Robert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
LinuxSecurity.com: A vulnerability has been found and corrected in cpio and tar:
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c
in the rmt client functionality in GNU tar before 1.23 and GNU cpio
before 2.11 allows remote rmt servers to cause a denial of service
I want to do some experiments with buffer overflows on my various virtual machines, including (but not limited to) Debian 6, Ubuntu 12.04, Fedora 16, but every time I try to execute the buffer overflow exploit I get the following message:
stack smashing detected (core dumped)
After doing my research I read that it is a feature called buffer overflow protection implemented in the compiler.
LinuxSecurity.com: Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly [More...]