Vulnerabilities for Mandrake linux corporate server (...) - CXSECURITY.COM

Vulnerabilities for
'Mandrake linux corporate server'

2008-01-11

CVE-2007-6284

CWE-399

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

2007-02-05

CVE-2007-0454

CWE-134

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

2005-12-31

CVE-2005-3626

CWE-399

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVE-2005-3625

CWE-399

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVE-2005-3624

CWE-189

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

2005-07-26

CVE-2005-2377

nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.

2005-03-02

CVE-2005-0605

CWE-Other

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

2005-03-14

CVE-2005-0473

CWE-Other

The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

CVE-2005-0472

CWE-Other

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

2005-04-27

CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Copyright 2024, cxsecurity.com