| OSVDB ID | Disclosure Date | Title |
|---|
|
4601
Description:
GNU GNATS contains a flaw that may allow a local attacker to gain root privileges. The issue is due to a flaw in the pr-edit.c file in which the init_gnats() function is not properly checked for input. If a local attacker provides a specially crafted request, they may be able to overflow the buffer and execute arbitrary code with root privileges.
|
2003-06-21
|
GNU GNATS pr-edit.c init_gnats() Overflow
|
|
2190
Description:
GNU GNATS contains a flaw that may allow a local attacker to gain root privileges. The issue is due to a flaw in the pr-edit.c file in which the lock_gnats() function is not properly checked for input. If a local attacker provides a specially crafted request, they may be able to overflow the buffer and execute arbitrary code with root privileges.
|
2003-06-21
|
GNU GNATS pr-edit.c lock_gnats() Overflow
|
|
4600
Description:
GNU GNATS contains a flaw that may allow a local attacker to gain root privileges. The issue is due to a flaw in the pr-edit.c file in which the lock_pr() function is not properly checked for input. If a local attacker provides a specially crafted request, they may be able to overflow the buffer and execute arbitrary code with root privileges.
|
2003-06-21
|
GNU GNATS pr-edit.c lock_pr() Overflow
|
|
5800
Description:
(Description Provided by CVE) : GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
|
2000-10-04
|
GNU Groff Path Environment Subversion Local Privilege Escalation
|
|
60655
Description:
(Description Provided by CVE) : GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
|
2009-11-08
|
GNU GRUB Password Comparision Weakness Authentication Bypass
|
|
30274
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
|
2006-11-10
|
GNU gv ps.c ps_gettext() Function Overflow
|
|
61875
Description:
(Description Provided by CVE) : The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
|
2009-08-16
|
GNU gzip inflate.c huft_build() Function Infinite Loop DoS
|
|
61869
Description:
(Description Provided by CVE) : Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
|
2010-01-20
|
GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow
|
|
43312
Description:
(Description Provided by CVE) : (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
|
2007-04-17
|
GNU IceWeasel JavaScript Long String Regex Match Remote DoS
|
|
33274
Description:
Unknown / Incomplete
|
2006-12-15
|
GNU inetutils ftpd ld.so.preload Overflow
|
|
8342
Description:
GNU info was reported to be vulnerable to a local overflow. Subsequent examination by Valdis Kletnieks and Niels Bakker revealed that not only are the requirement for exploitation near impossible, the binary is not SUID. Even if the buffer overflow could be exploited, it would not yield additional privileges.
|
2004-08-06
|
GNU info Local Overflow
|
|
9014
Description:
The GNU less utility has been reported to contain a remotely exploitable format string condition. According to the report, the LESSOPEN environment in filename.c may allow an attacker to execute arbitrary commands remotely. Further examination revealed this is not the case.
|
2004-08-18
|
GNU less filename.c Remote Format String
|
|
50716
Description:
Unknown / Incomplete
|
2007-10-30
|
GNU less LESSOPEN Environment Variable Format String
|
|
11040
Description:
(Description Provided by CVE) : The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
|
2004-10-22
|
GNU libc (glibc) catchsegv Script Symlink Arbitrary File Overwrite
|
|
37901
Description:
(Description Provided by CVE) : ** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.
|
2007-07-01
|
GNU libc (glibc) elf/rtld.c process_envvars Function LD_HWCAP_MASK Environment Variable Local Overflow
|
|
9366
Description:
(Description Provided by CVE) : The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
|
2003-08-14
|
GNU libc (glibc) getgrouplist Local Overflow
|
|
55381
Description:
(Description Provided by CVE) : The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
|
2003-11-12
|
GNU libc (glibc) getifaddrs Function Netlink Interface Spoofed Message Local DoS
|
|
2007
Description:
(Description Provided by CVE) : Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
|
2001-12-17
|
GNU libc (glibc) glob Function Remote Overflow
|
|
1731
Description:
(Description Provided by CVE) : When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
|
2001-01-21
|
GNU libc (glibc) LD_PRELOAD Arbitrary File Overwrite
|
|
1710
Description:
(Description Provided by CVE) : glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
|
2001-01-10
|
GNU libc (glibc) Multiple Environment Variable Arbitrary File Access
|
|
9010
Description:
glibc contains a flaw that may lead to an unauthorized information disclosure. LD_DEBUG is allowed on setuid binaries which as a result may allow a local attacker to debug a setuid binary and gain sensitive information about the system, resulting in a loss of confidentiality.
|
2004-08-16
|
GNU libc (glibc) SUID Binary Debugging Information Disclosure
|
|
13933
Description:
(Description Provided by CVE) : The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
|
2005-01-12
|
GNU libc (glibc) Symlink Arbitrary File Overwrite
|
|
1077
Description:
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
|
2000-09-02
|
GNU libc (glibc) unsetenv Environment Variable Command Execution
|
|
1573
Description:
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
|
2000-09-27
|
GNU libc (glibc2) LD_DEBUG Arbitrary File Overwrite
|
|
15838
Description:
Unknown / Incomplete
|
2005-04-17
|
GNU liboSIP URI Parsing Heap Overflows
|
|
3795
Description:
libtool contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by insecure creation of temp files. This flaw may lead to a loss of confidentiality, integrity and/or availability.
|
2004-02-03
|
GNU libtool Insecure Temporary Directory Creation
|
|
44692
Description:
(Description Provided by CVE) : Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
|
2008-04-06
|
GNU m4 -F Parameter Filename Handling Unspecified Code Execution
|
|
64339
Description:
Unknown / Incomplete
|
2010-01-05
|
GNU M4 Automake Makefile.in Permission Weakness Local Data Manipulation
|
|
44273
Description:
(Description Provided by CVE) : The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
|
2008-03-27
|
GNU M4 maketemp / mkstemp Macros Output String Arbitrary File Processing
|
|
44272
Description:
Unknown / Incomplete
|
2008-03-26
|
GNU M4 src/freeze.c produce_frozen_state Function Format String
|
