Vulnerabilites related to avaya - interactive_response
Vulnerability from fkie_nvd
Published
2004-12-21 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:call_management_system_server:8.0:*:*:*:*:*:*:*", matchCriteriaId: "618B807E-29B5-4CD0-BBA2-E20E45AC192D", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:call_management_system_server:9.0:*:*:*:*:*:*:*", matchCriteriaId: "5E9C378A-2151-45D1-A7EC-1F27E794D878", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*", matchCriteriaId: "18D3AF16-3591-44FB-B3F8-E92DAA8FA936", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:call_management_system_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "80FF4D54-3E14-42CA-9FC6-2534B3F00903", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:call_management_system_server:13.0:*:*:*:*:*:*:*", matchCriteriaId: "53D3C3D9-D54C-4D6C-9D82-7653445680C2", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*", matchCriteriaId: "2FE82341-3E73-4F5B-BD9E-06C83F22E831", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*", matchCriteriaId: "D12D6986-429E-4152-A6E5-4CC1FB9556D3", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*", matchCriteriaId: "6EE68944-C31D-4B49-BC8F-07944E0E82AA", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:interactive_response:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3427704B-08E7-4B33-B4F0-071EFA4FAE9F", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:interactive_response:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C70755CC-4FF4-4E0E-9CFC-71F50FCC854E", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*", matchCriteriaId: "12D21889-2F4E-460B-AA92-4E910B7CBBDA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:icontrol_service_manager:1.3:*:*:*:*:*:*:*", matchCriteriaId: "2A7379DC-AF87-436C-9942-8CC5CF781918", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:icontrol_service_manager:1.3.4:*:*:*:*:*:*:*", matchCriteriaId: "3A2B0D82-C75B-43EB-9DD1-4270B8BE52A3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:icontrol_service_manager:1.3.5:*:*:*:*:*:*:*", matchCriteriaId: "06819549-ECD7-4568-BB15-C0A226A65F91", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:icontrol_service_manager:1.3.6:*:*:*:*:*:*:*", matchCriteriaId: "72EA2403-F428-407E-B32E-C8D5792B4DB1", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", matchCriteriaId: "CCA5EEB8-9D2C-49A9-BB08-CE5017B79D81", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "261FAE51-5207-4136-9FFE-2330A281266C", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "B32C83B9-F7DA-450A-A687-9A73734CD712", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "9485283A-B73E-4567-914A-42A86F5FFCB4", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "95892168-0FB6-4E3F-9303-2F9B3CF60D2B", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A5021564-5E0A-4DDC-BC68-200B6050043E", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "19AA66E5-FDDD-4243-B945-DFEBDD25F258", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", matchCriteriaId: "62F359CD-5DC4-4919-B8E1-95BDDBD27EFC", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C8C550-3313-4266-B4B3-E9E9047CFE04", vulnerable: true, }, { criteria: "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", matchCriteriaId: "ABEEBA7B-81D5-4148-912B-9AD448BBE741", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*", matchCriteriaId: "D073442B-D7E7-4E07-AF2D-E22FE65B09A9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDADE04-29F0-446B-824B-0518880CF0A0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9BE602-A740-4CF7-9CAF-59061B16AB31", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", matchCriteriaId: "33E698C1-C313-40E6-BAF9-7C8F9CF02484", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BF2D00AC-FA2A-4C39-B796-DC19072862CF", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", matchCriteriaId: "421079DA-B605-4E05-9454-C30CF7631CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", matchCriteriaId: "93B734BA-3435-40A9-B22B-5D56CEB865A7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", matchCriteriaId: "30897327-44DD-4D6C-B8B6-2D66C44EA55D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", matchCriteriaId: "B79D8F73-2E78-4A67-96BB-21AD9BCB0094", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", matchCriteriaId: "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", matchCriteriaId: "1E997653-C744-4F1F-9948-47579AB3BED3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", matchCriteriaId: "DF5A416A-F198-4B9C-8221-D36CC8A7FE5C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", matchCriteriaId: "384C130F-D1A9-4482-AF20-FC81933473A3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", matchCriteriaId: "3CA6BD2A-3022-408D-8E4F-50865996E965", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", matchCriteriaId: "463D5628-7536-4029-99D6-5E525050059E", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", matchCriteriaId: "69A39B11-1C23-4A6C-B4C5-AEC40836F173", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", matchCriteriaId: "78D48FD1-CB91-4310-9432-A4365FA67B11", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", matchCriteriaId: "750C6C37-8460-4ED8-83AD-ACAF993E4A6E", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", matchCriteriaId: "8923EE1A-DD48-4EC8-8698-A33093FD709C", vulnerable: true, }, { criteria: "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*", matchCriteriaId: "E25F5CF2-F891-41CA-A40C-13966F72FDF8", vulnerable: true, }, { criteria: "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "7417958C-5321-41D6-9D1A-D16BF5511E81", vulnerable: true, }, { criteria: "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", matchCriteriaId: "647BA336-5538-4972-9271-383A0EC9378E", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", matchCriteriaId: "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", matchCriteriaId: "3528DABD-B821-4D23-AE12-614A9CA92C46", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", matchCriteriaId: "9E661D58-18DF-4CCF-9892-F873618F4535", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", matchCriteriaId: "2BB0B27C-04EA-426F-9016-7406BACD91DF", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", matchCriteriaId: "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*", matchCriteriaId: "059218D3-A3AD-4A10-9AA4-FBB689321D90", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", matchCriteriaId: "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", matchCriteriaId: "1894C542-AA81-40A9-BF47-AE24C93C1ACB", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", matchCriteriaId: "A711CDC2-412C-499D-9FA6-7F25B06267C6", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", matchCriteriaId: "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*", matchCriteriaId: "3F305CBD-4329-44DE-A85C-DE9FF371425E", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*", matchCriteriaId: "7BF232A9-9E0A-481E-918D-65FC82EF36D8", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*", matchCriteriaId: "0C0C3793-E011-4915-8F86-CE622A2D37D1", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", matchCriteriaId: "08003947-A4F1-44AC-84C6-9F8D097EB759", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", matchCriteriaId: "A2475113-CFE4-41C8-A86F-F2DA6548D224", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.", }, ], id: "CVE-2004-1307", lastModified: "2024-11-20T23:50:33.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-21T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/539110", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-136A.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/539110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-136A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html", lastModified: "2008-08-12T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
kernel | util-linux | * | |
avaya | cvlan | * | |
avaya | integrated_management_suit | * | |
avaya | interactive_response | * | |
avaya | intuity_lx | * | |
avaya | message_networking | * | |
avaya | messaging_storage_server | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*", matchCriteriaId: "A58DA98E-6F4E-4B84-B04A-0F9630FD91E2", versionEndExcluding: "2.11n", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*", matchCriteriaId: "2FE82341-3E73-4F5B-BD9E-06C83F22E831", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:integrated_management_suit:*:*:*:*:*:*:*:*", matchCriteriaId: "6055A272-7156-4E26-8250-EC067C5B1864", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*", matchCriteriaId: "6EE68944-C31D-4B49-BC8F-07944E0E82AA", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_lx:*:*:*:*:*:*:*:*", matchCriteriaId: "A1169C59-054C-4EFB-B549-C0AB97F2DF42", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*", matchCriteriaId: "3D8F6982-2F4D-4D78-92C1-97689D59F3A5", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:messaging_storage_server:*:*:*:*:*:*:*:*", matchCriteriaId: "EFB58B84-4CAA-4BE6-943D-2F53F7B8A568", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.", }, ], id: "CVE-2001-1494", lastModified: "2024-11-20T23:37:49.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2001-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2001/Dec/0122.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2001/Dec/0123.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/16785", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/18502", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-782.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/16280", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7718", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2001/Dec/0122.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2001/Dec/0123.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/16785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/18502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-782.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/16280", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2004-1307
Vulnerability from cvelistv5
Published
2005-05-04 04:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
http://www.us-cert.gov/cas/techalerts/TA05-136A.html | third-party-advisory, x_refsource_CERT | |
http://www.kb.cert.org/vuls/id/539110 | third-party-advisory, x_refsource_CERT-VN | |
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 | vendor-advisory, x_refsource_SUNALERT | |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | vendor-advisory, x_refsource_SUNALERT | |
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true | third-party-advisory, x_refsource_IDEFENSE | |
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html | vendor-advisory, x_refsource_APPLE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:46:12.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA05-136A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-136A.html", }, { name: "VU#539110", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/539110", }, { name: "201072", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1", }, { name: "101677", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1", }, { name: "20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true", }, { name: "APPLE-SA-2005-05-03", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html", }, { name: "oval:org.mitre.oval:def:11175", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-12-21T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "TA05-136A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-136A.html", }, { name: "VU#539110", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/539110", }, { name: "201072", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1", }, { name: "101677", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1", }, { name: "20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true", }, { name: "APPLE-SA-2005-05-03", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html", }, { name: "oval:org.mitre.oval:def:11175", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1307", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA05-136A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA05-136A.html", }, { name: "VU#539110", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/539110", }, { name: "201072", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1", }, { name: "101677", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1", }, { name: "20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability", refsource: "IDEFENSE", url: "http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true", }, { name: "APPLE-SA-2005-05-03", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html", }, { name: "oval:org.mitre.oval:def:11175", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1307", datePublished: "2005-05-04T04:00:00", dateReserved: "2004-12-21T00:00:00", dateUpdated: "2024-08-08T00:46:12.284Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1494
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/16280 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2005-782.html | vendor-advisory, x_refsource_REDHAT | |
http://seclists.org/bugtraq/2001/Dec/0123.html | mailing-list, x_refsource_BUGTRAQ | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 | vdb-entry, signature, x_refsource_OVAL | |
http://seclists.org/bugtraq/2001/Dec/0122.html | mailing-list, x_refsource_BUGTRAQ | |
http://secunia.com/advisories/16785 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 | vdb-entry, x_refsource_XF | |
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm | x_refsource_MISC | |
http://secunia.com/advisories/18502 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:58:11.298Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "16280", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/16280", }, { name: "RHSA-2005:782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-782.html", }, { name: "20011212 Silly 'script' hardlink bug", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2001/Dec/0123.html", }, { name: "oval:org.mitre.oval:def:10723", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723", }, { name: "20011213 Silly 'script' hardlink bug - fixed", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2001/Dec/0122.html", }, { name: "16785", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16785", }, { name: "util-linux-script-hardlink(7718)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7718", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm", }, { name: "18502", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18502", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-12-12T00:00:00", descriptions: [ { lang: "en", value: "script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "16280", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/16280", }, { name: "RHSA-2005:782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-782.html", }, { name: "20011212 Silly 'script' hardlink bug", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2001/Dec/0123.html", }, { name: "oval:org.mitre.oval:def:10723", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723", }, { name: "20011213 Silly 'script' hardlink bug - fixed", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2001/Dec/0122.html", }, { name: "16785", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16785", }, { name: "util-linux-script-hardlink(7718)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7718", }, { tags: [ "x_refsource_MISC", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm", }, { name: "18502", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18502", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1494", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "16280", refsource: "BID", url: "http://www.securityfocus.com/bid/16280", }, { name: "RHSA-2005:782", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-782.html", }, { name: "20011212 Silly 'script' hardlink bug", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2001/Dec/0123.html", }, { name: "oval:org.mitre.oval:def:10723", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723", }, { name: "20011213 Silly 'script' hardlink bug - fixed", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2001/Dec/0122.html", }, { name: "16785", refsource: "SECUNIA", url: "http://secunia.com/advisories/16785", }, { name: "util-linux-script-hardlink(7718)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7718", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm", refsource: "MISC", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm", }, { name: "18502", refsource: "SECUNIA", url: "http://secunia.com/advisories/18502", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1494", datePublished: "2005-06-21T04:00:00", dateReserved: "2005-06-21T00:00:00", dateUpdated: "2024-08-08T04:58:11.298Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }