Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:58:49 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1916775175&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Memory%20Leak%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fmemory_leak%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1916775175.1338191929.1338191929.1338191929.1%3B%2B__utmz%3D32867617.1338191929.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112903/RHSA-2012-0676-01.txt http://packetstormsecurity.org/files/112903/RHSA-2012-0676-01.txt http://packetstormsecurity.org/files/112903/Red-Hat-Security-Advisory-2012-0676-01.html Tue, 22 May 2012 00:19:59 GMT Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host. http://packetstormsecurity.org/files/112475/dsa-2459-2.txt http://packetstormsecurity.org/files/112475/dsa-2459-2.txt http://packetstormsecurity.org/files/112475/Debian-Security-Advisory-2459-2.html Sun, 06 May 2012 01:30:28 GMT Debian Linux Security Advisory 2459-2 - The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations. http://packetstormsecurity.org/files/111396/intuithsp-leak.txt http://packetstormsecurity.org/files/111396/intuithsp-leak.txt http://packetstormsecurity.org/files/111396/Intuit-Help-System-Heap-Corruption-Memory-Leak.html Fri, 30 Mar 2012 22:24:47 GMT Intuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities. http://packetstormsecurity.org/files/111285/cisco-sa-20120328-zbfw.txt http://packetstormsecurity.org/files/111285/cisco-sa-20120328-zbfw.txt http://packetstormsecurity.org/files/111285/Cisco-Security-Advisory-20120328-zbfw.html Thu, 29 Mar 2012 02:51:06 GMT Cisco Security Advisory - Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows: Memory Leak Associated with Crafted IP Packets. Memory Leak in HTTP Inspection. Memory Leak in H.323 Inspection. Memory Leak in SIP Inspection Workarounds that mitigate these vulnerabilities are not available. Cisco has released free software updates that address these vulnerabilities. http://packetstormsecurity.org/files/111254/MDVSA-2012-041.txt http://packetstormsecurity.org/files/111254/MDVSA-2012-041.txt http://packetstormsecurity.org/files/111254/Mandriva-Linux-Security-Advisory-2012-041.html Wed, 28 Mar 2012 03:00:55 GMT Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/105389/cisco-sa-20110928-cucm.txt http://packetstormsecurity.org/files/105389/cisco-sa-20110928-cucm.txt http://packetstormsecurity.org/files/105389/Cisco-Security-Advisory-20110928-cucm.html Wed, 28 Sep 2011 21:51:56 GMT Cisco Security Advisory - Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability. http://packetstormsecurity.org/files/105388/cisco-sa-20110928-sip.txt http://packetstormsecurity.org/files/105388/cisco-sa-20110928-sip.txt http://packetstormsecurity.org/files/105388/Cisco-Security-Advisory-20110928-sip.html Wed, 28 Sep 2011 21:51:21 GMT Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities. http://packetstormsecurity.org/files/105366/cisco-sa-20110928-dlsw.txt http://packetstormsecurity.org/files/105366/cisco-sa-20110928-dlsw.txt http://packetstormsecurity.org/files/105366/Cisco-Security-Advisory-20110928-dlsw.html Wed, 28 Sep 2011 20:54:06 GMT Cisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets. Cisco has released free software updates that address this vulnerability. http://packetstormsecurity.org/files/103971/CVE-2011-2481.txt http://packetstormsecurity.org/files/103971/CVE-2011-2481.txt http://packetstormsecurity.org/files/103971/Apache-Tomcat-7.0.0-Through-7.0.16-Information-Disclosure.html Sat, 13 Aug 2011 20:25:54 GMT The re-factoring of XML validation for Tomcat 7.0.x re-introduced the vulnerability previously reported as CVE-2009-0783. This was initially reported as a memory leak. If a web application is the first web application loaded, this bug allows that web application to potentially view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance. http://packetstormsecurity.org/files/99294/spiltmilk.c http://packetstormsecurity.org/files/99294/spiltmilk.c http://packetstormsecurity.org/files/99294/Linux-2.6.37-rc1-serial_core-TIOCGICOUNT-Leak.html Mon, 14 Mar 2011 21:59:38 GMT Information leak exploit for Linux kernel versions 2.6.37-rc1 and below which leaks kernel stack space back to userland due to uninitialized struct member "reserved" in struct serial_icounter_struct copied to userland. Uses ioctl to trigger memory leak, dumps to file and displays to command line. http://packetstormsecurity.org/files/97542/MDVSA-2011-006.txt http://packetstormsecurity.org/files/97542/MDVSA-2011-006.txt http://packetstormsecurity.org/files/97542/Mandriva-Linux-Security-Advisory-2011-006.html Fri, 14 Jan 2011 22:50:47 GMT Mandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. http://packetstormsecurity.org/files/96356/cod7mem-adv.txt http://packetstormsecurity.org/files/96356/cod7mem-adv.txt http://packetstormsecurity.org/files/96356/Call-Of-Duty-Black-Ops-Memory-Leak.html Fri, 03 Dec 2010 17:38:57 GMT Call of Duty: Black Ops suffers from a remote memory leak vulnerability. http://packetstormsecurity.org/files/94147/cisco-sa-20100922-sslvpn.txt http://packetstormsecurity.org/files/94147/cisco-sa-20100922-sslvpn.txt http://packetstormsecurity.org/files/94147/Cisco-Security-Advisory-20100922-sslvpn.html Thu, 23 Sep 2010 01:08:07 GMT Cisco Security Advisory - Cisco IOS Software contains a vulnerability when the Cisco IOS SSL VPN feature is configured with an HTTP redirect. Exploitation could allow a remote, unauthenticated user to cause a memory leak on the affected devices, that could result in a memory exhaustion condition that may cause device reloads, the inability to service new TCP connections, and other denial of service (DoS) conditions. http://packetstormsecurity.org/files/91878/MDVSA-2010-133.txt http://packetstormsecurity.org/files/91878/MDVSA-2010-133.txt http://packetstormsecurity.org/files/91878/Mandriva-Linux-Security-Advisory-2010-133.html Fri, 16 Jul 2010 04:34:46 GMT Mandriva Linux Security Advisory 2010-133 - Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. http://packetstormsecurity.org/files/91332/mshtml_leak_poc.zip http://packetstormsecurity.org/files/91332/mshtml_leak_poc.zip http://packetstormsecurity.org/files/91332/Microsoft-mshtml.dll-CTimeoutEventList-InsertIntoTimeoutList-Memory-Leak.html Thu, 01 Jul 2010 04:20:54 GMT Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList proof of concept memory leak exploit. http://packetstormsecurity.org/files/86790/dsa-2005-1.txt http://packetstormsecurity.org/files/86790/dsa-2005-1.txt http://packetstormsecurity.org/files/86790/Debian-Linux-Security-Advisory-2005-1.html Mon, 01 Mar 2010 21:20:35 GMT Debian Linux Security Advisory 2005-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. Note that this advisory says DSA-2004-1 but it is actually DSA-2005-1. http://packetstormsecurity.org/files/86286/dsa-1996-1.txt http://packetstormsecurity.org/files/86286/dsa-1996-1.txt http://packetstormsecurity.org/files/86286/Debian-Linux-Security-Advisory-1996-1.html Mon, 15 Feb 2010 20:31:13 GMT Debian Linux Security Advisory 1996-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. http://packetstormsecurity.org/files/85501/MDVSA-2010-022.txt http://packetstormsecurity.org/files/85501/MDVSA-2010-022.txt http://packetstormsecurity.org/files/85501/Mandriva-Linux-Security-Advisory-2010-022.html Fri, 22 Jan 2010 06:38:14 GMT Mandriva Linux Security Advisory 2010-022 - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct thies issue. http://packetstormsecurity.org/files/85082/dsa-1970-1.txt http://packetstormsecurity.org/files/85082/dsa-1970-1.txt http://packetstormsecurity.org/files/85082/Debian-Linux-Security-Advisory-1970-1.html Thu, 14 Jan 2010 02:45:15 GMT Debian Linux Security Advisory 1970-1 - It was discovered that a significant memory leak could occur in openssl, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. http://packetstormsecurity.org/files/84437/MDVSA-2009-344.txt http://packetstormsecurity.org/files/84437/MDVSA-2009-344.txt http://packetstormsecurity.org/files/84437/Mandriva-Linux-Security-Advisory-2009-344.html Wed, 30 Dec 2009 18:34:50 GMT Mandriva Linux Security Advisory 2009-344 - Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for these vulnerabilities. http://packetstormsecurity.org/files/83512/MDVSA-2009-297-1.txt http://packetstormsecurity.org/files/83512/MDVSA-2009-297-1.txt http://packetstormsecurity.org/files/83512/Mandriva-Linux-Security-Advisory-2009-297.html Mon, 07 Dec 2009 21:40:33 GMT Mandriva Linux Security Advisory 2009-297 - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file. FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. The updated packages fix this issue. Packages for 2008.0 are being provided due to extended support for Corporate products. http://packetstormsecurity.org/files/82686/MDVSA-2009-297.txt http://packetstormsecurity.org/files/82686/MDVSA-2009-297.txt http://packetstormsecurity.org/files/82686/Mandriva-Linux-Security-Advisory-2009-297.html Tue, 17 Nov 2009 03:20:57 GMT Mandriva Linux Security Advisory 2009-297 - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file. FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. The updated packages fix this issue. http://packetstormsecurity.org/files/82539/dsa-1929-1.txt http://packetstormsecurity.org/files/82539/dsa-1929-1.txt http://packetstormsecurity.org/files/82539/Debian-Linux-Security-Advisory-1929-1.html Fri, 06 Nov 2009 21:51:40 GMT Debian Linux Security Advisory 1929-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. http://packetstormsecurity.org/files/82538/dsa-1928-1.txt http://packetstormsecurity.org/files/82538/dsa-1928-1.txt http://packetstormsecurity.org/files/82538/Debian-Linux-Security-Advisory-1928-1.html Fri, 06 Nov 2009 21:49:02 GMT Debian Linux Security Advisory 1928-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. http://packetstormsecurity.org/files/82510/dsa-1927-1.txt http://packetstormsecurity.org/files/82510/dsa-1927-1.txt http://packetstormsecurity.org/files/82510/Debian-Linux-Security-Advisory-1927-1.html Fri, 06 Nov 2009 01:16:45 GMT Debian Linux Security Advisory 1927-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.