 |
Summary of Security Items from October 6 through October 12, 2004
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
AtHoc
AtHoc Toolbar |
Two vulnerabilities were reported in the AtHoc Toolbar plug-in for Microsoft Internet Explorer. Due to a buffer overflow and a format string flaw in the toolbar software, a remote user can execute arbitrary code on the target user's system with the privileges of the target user.
Upgrade available at: www.athoc.com/site/products/toolbar.asp
We are not aware of any exploits for this vulnerability. |
AtHoc Toolbar Remote Code Execution |
High |
SecurityTracker Alert ID: 1011554, October 6, 2004 |
Business Objects
Crystal Reports 9, 10
Crystal Enterprise 9, 10 |
A buffer overflow vulnerability exists in certain Crystal products when processing Joint Photographic Experts Group (JPEG) image files, which could allow remote code execution. The vulnerability is due to a Microsoft component (Gdiplus.dll) included with certain versions of Crystal Reports and Crystal Enterprise.
Updates available at: http://support.businessobjects.com/library/kbase/articles/c2016358.asp
We are not aware of any exploits for this vulnerability. |
Business Objects Crystal Reports Buffer Overflow JPEG Processing |
High |
Business Objects, October 2004 |
IceWarp
IceWarp Web Mail prior to 5.3.0 |
Vulnerabilities exist in IceWarp Web Mail, which can be exploited by malicious people to conduct cross-site scripting attacks. These vulnerabilities are due to input validation errors in 'view.html.'
Update to version 5.3.0: http://www.icewarp.com/Download/
We are not aware of any exploits for this vulnerability. |
IceWarp Web Mail Cross-Site Scripting Vulnerabilities |
High |
Secunia Advisory ID SA12789, October 12, 2004 |
Ipswitch
WhatsUp Gold 7.0 4, 7.0 3, 7.0, 8.0 3, 8.0 1, 8.0 |
A buffer overflow vulnerably exists in the '_maincfgret.cgi' script due to a failure to validate user-supplied string lengths, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/WhatsUp/wug803HF1.exe
Exploit scripts have been published.
|
|
High |
iDEFENSE Security Advisory, August 25, 2004
SecurityFocus, October 6, 2004 |
Jera Technology
Flash Messaging 5.2.0g (rev 1.1.2) and prior |
A Denial of Service vulnerability exists due to input validation errors in the network data exchanged between server and clients. Also, commands, such as shutdown, from the server to users can be ignored.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Jera Technology Flash Messaging Denial of Service |
Low |
Bugtraq, October 7, 2004 |
Microsoft
ASP.NET 1.x |
A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.
Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/details.aspx?FamilyId=DA77B852-DFA0-4631-AAF9-8BCC6C743026
A Proof of Concept exploit has been published. |
|
Medium |
Microsoft, October 7, 2004 |
Microsoft
Windows XP Home Edition, XP Professional, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition |
A remote code execution vulnerability exists in Compressed (zipped) Folders because of an unchecked buffer in the way that it handles specially crafted compressed files. A malicious user could exploit the vulnerability by constructing a malicious compressed file that could potentially allow remote code execution if a user visited a malicious web site.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx
We are not aware of any exploits for this vulnerability. |
Microsoft Compressed (zipped) Folders Remote Code Execution
CVE Name: CAN-2004-0575
|
High |
Microsoft Security Bulletin MS04-034, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Office 2000, Excel 2000, Office XP, Excel 2002, Office 2001 for Macintosh, Office v. X for Macintosh |
A remote code execution vulnerability exists in Excel. If a user is logged on with administrative privileges, a malicious user who successfully exploited this vulnerability could take complete control of the affected system.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx
We are not aware of any exploits for this vulnerability. |
|
High |
Microsoft Security Bulletin MS04-033, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP Service Pack 2, Windows 98, Windows 98 SE, Windows ME, Internet Explorer 5.5 |
Multiple vulnerabilities are corrected with Microsoft Security Update MS04-038. These vulnerabilities include: Cascading Style Sheets (CSS) Heap Memory Corruption Vulnerability; Similar Method Name Redirection Cross Domain Vulnerability; Install Engine Vulnerability; Drag and Drop Vulnerability; Address Bar Spoofing on Double Byte Character Set Locale Vulnerability; Plug-in Navigation Address Bar Spoofing Vulnerability; Script in Image Tag File Download Vulnerability; SSL Caching Vulnerability. These vulnerabilities could allow remote code execution.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx
We are not aware of any exploits for these vulnerabilities. |
Microsoft Internet Explorer Security Update
CVE Names: CAN-2004-0842
CAN-2004-0727
CAN-2004-0216
CAN-2004-0839
CAN-2004-0844
CAN-2004-0843
CAN-2004-0841
CAN-2004-0845
|
High |
Microsoft Security Bulletin MS04-038, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004 |
Microsoft
Internet Explorer 6.0, SP1&SP2 |
A vulnerability was reported in Microsoft Internet Explorer, which could allow a remote malicious user to access XML documents that are accessible to the target user. A remote user can create HTML code that, when loaded by the target user, will retrieve XML data from arbitrary servers and forward that information to the remote user.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer XML Documents Remote Access |
Medium |
SecurityTracker Alert ID: 1011563, October 7, 2004 |
Microsoft
Microsoft .NET Framework 1.x, Digital Image Pro 7.x, 9.x, Digital Image Suite 9.x, Frontpage 2002, Greetings 2002, Internet Explorer 6, Office 2003 Professional Edition, 2003 Small Business Edition, 2003 Standard Edition, 2003 Student and Teacher Edition, Office XP, Outlook 2002, 2003, Picture It! 2002, 7.x, 9.x, PowerPoint 2002, Producer for Microsoft Office PowerPoint 2003, Project 2002, 2003, Publisher 2002, Visio 2002, 2003, Visual Studio .NET 2002, 2003, Word 2002;
Avaya DefinityOne Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers |
A buffer overflow vulnerability exists in the processing of JPEG image formats, which could let a remote malicious user execute arbitrary code.
Frequently asked questions regarding this vulnerability and the patch can be found at: http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Another exploit script has been published. |
Microsoft JPEG Processing Buffer Overflow
CVE Name:
CAN-2004-0200
|
High |
Microsoft Security Bulletin, MS04-028, September 14, 2004
US-CERT Vulnerability Note VU#297462, September 14, 2004
Technical Cyber Security Alert TA04-260A, September 16, 2004
SecurityFocus, September 17, 2004
SecurityFocus, September 28, 2004
Packet Storm, October 7, 2004. |
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows 98, Windows 98 SE, Windows ME |
A remote code execution vulnerability exists in the NetDDE services because of an unchecked buffer. A malicious user who successfully exploited this vulnerability could take complete control of an affected system. However, the NetDDE services are not started by default and would have to be manually started for an attacker to attempt to remotely exploit this vulnerability. This vulnerability could also be used to attempt to perform a local elevation of privilege or remote Denial of Service.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-031.mspx
We are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin MS04-031, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange 2000 Server, Exchange Server 2003
|
A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems, which could let a remote malicious user execute arbitrary code. This vulnerability could potentially affect systems that do not use NNTP.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx
We are not aware of any exploits for this vulnerability.
|
|
High |
Microsoft Security Bulletin MS04-036, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition |
An information disclosure and Denial of Service vulnerability exists when the RPC Runtime Library processes specially crafted messages. A malicious user who successfully exploited this vulnerability could potentially read portions of active memory or cause the affected system to stop responding.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-029.mspx
We are not aware of any exploits for these vulnerabilities. |
Microsoft RPC Runtime Library Information Disclosure & Denial of Service
CVE Name: CAN-2004-0569
|
Low |
Microsoft Security Bulletin MS04-029, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004 |
Microsoft
Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003 |
A remote code execution vulnerability exists in the Windows Server 2003 SMTP component because of the way that it handles Domain Name System (DNS) lookups. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx
We are not aware of any exploits for this vulnerability. |
|
High |
Microsoft Security Bulletin MS04-035, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Internet Information Services 5.0, Internet Information Services 5.1, Internet Information Services 6.0 |
A Denial of Service vulnerability exists that could allow a malicious user to send a specially crafted WebDAV request to a server that is running IIS and WebDAV. A malicious user could cause WebDAV to consume all available memory and CPU time on an affected server. The IIS service would have to be restarted to restore functionality.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx
We are not aware of any exploits for these vulnerabilities.
|
Microsoft WebDav XML Message Handler Denial of Service
CVE Name:
CAN-2004-0718
|
Low |
Microsoft Security Bulletin MS04-030, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows ME |
Multiple vulnerabilities are corrected with Microsoft Security Update MS04-032. These vulnerabilities include: Window Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, Windows Kernel Vulnerability. These vulnerabilities could permit elevation of privilege, remote code execution, and Denial of Service.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx
We are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin MS04-032, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows 2000 Professional, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Datacenter Edition, Windows 98, Windows 98 SE, Windows ME |
A Shell vulnerability and Program Group vulnerability exists in Microsoft Windows. These vulnerabilities could allow remote code execution.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx
We are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin MS04-037, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
|
Microsoft
Office 2000, XP, Word 2000, 2002
|
A vulnerability exists in Microsoft Word, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code. The vulnerability is caused due to an input validation error within the parsing of document files and may lead to a stack-based buffer overflow.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Microsoft Word Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, Bugtraq ID 11350, October 7, 2004 |
Monolith
Alien versus Predator 2 v1.0.9.6;
Blood 2 v2.1;
No one lives forever, v1.004;
Shogo, v2.2 |
A buffer overflow vulnerability exists in multiple Monolith games, which can be exploited by malicious people to cause a DoS (Denial of Service) and remote code execution. The vulnerability is caused due to a boundary error within the handling of secure Gamespy queries server.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Monolith Games Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory SA12776, October 10, 2004 |
Robert K Jung
unarj 2.x |
An input validation vulnerability was reported in unarj, which could permit a remote user to create a malicious archive that, when expanded by a target user, will write or overwrite arbitrary files on the target user's system.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
unarj Input Validation |
High |
SecurityTracker Alert ID: 1011610, October 11, 2004 |
TriDComm
TriDComm FTP Server 1.3 and prior |
A vulnerability exists due to an input validation error which can be exploited by malicious users to access arbitrary files on a the integrated FTP server.
No workaround or patch available at time of publishing.
An exploit script has been published. |
TriDComm FTP Server Directory Traversal |
|
Secunia Advisory SA 12755, October 7, 2004 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-05.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://rhn.redhat.com/errata/RHSA-2004-546.html
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
We are not aware of any exploits for this vulnerability.
|
Cyrus SASL Buffer Overflow & Input Validation
CVE Name:
CAN-2004-0884
|
|
SecurityTracker Alert ID: 1011568, October 7, 2004 |
Charles Cazabon
getmail 4.0.0b10, 4.0-4.0.13, 4.1-4.1.5; Gentoo Linux 1.4 |
A vulnerability exists due to insufficient validation of symbolic links when creating users' mail boxes and subdirectories, which could let a malicious user obtain elevated privileges.
Upgrades available at:
http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4.2.0.tar.gz
Gentoo: http://security.gentoo.org/glsa/glsa-200409-32.xml
Debian: http://security.debian.org/pool/updates/main/g/getmail/
Slackware: ftp://ftp.slackware.com/pub/slackware/
There is no exploit code required.
|
Getmail Privilege Escalation |
Medium |
Secunia Advisory, SA12594, September 20, 2004
Debian Security Advisory, DSA 553-1, September 27, 2004
Slackware Security Advisory, SSA:2004-278-01, October 4, 2004 |
Concurrent Versions Systems (CVS) 1.11 |
A vulnerability exists in Concurrent Versions System (CVS) in which a malicious user can exploit to determine the existence and permissions of arbitrary files and directories. The problem is caused due to an undocumented switch to the "history" command implemented in "src/history.c". Using the "-X" switch and supplying an arbitrary filename, CVS will try to access the specified file and returns various information depending on whether the file exists and can be accessed.
Upgrade to version 1.11.17 or 1.12.9 available at:
https://www.cvshome.org/
FreeBSD: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch
Fedora Legacy: http://download.fedoralegacy.org/redhat/
A Proof of Concept exploit has been published. |
CVS Undocumented Flag Information Disclosure
CVE Name:
CAN-2004-0778 |
Low |
iDEFENSE Security Advisory 08.16.04
FreeBSD Security Advisory, FreeBSD-SA-04:14, September 20, 2004
Fedora Legacy Update Advisory, FLSA:1735, October 7, 2004 |
CVS
Caldera
Conectiva
Debian
Fedora
Gentoo
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Slackware
SuSE
CVS 1.10.7, 1.10.8, 1.11‑1.11.6, 1.11.10, 1.11.11, 1.11.14‑1.11.16, 1.12.1, 1.12.2, 1.12.5, 1.12.7, 1.12.8;
Gentoo Linux 1.4;
OpenBSD –current, 3.4, 3.5;
OpenPKG Current, 1.3, 2.0 |
Multiple vulnerabilities exist: a null-termination vulnerability exists regarding ‘Entry’ lines that was introduced by a previous CVS security patch, which could let a remote malicious user execute arbitrary code; a ‘double free’ vulnerability exists in the ‘Arguments ‘command, which could let a remote malicious user execute arbitrary code; a format string vulnerability exists in the processing of the CVS wrapper file, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability exists in the handling of the ‘Max-dotdot’ CVS protocol command, which could let a remote malicious user cause a Denial of Service; a vulnerability exists in the ‘serve_notify()’ function when handling empty data lines, which could let a remote malicious user execute arbitrary code; several errors exist when reading configuration files containing empty lines from CVSROOT, which could let a remote malicious user cause a Denial of Service; and various integer multiplication overflow vulnerabilities exist, which could let a remote malicious user execute arbitrary code.
CVS: https://ccvs.cvshome.org/files/documents/19/194/cvs-1.11.17.tar.gz
Debian:http://security.debian.org/pool/updates/main/c/cvs/
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1
Gentoo: http://security.gentoo.org/glsa/glsa-200406-06.xml
Mandrake: http://www.mandrakesoft.com/security/advisories
OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/patches/
OpenPKG: ftp://ftp.openpkg.org/release
RedHat: http://rhn.redhat.com/errata/RHSA-2004-233.html
SGI: ftp://patches.sgi.com/support/free/security/patches/ProPack/3/
SuSE: ftp://ftp.suse.com/pub/suse/
FreeBSD: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch
Fedora Legacy: http://download.fedoralegacy.org/redhat/
A Proof of Concept exploit script has been published. |
|
Low/ High
(Low if a DoS; and High if arbitrary code can be executed)
|
Debian Security Advisories, DSA 517-1 & 519-1, June 10 & 15, 2004
Fedora Update Notifications, FEDORA-2004-169 & 170, June 11, 2004
Gentoo Linux Security Advisory, GLSA 200406-06, June 10, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:058, June 9, 2004
OpenPKG Security Advisory , OpenPKG-SA-2004.027, June 11, 2004
RedHat Security Advisory, RHSA-2004:233-07, June 9, 2004
SGI Security Advisories, 20040604-01-U & 20040605-01-U, June 21, 2004
SUSE Security Announcement, SuSE-SA:2004:015, June 9, 2004
FreeBSD Security Advisory, FreeBSD-SA-04:14, September 20, 2004
Fedora Legacy Update Advisory, FLSA:1735, October 7, 2004 |
Debian
telnetd 0.17 -25, 0.17 -18 |
A vulnerability exists due to a failure to ensure that memory buffers are properly allocated and deallocated, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/main/n/netkit-telnet/
We are not aware of any exploits for this vulnerability. |
Debian GNU/Linux Telnetd Invalid Memory Handling
CVE Name:
CAN-2004-0911
|
Low/High
(High if arbitrary code can be executed)
|
Debian Security Advisory, DSA 556-1, October 3, 2004 |
FreeRADIUS Server Project
FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0 |
A remote Denial of Service vulnerability exists in 'radius.c' and 'eap_tls.c' due to a failure to handle malformed packets.
Upgrades available at:
ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.1.tar.gz
Gentoo: http://security.gentoo.org/glsa/glsa-200409-29.xml
There is no exploit code required. |
FreeRADIUS Access-Request Denial of Service |
Low |
Gentoo Linux Security Advisory, GLSA 200409-29, September 22, 2004
US-CERT Vulnerability Note VU#541574, October 11, 2004 |
GNU
gettext 0.14.1 |
A vulnerability exists due to the insecure creation of temporary files, which could possible let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-10.xml
There is no exploit code required. |
GNU
GetText Insecure Temporary File Creation |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200410-10, October 10, 2004 |
INCOGEN, Inc.
BugPort 1.0 90-1.0 99, 1.101, 1.108, 1.109, 1.117, 1.119, 1.125, 1.129, 1.133
|
A vulnerability exists due improper handling of file attachments. This could possibly lead to the execution of arbiter code.
Upgrades available at:
http://freshmeat.net/redir/bugport/43537/url_tgz/bugport-current.tar.gz
We are not aware of any exploits for this vulnerability.
|
BugPort File Attachment |
High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1011543, October 5, 2004 |
Jem Berkes
renattach 1.2, 1.2.1 |
A vulnerability exists in the the '--pipe' command, which could potentially let a remote malicious user execute arbitrary commands.
Updates available at:
http://freshmeat.net/redir/renattach/8951/url_tgz/renattach-1.2.2.tar.gz
There is no exploit code required. |
Renattach
'--pipe' Input Validation
|
High |
Secunia Advisory, SA12778, October 11, 2004 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4;
RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
A remote Denial of Service vulnerability exists in the Apache mod_dav module when an authorized malicious user submits a specific sequence of LOCK requests.
Update available at: http://httpd.apache.org/
Gentoo: http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
RedHat: ftp://updates.redhat.com/enterprise
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Debian: http://security.debian.org/pool/updates/main/liba/
There is no exploit code required; however, Proof of Concept exploit has been published. |
|
|
SecurityTracker Alert ID, 1011248, September 14, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
Debian Security Advisory DSA 558-1 , October 6, 2004 |
Multiple Vendors
Gentoo Linux 1.4;
KDE KDE 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3; MandrakeSoft Linux Mandrake 9.2 amd64, 9.2, 10.0 AMD64, 10.0 |
A vulnerability exists due to insufficient validation of ownership of temporary directories, which could let a malicious user cause a Denial of Service, overwrite arbitrary files, or obtain elevated privileges.
KDE: ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch
Debian: http://security.debian.org/pool/updates/main/k/kdelibs/
Gentoo: http://security.gentoo.org/glsa/glsa-200408-13.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora:http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-412.html
There is no exploit code required. |
|
Low/Medium
(Low if a DoS)
|
KDE Security Advisory,August 11, 2004
Fedora Update Notifications,
FEDORA-2004-290 & 291, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:864, September 13, 2004
RedHat Security Advisory, RHSA-2004:412-11, October 5, 2004 |
Multiple Vendors
Apple Mac OS X 10.2-10.2.8, 10.3 -10.3.5, OS X Server 10.2-10.2.8, 10.3 -10.3.5; Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1,
1.1.4-5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.21 |
A vulnerability exists in 'error_log' when certain methods of remote printing are carried out by an authenticated malicious user, which could disclose user passwords.
Update available at: http://www.cups.org/software.php
Apple:
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04829&platform=osx&method=sa/SecUpd2004-09-30Jag.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04830&platform=osx&method=sa/SecUpd2004-09-30Pan.dmg
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-06.xml
There is no exploit code required.
|
|
Medium |
Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004
Fedora Update Notification,
FEDORA-2004-331, October 5, 2004
Gentoo Linux Security Advisory, GLSA 200410-06, October 9, 2004 |
Multiple Vendors
Easy Software Products CUPS 1.1.14-1.1.20; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
|
A Denial of Service vulnerability exists in 'scheduler/dirsvc.c' due to insufficient validation of UDP datagrams.
Update available at: http://www.cups.org/software.php
Debian: http://security.debian.org/pool/updates/main/c/cupsys/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://rhn.redhat.com/
SuSE: ftp://ftp.suse.com/pub/suse/
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
ALTLinux: http://altlinux.com/index.php?
module=sisyphus&package=cups
Gentoo: http://security.gentoo.org/glsa/glsa-200409-25.xml
Slackware: ftp://ftp.slackware.com/pub/slackware/
Apple: http://www.apple.com/support/security/security_updates.html
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57646-1&searchclause=
A Proof of Concept exploit has been published. |
|
Low |
SecurityTracker Alert ID, 1011283, September 15, 2004
ALTLinux Advisory, September 17, 2004
Gentoo Linux Security Advisory GLSA 200409-25, September 20, 2004
Slackware Security Advisory, SSA:2004-266-01, September 23, 2004
Fedora Update Notification,
FEDORA-2004-275, September 28, 2004
Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004
Sun(sm) Alert Notification, 57646, October 7, 2004 |
Multiple Vendors
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14 |
Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
lmlib: http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
ImageMagick: http://www.imagemagick.org/www/download.html
Gentoo: http://security.gentoo.org/glsa/glsa-200409-12.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Debian: http://security.debian.org/pool/updates/main/i/imagemagick/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-465.html
SuSE:ftp://ftp.suse.com/pub/suse/
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1&searchclause=
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1&searchclause=
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
We are not aware of any exploits for this vulnerability.
|
IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows
CVE Names:
CAN-2004-0817,
CAN-2004-0802 |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 1, 2004
Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, 2004
Fedora Update Notifications,
FEDORA-2004-300 &301, September 9, 2004
Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004
RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004
Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004
Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004
Turbolinux Security Announcement, October 5, 2004 |
Multiple Vendors
Gentoo Linux 1.4;
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1, Desktop 3.0, t Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, 2.1 IA64, 2.1, AS 3, AS 2.1 IA64, AS 2.1'
Trolltech Qt 3.0, 3.0.5, 3.1, 3.1.1, 3.1.2, 3.2.1, 3.2.3, 3.3 .0, 3.3.1, 3.3.2 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'read_dib()' function when handling 8-bit RLE encoded BMP files, which could let a malicious user execute arbitrary code; and buffer overflow vulnerabilities exist in the in the XPM, GIF, and JPEG image file handlers, which could let a remote malicious user execute arbitrary code.
Debian: http://security.debian.org/pool/updates/main/q/qt-copy/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
Gentoo: http://security.gentoo.org/glsa/glsa-200408-20.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Slackware: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz
SuSE: ftp://ftp.suse.com/pub/suse/i386/update
Trolltech Upgrade: http://www.trolltech.com/download/index.html
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57637-1&searchclause=security
Conectiva: ftp://atualizacoes.conectiva.com.br/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-478.html
http://rhn.redhat.com/errata/RHSA-2004-479.html
SuSE: ftp://ftp.suse.com/pub/suse/
Proof of Concept exploit has been published. |
|
High |
Secunia Advisory, SA12325, August 10, 2004
Sun Alert ID: 57637, September 3, 2004
Conectiva Linux Security Announcement, CLA-2004:866, September 22, 2004
RedHat Security Advisories, RHSA-2004:478-13 & RHSA-2004:479-05, October 4 & 6, 2004
SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004 |
Multiple Vendors
KDE 3.2.3 and prior |
A frame injection vulnerability exists in the Konqueror web browser that allows websites to load web pages into a frame of any other frame-based web page that the user may have open. A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result, the user may unknowingly send confidential information intended for the trusted website to the malicious website.
Source code patches have been made available which fix these vulnerabilities. Refer to advisory: http://www.kde.org/info/security/advisory-20040811-3.txt
Gentoo: http://security.gentoo.org/glsa/glsa-200408-13.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora:http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-412.html
A Proof of Concept exploit has been published. |
Konqueror Frame Injection
Vulnerability
CVE Name:
CAN-2004-0721 |
Low |
KDE Security Advisory 20040811-3, August 11, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:086, August 21, 2004
Fedora Update Notifications,
FEDORA-2004-290 & 291, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:864, September 13, 2004
RedHat Security Advisory, RHSA-2004:412-11, October 5, 2004 |
Multiple Vendors
LinuxPrinting.org Foomatic-Filters 3.03.0.2, 3.1;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
A vulnerability exists in the foomatic-rip print filter due to insufficient validation of command-lines and environment variables, which could let a remote malicious user execute arbitrary commands.
Mandrake: http://www.mandrakesecure.net/en/ftp.php
SuSE: ftp://ftp.suse.com/pub/suse
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-24.xml
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57646-1&searchclause=
We are not aware of any exploits for this vulnerability. |
LinuxPrinting.org Foomatic-Filter Arbitrary Code Execution
CVE Name:
CAN-2004-0801
|
High |
Secunia Advisory, SA12557, September 16, 2004
Fedora Update Notification,
FEDORA-2004-303, September 21, 2004
Gentoo Linux Security Advisory, GLSA 200409-24, September 17, 2004
Sun(sm) Alert Notification, 57646, October 7, 2004 |
Multiple Vendors
Samba Samba 2.2 a, 2.2 .0a, 2.2 .0, 2.2.1 a, 2.2.2, 2.2.3 a, 2.2.3-2.2.9, 2.2.11, 3.0, alpha, 3.0.1-3.0.5; MandrakeSoft Corporate Server 2.1, x86_64, 9.2, amd64 |
A vulnerability exists due to input validation errors in 'unix_convert()' and 'check_name()' when converting DOS path names to path names in the internal filesystem, which could let a remote malicious user obtain sensitive information.
Samba: http://download.samba.org/samba/ftp/patches/security/
http://us1.samba.org/samba/ftp/old-versions/samba-2.2.12.tar.gz
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Debian: http://security.debian.org/pool/updates/main/s/samba/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://rhn.redhat.com/errata/RHSA-2004-498.html
SuSE: ftp://ftp.suse.com/pub/suse/
Trustix: http://http.trustix.org/pub/trustix/updates/
There is no exploit code required. |
|
Medium |
iDEFENSE Security Advisory, September 30, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:104, October 1, 2004
Debian Security Advisory DSA 600-1, October 7, 2004
RedHat Security Advisory, RHSA-2004:498-04, October 1, 2004
SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0051, October 1, 2004 |
Nathaniel Bray
Yeemp 0.5, 0.5.1, 0.9.9 |
A vulnerability exists due to insufficient verification of public keys when a file is transferred, which could let a remote malicious user spoof sender information and potentially execute arbitrary code.
Upgrades available at:
http://deekoo.net/technocracy/yeemp/http://deekoo.net/technocracy/yeemp/
There is no exploit code required. |
Nathaniel Bray Yeemp File Transfer Public Key Verification Bypass |
Medium/ High
(High if arbitrary code can be executed)
|
SecurityFocus, October 7, 2004 |
Squid-cache.org
Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support
|
A remote Denial of Service vulnerability exists in the 'asn_parse_header()' function in 'snmplib/asn1.c' due to an input validation error when handling certain negative length fields.
Updates available at: http://www.squid-cache.org/
We are not aware of any exploits for this vulnerability.
|
|
Low |
iDEFENSE Security Advisory, October 11, 2004 |
Ulrich Callmeier
Net-Acct 0.x
|
A vulnerability exists in the 'write_list()' and 'dump_curr_list()' functions due to the insecure creation of temporary files, which could let a malicious user modify information.
Patch available at:
http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch
Debian: http://security.debian.org/pool/updates/main/n/net-acct/
We are not aware of any exploits for this vulnerability. |
|
Medium |
Secunia Advisory, September 7, 2004
Debian Security Advisory DSA 559-1, October 6, 2004 |
XFree86 Project
OpenBSD; xdm CVS |
A vulnerability exists in xdm because even though ‘DisplayManager.requestPort’ is set to 0 xdm will open a ‘chooserFd’ TCP socket on all interfaces, which could lead to a false sense of security.
Patch available at: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch
Gentoo: http://security.gentoo.org/glsa/glsa-200407-05.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://rhn.redhat.com/errata/RHSA-2004-478.html
Currently we are not aware of any exploits for this vulnerability. |
XFree86 XDM RequestPort False Sense of Security
CVVE Name:
CAN-2004-0419
|
Medium |
Secunia Advisory, SA11723, May 30, 2004
RedHat Security Advisory, RHSA-2004:478-13, October 4, 2004 |
xinehq.de
xine 0.5.2 - 0.5.x; 0.9.x; 1-alpha.x; 1-beta.x; 1-rc - 1-rc5 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the DVD subpicture component, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the VideoCD functionality when reading ISO disk labels, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability exists when handling text subtitles, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?download
Gentoo: http://security.gentoo.org/glsa/glsa-200409-30.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
We are not aware of any exploits for this vulnerability. |
Xine-lib
Multiple Buffer Overflows |
High |
Secunia Advisory, SA12602 September 20, 2004
Gentoo Linux Security Advisory, GLSA 200409-30, September 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:105, October 6, 2004 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
brooky.com
CubeCart 2.0.1 |
A vulnerability exists due to insufficient sanitization of the 'cat_id' parameter, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
CubeCart Input Validation |
Medium |
Secunia Advisory, SA12764, October 8, 2004 |
cjoverkill.icefire.org
CJOverkill 4.0.3 |
A Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to the 'tms' array parameter and 'url' parameter in 'trade.php,' which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
CJOverkill
Cross-Site Scripting |
High |
SECUNIA ADVISORY ID,
SA12786, October 11, 2004 |
Content Management System
DCP-Portal 3.7, 4.0, 4.1, 4.2, 4.5.1, 5.0.1, 5.0.2, 5.1, 5.2, 5.3, 5.3.1, 5.3.2 |
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to various parameters in the 'calendar.php,' 'index.php,' 'announcement.php,' 'news.php,' and 'contents.php' scripts, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to various variables in several PHP scripts via HTTP POST requests, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability exists in 'PHPSESSID' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
DCP-Portal Multiple Cross-Site Scripting Vulnerabilities |
High |
Maxpatrol Security Advisory, October 6, 2004 |
Duware
DUclassified
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the 'login' form due to insufficient validation of the 'password' variable, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the admin page due to insufficient validation of the 'user' variable, which could let a remote malicious user obtain administrative access; and a vulnerability exists in the 'cat_id' parameter in 'adDetail.asp,' which could let a remote malicious user execute arbitrary SQL commands.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
DUclassified Input Validation Vulnerabilities |
High |
SecurityTracker Alert ID, 1011596, October 11, 2004 |
Duware
DUclassmate |
A vulnerability exists in the 'account.asp' script due to insufficient authentication of user-supplied password change requests, which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
DUclassmate Password Change Request |
Medium |
SecurityTracker Alert ID, 1011597, October 11, 2004 |
DUware
DUforum
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the 'login' form due to insufficient validation of the 'password' variable, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in 'messages.asp' due to insufficient validation of the 'FOR_ID' parameter and in 'messageDetail.asp' due to insufficient validation of the 'MSG_ID' parameter, which could let a remote malicious user execute arbitrary SQL commands.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
DUforum Input Validation Vulnerabilities |
High |
SecurityTracker Alert ID, 1011595, October 11, 2004 |
IBM
DB2 Universal Database for AIX 8.0, 8.1, DB2 Universal Database for HP-UX 8.0, 8.1, DB2 Universal Database for Linux 8.0, 8.1, DB2 Universal Database for Solaris 8.0, 8.1, DB2 Universal Database for Windows 8.0, 8.1 |
Twenty vulnerabilities exist most of which are buffer overflows that could let a remote malicious user execute arbitrary code. (Details were not specified at this time).
Patches available at:
http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html
We are not aware of any exploits for this vulnerability. |
IBM DB2 Multiple Buffer Overflows |
High |
NGSSoftware Insight Security Research Advisory, October 5, 2004 |
Icecast.org
Icecast 2.0, 2.0.1 |
A buffer overflow vulnerability exists due to a boundary error in the parsing of HTTP headers, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://svn.xiph.org/releases/icecast/icecast-2.0.2.tar.gz
Exploit scripts have been published. |
Icecast Server HTTP Header Buffer Overflow
|
High |
SecurityTracker Alert ID. 1011439, September 29, 2004
Packet Storm, October 7, 2004 |
Invision Power Services
Invision Board 2.0 |
A Cross-Site Scripting vulnerability exists in 'index.php' due to insufficient sanitization of input passed via the 'Referer' header, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Invision Power Board Referer Cross-Site Scripting
|
High |
Secunia Advisory, SA12740, October 6, 2004 |
Macromedia
Coldfusion 6.0, 6.1; MX |
A vulnerability exists in the default configuration because the 'CFOBJECT' tag and the 'CreateObject' function are accessible to all developers, which could let a malicious user obtain elevated privileges.
Workaround information available at:
http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/appsecur.htm
We are not aware of any exploits for this vulnerability. |
Macromedia ColdFusion Default Configuration Elevated Privileges |
Medium |
Macromedia Security Advisory, MPSB04-10, October 11, 2004 |
Macromedia
ColdFusion MX 6.1 |
A vulnerability exists due to an access validation issue, which could let a remote malicious user obtain sensitive information.
Patch available at: http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
There is no exploit code required.
|
Macromedia ColdFusion MX Remote File Content Disclosure
CVE Name:
CAN-2004-0928
|
Medium |
Securiteam, October 6, 2004 |
Matthew Phillips
Sticker 3.1 .0 beta 1
|
A vulnerability exists due to a flaw in the application, which could let an unauthenticated remote malicious user send messages to groups.
Upgrade available at: http://www.tickertape.org/download/get.jsp?package=sticker-src-3.1.0b2.zip
There is no exploit code required. |
Sticker Unauthorized Secure Message
|
Medium |
SecurityTracker Alert ID, 1011580, October 9, 2004 |
| Mozilla.org
Mozilla 1.6;
Mozilla 1.7.x;
Mozilla Firefox 0.x |
A Denial of Service vulnerability exists in which arbitrary root certificates are imported silently without presenting users with a import dialog box. Due to another problem, this can e.g. be exploited by malicious websites or HTML-based emails to prevent users from accessing valid SSL sites.
Workaround: Check the certificate store and delete untrusted certificates if an error message is displayed with error code -8182 ("certificate presented by [domain] is invalid or corrupt") when attempting to access a SSL-based website.
SuSE: ftp://ftp.suse.com/pub/suse/
Currently, we are not aware of any exploits for this vulnerability. |
Mozilla / Firefox Certificate Store Corruption Vulnerability
CVE Name:
CAN-2004-0758
|
Low |
Secunia Advisory, SA12076, July 16, 2004
Bugzilla Bug 24900, July 14, 2004
SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004 |
Mozilla.org
Mozilla Firefox 0.9.2 and Mozilla 1.7.1 on Windows
Mozilla Firefox 0.9.2 on Linux |
A spoofing vulnerability exists that could allow malicious sites to abuse SSL certificates of other sites. An attacker could make the browser load a valid certificate from a trusted website by using a specially crafted "onunload" event. The problem is that Mozilla loads the certificate from a trusted website and shows the "secure padlock" while actually displaying the content of the malicious website. The URL shown in the address bar correctly reads that of the malicious website.
An additional cause has been noted due to Mozilla not restricting websites from including arbitrary, remote XUL (XML User Interface Language) files.
Workaround: Do not follow links from untrusted websites and verify the correct URL in the address bar with the one in the SSL certificate.
SuSE: ftp://ftp.suse.com/pub/suse/
A Proof of Concept exploit has been published. |
Mozilla / Mozilla Firefox "onunload" SSL Certificate Spoofing
CVE Name:
CAN-2004-076
|
Medium |
Cipher.org, July 25, 2004
Secunia, SA12160, July 26, 2004; SA12180, July 30, 2004
SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004 |
| Mozilla.org
Mozilla 1.6 & prior; Netscape 7.0, 7.1, and prior |
A input validation vulnerability exists in the SOAPParameter object constructor in Netscape and Mozilla which allows execution of arbitrary code. The SOAPParameter object's constructor contains an integer overflow that allows controllable heap corruption. A web page can be constructed to leverage this into remote execution of arbitrary code.
Upgrade to Mozilla 1.7.1 available at: http://www.mozilla.org/products/mozilla1.x/
SuSE: ftp://ftp.suse.com/pub/suse/
We are not aware of any exploits for this vulnerability. |
Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
CVE Name:
CAN-2004-0722
|
High |
iDEFENSE Security Advisory, August 2, 2004
Bugzilla Bug 236618
SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004 |
Mozilla.org
Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10 |
A vulnerability exists due to an error when downloading files, which could let a remote malicious user delete all content in the download directory.
Upgrade available at: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/firefox-1.0PR-source.tar.bz2
Patch available at: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/patches/259708.xpi
There is no exploit code required. |
Mozilla Firefox DATA URI File Deletion |
Medium |
SecurityFocus, October 2, 2004 |
Mozilla.org
Mandrakesoft
Slackware
Mozilla 1.7 and prior;
Firefox 0.9 and prior;
Thunderbird 0.7 and prior |
Multiple vulnerabilities exist in Mozilla, Firefox, and Thunderbird that could allow a malicious user to conduct spoofing attacks, compromise a vulnerable system, or cause a Denial of Service. These vulnerabilities include buffer overflow, input verification, insecure certificate name matching, and out-of-bounds reads.
Upgrade to the latest version of Mozilla, Firefox, or Thunderbird available at: http://www.mozilla.org/download.html
Slackware: http://www.slackware.com/security/viewer.php?l=
slackware-security&y=2004&m=slackware-security.667659
Mandrakesoft: http://www.mandrakesoft.com/security/advisories?
name=MDKSA-2004:082
RedHat: http://rhn.redhat.com/errata/RHSA-2004-421.html
SGI: ftp://patches.sgi.com/support/free/security/patches/ProPack/3/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-26.xml
HP: http://h30097.www3.hp.com/internet/download.htm
SuSE: ftp://ftp.suse.com/pub/suse/
We are not aware of any exploits for this vulnerability. |
|
High |
Secunia, SA10856, August 4, 2004
US-CERT Vulnerability Note VU#561022
RedHat Security Advisory, RHSA-2004:421-17, August 4, 2004
SGI Security Advisory, 20040802-01-U, August 14, 2004
Gentoo Linux Security Advisory, GLSA 200409-26, September 20, 2004
HP Security Bulletin, HPSBTU01081, October 5, 2004
SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004 |
Mozilla.org
Mozilla 0.x, 1.0-1.7.x, Firefox 0.x, Thunderbird 0.x; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2 |
Multiple vulnerabilities exist: buffer overflow vulnerabilities exist in 'nsMsgCompUtils.cpp' when a specially crafted e-mail is forwarded, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to insufficient restrictions on script generated events, which could let a remote malicious user obtain sensitive information; a buffer overflow vulnerability exists in the 'nsVCardObj.cpp' file due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'nsPop3Protocol.cpp' due to boundary errors, which could let a remote malicious user execute arbitrary code; a heap overflow vulnerability exists when handling non-ASCII characters in URLs, which could let a remote malicious user execute arbitrary code; multiple integer overflow vulnerabilities exist in the image parsing routines due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code; a cross-domain scripting vulnerability exists because URI links dragged from one browser window and dropped into another browser window will bypass same-origin policy security checks, which could let a remote malicious user execute arbitrary code; and a vulnerability exists because unsafe scripting operations are permitted, which could let a remote malicious user manipulate information displayed in the security dialog.
Updates available at: http://www.mozilla.org/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-26.xml
HP: http://h30097.www3.hp.com/internet/download.htm
RedHat: http://rhn.redhat.com/errata/RHSA-2004-486.html
SuSE: ftp://ftp.suse.com/pub/suse/
Proofs of Concept exploits have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Technical Cyber Security Alert TA04-261A, September 17, 2004
US-CERT Vulnerability Notes VU#414240, VU#847200, VU#808216, VU#125776, VU#327560, VU#651928, VU#460528, VU#113192, September 17, 2004
Gentoo Linux Security Advisory, GLSA 200409-26, September 20, 2004
RedHat Security Bulletin, RHSA-2004:486-18, September 30, 2004
HP Security Bulletin, HPSBTU01081, October 5, 2004
SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004 |
Multiple Vendors
AJ-Fork AJ-Fork 16-;
CutePHP CuteNews 0.88, 1.3-1.3.2, 1.3.6 |
A vulnerability exists due to insecure default file permissions, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Exploit script has been published. |
AJ-Fork Insecure Default Permissions |
Medium |
Bugtraq, October 1, 2004.
Packet Storm, October 7, 2004 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, _rc1-rc3;
PHP PHP 4.0-4.0.7, 4.1.0-4.1.2, 4.2.0-4.2.3, 4.3-4.3.8, 5.0.0, 5.0.1 |
A vulnerability exists in the array parsing functions of the 'php_variables.c' PHP source file, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://www.php.net/downloads.php#v5
Gentoo: http://security.gentoo.org/glsa/glsa-200410-04.xml
A Proof of Concept exploit has been published. |
PHP PHP_Variables Remote Memory Disclosure |
Medium |
SecurityFocus, October 6, 2004 |
Multiple Vendors
IBM Trading Partner Interchange (TPI) 4.2.1, 4.2.2;
Jetty Jetty 3.1.6, 3.1.7, 4.1 .0RC4, 4.1 .0, 4.1.1, 4.2.4-4.2.7, 4.2.9, 4.2.11, 4.2.12, 4.2.14-4.2.19 |
A Directory Traversal vulnerability exists due to insufficient sanitization of HTTP URIs requests, which could let a remote malicious user obtain sensitive information.
IBM: http://www-1.ibm.com/support/docview.wss?uid=swg21178665
There is no exploit code required. |
Jetty Directory Traversal |
Medium |
SecurityFocus, October 5, 2004 |
MySQL AB
MaxDB 7.5.00.16, 7.5.00.15, 7.5.00.14, 7.5.00.12, 7.5.00.11, 7.5.00.08, SAP DB 7.5 |
A remote Denial of Service vulnerability exists due to an input validation error in the 'IsAscii7()' function.
Upgrade available at:
http://dev.mysql.com/downloads/maxdb/7.5.00.html
There is no exploit code required. |
MySQL MaxDB WebDBM Server Name Denial of Service
CVE Name:
CAN-2004-0931
|
Low |
Secunia Advisory,
SA12756, October 7, 2004 |
MySQL.com
MySQL 3.x, 4.x
|
Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'
Updates available at: http://dev.mysql.com/downloads/mysql/
Debian: http://security.debian.org/pool/updates/main/m/mysql
We are not aware of any exploits for this vulnerability. |
|
Low/ Medium
(Low if a DoS; and Medium if security restrictions can be bypassed)
|
Secunia Advisory, SA12783, October 11, 2004 |
PNG Development Group
Conectiva
Debian
Fedora
Gentoo
Mandrakesoft
RedHat
SuSE
Sun Solaris
HP-UX
GraphicsMagick
ImageMagick
Slackware
libpng 1.2.5 and 1.0.15 |
Multiple vulnerabilities exist in the libpng library which could allow a remote malicious user to crash or execute arbitrary code on an affected system. These vulnerabilities include:
- libpng fails to properly check length of transparency chunk (tRNS) data,
- libpng png_handle_iCCP() NULL pointer dereference,
- libpng integer overflow in image height processing,
- libpng png_handle_sPLT() integer overflow,
- libpng png_handle_sBIT() performs insufficient bounds checking,
- libpng contains integer overflows in progressive display image reading.
If using original, update to libpng version 1.2.6rc1 (release candidate 1) available at: http://www.libpng.org/pub/png/libpng.html
Conectiva: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000856
Debian: http://lists.debian.org/debian-security-announce/
debian-security-announce-2004/msg00139.html
Gentoo: http://security.gentoo.org/glsa/glsa-200408-03.xml
Mandrakesoft: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079
RedHat http://rhn.redhat.com/
SuSE: http://www.suse.de/de/security/2004_23_libpng.html
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
| |
| |
