Linux kernel SUNRPC off-by-two buffer overflow
| CENSUS ID: | CENSUS-2009-0005 |
| Affected Products: | Linux kernel versions from 2.6.32 to 2.6.32-rc7. |
| Class: | Off-by-two stack buffer overflow. |
| Discovered by: | Patroklos Argyroudis |
We have found an off-by-two stack buffer overflow in the Linux kernel SUNRPC implementation. Linux kernel versions from 2.6.32 to 2.6.32-rc7 are affected.
gif2png command line buffer overflow
| CENSUS ID: | CENSUS-2009-0006 |
| CVE ID: | CVE-2009-5018 |
| Affected Products: | gif2png versions ≤ 2.5.1. |
| Class: | Improper Input Validation (CWE-20), Failure to Constrain Operations within the Bounds of a Memory Buffer (CWE-119) |
| Remote: | Yes (when gif2png is used by CGI programs) |
| Discovered by: | Patroklos Argyroudis |
We have discovered an “improper input validation” vulnerability in the gif2png utility that leads to a stack buffer overflow.
CVE-2008-3531: FreeBSD kernel stack overflow exploit development
About four months ago I developed a reliable exploit for vulnerability CVE-2008-3531, which is also addressed in the advisory FreeBSD-SA-08:08.nmount. In this post I will use this vulnerability to provide an overview of the development process for FreeBSD kernel stack exploits.
Rasterbar libtorrent arbitrary file overwrite vulnerability
| CENSUS ID: | CENSUS-2009-0002 |
| CVE ID: | CVE-2009-1760 |
| Affected Products: | Any application that uses the Rasterbar Software libtorrent library (versions ≤ 0.14.3) for BitTorrent file downloads. |
| Class: | Relative Path Traversal (CWE-23), Improper Handling of Syntactically Invalid Structure (CWE-228) |
| Remote: | Yes |
| Discovered by: | Dimitris Glynos |
We have discovered an “arbitrary file overwrite” vulnerability in libtorrent that allows an attacker to create and modify arbitrary files (and directories) in remote systems, with the effective rights of the user executing the vulnerable libtorrent-based application.