
January 2011
March 2011
February 2013
April 2013
September 2013
December 2013
August 2014
September 2014
October 2014
November 2014
January 2015
January 2016
September 2018
October 2018
November 2018
December 2018
January 2019
February 2019
March 2019
April 2019
May 2019
June 2019
July 2019
August 2019
September 2019
October 2019
November 2019
December 2019
January 2020
February 2020
March 2020
April 2020
May 2020
June 2020
July 2020
SEO Stats