This is a list of vulnerabilities release in 2003, with an attempt to classify them into if they would have been avoided if the code had used a real dynamic string API and to classify them into a Vulnerability range (ie. Can you only exploit it from the local machine or can you do it remotely). However note that esp. in the later classifications it's possible that my classification is wrong for your environment (for instance if you don't pass untrusted data from the network to unzip, that is a local vulnerability, if you only allow connections from the local machine to postgresql that becomes a local vulnerability, if you download arbitrary themes from the network and load them into WindowMaker that becomes a remote vulnerability or if you run commands over untrusted NFS mounts then most filesystem vulnerabilities can become remote vulnerabilities). I've tried to classify each with the most commmonly expected value.
A RED error indicates an error that could not have occured if the program had been using a real dynamic string API.
A BLUE error indicates an error that could not have occured it the program had been using Vstr.
You can go straight to the summary of the types of the vulnerabilities or to the summary of the range of the vulnerabilities.
Red Hat Package | Types of Vulnerability | Range of Vulnerability | Range, if Vstr was used | Range, if any dynamic string API was used |
MySQL | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
sane | Privilage Escalation (First connection after starting isn't checked) Denial of Service (read of memory after allocation) Denial of Service (random amount of memory is attempted for allocation) Denial of Service (when debug printing, non-NIL terminated strings are assumed NIL terminated) Denial of Service (unbounded allocation) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
perl | Input Validation (Redefining @_) Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
openssl | Input Validation (ASN.1 tag parsing) Double Free | Remote vulnerability | Remote vulnerability | Remote vulnerability |
perl | Privilage Escalation (can break out of safe.pm sandboxes) Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
apache httpd | Input Validation (Cipher restrictions ignored on renegotiation) Denial of Service (infinite loop handling internal redirects and nested subrequests) Denial of Service (temporarily, if using multiple ports) Denial of Service (ftp proxy and IPV6 only) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
openssh | Integer Overflow | Remote vulnerability | Not applicable | Not applicable |
sendmail | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
KDE | Privilage Escalation (bad session credentials) | Local vulnerability | Local vulnerability | Local vulnerability |
openssh | Integer Overflow | Remote vulnerability | Not applicable | Not applicable |
pine | Buffer Overflow Integer Overflow | Remote vulnerability | Not applicable | Not applicable |
gtkhtml | Denial of Service (NULL pointer de-reference) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
apache httpd | Input Validation (Cipher restrictions ignored on renegotiation) Denial of Service (infinite loop handling internal redirects and nested subrequests) Denial of Service (temporarily, if using multiple ports) Denial of Service (ftp proxy and IPV6 only) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
up2date | Broken Packaging (Expired Certificate Authority) | Local vulnerability | Local vulnerability | Local vulnerability |
sendmail | Free uninitialized memory location | Remote vulnerability | Remote vulnerability | Remote vulnerability |
pam_smb | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
iptables | Broken Packaging (bad dependancies cause kernel updates to stop iptables firewall) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
GDM | Privilage Escalation (read files) | Local vulnerability | Local vulnerability | Local vulnerability |
KDE | Information Leak | Remote vulnerability | Remote vulnerability | Remote vulnerability |
ddskk | Temporary File Creation | Local vulnerability | Local vulnerability | Local vulnerability |
up2date | Input Validation | Remote vulnerability | Remote vulnerability | Remote vulnerability |
postfix | Input Validation | Remote vulnerability | Remote vulnerability | Remote vulnerability |
unzip | Input Validation | Possibly remote vulnerability | Possibly remote vulnerability | Possibly remote vulnerability |
Xterm | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
php | Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
ethereal | Buffer Overflow Integer Overflow Off By One | Remote vulnerability | Not applicable | Not applicable |
nfs-utils | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
mozilla | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
Xpdf | Input Validation Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
kernel | Information Leak Privilage Escalation (read files) Privilage Escalation (UDP port binding) Input Validation | Possibly remote vulnerability | Possibly remote vulnerability | Possibly remote vulnerability |
semi | Input Validation | Remote vulnerability | Remote vulnerability | Remote vulnerability |
stunnel | Denial of Service (Signal handling code) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
OpenSSH | Information Leak | Remote vulnerability | Remote vulnerability | Remote vulnerability |
wu-ftpd | Off By One | Remote vulnerability | Not applicable | Not applicable |
kernel | Denial of Service (Crash) | Local vulnerability | Local vulnerability | Local vulnerability |
kon2 | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
KDE | Man in the Middle | Remote vulnerability | Remote vulnerability | Remote vulnerability |
hanterm | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
ypserv | Denial of Service (Blocking write) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
man | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
mod_auth_any | Improper Encoding (shell callout) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
KDE | Improper Encoding (shell callout) Input Validation (Run postscript as user) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
xinetd | Denial of Service (Memory leak) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
kernel | Denial of Service (CPU) Privilage Escalation (I/O ports) | Local vulnerability | Local vulnerability | Local vulnerability |
tcpdump | Privilage Escalation (failure to drop privileges and looks at the network) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
lv | Privilage Escalation (Run commands as other users) | Local vulnerability | Local vulnerability | Local vulnerability |
gnupg | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
CUPS | Denial of Service (Blocking read) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
apache httpd | Free memory that is in use | Remote vulnerability | Not applicable | Remote vulnerability |
ghostscript | Input Validation | Possibly remote vulnerability | Possibly remote vulnerability | Possibly remote vulnerability |
OpenSSL | Information Leak | Remote vulnerability | Remote vulnerability | Remote vulnerability |
vsftpd | Broken Packaging (disabled hosts.allow/hosts.deny) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
kerberos | Authenticated Privilage Escalation (leverage auth. in one relm to gain auth. in another) Integer Overflow | Remote vulnerability | Local vulnerability | Local vulnerability |
eog | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
NetPBM | Buffer Overflow Integer Overflow | Possibly remote vulnerability | Not applicable | Not applicable |
mutt | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
balsa | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
samba | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
mgetty | Buffer Overflow | Possibly remote vulnerability | Not applicable | Not applicable |
kernel | Privilage Escalation (ptrace) | Local vulnerability | Local vulnerability | Local vulnerability |
apache httpd | Denial of Service (Memory leak) Input Validation Improper Encoding (Corrupted log files) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
tcpdump | Buffer Overflow Input Validation | Remote vulnerability | Remote vulnerability | Remote vulnerability |
ethereal | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
squirrelmail | Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
LPRng | Temporary File Creation | Local vulnerability | Local vulnerability | Local vulnerability |
mICQ | Input Validation | Remote vulnerability | Not applicable | Remote vulnerability |
zlib | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
MySQL | Double Free Input Validation | Remote vulnerability | Remote vulnerability | Remote vulnerability |
sendmail | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
squirrelmail | Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
im | Temporary File Creation | Local vulnerability | Local vulnerability | Local vulnerability |
OpenSSL | Information Leak | Remote vulnerability | Remote vulnerability | Remote vulnerability |
file | Buffer Overflow | Local vulnerability | Not applicable | Not applicable |
Gnome-lokkit | Input Validation (Doesn't do anything for FORWARD rule packets) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
rxvt | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
kernel | Privilage Escalation (ptrace) | Local vulnerability | Local vulnerability | Local vulnerability |
samba | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
glibc (sun rpc code) | Integer Overflow | Remote vulnerability | Not applicable | Not applicable |
kernel | Privilage Escalation (module loading) Information Leak | Remote vulnerability | Remote vulnerability | Remote vulnerability |
evolution | Input Validation | Remote vulnerability | Not applicable | Remote vulnerability |
kerberos | Integer Overflow Input Validation Input Validation Input Validation (Vulnerabilities in the support for triple-DES keys) Authenticated Privilage Escalation (leverage auth. in one relm to gain auth. in another) Integer Overflow | Remote vulnerability | Remote vulnerability | Remote vulnerability |
sendmail | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
dhcp | Denial of Service (sends data constantly to the broadcast address) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
php | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
openldap | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
WindowMaker | Buffer Overflow | Local vulnerability | Not applicable | Not applicable |
Xpdf | Integer Overflow | Remote vulnerability | Not applicable | Not applicable |
w3m | Cross Site Scripting | Remote vulnerability | Remote vulnerability | Remote vulnerability |
kernel-utils | Broken Packaging (unsafe program was setuid) | Local vulnerability | Local vulnerability | Local vulnerability |
lynx | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
pam_xauth | Information Leak | Local vulnerability | Local vulnerability | Local vulnerability |
fileutils | Privilage Escalation (delete other users files) | Local vulnerability | Local vulnerability | Local vulnerability |
shadow-utils | Privilage Escalation (read/write other users incoming mailbox) | Local vulnerability | Local vulnerability | Local vulnerability |
VNC | Input Validation (Replay authorization) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
vte | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
pine | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
cyrus-sasl | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
libpng | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
CUPS | Buffer Overflow Integer Overflow Temporary File Creation Input Validation Cross Site Scripting Denial of Service (attack recovery) | Remote vulnerability | Remote vulnerability | Remote vulnerability |
postgresql | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
postgresql | Privilage Escalation (delete transaction log files) Buffer Overflow | Remote vulnerability | Local vulnerability | Local vulnerability |
MySQL | Integer Overflow Input Validation Buffer Overflow | Remote vulnerability | Possibly remote vulnerability | Possibly remote vulnerability |
dhcp | Buffer Overflow | Remote vulnerability | Not applicable | Not applicable |
vim | Input Validation | Local vulnerability | Local vulnerability | Local vulnerability |
cvs | Privilage Escalation (write to any files) | Local vulnerability | Local vulnerability | Local vulnerability |
python | Temporary File Creation | Local vulnerability | Local vulnerability | Local vulnerability |
kerberos | Input Validation | Remote vulnerability | Remote vulnerability | Remote vulnerability |
Type of Vulnerability | Number of Vulnerabilities |
Buffer Overflow | 32 |
Input Validation | 30 |
Denial of Service (All) | 20 |
Privilage Escalation (All) | 16 |
Integer Overflow | 12 |
Cross Site Scripting | 8 |
Information Leak | 7 |
Temporary File Creation | 5 |
Broken Packaging (All) | 4 |
Input Validation | 3 |
Improper Encoding (All) | 3 |
Double Free | 2 |
Off By One | 2 |
Authenticated Privilage Escalation (All) | 2 |
Free uninitialized memory location | 1 |
Free memory that is in use | 1 |
Man in the Middle | 1 |
Range of Vulnerability | Number of Vulnerabilities |
Remote vulnerabilities | 75 |
Possible remote vulnerabilities | 5 |
Local vulnerabilities | 27 |
All Vulnerabilities | 107 |
Range of Vulnerability | Number of Vulnerabilities |
Remote vulnerabilities | 43 (57%) |
Possible remote vulnerabilities | 4 (80%) |
Local vulnerabilities | 27 (100%) |
All Vulnerabilities | 74 (69%) |
Range of Vulnerability | Number of Vulnerabilities |
Remote vulnerabilities | 40 (53%) |
Possible remote vulnerabilities | 4 (80%) |
Local vulnerabilities | 27 (100%) |
All Vulnerabilities | 71 (66%) |