# October Vulnerabilities



## eddie5659 (Mar 19, 2001)

Hiya

This thread will be at the top for all of October. For any previous months, I've created a new thread here:

http://forums.techguy.org/t225642.html

However, this is just from April 2004. Any previous ones are on their own 

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

To fashion a malicious RealPix file to cause a heap overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

*Affected Software

Linux RealPlayer 10 (10.0.0 - 5)
Helix Player (10.0.0 - 5)*

http://service.real.com/help/faq/security/050930_player/EN/

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Tavis Ormandy discovered a buffer overflow in prozilla, a
multi-threaded download accelerator, which may be exploited to execute
arbitrary code.

http://www.linuxsecurity.com/content/view/120495/100/

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Javier Fernández-Sanguino Peña discovered several insecure temporary
file uses in cfengine, a tool for configuring and maintaining
networked machines, that can be exploited by a symlink attack to
overwrite arbitrary files owned by the user executing cfengine, which
is probably root.

http://www.linuxsecurity.com/content/view/120496/100/

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Javier Fernández-Sanguino Peña discovered insecure temporary file use
in cfengine2, a tool for configuring and maintaining networked
machines, that can be exploited by a symlink attack to overwrite
arbitrary files owned by the user executing cfengine, which is
probably root

http://www.linuxsecurity.com/content/view/120497/100/

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Multiple security vulnerabilities have been identified in the
mozilla-firefox web browser. These vulnerabilities could allow an
attacker to execute code on the victim's machine via specially crafted
network resources.

http://www.linuxsecurity.com/content/view/120500/100/

Regards

eddie


----------

