Redhat Linux Advanced Workstation vulnerabilities

CVE-2008-1767 [HIGH] CWE-119 CVE-2008-1767: Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

CVE-2007-5365 [HIGH] CWE-119 CVE-2007-5365: Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 throug Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

CVE-2007-1351 [HIGH] CWE-189 CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 2007040 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVE-2007-1352 [LOW] CVE-2007-1352: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote a Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

CVE-2006-6235 [CRITICAL] CVE-2006-6235: A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 throu A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVE-2005-1918 [LOW] CVE-2005-1918: The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterp The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

CVE-2005-1760 [HIGH] CVE-2005-1760: sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the pass sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.

CVE-2005-1194 [MEDIUM] CVE-2005-1194: Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

CVE-2005-1061 [MEDIUM] CVE-2005-1061: The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malic The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."

CVE-2005-0078 [MEDIUM] CVE-2005-0078: The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain fun The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

CVE-2005-0988 [LOW] CVE-2005-0988: Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local us Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVE-2005-0206 [HIGH] CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVE-2004-1004 [HIGH] CVE-2004-1004: Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote at Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CVE-2004-1176 [HIGH] CVE-2004-1176: Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2004-1175 [HIGH] CVE-2004-1175: fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure fil fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

CVE-2004-1005 [HIGH] CVE-2004-1005: Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to ha Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CVE-2004-1093 [MEDIUM] CVE-2004-1093: Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."