Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2012-2240: Raphael Geissert discovered that dscverify does not perform sufficient validation and does not properly escape arguments to external commands, allowing ...
Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages p ...
It was discovered that ppm2tiff of the tiff tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows attacker to potentially execute arbitrary code via a crafted ppm image, especially in scenarios in whic ...
Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of Qemu incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks due to a race condition. CVE-2012-3515: Qemu does not pro ...
Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of QEMU incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks due to a race condition. CVE-2012-3515: QEMU does not properly handle VT100 escape ...
Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen Qemu Device Model virtual machine hardware emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3515: The device model for HVM domains does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest wit ...
It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 fu ...