[CLOSE] OSVDB ID : 52158 - Disclosed: 2008-12-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.

[CLOSE] OSVDB ID : 52159 - Disclosed: 2008-12-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.

[CLOSE] OSVDB ID : 13154 - Disclosed: 2005-01-21

Description:

(Description Provided by CVE) : The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

[CLOSE] OSVDB ID : 2030 - Disclosed: 2002-01-18

Description:

(Description Provided by CVE) : GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 13155 - Disclosed: 2005-01-21

Description:

GNU Enscript contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when creates specially crafted filenames. It is possible that the flaw may allow the attacker to inject arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 13156 - Disclosed: 2005-01-21

Description:

GNU Escript contains multiple non-descript overflows that may allow an attacker to cause a denial of service condition. No further details have been provided.

[CLOSE] OSVDB ID : 49224 - Disclosed: 2008-10-22

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

[CLOSE] OSVDB ID : 34995 - Disclosed: 2007-04-18

Description:

(Description Provided by CVE) : The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.

[CLOSE] OSVDB ID : 38498 - Disclosed: 2007-05-23

Description:

(Description Provided by CVE) : Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

[CLOSE] OSVDB ID : 5294 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

[CLOSE] OSVDB ID : 5477 - Disclosed: 2001-08-01

Description:

A local buffer overflow exists in the GNU findutils locate command. The locate command fails to check input in the old locate database format resulting in a potential buffer overflow. With a specially crafted entry in such a database file, an attacker can cause execution of code resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 36827 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

[CLOSE] OSVDB ID : 64 - Disclosed: 1992-10-28

Description:

(Description Provided by CVE) : finger allows recursive searches by using a long string of @ symbols.

[CLOSE] OSVDB ID : 10873 - Disclosed: 1995-03-17

Description:

(Description Provided by CVE) : GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

[CLOSE] OSVDB ID : 10874 - Disclosed: 1995-03-17

Description:

(Description Provided by CVE) : GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

[CLOSE] OSVDB ID : 19098 - Disclosed: 2002-05-06

Description:

(Description Provided by CVE) : The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.

[CLOSE] OSVDB ID : 27380 - Disclosed: 2006-07-12

Description:

(Description Provided by CVE) : Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.

[CLOSE] OSVDB ID : 31432 - Disclosed: 2006-04-17

Description:

(Description Provided by CVE) : fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."

[CLOSE] OSVDB ID : 65446 - Disclosed: 2010-04-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4783 - Disclosed: 2003-05-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44142 - Disclosed: 2008-03-30

Description:

(Description Provided by CVE) : ** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).

[CLOSE] OSVDB ID : 43548 - Disclosed: 2008-03-06

Description:

(Description Provided by CVE) : gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

[CLOSE] OSVDB ID : 13527 - Disclosed: 1998-01-02

Description:

(Description Provided by CVE) : gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.

[CLOSE] OSVDB ID : 10646 - Disclosed: 2004-10-11

Description:

GNU gettext contains a flaw that may allow a malicious local user to overwrite arbitrary files. The issue is due to temporary files being created insecurely. It is possible that the flaw may allow a malicious user to overwrite arbitrary files resulting in a loss of integrity.

[CLOSE] OSVDB ID : 4676 - Disclosed: 2003-05-17

Description:

When the -dSAFER option is in use, Ghostscript should not open piped commands (i.e. %pipe%cmd). This is not the case due to improper handling of the %pipe% I/O device. An attacker could trick a user into opening a specially crafted Postscript file to exploit this vulnerability; resulting in arbitrary code execution with the users privileges, on the local system.

[CLOSE] OSVDB ID : 12650 - Disclosed: 2001-09-18

Description:

(Description Provided by CVE) : ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.

[CLOSE] OSVDB ID : 69533 - Disclosed: 2010-11-29

Description:

GNU Gnash contains a flaw related to the configure script functionality. The issue is triggered when a local attacker uses symlink attacks to overwrite arbitrary files with privileges of the user running the script.

[CLOSE] OSVDB ID : 77243 - Disclosed: 2011-11-20

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 37273 - Disclosed: 2007-05-02

Description:

(Description Provided by CVE) : server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.

[CLOSE] OSVDB ID : 4607 - Disclosed: 2003-06-21

Description:

GNU GNATS contains a flaw that may allow a local attacker to gain root privileges. The issue is due to a flaw in the misc.c file in which the configure() function is not properly checked for input. If a local attacker provides a specially crafted request, they may be able to overflow the buffer and execute arbitrary code with root privileges.