diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2004-08-26 20:34:41 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2004-08-26 20:34:41 +0000 |
| commit | c57e57ac316d6d8259409d9a937d61d895e169aa (patch) | |
| tree | ab6801be487a3951cea51aad52f6ae1525533e21 /security | |
| parent | 320c42d1d2e831605de0c5d0b6f2d70a3832f4e1 (diff) | |
Document buffer overflows in SoX (already referenced in portaudit.txt).
Notes
Notes:
svn path=/head/; revision=117369
Diffstat (limited to 'security')
| -rw-r--r-- | security/portaudit-db/database/portaudit.txt | 1 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
2 files changed, 30 insertions, 1 deletions
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt index f83512e22173..4d7f3d8520c0 100644 --- a/security/portaudit-db/database/portaudit.txt +++ b/security/portaudit-db/database/portaudit.txt @@ -51,7 +51,6 @@ nessus<2.0.12|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http nessus-devel>=2.*<2.1.1|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d pavuk<=0.9.28_5|http://www.securityfocus.com/archive/1/370248 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1119.html http://secunia.com/advisories/12152 http://www.osvdb.org/8242 http://www.securityfocus.com/bid/10797 http://www.gentoo.org/cgi-bin/viewcvs.cgi/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch|pavuk digest auth buffer overflow|f67ea071-dfb8-11d8-9b0a-000347a4fa7d lcdproc<0.4.5|http://sourceforge.net/project/shownotes.php?release_id=230910 http://secunia.com/advisories/11333 http://www.securityfocus.com/archive/1/360209 http://www.securityfocus.com/bid/10085 http://www.osvdb.org/5157 http://www.osvdb.org/5158 http://www.osvdb.org/5159 http://www.osvdb.org/5160|LCDProc buffer overflow/format string vulnerabilities|62d23317-e072-11d8-9a79-000347dd607f -sox>=12.17.1<=12.17.4_1|http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html http://secunia.com/advisories/12175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0557 http://www.osvdb.org/8267|SoX buffer overflows when handling .WAV files|3e4ffe76-e0d4-11d8-9b0a-000347a4fa7d dansguardian<2.8.0.1|http://secunia.com/advisories/12191 http://www.securityfocus.com/archive/1/370346 http://www.osvdb.org/8270|DansGuardian banned extension filter bypass vulnerability|f6fd9200-e20e-11d8-9b0a-000347a4fa7d imp<3.2.5|http://www.greymagic.com/security/advisories/gm005-mc/ http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h http://secunia.com/advisories/12202|XSS hole in the HTML viewer - This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages.|49189b47-e24d-11d8-9f75-000bdb1444a4 phpMyAdmin<2.5.7.1|http://www.securityfocus.com/archive/1/367486 http://www.securityfocus.com/bid/10629 http://secunia.com/SA11974 http://www.osvdb.org/7314 http://www.osvdb.org/7315|phpMyAdmin configuration manipulation and code injection|56648b44-e301-11d8-9b0a-000347a4fa7d diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b7148b326fd8..04c80be82d16 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,36 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3e4ffe76-e0d4-11d8-9b0a-000347a4fa7d"> + <topic>SoX buffer overflows when handling .WAV files</topic> + <affects> + <package> + <name>sox</name> + <range><gt>12.17.1</gt><le>12.17.4_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ulf Härnhammar discovered a pair of buffer overflows in the + WAV file handling code of SoX. If an attacker can cause her + victim to process a specially-crafted WAV file with SoX (e.g. + through social engineering or through some other program that + relies on SoX), arbitrary code can be executed with the + privileges of the victim.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0557</cvename> + <url>http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html</url> + <url>http://secunia.com/advisories/12175</url> + <url>http://www.osvdb.org/8267</url> + </references> + <dates> + <discovery>2004-07-28</discovery> + <entry>2004-08-26</entry> + </dates> + </vuln> + <vuln vid="2797b27a-f55b-11d8-81b0-000347a4fa7d"> <topic>kdelibs -- konqueror cross-domain cookie injection</topic> <affects> |