exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-6272

Status Candidate

Overview

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.

Related Files

Slackware Security Advisory - libevent Updates
Posted Mar 26, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libevent packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-6272
SHA-256 | 1819f55111ba0ede1422e02e74bdca07f5a78b76f2eb806b9e3676992020005c
Mandriva Linux Security Advisory 2015-017-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-6272
SHA-256 | 37d784031ae48e29994057c675fed2574429ffa8db1c8f64699b2756dfbdeb52
Gentoo Linux Security Advisory 201502-07
Posted Feb 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-7 - Multiple integer overflow errors in libevent could result in execution of arbitrary code or Denial of Service. Versions less than 2.0.22 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2014-6272
SHA-256 | bf14a652ac6ffd0e3ea97788fd3308684bf2220e01960169dc8aff07eb0adc67
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114
Posted Jan 20, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release of tor-ramdisk was triggered by some integer overflow bugs in libevent, CVE-2014-6272, which may be exploitable. The author took the opportunity to bump tor from the older 0.2.4 branch to 0.2.5.10 in the latest stable branch. Also updated is busybox, openssl, and the kernel.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-6272
SHA-256 | 966b7652d7133037134b30ff4cc54bdb82b1a220daf1667ccfe0df7292d201fa
Ubuntu Security Notice USN-2477-1
Posted Jan 19, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2477-1 - Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-6272
SHA-256 | 8d59f9a9a7da986c7c656c01a3b1736ca2c1c10eb6ed21dd48749c787b46e718
Mandriva Linux Security Advisory 2015-017
Posted Jan 8, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-6272
SHA-256 | bce77a4196de4ea6bb6b6218815a3818073546b6ac3237c482ea8db9d5f9801c
Debian Security Advisory 3119-1
Posted Jan 6, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3119-1 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2014-6272
SHA-256 | ba981464d57b711de3d7ce967eb091055c67eccec9d191c924fbdf642b319abe
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close