CVE-2008-3139
https://notcve.org/view.php?id=CVE-2008-3139
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. El analizador RTMPT en Wireshark (anteriormente Ethereal) 0.99.8 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. NOTA: esto puede ser debido a un eror "user-after-free" (uso después de liberación). • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212 http://www.securityfocus.com/archive/1/493882/100/0/threaded http://www.securityfocus • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3138 – wireshark: unexpected exit in the PANA and KISMET dissectors
https://notcve.org/view.php?id=CVE-2008-3138
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. Los analizadores (1) PANA y (2) KISMET en Wireshark (conocido como Ethereal) de la 0.99.3 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (parada de aplicación) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http:& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-1078
https://notcve.org/view.php?id=CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. expn en los paquetes am-utils y net-fs para Gentoo, rPath Linux y otras distribuciones, permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de tipo symlink en el archivo temporal expn[PID]. NOTA: este es el mismo problema de CVE-2003-0308.1. • http://bugs.gentoo.org/show_bug.cgi?id=210158 http://secunia.com/advisories/29144 http://secunia.com/advisories/29187 http://secunia.com/advisories/29694 http://secunia.com/advisories/33400 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0088 http://www.gentoo.org/security/en/glsa/glsa-200804-09.xml http://www.securityfocus.com/archive/1/488931/100/0/threaded http://www.securityfocus.com/bid/28044 https://issues.rpath.com/browse/RPL-2255 https://www.redhat.com& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2007-5116 – perl regular expression UTF parsing errors
https://notcve.org/view.php?id=CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. • ftp://aix.software.ibm.com/aix/efixes/security/README http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120352263023774&w=2 http://secunia.com/advisories/27479 http://secunia.com/advisories/27515 http://secunia.com/advisories/27531 http://secunia.com/advisories/27546 http://secunia.com/advisories/27548 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •