Vulnerabilities for Cygwin (...) - CXSECURITY.COM

Vulnerabilities for 'Cygwin'

2008-07-28

CVE-2008-3323

CWE-20

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.

2007-11-29

CVE-2007-6181

CWE-119

Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.

>>> Vendor: Redhat 373 Products

Enterprise linux

Enterprise linux desktop

Linux powertools

Redhat package manager

Docbook stylesheets

Pre-execution environment

Linux advanced workstation

Analog real-time synthesizer

Kdelibs sound devel

Network satelite server

Certificate server

Network satellite server

Directory server

Fedora directory server

Enterprise linux desktop workstation

Desktop workstation

Certificate system

Jboss enterprise application platform

dogtag certificate system

Cluster project

Dogtag certificate system

Enterprise virtualization

Network satellite

Enterprise virtualization hypervisor

Enterprise virtualization manager

Jboss enterprise service bus

Jboss enterprise soa platform

Jboss enterprise web platform

Policycoreutils

Jboss seam 2 framework

System-config-firewall

System-config-printer

Jboss operations network

Automatic bug reporting tool

Jboss community application server

See all Products for Vendor Redhat

Copyright 2024, cxsecurity.com