 |
Summary of Security Items from October 27 through November 2, 2004
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Allied Telesyn
AT-TFTP Server version 1.8 and prior |
A vulnerability exists which could allow a remote malicious user to view or write files on the target system or cause the TFTP service to crash. A remote malicious user can supply a specially crafted filename containing '../' directory traversal characters to view files on or, if 'Read/Write' mode is enabled, upload files to the target system with the privileges of the TFTP service. It is also reported that a remote malicious user can send a filename field that can trigger a buffer overflow and cause the TFTP service to crash.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Allied Telesyn AT-TFTP Server Arbitrary File Execution or Denial of Service
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1012011, October 31, 2004 |
Apple
QuickTime prior to 6.5.2 |
An integer overflow vulnerability may permit a remote malicious user to execute arbitrary code on the target system. A remote malicious user can create HTML that, when loaded by the target user, will trigger the integer overflow.
The vendor has released a fixed version (6.5.2), available at: http://www.apple.com/quicktime/download/
We are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1011969, October 27, 2004 |
Akella
Age of Sail II 1.04.151 and prior versions |
A buffer overflow vulnerability may permit a remote malicious user to execute arbitrary code on the target system. A remote user can join a game server and supply a specially crafted nickname to trigger a buffer overflow.
No workaround or patch available at time of publishing.
Another Proof of Concept exploit script has been published. |
Akella Age of Sail II Buffer Overflow |
High |
Secunia Advisory ID, SA12905, October 21, 2004
Packetstorm, October 27, 2004 |
Code-Crafters
Ability (Mail and FTP) Server 2.3.4 |
A buffer overflow vulnerability was reported in the Ability Server in the FTP service which could allow a remote authenticated malicious user to execute arbitrary code on the target system.
No workaround or patch available at time of publishing.
More exploit scripts have been published. |
Code-Crafters Ability Server Buffer Overflow |
High |
Secunia Advisory ID, SA12941, October 25, 2004
SecurityFocus, Bugtraq ID 11508, October 22, 2004
Packetstorm, October 27, 2004
|
Global Spy Software
Cyber Web Filter 2.00 |
A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The web filter can be configured to restrict access based on the destination IP address of a website. The vulnerability is caused due to insufficient validation of IP addresses in client requests.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Global Spy Software Cyber Web Filter IP Address Restriction Security Bypass |
Medium |
Secunia Advisory ID, SA13024, October 29, 2004 |
Google
Google Desktop Search |
A remote malicious user can create a specially crafted URL that, when loaded by a target user that has Google Desktop Search installed, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Google site and will run in the security context of that site.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Google Desktop Search 'meta' Tag Input Validation |
High |
SecurityTracker Alert ID, 1011928, October 26, 2004
|
Imspire
GSuite |
A vulnerability exists that could permit a local malicious user to obtain the target user's GMail password. A local user with access to the target user's 'documents and settings\user_name\Application Data\GSuite\' folder can view the 'settings.xml' file, which contains the target user's password in ASCII value encoded form.
No workaround or patch available at time of publishing.
No exploit is required. |
Imspire GSuite Passwords Disclosure |
Medium |
SecurityTracker Alert ID, 1011994, October 29, 2004 |
Kingsoft
XDICT 2002, 2003, 2004, 2005 |
A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target user's computer. When the 'Screen Fetch' mode is enabled and the target user places the mouse over a word that is longer than 88 characters, a buffer overflow will be triggered that may allow a remote malicious user to execute arbitrary code.
No workaround or patch available at time of publishing.
No exploit is required. |
Kingsoft XDICT Word Translation Buffer Overflow |
High |
SecurityTracker Alert ID, 1012017, November 1, 2004
|
MailEnable
MailEnable Professional prior to version 1.51 |
A vulnerability with an unknown impact has been reported in
MailEnable Professional by the vendor. The vulnerability is caused due to an unspecified error within the webmail functionality.
Update to version 1.51: http://www.mailenable.com/download.asp
We are not aware of any exploits for this vulnerability. |
MailEnable Professional Unspecified Webmail |
Low |
Secunia Advisory ID, SA13062, November 2, 2004
|
Microsoft
Internet Explorer 6, Microsoft Outlook Express 6 |
A vulnerability exists which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs.
This vulnerability was confirmed in SP1 but not SP2.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing |
Low |
Secunia Advisory ID, SA13015, October 29, 2004 |
Microsoft
Internet Explorer 6.0 |
Microsoft Internet Explorer is reported prone to a remote Denial of Service vulnerability. The issue presents itself due to a malfunction that occurs when certain font tags are encountered and rendered. When a page that contains the malicious HTML code is viewed, Internet Explorer will crash.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer Font Tag Denial of Service |
Low |
SecurityFocus Bugtraq ID, 1536, October 26, 2004 |
Microsoft
Internet Explorer 6.0 SP1,
Microsoft Internet Explorer 6.0 |
A remote buffer overflow vulnerability exists due to insufficient boundary checks performed by the application and results in a Denial of Service condition. Arbitrary code execution may be possible as well.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, Bugtraq ID 11515, October 25, 2004 |
Microsoft
Internet Explorer 6.0 SP2 |
A vulnerability exists in the 'hhctrl' Internet Explorer ActiveX control and could allow a malicious user to influence Internet Explorer into running script in the context of a foreign domain.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer HHCtrl ActiveX Control Cross-Domain Scripting |
High |
SecurityFocus, Bugtraq ID 11521, October 25, 2004 |
Microsoft
Microsoft Remote Desktop on Windows XP prior to SP2 |
A Denial of Service vulnerability was reported in Microsoft Remote Desktop on Windows XP. A remote authenticated malicious user can access the target system and issue the Tsshutdn command to restart a Windows XP-based system.
The vendor has issued a fix as part of Windows XP SP2. The knowledge base article describing this issue is available at: http://support.microsoft.com/
default.aspx?scid=kb;en-us;838202
A Proof of Concept exploit has been published.
|
Microsoft Remote Desktop on Windows XP Denial of Service |
Low |
SecurityTracker Alert ID, 1011940, October 26, 2004 |
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange 2000 Server, Exchange Server 2003 |
A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems, which could let a remote malicious user execute arbitrary code. This vulnerability could potentially affect systems that do not use NNTP.
Updates available at: http://www.microsoft.com/technet/
security/bulletin/MS04-036.mspx
A Proof of Concept exploit has been published. |
|
High |
Microsoft Security Bulletin MS04-036, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
US-CERT Vulnerability Note VU#203126, October 22, 2004
SecurityFocus, Bugtraq ID 11379, October 26, 2004
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows 2000 Professional, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Datacenter Edition, Windows 98, Windows 98 SE, Windows ME;
Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server
Avaya S8100 Media Servers |
A Shell vulnerability and Program Group vulnerability exists in Microsoft Windows. These vulnerabilities could allow remote code execution.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx
Bulletin updated to reduce the scope of a documented workaround to only support Windows XP, Windows XP Service Pack 1, and Windows Server 2003.
Avaya: Customers are advised to follow Microsoft's guidance for applying patches. Advisories are located at the following locations:
http://support.avaya.com/japple/css/japple?
temp.groupID=128450&temp.selectedFamily=
128451&temp.selectedProduct=154235&temp.selectedBucket=
126655&temp.feedbackState=askForFeedback&temp.documentID=
203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()
http://support.avaya.com/japple/css/japple?temp.groupID
=128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()
We are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin MS04-037 v1.1, October 25, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
US-CERT Vulnerability Note VU#543864, October 15, 2004
SecurityFocus, October 26, 2004
|
Multiple Vendors
McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV
Archive::Zip 1.13
|
Remote exploitation of an exceptional condition error in multiple vendors' anti-virus software allows malicious users to bypass security protections by evading virus detection. The problem specifically exists in the parsing of .zip archive headers. This vulnerability affects multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV.
Instructions for vendor fixes available at: http://www.idefense.com/application/poi/display?id
=153&type=vulnerabilities&flashstatus=true
There is no solution for Archive::Zip
Proofs of Concept exploits have been published. |
|
High |
iDEFENSE Security Advisory, October 18, 2004
Secunia Advisory ID: SA13038, November 1, 2004 |
Tabs Laboratories
MailCarrier 2.51 |
A buffer overflow vulnerability exists which could allow a remote malicious user to execute arbitrary code on the target system. The flaw resides in the processing of EHLO SMTP commands.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Tabs Laboratories MailCarrier EHLO SMTP Commands Buffer Overflow |
High |
SecurityFocus Bugtraq ID, 11535, October 26, 2004 |
Website Pros
NetObjects Fusion 8.x |
A buffer overflow vulnerability exists, which can be exploited by malicious people to compromise a vulnerable system.
Update available at: http://netobjects.com/update /installer/
v_0000/NOF8_Update2.exe
We are not aware of any exploits for this vulnerability. |
Website Pros NetObjects Fusion JPEG Processing Buffer Overflow |
High |
NetObjects Fusion 8 Product Updates (version 8.00.0000.5030), October 26, 2004 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 |
A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections.
Apache: http://nagoya.apache.org/bugzilla/show_
bug.cgi?id=29964
RedHat:http://rhn.redhat.com/errata/RHSA-2004-349.html
SuSE: ftp://ftp.suse.com/pub/suse/i386/update/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-21.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Trustix: http://http.trustix.org/pub/trustix/updates/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP: http://software.hp.com
We are not aware of any exploits for this vulnerability. |
|
Low |
SecurityFocus, September 6, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004
Gentoo Linux Security Advisory, GLSA 200409-21, September 16, 2004
Trustix Secure Linux Security Advisory,TSLSA-2004-0047, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
HP Security Bulletin,
HPSBUX01090, October 26, 2004 |
Apache Software Foundation
Apache 2.0.50 |
A remote Denial of Service vulnerability exists in 'char_buffer_read()' when using a RewriteRule to reverse proxy SSL connections.
Patch available at:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126
SuSE: ftp://ftp.suse.com/pub/suse/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
RedHat: http://rhn.redhat.com/errata/
RHSA-2004-463.html
Gentoo: http://security.gentoo.org/glsa/
glsa-200409-21.xml
Trustix: http://www.trustix.org/errata/2004/0047/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP: http://h30097.www3.hp.com/internet/
download.htm
There is no exploit code required; however, Proofs of Concept exploits have been published. |
|
Low |
SecurityTracker Alert ID, 1011213, September 10, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004
RedHat Security Advisory, RHSA-2004:463-09, September 15, 2004
Gentoo Linux Security Advisory GLSA 200409-21, September 16, 2004
Trustix Secure Linux Security Advisory , TSLSA-2004-0047, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
HP Security Bulletin,
HPSBUX01090 & HPSBGN01091, October 26 & 29, 2004 |
Apache Software Foundation
Conectiva
Gentoo
HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat
SGI
Trustix
Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD –current, 3.4, 3.5 |
A buffer overflow vulnerability exists in Apache mod_proxy when a ‘ContentLength:’ header is submitted that contains a large negative value, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at: http://marc.theaimsgroup.com/
?l=apache-httpd-dev&m=108687304202140&q=p3
OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/patches/
OpenPKG: ftp://ftp.openpkg.org/release/2.0/
UPD/apache-1.3.29-2.0.3.src.rpm
Gentoo: http://security.gentoo.org/glsa/glsa-200406-16.xml
Mandrake: http://www.mandrakesoft.com/security/advisories
SGI: ftp://patches.sgi.com/support/free/security/
Fedora Legacy: http://download.fedoralegacy.org/redhat/
Slackware: ftp://ftp.slackware.com/pub/slackware/
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1010462, June 10, 2004
Gentoo Linux Security Advisory, GLSA 200406-16, June 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:065, June 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.029, June 11, 2004
SGI Security Advisory, 20040605-01-U, June 21, 2004
Fedora Legacy Update Advisory, FLSA:1737, October 14, 2004
US-Cert Vulnerability Note VU#541310, October 19, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004 |
Apache Software Foundation
Apache 2.0.51 |
A vulnerability exists in the merging of the 'Satisfy' directive, which could let a remote malicious user obtain access to restricted resources.
Fedora: http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo: http://security.gentoo.org/glsa/
glsa-200409-33.xml
Trustix: http://http.trustix.org/pub/trustix/updates/
HP: http://h30097.www3.hp.com/internet/
download.htm
There is no exploit code required.
|
Apache Satisfy Directive Access Control Bypass
CVE Name:
CAN-2004-0811
|
Medium |
SecurityFocus, September 24, 2004
HP Security Bulletin,
HPSBUX01090 & HPSBGN01091, October 26 & 29, 2004 |
Apple
MacOS X 10.2.8, 10.3.5 |
A vulnerability exists in ServerAdmin because the same common self-signed certificate is used if the administrator has not replaced this example certificate, which could let a remote malicious user obtain sensitive information.
Update available at:
http://www.apple.com/support/downloads/
Apple QuickTime:
http://www.apple.com/quicktime/download/
standalone/
We are not aware of any exploits for this vulnerability. |
|
Medium |
Apple Security Advisory, SA-2004-09-30, October 4, 2004
Apple Security Advisory, APPLE-SA-2004-10-27, October 27, 2004 |
Apple
Remote Desktop 2.0
|
A vulnerability exists due to a failure to activate applications with correct privileges, which could let a malicious user obtain superuser privileges.
Upgrade available at:
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04934&platform=osx&
method=sa/SecurityUpdate2004-10-27.dmg
There is no exploit code required. |
Apple Remote Desktop Administrator Privilege Elevation
CVE Name:
CAN-2004-0962
|
High |
Apple Security Advisory, APPLE-SA-2004-10-27, October 27, 2004 |
Caudium
Caudium 1.2 .x, 1.3 .x, 1.4.1, 1.4.2. 1.4.4 RC1 |
An off-by-one- buffer overflow vulnerability exists when processing HTTP requests which could let a remote malicious user cause a Denial of Service or possibly execute arbitrary code.
Upgrades available at:
ftp://ftp.us.caudium.net/pub/caudium/source/
caudium-1.4.4.tar.gz
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Caudium Off-by-One Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1011997, November 1, 2004 |
Doug Hanks
sudosh 1.0, 1.1, 1.2.2, 1.2.3, 1.3, 1.3.2, 1.3.4-1.3.6 |
A vulnerability exists in the 'prepchild()' function in 'sudosh.c.' The impact was not specified.
Upgrades available at:
http://freshmeat.net/redir/sudosh/53247
/url_tgz/sudosh-1.4.0.tar.gz
We are not aware of any exploits for this vulnerability. |
Sudosh Shell Environment Variable Processing |
No Specified |
SecurityFocus, October 26, 2004 |
Free Software Foundation
CatDoc 0.91.5
|
A vulnerability exists in 'msxlsview.sh' due to a design error that causes the application to fail to verify the existence of a temporary file prior to writing to it, which could let a remote malicious user corrupt arbitrary files.
Debian:
http://security.debian.org/pool/updates/main/c/catdoc/
There is no exploit code required. |
CatDoc XLSView Local Insecure Temporary File Creation
CVE Name:
CAN-2003-0193
|
Medium |
Debian Security Advisory DSA 575-1 , October 28, 2004 |
FreeRADIUS Server Project
FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0 |
A remote Denial of Service vulnerability exists in 'radius.c' and 'eap_tls.c' due to a failure to handle malformed packets.
Upgrades available at:
ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.1.tar.gz
Gentoo: http://security.gentoo.org/glsa/glsa-200409-29.xml
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
There is no exploit code required. |
FreeRADIUS Access-Request Denial of Service |
Low |
Gentoo Linux Security Advisory, GLSA 200409-29, September 22, 2004
US-CERT Vulnerability Note VU#541574, October 11, 2004
Fedora Update Notification,
FEDORA-2004-355, October 28, 2004 |
Galeon
Galeon Browser 1.3.18 |
A vulnerability exists in the tabbed browsing feature, which could let a remote malicious user spoof web page functions.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Galeon Browser Tabbed Browsing Spoofing |
Medium |
SecurityTracker Alert ID, 1012002, October 30, 2004 |
GD Graphics Library
gdlib 2.0.23, 2.0.26-2.0.28 |
A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/
An exploit script has been published. |
GD Graphics Library Remote Integer Overflow
CVE Name:
CAN-2004-0990
|
High |
Secunia Advisory,
SA12996, October 28, 2004 |
Gnome Development Team
Epiphany Browser 1.4.4 |
A vulnerability exists in the tabbed browsing feature, which could let a remote malicious user spoof web page functions.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Epiphany Browser Tabbed Browsing Spoofing |
Medium |
SecurityTracker Alert ID, 1012003, October 30, 2004 |
GNU / GPL
Conectiva
Gentoo
Mandrake
RedHat
SuSE
Trustix
Samba 3.0.0 - 3.0.4 and 2.2.9 and prior
|
Multiple buffer overflow vulnerabilities exist in Samba that could allow a remote user to execute arbitrary code on the target system. These are caused by boundary errors when decoding base64 data and when handling 'mangling method = hash.'
Upgrade to version 3.0.5 or 2.2.10 available at: http://us2.samba.org/samba/ftp/
Conectiva:
ftp://atualizacoes.conectiva.com.br
RedHat: RedHat Enterprise Linux AS 3, ES 3, WS 3:
http://rhn.redhat.com/
Gentoo:
http://security.gentoo.org/glsa/glsa-200407-21.xml
Mandrakesoft: Mandrake Multi Network Firewall 8.x, 9.x; Mandrake Corporate Server 2.x
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:071
SuSE: SuSE Linux, Email, Database, and Enterprise Servers
http://www.suse.de/de/security/2004_22_samba.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Sun: http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57664-1&searchclause=
A working exploit has been published. |
|
High |
Samba Release Notes 3.0.5, July 20, 2004
Gentoo, RedHat, Mandrakesoft, SuSE, Trustix, Conectiva Advisories
Sun(sm) Alert Notification, 57664, October 25, 2004 |
GNU
gettext 0.14.1 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-10.xml
Ubuntu: http://security.ubuntu.com/ubuntu/
pool/main/g/gettext/
There is no exploit code required. |
GNU
GetText Insecure Temporary File Creation
CVE Name:
CAN-2004-0966
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200410-10, October 10, 2004
Ubuntu Security Notice, USN-5-1 October 27, 2004 |
GNU
glibc 2.0-2.0.6, 2.1, 2.1.1 -6, 2.1.1, 2.1.2, 2.1.3 -10, 2.1.3, 2.1.9 & greater, 2.2-2.2.5, 2.3-2.3.4, 2.3.10 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-19.xml
Ubuntu: http://security.ubuntu.com/ubuntu/
pool/main/g/glibc/
There is no exploit code required. |
GNU
GLibC Insecure Temporary File Creation
CVE Name:
CAN-2004-0968
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200410-19, October 21, 2004
Ubuntu Security Notice, USN-4-1 October 27, 2004 |
GNU
groff 1.19 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu: http://security.ubuntu.com/ubuntu/
pool/main/g/groff/
There is no exploit code required. |
GNU Troff (Groff) Insecure Temporary File Creation
CVE Name:
CAN-2004-0969
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice USN-13-1, November 1, 2004 |
GNU
InetUtils 1.4.2 |
A buffer overflow vulnerability exists in 'main.c' due to boundary errors when handling DNS responses, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
GNU InetUtils TFTP Client Remote Buffer Overflow
|
High |
Bugtraq, October 26, 2004 |
iCab Company
iCab 2.9.8 |
A cross-domain dialog box spoofing vulnerability exists which could let a remote malicious user spoof an interface of a trusted web site.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ICab Web Browser Cross-Domain Dialog Box Spoofing |
Medium |
Secunia Advisory,
SA12982, October 26, 2004 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/showfiles.php?group_id=24099
Redhat: http://rhn.redhat.com/errata/RHSA-2004-480.html
Ubuntu: http://security.ubuntu.com/ubuntu/pool/main/
i/imagemagick/
We are not aware of any exploits for this vulnerability. |
ImageMagick Remote EXIF Parsing Buffer Overflow
CVE Name:
CAN-2004-0981
|
High |
SecurityTracker Alert ID, 1011946, October 26, 2004 |
Kaffeine
Media Player 0.4.2, 0.4.3 b, 0.4.3, 0.5 rc1 |
A buffer overflow vulnerability exists in the processing of Content-Type headers in the 'http_open()' function in 'http.c' due to insufficient boundary checks on user-supplied strings prior to copying them into finite stack-based buffers, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Kaffeine Media Player Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Securiteam, October 26, 2004 |
KDE
Konqueror 3.1.4, 3.2.1, 3.2.2 -6 |
A cross-domain scripting vulnerability exists due to a failure to prevent JavaScript that is rendered in one frame from accessing properties of a site contained in an alternate frame, which could let a remote malicious web site render JavaScript in the context of an alternate domain.
This has been addressed in KDE Konqueror version 3.2.3.
A Proof of Concept exploit has been published. |
KDE Konqueror IFRAME Cross-Domain Scripting |
Medium |
SecurityFocus, October 27, 2004 |
Linux
Fedora
RedHat
SuSE
Linux kernel 2.4 through 2.4.26, 2.6 through 2.6.7 |
A vulnerability exists in the Linux kernel in the processing of 64-bit file offset pointers thus allowing a local malicious user to view kernel memory. The kernel's file handling API does not properly convert 64-bit file offsets to 32-bit file offsets. In addition, the kernel provides insecure access to the file offset member variable. As a result, a local user can gain read access to large portions of kernel memory.
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
RedHat: http://rhn.redhat.com/
SuSE: http://www.suse.de/de/security/2004_24_kernel.html
Gentoo:http://security.gentoo.org/glsa/glsa-200408-24.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
SGI: ftp://patches.sgi.com/support/free/security/
patches/ProPack/3/
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva: ftp://atualizacoes.conectiva.com.br/
A Proof of Concept exploit script has been published. |
Linux Kernel 64-bit to 32-bit File Offset Conversion Errors Disclose Kernel Memory
CVE Name:
CAN-2004-0415 |
High |
ISEC Security Research, August 4, 2004
SGI Security Advisory, 20040804-01-U, August 26, 2004
Gentoo Linux Security Advisory GLSA 200408-24, August 25, 2004
Mandrakelinux Security Update Advisory, August 26, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0041, August 9, 2004
Conectiva Linux Security Announcement, CLA-2004:879, October 26, 2004 |
MIT
Kerberos 5 1.3.4 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-24.xml
There is no exploit code required. |
MIT
Kerberos 5 Insecure Temporary File Creation
CVE Name:
CAN-2004-0971
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory GLSA 200410-24, October 25, 2004 |
mixplayd
mixplayd 0.53 |
A format string vulnerability exists in 'main.c' because data is printed without proper format specifiers, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
mixplayd Format String Flaw |
High |
Zone-h Security Advisory, ZH2004-17SA , October 29, 2004 |
Mozilla.org
Bugzilla 2.4, 2.6, 2.8, 2.10, 2.12, 2.14-2.14.5, 2.16-2.16.5, 2.17-2.17.7, 2.18 rc1&rc2 |
Multiple vulnerabilities exist: a vulnerability exists in 'process_bug.cgi' when a specially crafted HTTP POST request to remove keywords from a bug is submitted, which could let a remote malicious user obtain sensitive information: a vulnerability exists when exporting bugs to XML, which could let a remote malicious user obtain sensitive information; and a vulnerability exists because various private attachment metadata is disclosed, which could let a remote malicious user see private attachments.
Upgrades available at:
http://www.bugzilla.org/download/
There is no exploit code required. |
Mozilla Bugzilla Multiple Authentication Bypass& Information Disclosure
|
Medium |
Bugzilla Security Advisory, October 24, 2004 |
Mozilla.org
Mozilla Browser 1.7, rc1-rc3, beta, alpha, 1.7.1-1.7.3, 1.8 Alpha 1-4, Firefox Preview Release
Mozilla Firefox 0.9, rc, 0.9.1-0.9.3, 0.10, 0.10.1, Thunderbird 0.6, 0.7-0.7.3, 0.8 |
A vulnerability exists in the 'Open with' option because the software saves the file in the '/tmp' directory with world-readable permissions, which could let a malicious user obtain sensitive information.
Fixes are available in the CVS repository.
There is no exploit code required. |
Mozilla Temporary File Insecure Permissions Information Disclosure |
Medium |
Secunia Advisory,
SA12956, October 25, 2004 |
mpg123.de
mpg123 pre0.59s, 0.59r |
A buffer overflow vulnerability exists in the 'getauthfromURL()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.
Debian: http://security.debian.org/pool/updates/
non-free/m/mpg123/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-27.xml
A Proof of Concept exploit has been published. |
|
High |
Securiteam, October 21, 2004
Gentoo Linux Security Advisory, GLSA 200410-27, October 27, 2004
Debian Security Advisory, DSA 578-1 , November 1, 2004 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4;
RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
A remote Denial of Service vulnerability exists in the Apache mod_dav module when an authorized malicious user submits a specific sequence of LOCK requests.
Update available at: http://httpd.apache.org/
Gentoo: http://www.gentoo.org/security/en/glsa/
glsa-200409-21.xml
RedHat: ftp://updates.redhat.com/enterprise
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Debian: http://security.debian.org/pool/updates/main/liba/
HP: http://software.hp.com
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
|
SecurityTracker Alert ID, 1011248, September 14, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
Debian Security Advisory DSA 558-1 , October 6, 2004
HP Security Bulletin,
HPSBUX01090, October 26, 2004 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4; MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core1&2;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1; Turbolinux Turbolinux Desktop 10.0 |
A buffer overflow vulnerability exists in the apr-util library's IPv6 URI
parsing functionality due to insufficient validation, which could let a remote malicious user execute arbitrary code. Note: On Linux based Unix variants this issue can only be exploited to trigger a Denial of Service condition.
Patch available at:
http://www.apache.org/dist/httpd/patches/
apply_to_2.0.50/CAN-2004-0747.patch
Gentoo: http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Redhat: http://rhn.redhat.com/errata/RHSA-2004-463.html
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
SuSE: ftp://ftp.suse.com/pub/suse
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/10/updates
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP: http://h30097.www3.hp.com/internet/download.htm
We are not aware of any exploits for this vulnerability. |
Apache Web Server Remote IPv6 Buffer Overflow
CVE Name:
CAN-2004-0786
|
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notifications,
FEDORA-2004-307 & 308, September 16, 2004
HP Security Bulletin,
HPSBUX01090 & HPSBGN01091, October 26 & 29, 2004 |
Multiple Vendors
Fedora
Mandrake
Slackware
RedHat
SGI
Slackware Linux –current, 9.1;
utempter utempter 0.5.2, 0.5.3 |
Multiple vulnerabilities exist: a vulnerability exists due to an input validation error that causes the application to exit improperly, which could let a malicious user obtain root privileges; and a vulnerability exists due to a failure to validate buffer boundaries, which could let a malicious user cause a Denial of Service.
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/1/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Slackware:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/utempter-1.1.1-i486-1.tgz
RedHat:
ftp://updates.redhat.com/9/en/os/SRPMS/
utempter-0.5.5-2.RHL9.0.src.rpm
SGI:
http://www.sgi.com/support/security/
Sun: http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57658-1&
searchclause
A Proof of Concept exploit has been published.
|
|
Low/ High
(Low if a DoS; and High if root privileges can be obtained)
|
Fedora Update Notification, FEDORA-2004-108, April 21, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:031-1, April 21, 2004
Slackware Security Advisory, SSA:2004-110-01, April 19, 2004
Red Hat Security Advisory, RHSA-2004:175-01, April 30, 2004
SGI Security Advisories, 20040602-01-U & 20040603-01-U, June 21, 2004
Sun(sm) Alert Notification, 57658, October 26, 2004
|
Multiple Vendors
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1 |
A remote Denial of Service vulnerability during the decompression process due to a failure to handle malformed input.
Gentoo: http://security.gentoo.org/glsa/glsa-200408-26.xml
FileZilla: http://sourceforge.net/project/showfiles.
php?group_id=21558
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch
OpenPKG: ftp ftp.openpkg.org
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
SuSE: ftp://ftp.suse.com/pub/suse/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Conectiva: ftp://atualizacoes.conectiva.com.br/
SCO: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17
We are not aware of any exploits for this vulnerability.
|
Zlib Compression Library Remote
Denial of Service
CVE Name:
CAN-2004-0797
|
Low |
SecurityFocus, August 25, 2004
SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004
US-CERT Vulnerability Note VU#238678, October 1, 2004
SCO Security Advisory, SCOSA-2004.17, October 19, 2004
Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004 |
Multiple Vendors
Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0, 1.0.1; Slackware Linux -current, 9.0, 9.1, 10.0 |
A buffer overflow vulnerability exists in the processing of MSNSLP messages due to insufficient verification, which could let a remote malicious user execute arbitrary code.
Gentoo: http://security.gentoo.org/glsa/glsa-200410-23.xml
Rob Flynn:
http://prdownloads.sourceforge.net/gaim/
gaim-1.0.2.tar.gz?download
RedHat: ftp://updates.redhat.com
Slackware:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/
patches/packages/gaim-1.0.2-i486-1.tgz
Ubuntu:http://security.ubuntu.com/ubuntu/
pool/main/g/gaim/
We are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200410-23, October 25, 2004
RedHat Security Advisory, RHSA-2004:604-01, October 20, 2004
Slackware Security Advisory, SSA:2004-296-01, October 22, 2004
Ubuntu Security Notice, USN-8-1 October 27, 2004 |
Multiple Vendors
Linux kernel 2.6.8 rc1-rc3 |
A Denial of Service vulnerability exists in the 'ReiserFS' file system functionality due to a failure to properly handle files under certain conditions.
Upgrades available at:
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.9.tar.bz2
There is no exploit code required. |
Linux Kernel ReiserFS File System Local Denial of Service
CVE Name:
CAN-2004-0814
|
Low |
SecurityFocus, October 26, 2004 |
Multiple Vendors
LinuxPrinting.org Foomatic-Filters 3.03.0.2, 3.1;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
A vulnerability exists in the foomatic-rip print filter due to insufficient validation of command-lines and environment variables, which could let a remote malicious user execute arbitrary commands.
Mandrake: http://www.mandrakesecure.net/en/ftp.php
SuSE: ftp://ftp.suse.com/pub/suse
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Fedora: http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-24.xml
Sun: http://sunsolve.sun.com/search/document.do
?assetkey=1-26-57646-1&searchclause=
Conectiva: ftp://atualizacoes.conectiva.com.br/
We are not aware of any exploits for this vulnerability. |
LinuxPrinting.org Foomatic-Filter Arbitrary Code Execution
CVE Name:
CAN-2004-0801
|
High |
Secunia Advisory, SA12557, September 16, 2004
Fedora Update Notification,
FEDORA-2004-303, September 21, 2004
Gentoo Linux Security Advisory, GLSA 200409-24, September 17, 2004
Sun(sm) Alert Notification, 57646, October 7, 2004
Conectiva Linux Security Announcement, CLA-2004:880, October 26, 2004 |
Multiple Vendors
Paul Mackerras PPPD 2.4.1;
Ubuntu Ubuntu Linux 4.1 ppc, ia64, ia32 |
A remote Denial of Service vulnerability exists in the 'cbcp_input()' function, due to a failure to properly handle invalid input.
Upgrade available at:
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/
We are not aware of any exploits for this vulnerability. |
PPPD Remote Denial of Service |
Low |
Bugtraq, October 26, 2004 |
Net Integration Technologies Inc.
WvTftp 0.9
|
A buffer overflow vulnerability exists in the 'WvTFTPServer::new_connection ()' function in 'wvtftpserver.cc' due to a insufficient sanity checking, which could let a remote malicious user execute arbitrary code with root privileges.
No workaround or patch available at time of publishing.
An exploit script has been published. |
WvTftp Processing TFTP Options Buffer Overflow |
High |
Bugtraq, October 26, 2004 |
Netatalk
Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-25.xml
There is no exploit code required. |
NetaTalk Insecure Temporary File Creation
CVE Name:
CAN-2004-0974
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory GLSA 200410-25, October 25, 2004 |
Omni Group
OmniWeb 5.0.1 |
A cross-domain dialog box spoofing vulnerability exists, which could let a remote malicious user spoof an interface of a trusted web site.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Omni Group OmniWeb Browser Cross-Domain Dialog Box Spoofing |
Medium |
Secunia Advisory,
SA13002, October 27, 2004 |
phplist.com
Mailing List Manager 2.6-2.6.3 |
Some security vulnerabilities exist in PHPlist. The impact was not specified.
Update available at: http://sourceforge.net/project/showfiles.php?group_id=91074
We are not aware of any exploits for this vulnerability. |
PHPlist Unspecified Remote Security Vulnerabilities |
Not Specified |
SecurityTracker Alert ID: 1011958, October 27,2 004 |
PNG Development Group
Conectiva
Debian
Fedora
Gentoo
Mandrakesoft
RedHat
SuSE
Sun Solaris
HP-UX
GraphicsMagick
ImageMagick
Slackware
libpng 1.2.5 and 1.0.15 |
Multiple vulnerabilities exist in the libpng library which could allow a remote malicious user to crash or execute arbitrary code on an affected system. These vulnerabilities include:
- libpng fails to properly check length of transparency chunk (tRNS) data,
- libpng png_handle_iCCP() NULL pointer dereference,
- libpng integer overflow in image height processing,
- libpng png_handle_sPLT() integer overflow,
- libpng png_handle_sBIT() performs insufficient bounds checking,
- libpng contains integer overflows in progressive display image reading.
If using original, update to libpng version 1.2.6rc1 (release candidate 1) available at:
http://www.libpng.org/pub/png/libpng.html
Conectiva: http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000856
Debian: http://lists.debian.org/debian-security-announce/
debian-security-announce-2004/msg00139.html
Gentoo: http://security.gentoo.org/glsa/glsa-200408-03.xml
Mandrakesoft: http://www.mandrakesoft.com/security/advisories
?name=MDKSA-2004:079
RedHat http://rhn.redhat.com/
SuSE: http://www.suse.de/de/security/2004_23_libpng.html
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/1/
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Sun Solaris: http://sunsolve.sun.com/pub-cgi/
retrieve.pl?doc=fsalert/57617
HP-UX: http://www4.itrc.hp.com/service/cki/doc
Display.do?docId=HPSBUX01065
GraphicsMagick: http://www.graphicsmagick.org/
www/download.html
ImageMagick: http://www.imagemagick.org/www/
download.html
Slackware: http://www.slackware.com/security
/viewer.php?l=slackware-security&y=2004&m=
slackware-security.439243
Yahoo: http://messenger.yahoo.com/
SuSE: ftp://ftp.suse.com/pub/suse
SCO: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16
Fedora Legacy: http://download.fedoralegacy.org/redhat/
A Proof of Concept exploit has been published. |
Multiple Vulnerabilities in libpng
CVE Names:
CAN-2004-0597
CAN-2004-0598
CAN-2004-0599 |
High |
US-CERT Technical Cyber Security Alert TA04-217A, August 4, 2004
US-CERT Vulnerability Notes VU#160448, VU#388984, VU#817368, VU#236656, VU#477512, VU#286464, August 4, 2004
SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004
SCO Security Advisory, SCOSA-2004.16, October 12, 2004
Fedora Legacy Update Advisory, FLSA:2089, October 27, 2004 |
PostgreSQL
PostgreSQL 7.4.5 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-16.xml
Debian: http://security.debian.org/pool/updates/
main/p/postgresql/
OpenPKG: ftp://ftp.openpkg.org/release/
There is no exploit code required. |
PostgreSQL Insecure Temporary File Creation
CVE Name:
CAN-2004-0977
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200410-16, October 18, 2004
Debian Security Advisory, DSA 577-1, October 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.046, October 29, 2004 |
Qwikmail
Qwikmail 0.3 |
A vulnerability exists due to a format string error in 'qwik-smtpd.c,' which could let a remote malicious user execute arbitrary code.
Patch available at: http://qwikmail.sourceforge.net/
smtpd/qwik-smtpd-0.3.patch
We are not aware of any exploits for this vulnerability. |
QwikMail Format String |
High |
Secunia Advisory,
SA13037, November 1, 2004 |
rmerge.sourceforge. net
HTML::Merge 3.0 - 3.42 |
A vulnerability exists in 'printsource.pl' due to insufficient validation of the 'template' parameter, which could let a remote malicious user execute arbitrary code.
Update available at: http://sourceforge.net/project/showfiles.php?group
_id=47854
We are not aware of any exploits for this vulnerability. |
HTML::Merge 'printsource.pl' Input Validation |
High |
Secunia Advisory,
SA13041, November 1, 2004 |
Roaring Penguin Software
MIMEDefang 2.4, 2.14, 2.20, 2.21, 2.38, 2.39, 2.41-4.47 |
Multiple vulnerabilities exists due to insufficient validation of I/O
operations in 'mimedefang.pl.in' and an unspecified input validation
error exists in 'mimedefang.c.' The impact was not specified.
Upgrades available at:
http://www.mimedefang.org/static/mimedefang-2.48.tar.gz
We are not aware of any exploits for this vulnerability. |
Roaring Penguin Software MIMEDefang Multiple Vulnerabilities
|
Not Specified |
SecurityTracker Alert ID, 1011996, October 29, 2004 |
Russell Marks
zgv Image Viewer 5.5 |
Several vulnerabilities exist due to various integer overflows when
processing images, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
ZGV Image Viewer Multiple Remote Integer Overflow |
High |
Bugtraq, October 26, 2004 |
Ryszard Pydo
LinuxStat 2.0-2.3 |
A Directory Traversal vulnerability exists in the 'template' parameter due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.
Update available at: http://sourceforge.net/project/showfiles.php?group_id=38678
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Ryszard Pydo LinuxStat Remote Directory Traversal |
Medium |
Secunia Advisory,
SA12963, October 25, 2004 |
| SCO Group
SCO OpenServer 5.x |
Multiple vulnerabilities exist in SCO MMDF. According to SCO the vulnerabilities are: buffer overflows, null dereferences and core dumps. One of the buffer overflows is known to affect 'execmail.'
Updates available at: ftp://ftp.sco.com/pub/updates
/OpenServer/
SCOSA-2004.7/
An exploit script has been published. |
|
Medium |
SCO Advisory, SCOSA-2004.7, July 14, 2004
Deprotect Security Advisory 20040206, July 2, 2004
PacketStorm October 26, 2004 |
Squid-cache.org
Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support
|
A remote Denial of Service vulnerability exists in the 'asn_parse_header()' function in 'snmplib/asn1.c' due to an input validation error when handling certain negative length fields.
Updates available at: http://www.squid-cache.org/
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-15.xml
Trustix: http://http.trustix.org/pub/trustix/updates/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-591.html
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Debian: http://security.debian.org/pool/updates/main/s/squid/
OpenPKG: ftp://ftp.openpkg.org/release/
We are not aware of any exploits for this vulnerability.
|
|
Low |
iDEFENSE Security Advisory, October 11, 2004
Fedora Update Notification,
FEDORA-2004-338, October 13, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Gentoo Linux Security Advisory, GLSA 200410-15, October 18, 2004
RedHat Security Advisory, RHSA-2004:591-04, October 20, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:112, October 21, 2004
Debian Security Advisory, DSA 576-1, October 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.048, October 29, 2004 |
Sun Microsystems, Inc.
Performance Suite 4.0, 4.1, Utilization Suite 4.0, 4.1 |
A vulnerability exists in StorEdge QFS and SAM-FS, which could let a remote malicious user obtain sensitive information.
Workaround available at: http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57595-1&searchclause=
There is no exploit code required. |
Sun StorEdge Sparse File Information Disclosure |
Medium |
SecurityFocus, October 27, 2004 |
Tomasz Kloczko
Shadow 4.0-4.0.4
|
A vulnerability exists in the in the 'chfn' and 'chsh' utilities due to insufficient sanitization of user-supplied input, which could let a remote malicious user bypass authentication.
Upgrades available at :
ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.5.tar.gz
We are not aware of any exploits for this vulnerability. |
Shadow Authentication Bypass |
Medium |
SecurityFocus, October 28, 2004 |
Windowmaker.org
Windowmaker 0.20.1 -3, 0.52 -2, 0.53, 0.60, 0.61, 0.61.1, 0.62, 0.62.1, 0.63, 0.63.1, 0.64, 0.65, 0.65.1, 0.80, 0.80.2 |
A format string vulnerability exists in the 'WMGLOBAL' configuration file related to the validation of font specifications, which could let a malicious user execute arbitrary code.
Upgrades available at:
ftp://windowmaker.org/pub/source/release/WindowMaker-0.90.0.tar.gz
We are not aware of any exploits for this vulnerability. |
Window Maker WMGLOBAL Font Specification Format String |
High |
SecurityFocus, October 26, 2004 |
xmlsoft.org
Libxml2 2.6.12-2.6.14 |
Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the' xmlNanoFTPScanProxy()' function in 'nanoftp.c,' which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://xmlsoft.org/sources/libxml2-2.6.15.tar.gz
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
An exploit script has been published. |
Libxml2 Multiple Remote Stack Buffer Overflows
CVE Name:
CAN-2004-0989
|
High |
SecurityTracker Alert I, : 1011941, October 28, 2004 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
|
Hawking Technology
HAR11A DSL Router |
A vulnerability exists due to a failure to require authentication credentials prior to allowing administrative access to the devices CLI interface, which could let a remote malicious user obtain administrative access.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Hawking Technology HAR11A DSL Router Unauthenticated Administrative Access |
High |
Bugtraq, October 26, 2004 |
Horde Project
Horde 2.0, 2.1, 2.1.3, 2.2, 2.2.1, 2.2.3, 2.2.4, RC1, 2.2.5, 2.2.6 |
A Cross-Site Scripting vulnerability exists in the 'Help' window due to insufficient sanitization of user-supplied data, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
ftp://ftp.horde.org/pub/horde/horde-2.2.7.tar.gz
There is no exploit code required. |
Horde Application Framework Help Window Cross-Site Scripting |
High |
SecurityTracker Alert ID, 1011959, October 27, 2004 |
id Software, Inc.
Quake II Server 3.20, 3.21 |
Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when handling 'Configstrings' and 'Baselines' due to an input validation error; a buffer overflow vulnerability exists when parsing command packets, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists when when requesting missing files such as
maps from a server running Windows, which could let a remote malicious user download sensitive files; a remote Denial of Service vulnerability exists due to an input validation error when requesting missing files from a Linux server; a vulnerability exists due to an error in the handling of userinfo, which could let a remote malicious user spoof the client's IP address; and a remote Denial of Service vulnerability exists when a malicious user continuously submits multiple join requests.
No workaround or patch available at time of publishing.
We are not aware of any exploits for these vulnerabilities. |
ID Software Quake II Server Multiple Remote |
Low/Medium/
High
(Low if a DoS: Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
Bugtraq, October 27, 2004 |
ldu.neocrome.net
Land Down Under 701 |
Multiple input validation vulnerabilities exist due to insufficient validation of user-supplied input in several variables, which could let a remote malicious user obtain sensitive information.
Update available at: http://www.neocrome.net/index.php?msingle&id91
Proofs of Concept exploits have been published. |
Land Down Under Input Validation |
Medium |
SecurityTracker Alert ID, 1012015, November 1, 2004 |
Mozilla. org
Mozilla Browser 0.8, 0.9.2.1, 0.9.2- 0.9.9, 0.9.35, 0.9.48, 1.0, RC1& RC2, 1.0.1, 1.0.2, 1.1- 1.5 |
A Cross-Site Scripting vulnerability exists in 'nsDOMClassInfo.cpp' and occurs when a large number of event handlers are used within HTML tags, which could let a remote malicious user execute arbitrary code.
| |
| |
