CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1351
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ • CWE-189: Numeric Errors •
CVE-2007-1007
https://notcve.org/view.php?id=CVE-2007-1007
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Vulnerabilidad de cadena de formato en GnomeMeeting 1.0.2 y anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante cadenas de formato en el nombre, que no es tratado adecuadamente en una llamada a la función gnomemeeting_log_insert. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266 http://osvdb.org/32083 http://secunia.com/advisories/24185 http://secunia.com/advisories/24271 http://secunia.com/advisories/24284 http://secunia.com/advisories/24379 http://secunia.com/advisories/25119 http://www.debian.org/security/2007/dsa-1262 http://www.mandriva.com/security/advisories?name=MDKSA-2007:045 http://www.novell.com/linux •
CVE-2007-0980
https://notcve.org/view.php?id=CVE-2007-0980
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. Vulnerabilidad no especificada en HP Serviceguard para Linux; empaquetado para SuSE SLES8 y United Linux 1.0 versiones anteriores a SG A.11.15.07, SuSE SLES9 y SLES10 versiones anteriores a SG A.11.16.10, y Red Hat Enterprise Linux (RHEL) versiones anteriores a SG A.11.16.10; permite a atacantes remotos obtener acceso no autorizado mediante vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00860750 http://osvdb.org/33201 http://secunia.com/advisories/24134 http://www.securityfocus.com/bid/22574 http://www.securitytracker.com/id?1017655 http://www.vupen.com/english/advisories/2007/0619 •
CVE-2006-4342
https://notcve.org/view.php?id=CVE-2006-4342
The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked. En núcleo en Red Hat Enterprise Linux 3, al ejecutarse en sistemas SMP, permite a usuarios locales provocar una denegación de servicio (punto muerto) ejecutando la función shmat en un shm al mismo tiempo que shmctl está borrando ese shm (IPC_RMID), lo cual previene a un hilo bloqueado en un bucle (spinlock) de ser desbloqueado. • http://secunia.com/advisories/22497 http://secunia.com/advisories/23064 http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm http://www.kb.cert.org/vuls/id/245984 http://www.redhat.com/support/errata/RHSA-2006-0710.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9649 https://access.redhat.com/security/cve/CVE-2006-4342 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-667: Improper Locking •
CVE-2006-4997
https://notcve.org/view.php?id=CVE-2006-4997
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). La función clip_mkip en net/atm/clip.c del subsistema ATM en el núcleo Linux permite a atacantes remotos provocar una denegación de servicio (panico) mediante vectores no identificados que provocan que el subsisstema ATM acceda a la memoria de búferes de sockets después de que hayan sido liberados (referencia a puntero liberado). • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265 http://secunia.com/advisories/22253 http://secunia.com/advisories/22279 http://secunia.com/advisories/22292 http://secunia.com/advisories/22497 http://secunia.com/advisories/22762 http://secunia.com/advisories/22945 http://secunia.com/advisories/23064 http://secunia.com/advisories/23370 http://secunia.com/advisories/23384 http://secunia.com/advisories/23395 http://secunia.com/advisories/23474 http://secunia.com/ • CWE-416: Use After Free •