standards based linux instrumentation vulnerabilities and exploits

(subscribe to this query)

10

CVSSv2

Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB prior to 1.3.8 might allow remote malicious users to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896.

Standards Based Linux Instrumentation Sblim-sfcb 1.3.6 Standards Based Linux Instrumentation Sblim-sfcb 1.3.4 Standards Based Linux Instrumentation Sblim-sfcb 1.3.5 Standards Based Linux Instrumentation Sblim-sfcb

10

CVSSv2

Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 up to and including 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote malicious users to cause a denial of service (heap memory corruption) or possibly execute arbitrary code...

Standards Based Linux Instrumentation Sblim-sfcb 1.3.7 Standards Based Linux Instrumentation Sblim-sfcb 1.3.4 Standards Based Linux Instrumentation Sblim-sfcb 1.3.6 Standards Based Linux Instrumentation Sblim-sfcb 1.3.5

5

CVSSv2

httpAdapter.c in sblim-sfcb prior to 0.9.2 allows remote malicious users to cause a denial of service via long HTTP headers.

Standards Based Linux Instrumentation Sblim-sfcb Standards Based Linux Instrumentation Sblim-sfcb 0.9.1

5

CVSSv2

httpAdapter.c in sblim-sfcb prior to 0.9.2 allows remote malicious users to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data.

Standards Based Linux Instrumentation Sblim-sfcb 0.9.1 Standards Based Linux Instrumentation Sblim-sfcb

5

CVSSv2

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.

Opensuse Opensuse 13.2 Opensuse Opensuse 13.1 Standards Based Linux Instrumentation Sblim-sfcb 1.3.4 Standards Based Linux Instrumentation Sblim-sfcb 1.3.18

4.4

CVSSv2

sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Standards Based Linux Instrumentation Sblim-sfcb

6.9

CVSSv2

The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf ...

Standards Based Linux Instrumentation Sblim-sfcb 1.3.2

5

CVSSv2

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) prior to 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which...

Opensuse Opensuse 11.4 Opensuse Opensuse 12.2 Opensuse Opensuse 12.1 Standards Based Linux Instrumentation Project Standards-based Linux Common Information Model Client

4.6

CVSSv2

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries prior to 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and prior to 1-31.el5_2.1 in RHEL 5, allows local users to gain privile...

Redhat Enterprise Linux 4 Redhat Enterprise Linux 5

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook