MidnightBSD

Advisories for standards_based_linux_instrumentation

CVE-2005-3144 MEDIUM

httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
standards_based_linux_instrumentation sblim-sfcb 0.9.1
standards_based_linux_instrumentation sblim-sfcb *
CVE-2005-3145 MEDIUM

httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
standards_based_linux_instrumentation sblim-sfcb 0.9.1
standards_based_linux_instrumentation sblim-sfcb *
CVE-2010-1937 HIGH

Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
standards_based_linux_instrumentation sblim-sfcb 1.3.5
standards_based_linux_instrumentation sblim-sfcb *
standards_based_linux_instrumentation sblim-sfcb 1.3.4
standards_based_linux_instrumentation sblim-sfcb 1.3.6
CVE-2010-2054 HIGH

Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
standards_based_linux_instrumentation sblim-sfcb 1.3.5
standards_based_linux_instrumentation sblim-sfcb 1.3.7
standards_based_linux_instrumentation sblim-sfcb 1.3.4
standards_based_linux_instrumentation sblim-sfcb 1.3.6
CVE-2015-5185 MEDIUM

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
standards_based_linux_instrumentation sblim-sfcb 1.3.18
standards_based_linux_instrumentation sblim-sfcb 1.3.4
opensuse opensuse 13.1