Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Jul 2008 17:10:09 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Two remote DoS issues in linuxdcpp


======================================================
Name: CVE-2008-2953
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2953
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287
Reference: CONFIRM:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date
Reference: SECUNIA:30812
Reference: URL:http://secunia.com/advisories/30812

Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a
denial of service (crash) via "partial file list requests" that
trigger a NULL pointer dereference.


======================================================
Name: CVE-2008-2954
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2954
Reference: CONFIRM:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt
Reference: CONFIRM:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date

client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows
remote attackers to cause a denial of service (crash) via an empty
private message, which triggers an out-of-bounds read.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.