 |
Summary of Security Items from September 29 through October 5, 2004
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Computer Associates
Common Services 1.0, 1.1, 2.0, 2.1, 2.2, 3.0, Unicenter Network & Systems Management 3.0, Unicenter ServicePlus Service Desk 6.0 |
A vulnerability exists because the Server Admin password is stored in plaintext in certain installation batch files, which could let a malicious user obtain sensitive information.
Patch and post installation steps available at: http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=
QO58447&os=NT&returninput=0
There is no exploit code required. |
Computer Associates Unicenter Common Services Plaintext Password |
Medium |
Secunia Advisory,
SA12639, September 29, 2004 |
Kaspersky Lab
KAV 5.0.149, 5.0.153
|
A vulnerability exists because RAMcleaner can be used to load the 'KAV.exe' application, which could let a malicious user bypass authentication.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability.
|
Kaspersky Anti-Virus Authentication Bypass |
Medium |
SecurityTracker Alert ID, 1011479, October 1, 2004 |
Microsoft
Internet Explorer 5.5, SP1&SP2. 6.0, SP1 |
A vulnerability exists due to insufficient validation of drag and drop events issued from the 'Internet' zone, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script is reportedly being used by malicious Web sites to install Backdoor.Akak on victim computers. |
Internet Explorer Drag & Drop File Installation |
High |
Secunia Advisory,
SA12321 August 19, 2004
SecurityFocus, September 28, 2004 |
Microsoft
SQL Server 7.0 SP3 & prior |
A remote Denial of Service vulnerability exists in 'mssqlserver' when a malicious user submits a large buffer that contains specially crafted data.
No workaround or patch available at time of publishing.
Proofs of Concept exploit scripts have been published.
|
Microsoft SQL Server Remote Denial of Service |
Low |
SecurityTracker Alert ID, 1011434, September 28, 2004
SecurityFocus, September 30, 2004 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional Server, SP-SP4, 2000 Server, SP1-SP4, Windows XP Home, SP1&SP2, XP Professional, SP1&SP2 |
A remote Denial of Service vulnerability exists in the Microsoft (Graphics Device Interface) GDI+ library when handling malformed JPEG files.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Microsoft GDI+ Library Malformed JPEG Handling Remote Denial of Service |
Low |
Bugtraq, September 26, 2004 |
MyWebServer LLC
MyWebServer 1.0.3 |
A remote Denial of Service vulnerability exists due to an error in the connection handling.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
MyWebServer Remote Denial of Service |
|
Unl0ck Team Security Advisory, September 27, 2004 |
NetworkActiv
NetworkActiv Web Server 1.0 |
A remote Denial of Service vulnerability exists when a malicious user submits a specially crafted HTTP GET request.
Update available at: http://www.networkactiv.com/NetworkActivWebServerV1.0.exe
A Proof of Concept exploit has been published. |
NetworkActiv Web Server Remote Denial of Service |
Low |
Global Security Solution Advisory, October 5, 2004 |
Playlogic International
Alpha Black Zero 1.0 4 |
A remote Denial of Service vulnerability exists due to insufficient restrictions on the total amount of connected clients.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Playlogic Alpha Black Zero Remote Denial of Service |
Low |
Bugtraq, September 29, 2004 |
Rebellion
Judge Dredd: Dredd vs. Death 1.01 & prior |
A format string vulnerability exists when handling a specially crafted chat message, which could let a remote malicious user cause a Denial of Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Judge Dredd: Dredd vs. Death Format String |
Low |
Securiteam, October 4, 2004 |
RhinoSoft.com
Serv-U 3.0, 3.1, 4.0 .0.4, 4.1 .0.11, 4.1, 4.2, 5.0 .0.9, 5.0 .0.6, 5.0.0.4, 5.1 .0, 5.2 .0.0 |
A remote Denial of Service vulnerability exists due to insufficient validation of
arguments passed via the 'STOU' command.
Upgrade available at:
http://www.serv-u.com/customer/record.asp?prod=su
There is no exploit code required; however, Proof of Concept exploit has been published. |
Serv-U FTP Server Remote Denial of Service |
Low |
Bugtraq, September 11, 2004
SecurityFocus, September 30, 2004 |
Symantec
Norton Antivirus 2003, 2004, 2005
|
A vulnerability exists because a file or directory name that contains certain character strings related to MS-DOS device names will not be scanned, which could let a remote malicious user execute arbitrary code.
The vendor has issued a fix for Symantec Norton Anti-Virus 2004, available via LiveUpdate.
We are not aware of any exploits for this vulnerability. |
|
High |
iDEFENSE Security Advisory, October 5, 2004 |
VyPRESS
Messenger 3.5, 3.5.1 |
A buffer overflow vulnerability exists due to a boundary error in a visualization function, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.vypress.com/ftp/betas/VyMes40rc1.msi
A Proof of Concept exploit script has been published. |
VyPRESS Messenger Remote Buffer Overflow |
High |
Secunia Advisory, SA12605, October 1, 2004 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Aladdin Enterprises
Ghostscript 4.3, 4.3.2, 5.10 cl, 5.10.10 -1 mdk, 5.10.10 -1, 5.10.10 mdk, 5.10.10, 5.10.12 cl, 5.10.15, 5.10.16, 5.50, 5.50.8 _7, 5.50.8, 6.51, 6.52, 6.53, 7.0 4-7.07 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
GhostScript Insecure Temporary File Creation
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
Apple
MacOS X 10.3.5 |
Two vulnerabilities exist in the AFP Server; a Denial of Service vulnerability exists because a malicious user can mount an Apple File Protocol (AFP) volume and modify SessionDestroy packets; and a vulnerability exists in the AFP Drop Box due to an incorrect setting of the guest group id, which could let a remote malicious user obtain sensitive information.
Updates available at:
/http://www.apple.com/support/downloads/
We are not aware of any exploits for this vulnerability. |
|
Medium |
Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004 |
Apple
MacOS X 10.2.8, 10.3.5 |
A vulnerability exists in NetInfo Manager because the account status for the 'root' user account may be displayed incorrectly, which could let a malicious user modify sensitive information.
Update available at: http://www.apple.com/support/downloads/
We are not aware of any exploits for this vulnerability. |
NetInfo Manager Root Account Status Display
CVE Name:
CAN-2004-0924 |
Medium |
Apple Security Advisory, SA-2004-09-30, October 4, 2004 |
Apple
MacOS X 10.2.8, 10.3.5 |
A vulnerability exists in postfix when SMTPD AUTH has been enabled because the system does not properly clear a buffer containing the username after authentication attempts, which could let a remote malicious user prevent other users from authentication.
Update available at: http://www.apple.com/support/downloads/
We are not aware of any exploits for this vulnerability. |
Postfix Buffer Error Remote Authentication Prevention
CVE Name:
CAN-2004-0925
|
Medium |
Apple Security Advisory, SA-2004-09-30, October 4, 2004 |
Apple
MacOS X 10.2.8, 10.3.5 |
A vulnerability exists in ServerAdmin because the same common self-signed certificate is used if the administrator has not replaced this example certificate, which could let a remote malicious user obtain sensitive information.
Update available at: http://www.apple.com/support/downloads/
We are not aware of any exploits for this vulnerability. |
|
Medium |
Apple Security Advisory, SA-2004-09-30, October 4, 2004 |
Apple
MacOS X 10.2.8, 10.3.5
|
A buffer overflow vulnerability exists due to a boundary error within the handling of BMP images, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.apple.com/support/downloads/
We are not aware of any exploits for this vulnerability. |
|
High |
Apple Security Advisory, SA-2004-09-30, October 4, 2004 |
Charles Cazabon
getmail 4.0.0b10, 4.0-4.0.13, 4.1-4.1.5; Gentoo Linux 1.4 |
A vulnerability exists due to insufficient validation of symbolic
links when creating users' mail boxes and subdirectories, which could let a malicious user obtain elevated privileges.
Upgrades available at:
http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4.2.0.tar.gz
Gentoo: http://security.gentoo.org/glsa/glsa-200409-32.xml
Debian: http://security.debian.org/pool/updates/main/g/getmail/
There is no exploit code required.
|
Getmail Privilege Escalation |
Medium |
Secunia Advisory, SA12594, September 20, 2004
Debian Security Advisory, DSA 553-1, September 27, 2004 |
Donald R Woods
Spider 1.1 |
A buffer overflow vulnerability exists in 'movelog.c' due to a boundary error in the 'read_file()' function, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Spider Game Buffer Overflow |
High |
Secunia Advisory, SA12716, October 4, 2004 |
FreeBSD
FreeBSD 5.x |
A vulnerability exists in ''CONS_SCRSHOT ioctl(2)' due to insufficient validation of user-supplied input, which could let a malicious user obtain sensitive information.
Update available at:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/s
yscons/syscons.c#rev1.429
We are not aware of any exploits for this vulnerability. |
|
Medium |
SecurityTracker Alert ID, 1011526, October 4, 2004 |
FreeBSD/OpenBSD
FreeBSD 4.6.2, 4.7-4.9, 5.0-5.2;
OpenBSD 3.3, 3.4
|
A remote Denial of Service vulnerability exists due to the way out-of-sequence packets are handled.
FreeBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
SGI: http://www.sgi.com/support/security/
We are not aware of any exploits for this vulnerability.
|
BSD
Out-of- Sequence Packets Remote
Denial of Service
CVE Name:
CAN-2004-0171
|
Low |
FreeBSD Security Advisory, FreeBSD-SA-04:04.tcp, March 2, 2004
SGI Security Advisory, 20040905-01-P, September 28,2004 |
GNU
gettext 0.14.1 |
A vulnerability exists due to the insecure creation of temporary files, which could possible let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
GNU
GetText Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
GNU
glibc 2.0-2.0.6, 2.1, 2.1.1 -6, 2.1.1, 2.1.2, 2.1.3 -10, 2.1.3, 2.1.9 & greater, 2.2-2.2.5, 2.3-2.3.4, 2.3.10 |
A vulnerability exists due to the insecure creation of temporary files, which could possible let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
GNU
GLibC Insecure Temporary File Creation
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
GNU
groff 1.19 |
A vulnerability exists due to the insecure creation of temporary files, which could possible let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
GNU Troff (Groff) Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
GNU
gzip 1.2.4 a |
A vulnerability exists due to the insecure creation of temporary files, which could possible let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
GNU GZip Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
GNU
sharutils 4.2, 4.2.1 |
Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Gentoo: http://security.gentoo.org/glsa/glsa-200410-01.xml
We are not aware of any exploits for this vulnerability. |
GNU Sharutils Multiple Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Gentoo Linux Security Advisory, GLSA 200410-01, October 1, 2004 |
IBM
AIX 5L Version 5.2 on pSeries, 5.3 on pSeries, 5.2, 5.3 on an i5/OS (iSeries) partition, Tivoli System Automation (TSA) for Linux 1.1, Multiplatforms 1.2, Cluster Systems Management (CSM) for Linux Version 1.4, (version
1.4 and greater), Hardware Management Console (HMC) for pSeries Version 3, , General Parallel File System (GPFS) Version 2 Release 2 on
Linux for xSeries and Linux for pSeries |
An input validation vulnerability exists in the Reliable Scalable Cluster Technology (RSCT) system 'ctstrtcasd,' which could let a malicious user create or corrupt arbitrary files.
Updates and workaround available at: http://techsupport.services.ibm.com/
A Proof of Concept exploit has been published. |
IBM Reliable Scalable Cluster Technology (RSCT) File Corruption
CVE Name:
CAN-2004-0828
|
Medium |
iDEFENSE Security Advisory, September 27, 2004
SecurityFocus, September 29, 2004 |
Larry Wall
Perl 5.8.3 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
Perl
Insecure Temporary File Creation
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
LBL
Debian
Mandrake
OpenPKG
Trustix
SGI
Slackware
tcpdump 3.4 a6, 3.4, 3.5 alpha, 3.5, 3.5.2, 3.6.2 3.6.3, 3.7-3.7.2, 3.8.1
|
Two vulnerabilities exist: a buffer overflow vulnerability exists in 'print-isakmp.c' due to insufficient validation of user-supplied input in ISAKMP packets, which could let a remote malicious user cause a Denial of Service and possibly allow the execution of arbitrary code; and a vulnerability exists when a remote malicious user submits an ISAKMP Identification payload with a specially crafted payload length value that is less than eight bytes.
Upgrades available at:
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://security.debian.org/pool/updates/main/t/tcpdump
Mandrake:
Http://www.mandrakesecure.net/en/advisories/
OpenPKG:
ftp://ftp.openpkg.org/release/
Slackware:
ftp://ftp.slackware.com/pub/slackware/
SGI:
http://www.sgi.com/support/security/
Fedora Legacy: http://download.fedoralegacy.org/redhat/
An exploit script has been published for the ISAKMP Identification Payload vulnerability
|
|
Low/High
(High if arbitrary code can be executed)
|
Debian Security Advisory, DSA 478-1, April 6, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:030, April 15, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.010, April 7, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0015, March 30, 2004
SGI Security Advisories, 20040602-01-U & 20040603-01-U, June 21, 2004
Slackware Security Advisory, SSA:2004-108-01, April 17, 2004
Fedora Legacy Update Advisory, FLSA:1468, September 29, 2004
|
Martin Pool
distcc prior to 2.16 |
A vulnerability exists because access controls are not properly enforced, which could let a malicious user bypass certain security restrictions.
Updates available at: http://distcc.samba.org/download.html
We are not aware of any exploits for this vulnerability. |
|
Medium |
Secunia Advisory, SA12711, October 4, 2004 |
MediaWiki
MediaWiki 1.3-1.3.4 |
A Cross-Site Scripting vulnerability exists due to an input validation error in the 'raw' page output mode, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://prdownloads.sourceforge.net/wikipedia/
mediawiki-1.3.5.tar.gz?download
There is no exploit code required. |
MediaWiki Raw Page Cross-Site Scripting |
High |
Secunia Advisory,
SA12692, October 1, 2004 |
MIT
Kerberos 5 1.3.4 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
MIT
Kerberos 5 Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
Multiple Vendors
ArX Distributed Revision Control System 1.0 pre10-pre16, 1.0.17, 1.0.18;
Cadaver WebDAV Client 0.20 .0- 0.20.5, 0.21 .0, 0.22.0;
Neon Client Library 0.19.3, 0.23- 0.23.8, 0.24- 0.24.4;
Netwosix Netwosix Linux 1.0, 1.1;
RedHat Advanced Work-station for the Itanium Processor 2.1, Enterprise Linux WS 2.1, ES 2.1, AS 2.1
|
Multiple format string vulnerabilities exist when processing XML/207 response messages, which could let a remote malicious user execute arbitrary code.
ArX Distributed:
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
Cadaver: http://www.webdav.org/cadaver/
Debian: http://security.debian.org/pool/updates/main/n/neon/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Neon Client: http://www.webdav.org/neon/neon-0.24.5.tar.gz
Netwosix: http://download.netwosix.org/0012/nepote
OpenPKG: ftp.openpkg.org/release/2.0/UPD/neon-0.24.4-2.0.1.src.rpm
RedHat: ftp://updates.redhat.com/9/en/os/
SGI: ftp://patches.sgi.com/support/free/security/advisories/
SuSE: ftp://ftp.suse.com/pub/suse/i386/update
Fedora Legacy: http://download.fedoralegacy.org/redhat/
An exploit has been published.
|
WebDAV Client Library Format String Vulnerabilities
CAN-2004-0179
|
High |
Red Hat Security Advisories, RHSA-2004: 157-06, 158-01, & 159-01, April 14 & 15, 2004
Debian Security Advisory, DSA 487-1, April 16, 2004
SUSE Security Announcement, SuSE-SA:2004:009, April 14, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.016, April 16, 2004
Netwosix Linux Security Advisory #2004-0012, April 18, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:032, April 20, 2004
SGI Security Advisory, 20040404-01-U, April 21, 2004
Fedora Legacy Update Advisory, FLSA:1552, September 29, 2004
|
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.0, 1.0.6, 1.0.8, 1.1, 1.1.1, 1.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun SEAM 1.0.2 |
Multiple double-free vulnerabilities exist due to inconsistent memory handling routines in the krb5 library: various double-free errors exist in the KDC (Key Distribution Center) cleanup code and in client libraries, which could let a remote malicious user execute arbitrary code; various double-free errors exist in the 'krb5_rd_cred()' function, which could let a remote malicious user execute arbitrary code; a double-free vulnerability exists in krb524d, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in ASN.1 decoder when handling indefinite length BER encodings, which could let a remote malicious user cause a Denial of Service.
MIT Kerberos: http://web.mit.edu/kerberos/advisories/
Cisco: http://www.cisco.com/warp/public/707/
cisco-sa-20040831-krb5.shtml
Debian: http://security.debian.org/pool/updates/main/k/krb5/
Fedora: http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-09.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Sun: http://sunsolve.sun.com/search
/document.do?assetkey=1-21-112908-15-1
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva: http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000860
OpenPKG: ftp://ftp.openpkg.org/release/
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Server/
IBM: http://www.securityfocus.com/advisories/7269
We are not aware of any exploits for this vulnerability. |
|
Low/High
(High if arbitrary code can be executed)
|
MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004
US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004
US-CERT Vulnerability Notes, VU#350792, VU#795632, VU#866472, September 3, 2004
Conectiva Security Advisory, CLSA-2004:860, September 9, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.039, September 13, 2004
Turbolinux Security Advisory TLSA-2004-22, September 15, 2004
IBM Security Advisory, September 30, 2004 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNU Emacs 20.0-20.6, 21.2
|
A vulnerability exists in the Emacs film library due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Debian: http://security.debian.org/pool/updates/main/f/flim/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-344.html
Fedora Legacy: http://download.fedoralegacy.org/redhat/
We are not aware of any exploits for this vulnerability.
|
Emacs film Library Insecure Temporary File Creation
CVE Name:
CAN-2004-0422
|
Medium |
Debian Security Advisory, DSA 500-1, May 2, 2004
Fedora Legacy Update Advisory, FLSA:1581, September 30, 2004 |
Multiple Vendors
Debian
Mandrake
OpenPKG
RedHat
SGI
Slackware
Trustix
Debian Linux 3.0, s/390, ppc, mipsel, mips, m68k, ia‑64, ia‑32, hppa, arm, alpha; rsync 2.3.1, 2.3.2 -1.3, 2.3.2 -1.2, sparc, PPC, m68k, intel, ARM, alpha, 2.3.2, 2.4.0, 2.4.1, 2.4.3‑ 2.4.6, 2.4.8, 2.5.0‑ 2.5.7, 2.6
|
A vulnerability exists due to insufficient sanitization of user-supplied path values, which could let a remote malicious user modify system information or obtain unauthorized access.
Debian: http://security.debian.org/pool/updates/main/r/rsync
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Rsync: http://rsync.samba.org/ftp/rsync/rsync-2.6.1.tar.gz
Slackware: ftp://ftp.slackware.com/pub/slackware/
Trustix: http://www.trustix.org/errata/misc/2004/
TSL-2004-0024-rsync.asc.txt
OpenPKG: ftp://ftp.openpkg.org/release/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-192.html
SGI: ftp://patches.sgi.com/support/free/security/
patches/ProPack/2.4/
Apple: http://www.apple.com/support/security/security_updates.html
Fedora Legacy: http://download.fedoralegacy.org/redhat/
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Debian Security Advisory, DSA 499-1, May 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:042, May 11, 2004
OpenPKG Security Advisory , OpenPKG-SA-2004.025, May 21, 2004
RedHat Security Advisory, RHSA-2004:192-06, May 19, 2004
SGI Security Advisories, 20040508-01-U & 20040509-01, May 28, 2004
Slackware Security Advisory, SSA:2004-124-01, May 3, 2004
Trustix Secure Linux Security Advisory, 2004-0024, April 30, 2004
Fedora Legacy Update Advisory, FLSA:2003, September 30, 2004 |
Multiple Vendors
Easy Software Products CUPS 1.1.14-1.1.20; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
|
A Denial of Service vulnerability exists in 'scheduler/dirsvc.c' due to insufficient validation of UDP datagrams.
Update available at: http://www.cups.org/software.php
Debian: http://security.debian.org/pool/updates/main/c/cupsys/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://rhn.redhat.com/
SuSE: ftp://ftp.suse.com/pub/suse/
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
ALTLinux: http://altlinux.com/index.php?
module=sisyphus&package=cups
Gentoo: http://security.gentoo.org/glsa/glsa-200409-25.xml
Slackware: ftp://ftp.slackware.com/pub/slackware/
Apple: http://www.apple.com/support/security/security_updates.html
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
A Proof of Concept exploit has been published. |
|
Low |
SecurityTracker Alert ID, 1011283, September 15, 2004
ALTLinux Advisory, September 17, 2004
Gentoo Linux Security Advisory GLSA 200409-25, September 20, 2004
Slackware Security Advisory, SSA:2004-266-01, September 23, 2004
Fedora Update Notification,
FEDORA-2004-275, September 28, 2004
Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004 |
Multiple Vendors
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1 |
A remote Denial of Service vulnerability during the decompression process due to a failure to handle malformed input.
Gentoo: http://security.gentoo.org/glsa/glsa-200408-26.xml
FileZilla: http://sourceforge.net/project/showfiles.php?group_id=21558
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch
OpenPKG: ftp ftp.openpkg.org
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
SuSE: ftp://ftp.suse.com/pub/suse/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Conectiva: ftp://atualizacoes.conectiva.com.br/
We are not aware of any exploits for this vulnerability.
|
Zlib Compression Library Remote
Denial of Service
CVE Name:
CAN-2004-0797
|
Low |
SecurityFocus, August 25, 2004
SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004
US-CERT Vulnerability Note VU#238678, October 1, 2004 |
Multiple Vendors
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8 |
Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.
Debian:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
SuSE: ftp://ftp.suse.com/pub/suse/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-28.xml
We are not aware of any exploits for this vulnerability. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1011285, September 17, 2004
Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004
US-CERT Vulnerability Notes VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004 |
Multiple Vendors
OpenBSD 3.4, 3.5; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux Enterprise Server 9, 8;
X.org X11R6 6.7.0, 6.8;
XFree86 X11R6 3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1, Errata, 4.3.0 |
Multiple vulnerabilities exist: a stack overflow exists in 'xpmParseColors()' in 'parse.c' when a specially crafted XPMv1 and XPMv2/3 file is submitted, which could let a remote malicious user execute arbitrary code; a stack overflow vulnerability exists in the 'ParseAndPutPixels()' function in -create.c' when reading pixel values, which could let a remote malicious user execute arbitrary code; and an integer overflow vulnerability exists in the colorTable allocation in 'xpmParseColors()' in 'parse.c,' which could let a remote malicious user execute arbitrary code.
Debian: http://security.debian.org/pool/updates/main/i/imlib/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
OpenBSD:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/
SuSE: ftp://ftp.suse.com/pub/suse/
X.org: http://x.org/X11R6.8.1/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-34.xml
IBM: http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
RedHat: http://rhn.redhat.com/errata/RHSA-2004-478.html
Proofs of Concept exploits have been published. |
|
High |
X.Org Foundation Security Advisory, September 16, 2004
US-CERT Vulnerability Notes, VU#537878 & VU#882750, September 30, 2004
SecurityFocus, October 4, 2004 |
Multiple Vendors
Samba Samba 2.2 a, 2.2 .0a, 2.2 .0, 2.2.1 a, 2.2.2, 2.2.3 a, 2.2.3-2.2.9, 2.2.11, 3.0, alpha, 3.0.1-3.0.5; MandrakeSoft Corporate Server 2.1, x86_64, 9.2, amd64 |
A vulnerability exists due to input validation errors in
'unix_convert()' and 'check_name()' when converting DOS path names to path names in the internal filesystem, which could let a remote malicious user obtain sensitive information.
Samba: http://download.samba.org/samba/ftp/patches/security/
http://us1.samba.org/samba/ftp/old-versions/samba-2.2.12.tar.gz
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
|
Medium |
iDEFENSE Security Advisory, September 30, 2004 |
MySQL AB
MySQL 4.0.18 |
A vulnerability exists due to the insecure creation of temporary files, which could possible let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
MySQL Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
Netatalk
Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
NetaTalk Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
OpenOffice
OpenOffice 1.1.2,
Sun StarOffice 7.0 |
A vulnerability exists in the '/tmp' folder due to insecure permissions, which could let a malicious user obtain sensitive information.
Upgrades available at: http://sunsolve.sun.com/search/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-446.html
Mandrake: http://www.mandrakesecure.net/en/ftp.php
There is no exploit code required. |
OpenOffice/
StarOffice Insure Temporary File Permissions
CVE Name:
CAN-2004-0752
|
Medium |
Secunia Advisory, SA12302, September 13, 2004
RedHat Security Bulletin, RHSA-2004:446-08, September 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:103, September 28, 2004 |
OpenSSL Project
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
OpenSSL
Insecure Temporary File Creation
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
Peter Zelezny
X-Chat 1.8-1.8.2, 1.8.6- 1.8.9, 2.0.1, 2.0.5- 2.0.8 |
A buffer overflow vulnerability exists in the SOCKS 5 proxy code, which could let a remote malicious user execute arbitrary code.
Patch available at:
http://www.xchat.org/files/source/2.0/patches/xc208-fixsocks5.diff
Debian: http://security.debian.org/pool/updates/main/x/xchat/
Gentoo:http://security.gentoo.org/glsa/glsa-200404-15.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Netwosix: http://www.netwosix.org/adv14.html
RedHat: ftp://updates.redhat.com/9/en/os/
Fedora Legacy: http://download.fedoralegacy.org/redhat/
An exploit script has been published.
|
|
High |
Debian Security Advisory, DSA 493-1, April 21, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:036, April 22, 2004
Red Hat Security Advisory, RHSA-2004:177-01, April 30, 2004
Netwosix Linux Security Advisory, LNSA-#2004-0014, May 1, 2004
Packet storm, May 4, 2004
Fedora Legacy Update Advisory, FLSA:1549, September 30, 2004 |
PostgreSQL
PostgreSQL 7.4.5 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
PostgreSQL Insecure Temporary File Creation
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
Roaring Penguin Software
Roaring Penguin 3.5 & prior |
A vulnerability exists in the pppoe driver, which could let a malicious user obtain elevated privileges.
Debian: http://security.debian.org/pool/updates/main/r/rp-pppoe/
We are not aware of any exploits for this vulnerability. |
Roaring Penguin pppoe Elevated Privileges
CVE Name:
CAN-2004-0564
|
Medium |
Debian Security Advisory, DSA 557-1 , October 4, 2004 |
rsync 2.6.2 and prior
Debian
SuSE
Trustix |
A vulnerability exists in rsync when running in daemon mode with chroot disabled. A remote user may be able read or write files on the target system that are located outside of the module's path. A remote user can supply a specially crafted path to cause the path cleaning function to generate an absolute filename instead of a relative one. The flaw resides in the sanitize_path() function.
Updates and patches are available at: http://rsync.samba.org/
SuSE: http://www.suse.de/de/security/2004_26_rsync.html
Debian: http://www.debian.org/security/2004/dsa-538
Trustix: http://www.trustix.net/errata/2004/0042/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
OpenPKG: ftp://ftp.openpkg.org/release/2.0/UPD/
Tinysofa:
http://http.tinysofa.org/pub/tinysofa/updates/server-2.0/i386/tinysofa/rpms.updates/rsync-2.6.2-2ts.i386.rpm
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/
Fedora Legacy: http://download.fedoralegacy.org/redhat/
We are not aware of any exploits for this vulnerability. |
Rsync Input Validation Error in sanitize_path() May Let Remote Users Read or Write Arbitrary Files
CVE Name:
CAN-2004-0792
|
High |
SecurityTracker 1010940, August 12, 2004
rsync August 2004 Security Advisory
SecurityFocus, September 1, 2004
Fedora Legacy Update Advisory, FLSA:2003, September 30, 2004 |
SGI
IRIX 6.5.22-6.5.25 |
A vulnerability exists because 't_unbind()' modifies the expected behavior of 't_bind().' The consequences of the vulnerability are not known.
Patches available at:
ftp://patches.sgi.com/support/free/security/patches/
We are not aware of any exploits for this vulnerability.
|
|
Not Specified |
SGI Security Advisory, September 28, 20040905-01-P, 2004 |
SpamAssassin.org
SpamAssassin prior to 2.64 |
A Denial of Service vulnerability exists in SpamAssassin. A a remote user can send an e-mail message with specially crafted headers to cause a Denial of Service attack against the SpamAssassin service.
Update to version (2.64), available at: http://old.spamassassin.org/released/
Gentoo: http://security.gentoo.org/glsa/glsa-200408-06.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
OpenPKG: ftp://ftp.openpkg.org/release/
Conectiva: ftp://atualizacoes.conectiva.com.br/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-451.html
We are not aware of any exploits for this vulnerability. |
|
Low |
SecurityTracker: 1010903, August 10, 2004
Mandrake Security Advisory, MDKSA-2004:084, August 19, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.041, September 15, 2004
Conectiva Linux Security Announcement, CLA-2004:867, September 22, 2004
RedHat Security Advisory, RHSA-2004:451-05, September 30, 2004 |
Squid-cache.org
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4, STABLE7, 2.5 STABLE1-STABLE6, Squid Web Proxy Cache 3.0 PRE1-PRE3 |
A remote Denial of Service vulnerability exists in 'lib/ntlmauth.c' due to insufficient validation of negative values in the 'ntlm_fetch_string()' function.
Patches available at:
http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ntlm_fetch_string.patch
Gentoo: http://security.gentoo.org/glsa/glsa-200409-04.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Trustix: http://http.trustix.org/pub/trustix/updates/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-462.html
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
We are not aware of any exploits for this vulnerability.
|
Squid Proxy NTLM Authentication Remote Denial of Service
CVE Name:
CAN-2004-0832
|
Low |
Secunia Advisory, SA12444, September 3, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:093, September 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0047, September 16, 2004
RedHat Security Advisory, RHSA-2004:462-10, September 30, 2004
\Turbolinux Security Announcement, October 5, 2004 |
Subversion
Subversion 1.0-1.0.7, 1.1 .0 rc1-rc3 |
A vulnerability exists in the 'mod_authz_svn' module due to insufficient restricted access to metadata on unreadable paths, which could let a remote malicious user obtain sensitive information.
Update available at:
http://subversion.tigris.org/tarballs/subversion-1.0.8.tar.gz
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-35.xml
There is no exploit code required. |
Subversion Mod_Authz_Svn Metadata Information Disclosure
CVE Name:
CAN-2004-0749
|
Medium |
SecurityTracker Alert ID, 1011390, September 23, 2004
Gentoo Linux Security Advisory, GLSA 200409-35, September 29, 2004 |
Sun Microsystems, Inc.
Solaris 8 |
A vulnerability exists in the gzip(1) command, which could let a malicious user access the files of other users that were processed using gzip.
Workaround and update available at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1
We are not aware of any exploits for this vulnerability.
|
Sun Solaris Gzip File Access |
Medium |
Sun(sm) Alert Notification, 57600, October 1, 2004 |
Trustix
LVM Logical Volume Management Utilities 1.0.7 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
There is no exploit code required. |
Trustix LVM Utilities Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 |
Viagenie
Freenet6 0.9.6, 1.0 |
A vulnerability exists because the 'tspc.conf' configuration file for the
freenet6 client is world-readable, which could let a malicious user obtain sensitive information.
Debian: http://security.debian.org/pool/updates/main/f/freenet6/
There is no exploit code required. |
Freenet6 on Debian Linux Information Disclosure
CVE Name:
CAN-2004-0563
|
Medium |
Debian Security Advisory DSA 555-1, September 30, 2004 |
xmlstar.sourceforge.net
XMLStartlet prior to 0.9.5 |
Several buffer overflow vulnerabilities exist when processing XML data in 'xml_elem.c' and 'xml_select.c,' which could let a remote malicious user execute arbitrary code. Numerous format string vulnerabilities also exist when processing useage parameters, which could let a remote malicious user execute arbitrary code.
Update available at: http://xmlstar.sourceforge.net/download.php
We are not aware of any exploits for this vulnerability. |
XMLStartlet Buffer Overflows & Format Strings |
High |
SecurityTracker Alert ID, 1011496, October 1, 2004 |
Yukihiro Matsumoto
Ruby 1.6, 1.8 |
A vulnerability exists in the CGI session management component due to the way temporary files are processed, which could let a malicious user obtain elevated privileges.
Upgrades available at: http://security.debian.org/pool/updates/main/r/ruby/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-08.xml
RedHat: http://rhn.redhat.com/errata/RHSA-2004-441.html
We are not aware of any exploits for this vulnerability. |
Ruby CGI Session Management Unsafe Temporary File
CVE Name:
CAN-2004-0755 |
Medium |
Debian Security Advisory, DSA 537-1, August 16, 2004
Gentoo Linux Security Advisory, GLSA 200409-08, September 3, 2004
RedHat Security Advisory, RHSA-2004:441-18, September 30, 2004 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
@lexPHPteam
@lex Guestbook |
An input validation vulnerability exists in @lex Guestbook, which could let a remote malicious user execute arbitrary PHP code.
Update available at: http://www.alexphpteam.com/download.php
We are not aware of any exploits for this vulnerability. |
@lex Guestbook Include File Remote Code Execution |
High |
SecurityTracker Alert ID, 1011432, September 28, 2004
SecurityFocus, September 30, 2004 |
Apache Software Foundation
Xerces C++ 2.5 .0 |
A remote Denial of Service vulnerability exists due to a failure to properly handle exceptional XML input.
Upgrade available at:
http://www.apache.org/dist/xml/xerces-c/xerces-c-src_2_6_0.tar.gz
There is no exploit code required. |
Xerces C++ XML Parsing Remote Denial of Service |
Low |
Bugtraq, October 2, 2004 |
bblog.com
bBlog 0.7.2, bBlog 0.7.3 |
An input validation vulnerability exists in 'rss.php' due to insufficient sanitization of the 'p' array parameter, which could let a remote malicious user execute arbitrary SQL commands.
Updates available at: http://www.bblog.com/download.php
There is no exploit code required. |
BBlog RSS.PHP Input Validation |
High |
Bugtraq, October 1, 2004 |
Fritz Berger
yappa-ng prior to 2.3.0 |
Two vulnerabilities exists: a vulnerability exists in 'show.php' due to a security flaw when showing a random image, which could let a remote malicious user obtain sensitive information; and a remote Denial of Service vulnerability exists when a malicious user requests that an image be resized to a large value.
Updates available at: http://sourceforge.net/project/showfiles.php?group_id=70802
We are not aware of any exploits for this vulnerability. |
yappa-ng Access Control |
Low/ Medium
(Medium if sensitive information can be obtained)
|
Secunia Advisory,
SA12709, October 4, 2004 |
FuzzyMonkey.org
My Blog prior to 1.21 |
Several vulnerabilities exist due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at: http://www.fuzzymonkey.org/cgi-bin/
newfuzzy/software.cgi
We are not aware of any exploits for this vulnerability. |
My Blog Input Validation Errors |
High |
Secunia Advisory,
SA12729, October 5, 2004 |
Hewlett Packard Company
LaserJet 4200, 4300 |
A vulnerability exists due to the method of upgrading the firmware on affected devices, which could let a remote malicious user cause a Denial of Service, replace the firmware with malicious code, or possibly render the printer useless until the firmware is repaired or replaced.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
HP LaserJet 4200/4300 Printer Arbitrary Firmware Upgrade |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 30, 2004 |
Icecast.org
Icecast 2.0, 2.0.1 |
A buffer overflow vulnerability exists due to a boundary error in the parsing of HTTP headers, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://svn.xiph.org/releases/icecast/icecast-2.0.2.tar.gz
A Proof of Concept exploit script has been published. |
Icecast Server HTTP Header Buffer Overflow
|
High |
SecurityTracker Alert ID. 1011439, September 29, 2004 |
Macromedia
ColdFusion MX 6.1 |
A vulnerability exists because remote authenticated malicious users with privileges to create templates that contain CreateObject and cfobject tags can create a template to access the administrative password.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
ColdFusion MX Template Information Disclosure |
Medium |
SecurityTracker Alert ID, 1011475, October 1, 2004 |
Marc Druilhe
W-Agora 4.1.6 a |
Multiple vulnerabilities exist: a vulnerability exists in 'redir_url.php' due to insufficient sanitization of the 'key' parameter, which could let a remote malicious user execute arbitrary SQL code; a vulnerability exists due to insufficient sanitization of the 'thread' parameter in 'download_thread.php' and 'subscribe_threat.php' the 'loginuser' parameter in 'login.php,' and the 'userid' parameter in 'forgot_password.php,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists in 'list.php,' which could let a remote malicious user obtain sensitive information.
The vendor has issued a fix, available via CVS.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
W-Agora Multiple Remote Input Validation Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1011463, September 30, 2004 |
Mozilla.org
Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10 |
A vulnerability exists due to an error when downloading files, which could let a remote malicious user delete files. susceptible to a file deletion vulnerability.
Upgrades available at:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/firefox-1.0PR-source.tar.bz2
Patches available at:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/
0.10.1/patches/259708.xpi
There is no exploit code required. |
Mozilla Firefox Save Dialog File Deletion |
Medium |
Secunia Advisory,
SA12708, October 4, 2004 |
Mozilla.org
Mandrakesoft
Slackware
Mozilla 1.7 and prior;
Firefox 0.9 and prior;
Thunderbird 0.7 and prior |
Multiple vulnerabilities exist in Mozilla, Firefox, and Thunderbird that could allow a malicious user to conduct spoofing attacks, compromise a vulnerable system, or cause a Denial of Service. These vulnerabilities include buffer overflow, input verification, insecure certificate name matching, and out-of-bounds reads.
Upgrade to the latest version of Mozilla, Firefox, or Thunderbird available at: http://www.mozilla.org/download.html
Slackware: http://www.slackware.com/security/viewer.php?l=
slackware-security&y=2004&m=slackware-security.667659
Mandrakesoft: http://www.mandrakesoft.com/security/advisories?
name=MDKSA-2004:082
RedHat: http://rhn.redhat.com/errata/RHSA-2004-421.html
SGI: ftp://patches.sgi.com/support/free/security/patches/ProPack/3/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-26.xml
HP: http://h30097.www3.hp.com/internet/download.htm
We are not aware of any exploits for this vulnerability. |
|
High |
Secunia, SA10856, August 4, 2004
US-CERT Vulnerability Note VU#561022
RedHat Security Advisory, RHSA-2004:421-17, August 4, 2004
SGI Security Advisory, 20040802-01-U, August 14, 2004
Gentoo Linux Security Advisory, GLSA 200409-26, September 20, 2004
HP Security Bulletin, HPSBTU01081, October 5, 2004 |
Mozilla.org
Mozilla 0.x, 1.0-1.7.x, Firefox 0.x, Thunderbird 0.x; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2 |
Multiple vulnerabilities exist: buffer overflow vulnerabilities exist in 'nsMsgCompUtils.cpp' when a specially crafted e-mail is forwarded, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to insufficient restrictions on script generated events, which could let a remote malicious user obtain sensitive information; a buffer overflow vulnerability exists in the 'nsVCardObj.cpp' file due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'nsPop3Protocol.cpp' due to boundary errors, which could let a remote malicious user execute arbitrary code; a heap overflow vulnerability exists when handling non-ASCII characters in URLs, which could let a remote malicious user execute arbitrary code; multiple integer overflow vulnerabilities exist in the image parsing routines due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code; a cross-domain scripting vulnerability exists because URI links dragged from one browser window and dropped into another browser window will bypass same-origin policy security checks, which could let a remote malicious user execute arbitrary code; and a vulnerability exists because unsafe scripting operations are permitted, which could let a remote malicious user manipulate information displayed in the security dialog.
Updates available at: http://www.mozilla.org/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-26.xml
HP: http://h30097.www3.hp.com/internet/download.htm
RedHat: http://rhn.redhat.com/errata/RHSA-2004-486.html
Proofs of Concept exploits have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Technical Cyber Security Alert TA04-261A, September 17, 2004
US-CERT Vulnerability Notes VU#414240, VU#847200, VU#808216, VU#125776, VU#327560, VU#651928, VU#460528, VU#113192, September 17, 2004
Gentoo Linux Security Advisory, GLSA 200409-26, September 20, 2004
RedHat Security Bulletin, RHSA-2004:486-18, September 30, 2004
HP Security Bulletin, HPSBTU01081, October 5, 2004 |
Multiple Vendors
AJ-Fork AJ-Fork 16-;
CutePHP CuteNews 0.88, 1.3-1.3.2, 1.3.6 |
A vulnerability exists due to insecure default file permissions, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
AJ-Fork Insecure Default Permissions |
Medium |
Bugtraq, October 1, 2004. |
Multiple Vendors
Linux kernel 2.4.0-test1-test12, 2.4.1-2.4.27;
Microsoft Windows 2000 Advanced Server, SP1-SP4,
2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, XP Home, SP1&SP2, XP Professional, SP1&SP2 |
A remote Denial of Service vulnerability exists due to inefficiencies when handling fragmented TCP packets.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
Multiple Vendor TCP Packet Fragmentation Handling Denial of Service |
Low |
Bugtraq, September 27, 2004 |
Multiple Vendors
Multiple (See advisory
located at:
http://www.uniras.gov.
uk/vuls/2004/236929/
index.htm
for complete list)
|
A vulnerability exists that affects implementations of the Transmission Control Protocol (TCP) that comply with the Internet Engineering Task Force’s (IETF’s) Requests For Comments (RFCs) for TCP. The impact of this vulnerability varies by vendor and application but could let a remote malicious user cause a Denial of Service, or allow unauthorized malicious users to inject malicious data into TCP streams.
List of updates available at:
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
SGI: http://www.sgi.com/support/security/
Proofs of Concept exploits have been published.
Vulnerability has appeared in the press and other public media.
|
Multiple Vendor TCP Sequence Number Approximation
CVE Name:
CAN-2004-0230
|
Low/ High
(High if arbitrary code can be executed)
|
NISCC Vulnerability Advisory, 236929, April 23, 2004
VU#415294, http://www.kb.cert.org
/vuls/id/415294
TA04-111A, http://www.us-cert.gov/cas/techalerts/TA04-111A.html
SGI Security Advisory, 20040905-01-P, September 28,2004
|
MySQL AB
MySQL 4.1.3 -beta, 4.1.4 |
A buffer overflow vulnerability exists due to a failure to ensure the size of a buffer is sufficient to handle user-supplied input, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Upgrades available at:
http://dev.mysql.com/get/Downloads/MySQL-4.1/mysql-4.1.5-gamma.tar.gz/from/pick
We are not aware of any exploits for this vulnerability. |
MySQL Bounded Parameter Statement Execution Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 27, 2004 |
ParaChat Group
ParaChat Server 5.5 |
A Directory Traversal vulnerability exists due to an input validation error, which could let a remote malicious user obtain sensitive information.
The vendor has fixed the vulnerability in the latest version 5.5
without changing the version number. Update to a version released on
2004-09-29 or later.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ParaChat Server Directory Traversal |
Medium |
Secunia Advisory, SA12678, September 30, 2004 |
PHP-Fusion
PHP-Fusion 4.0 1 |
Multiple vulnerabilities exist: a vulnerability exists due to insufficient sanitization of input passed to the 'rowstart' parameter in 'members.php' and the 'comment_id' parameter in 'comments.php,' which could let a remote malicious user execute arbitrary SQL code; and a vulnerability exists due to insufficient sanitization of input passed to fields in 'Submit News,' 'Submit Link,' and 'Submit Article,' which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
PHP-Fusion Multiple SQL & HTML Injection |
High |
Secunia Advisory, SA12686, September 30, 2004 |
phplinks.sourceforge.net
PHPLinks |
A vulnerability exists when a certain type of URL is requested, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
PHPLinks Installation Path Disclosure |
Medium |
Nkxtox Advisory 0000-00003, October 3, 2004 |
proxytunnel
proxytunnel 1.0.6, 1.1.3 |
A vulnerability exists because proxyuser/proxypass data is passed to the program in an insecure manner, which could let a malicious user obtain sensitive information.
Upgrades available at:
http://prdownloads.sourceforge.net/proxytunnel/proxytunnel-1.2.0.tgz?download
There is no exploit code required. |
Proxytunnel Local Proxy Credential Disclosure |
Medium |
SecurityFocus, October 1, 2004 |
Real Estate Management Software
Real Estate Management Software 1.0
|
A vulnerability exists in the 'site.xml' configuration file, which could let a remote malicious user obtain sensitive information.
Update available at:
http://real-estate-management-software.org/realestate-management-tool-code.zip
We are not aware of any exploits for this vulnerability. |
Real Estate Management Information Disclosure |
Medium |
SecurityFocus, October 1, 2004 |
Real Networks
RealPlayer 8, 10,
RealOne Player v1 & v2,
Helix Player 1.x,
RealPlayer Enterprise |
Multiple vulnerabilities exist: a vulnerability exists due to an error when running local RM files, which could let a malicious user execute arbitrary code; a vulnerability exists when handling malformed calls, which could let a malicious user execute arbitrary code; and an unspecified error exists that allows malicious websites and media files to delete arbitrary local files.
Updates available at: http://www.service.real.com/help/faq/security/040928_player/EN/
Vulnerability has appeared in the press and other public media.
Proofs of Concept exploits have been published. |
RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA12672, September 29, 2004 |
Recruitment Agency Software
Recruitment Agency Software 1.0 |
A vulnerability exists in the 'site.xml' configuration file, which could let a remote malicious user obtain sensitive information.
Update available at: http://www.recruitment-agency-software.com/recruitment-agency-software-download.php
We are not aware of any exploits for this vulnerability. |
Online Recruitment Agency Information Disclosure |
Medium |
SecurityFocus, October 1, 2004 |
silent-storm.co.uk
Silent-Storm Portal 2.1 |
Multiple vulnerabilities exist: a vulnerability exists in 'home.php' and 'profile.php' due to insufficient validation of user-supplied input, which could let a remote malicious user obtain administrative privileges; and a vulnerability exists in 'index.php' due to insufficient sanitization of the 'module' parameter, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Proofs of Concept exploit scripts have been published.
|
Silent Storm Portal Multiple Input Validation |
High |
CHT Security Research, September 30, 2004 |
sy9.org
Serendipity 0.7 beta1 & prior |
Several vulnerabilities exist: a vulnerability exists in 'exit.php' and 'comment.php' due to insufficient sanitization of input passed to the 'entry_id' parameter, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability exists in 'comment.php' due to insufficient sanitization of input passed to the email and username fields, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrade available at:
http://prdownloads.sourceforge.net/php-blog/serendipity-0.7-beta3.tar.gz?download
Proofs of Concept exploits have been published. |
Serendipity Multiple Input Validation |
High |
Secunia Advisory, SA12673, September 28, 2004 |
|
| |
