exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2014-4607

Status Candidate

Overview

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

Related Files

Gentoo Linux Security Advisory 201701-14
Posted Jan 2, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-14 - An integer overflow in LZO might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.08 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2014-4607
SHA-256 | 2f26e01e89f98c1633ae88f5d0b47701c018e02edab2d5367badb349371f00b4
Mandriva Linux Security Advisory 2015-163
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-163 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The grub2 package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 6ae284d0de868ab7f87fb05d92e7bbec5da0551f41a32b761bd68e4d8f04ff31
Gentoo Linux Security Advisory 201503-13
Posted Mar 30, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-13 - Multiple vulnerabilities have been found in BusyBox, allowing context dependent attackers to load arbitrary kernel modules, execute arbitrary files, or cause a Denial of Service condition. Versions less than 1.23.1 are affected.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, gentoo
advisories | CVE-2014-4607, CVE-2014-9645
SHA-256 | d53909ca9603f24a82643ad31fa0ef347f8a0d12dbb4dca631b68ebd5d7a6bff
Mandriva Linux Security Advisory 2015-150
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-150 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 7786a6d242b8ae14eeda3858a16f35b3268a4339417b51473b5e0f9fbc15c281
Mandriva Linux Security Advisory 2015-146
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-146 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature.

tags | advisory, remote, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607, CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
SHA-256 | 64a585715b6153f060300bd58af5f5fe21c455247b7446666263b01087c63c74
Mandriva Linux Security Advisory 2014-181
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-181 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The dump package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 0f75b6891aae24693a8f4e99262c27b89e7e8729e07fcfea36107cd8471f1867
Mandriva Linux Security Advisory 2014-173
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-173 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. Busybox bundles part of the liblzo code, containing the lzo1x_decompress_safe function, which is affected by this issue.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | fcc34020e34e26f76b502247b86cf085a924a4ece4f9f27fb43b914bf781dc0b
Mandriva Linux Security Advisory 2014-168
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-168 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. The x11vnc packages is now build against the system libvncserver library to avoid security issues in the bundled copy. The icecream packages is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 250c81914e24825853b855493501760094ef441b094b49344065f2078e67daa7
Debian Security Advisory 2995-1
Posted Aug 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2995-1 - Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-4607
SHA-256 | 1ead9c8af49a2ce3949b974fafca20251b706d338d7b8b29bd6fb57789bc1b1d
Ubuntu Security Notice USN-2300-1
Posted Jul 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2300-1 - Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-4607
SHA-256 | 052eb44f42d6cd5dd14d059c17c5bf9a8bc99472168ac85239a8e82354f16e46
Mandriva Linux Security Advisory 2014-134
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-134 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 09f3697bd7c1262d63ac7bceb9874b1046533a6d16eef40e1a9088a4a91adca4
Red Hat Security Advisory 2014-0861-02
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0861-02 - LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-4607
SHA-256 | 2b79806c5506601a649fcadead2d724e2e194a128b8d64da2b4a6ad1636a84ba
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close