Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 May 2014 01:08:59 +0200
From: Frédéric Basse <basse.frederic@...il.com>
To: oss-security@...ts.openwall.com
Subject: [CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability

[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability
________________________________________________________________________
Summary:
DirectFB is prone to an out-of-bound write vulnerability since version
1.4.4.

The vulnerability can be triggered remotely without authentication
through Voodoo interface (network layer of DirectFB).
________________________________________________________________________
Details:
An attacker can choose to overflow in the heap or the stack.
________________________________________________________________________
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
________________________________________________________________________
Disclosure Timeline:
2014-03-27 Developer notified
2014-04-21 CVE-2014-2978 assigned
2014-05-16 Public advisory
________________________________________________________________________
References:
http://www.directfb.org/
http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
________________________________________________________________________


Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ