 |
Summary of Security Items from December 1 through December 7, 2004
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Alt-N
MDaemon 7.2, 6.8.0-6.8.5 |
A vulnerability exists due to a failure to properly drop privileges prior to executing child process, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Alt-N MDaemon Privilege Escalation
|
Medium |
SecurityFocus, November 23, 2004
SecurityFocus, November 30, 2004 |
Burut Creative Team
Burut Kreed 1.5 |
Multiple vulnerabilities exist: a format string vulnerability exists, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user submits a large UDP datagram; and a remote Denial of Service vulnerability exists when a malicious nickname or model type is submitted.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
Burut Kreed Game Server Multiple Remote Vulnerabilities |
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory,
SA13361, December 3, 2004 |
Cisco Systems
CNS Network Registrar 6.0-6.0.5 .4, 6.1-6.1.1 .3 |
Multiple remote Denial of Service vulnerabilities exist in the Domain Name Service and Dynamic Host Configuration Protocol server components when a malicious user submits a specially crafted packet sequence.
Updates available at:
http://www.cisco.com/pcgi-bin/Software/
Tablebuild/tablebuild.pl/nr-eval
Currently we are not aware of any exploits for this vulnerability. |
Cisco CNS Network Registrar DNS & DHCP Server Remote Denial of Service |
Low |
Cisco Security Advisory, cisco-sa-20041202, December 2, 2004 |
Computer Associates
Unicenter Remote Control English 6.0 SP1 (Build 6.0.77), GA 6.0 (6.0.56.3), QO48974 6.0 (Build 6.0.74), Unicenter Remote Control French 6.0 SP1 (Build 6.0.77), GA 6.0 (Build 6.0.74), Unicenter Remote Control German 6.0 SP1 (Build 6.0.77), GA 6.0 (Build 6.0.74) |
A vulnerability exists due to an unspecified error in the URC
Management Console, which could let a remote malicious user obtain unauthorized administrative access.
There is no exploit code required.
Currently we are not aware of any exploits for this vulnerability. |
Computer Associates Unicenter Remote Control Remote Authentication Bypass |
High |
SecurityFocus, December 3, 2004 |
David Harris
Mercury (win32 version) 4.0 1a |
Multiple stack-based buffer overflow vulnerabilities exist in the IMAP server implementation due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
Update available at:
ftp://ftp.usm.maine.edu/pegasus/
mercury32/m32-401b.zip
Exploit scripts have been published. |
Mercury Mail Multiple Remote IMAP Stack Buffer Overflows |
High |
Bugtraq, December 1, 2004 |
GlobalSCAPE, Inc.
CuteFTP 6.0 |
Multiple buffer overflow vulnerabilities exist in the command and response functionality due to insufficient validation of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
GlobalScape CuteFTP Multiple Command Response Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1012366, November 30, 2004 |
Headlight Software, Inc.
GetRight 5.2a & prior |
A buffer overflow vulnerability exists in the 'DUNZIP32.DLL' component when a specially crafted skin file is created, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
GetRight 'DUNZIP32.DLL' Buffer Overflow |
High |
Secunia Advisory,
SA13391, December 7, 2004 |
HostingController
Hosting Controller v.6.1 Hotfix 1.4 |
Several vulnerabilities exist: a vulnerability exists in 'Statsbrowse.asp' due to a flaw that lets remote malicious users view arbitrary directories; and a vulnerability exists in 'Generalbrowser.asp' due to a flaw that lets remote malicious user view arbitrary files.
The vendor has released a patch.
Proofs of Concept exploits have been published. |
Hosting Controller 'Statsbrowse.asp' & 'Generalbrowse.asp' Information Disclosure |
Medium |
SecurityTracker Alert ID, 1012426, December 5, 2004 |
IBEX Software
Remote Execute 2.x |
A remote Denial of Service vulnerability exists due to an error in the connection handling.
Update available at: http://www.ibexsoftware.com/downloadRemoteExecute.asp
Currently we are not aware of any exploits for this vulnerability. |
IBEX Software Remote Execute Denial of Service |
Low |
SecurityTracker Alert, 1012445, December 7, 2004 |
IpSwitch
WS_FTP Server 5.03, 2004.10.14 |
Several vulnerabilities were reported that could permit a remote authenticated malicious user to execute arbitrary code on the target system. A remote authenticated user can trigger a buffer overflow in several FTP commands. The SITE, XMKD, MKD, and RFNR FTP commands are affected. A remote user can cause the FTP service to crash or execute arbitrary code.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
IpSwitch WS_FTP Buffer Overflow |
High |
SecurityTracker Alert ID: 1012353, November 29, 2004
SecurityFocus, November 30, 2004 |
Microsoft
Windows 2000/XP Resource Kit
|
Several vulnerabilities exist in the 'w3who.dll' Microsoft ISAPI extension in the Windows 2000/XP Resource Kit: Cross-Site Scripting vulnerabilities exist when displaying HTTP headers and in error messages, which could let a remote malicious user execute arbitrary HTML and script code; and a buffer overflow vulnerability exists when processing input parameters, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
|
High |
Exaprobe Security Advisory, December 6, 2004 |
Microsoft
ISA Server 2000, Proxy Server 2.0 |
A spoofing vulnerability exists that could enable a malicious user to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious web site.
Updates available at:
http://www.microsoft.com/technet/
security/bulletin/ms04-039.mspx
V2.0 (November 9, 2004): Bulletin updated to reflect the release of an updated ISA Server 2000 security update for the German language only. This issue does not affect any other language version of this security update. The Security Update Replacement section has also been revised.
V3.0 (November 16, 2004): Bulletin updated to reflect the release of updated ISA Server 2000 security updates for all languages. These issues affected customers using ISA Server 2000 Service Pack 1 or using Windows 2000 Service Pack 3. The Security Update Replacement section has also been revised.
Microsoft Security Bulletin updated to reflect a revised Security Update Information section for the Proxy 2.0 Service Pack 1 security update.
V3.2: Bulletin updated to reflect a revised Security Update Information section for the Proxy 2.0 Service Pack 1 security update. This update documents that the Proxy 2.0 Service Pack 1 security update uses local date and time information instead of UTC date and time information.
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Microsoft Security Bulletin, MS04-039 2.0, 3.0, 3.1, November 19, 2004 (Updated)
Microsoft Security Bulletin, MS04-039 Rev 3.2, November 30, 2004
|
Microsoft
Internet Explorer 6 |
A vulnerability exists when processing FTP URLs, which could let a remote malicious user execute arbitrary commands.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer FTP URL Processing Input Validation |
High |
7a69ezine Advisories , December 7, 2004 |
Microsoft
Internet Explorer 6.0 SP1,
Microsoft Internet Explorer 6.0 |
A remote buffer overflow vulnerability exists due to insufficient boundary checks performed by the application and results in a Denial of Service condition. Arbitrary code execution may be possible as well.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/ms04-040.mspx
Note: Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 or MS04-038 should not install this update. Instead customers should deploy update 889669.
Microsoft Knowledge Base Article 889293 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
An exploit script has been published. |
Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow
CVE Name:
CAN-2004-1050
|
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, Bugtraq ID 11515, October 25, 2004
Packetstorm, November 4, 2004
Microsoft Security Bulletin, MS04-040, December 1, 2004
Technical Cyber Security Alert, TA04-336A, December 3, 2004 |
Microsoft
Internet Explorer 6.0, SP1&2, Windows XP 64-bit Edition SP1
Windows XP 64-bit Edition, 64-bit Edition Version 2003, SP1, XP Embedded, SP1, XP Home, SP1&2, XP Media Center Edition, SP1&2, XP Professional, SP1&2, XP Tablet PC Edition |
A vulnerability exists which could let a remote malicious user execute arbitrary HTML and script code if a maliciously constructed file were 'dragged and dropped.'
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Microsoft Internet Explorer Drag & Drop |
|
SecurityFocus, November 29, 2004 |
Microsoft
Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP Service Pack 2, Windows 98, Windows 98 SE, Windows ME, Internet Explorer 5.5; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0,
S3400 Message Application Server,
S8100 Media Servers |
Multiple vulnerabilities are corrected with Microsoft Security Update MS04-038. These vulnerabilities include: Cascading Style Sheets (CSS) Heap Memory Corruption Vulnerability; Similar Method Name Redirection Cross Domain Vulnerability; Install Engine Vulnerability; Drag and Drop Vulnerability; Address Bar Spoofing on Double Byte Character Set Locale Vulnerability; Plug-in Navigation Address Bar Spoofing Vulnerability; Script in Image Tag File Download Vulnerability; SSL Caching Vulnerability. These vulnerabilities could allow remote code execution.
A vulnerability exists in the Microsoft MSN 'heartbeat.ocx' component, used by Internet Explorer on some MSN gaming sites
Updates available at:
http://www.microsoft.com/technet/
security/bulletin/MS04-038.mspx
Avaya: Customers are advised to follow Microsoft's guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=
128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState
=askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&execute
Transaction=avaya.css.UsageUpdate()
Updated the ActiveX control name from "Heartbeat.ocx" to "Hrtbeat.ocx", added GUID information to the Security Update Information section.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer Security Update
CVE Names:
CAN-2004-0842
CAN-2004-0727
CAN-2004-0216
CAN-2004-0839
CAN-2004-0844
CAN-2004-0843
CAN-2004-0841
CAN-2004-0845
|
High |
Microsoft Security Bulletin, MS04-038, October 12, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
US-CERT Vulnerability Notes VU#637760, October 13, 2004, VU#625616, October 15, 2004, VU#431576, VU#630720, & VU#291304, October 18, 2004, VU#673134 & VU#795720, October 19, 2004
SecurityFocus, October 18, 2004
Microsoft Security Bulletin, MS04-038, November 9, 2004
SecurityFocus, November 29, 2004 |
Microsoft
Small Business Server 2000, 2003, Windows 2000 Advanced Server , SP1-SP4, Windows 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, NT Enterprise Server 4.0, SP1-SP6a, NT Server 4.0, SP1-SP6a, NT Terminal Server 4.0, SP1-SP6a, Windows Server 2003 Datacenter Edition, 64-bit, Server 2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition |
A buffer overflow vulnerability exists in the Microsoft Windows Internet Name Service (WINS), which could let a remote malicious user execute arbitrary code with SYSTEM level privileges.
Workaround available at:
http://support.microsoft.com/kb/890710
There is no exploit circulating at this time. |
Microsoft Windows WINS Buffer Overflow |
High |
SecurityFocus, November 30, 2004
US-CERT Vulnerability Note VU#145134, December 6, 2004 |
Thomas Hauck
JanaServer 2 2.4.0-2.4.4 |
Two vulnerabilities exist: a remote Denial of Service vulnerability exists in the'http-server' module when a malicious user submits a specially crafted HTTP request that contains a large of '%' characters to port 2506; and a remote Denial of Service vulnerability exists in the 'pna-proxy' module when handling Real Player requests.
Updates available at:
http://www.janaserver.de/start.php?lang
=en&menue=download&content=down
An exploit script has been published. |
JanaServer 2 Multiple Remote Denial of Service |
Low |
Bugtraq, November 30, 2004 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 |
A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections.
Apache:
http://nagoya.apache.org/bugzilla/show_
bug.cgi?id=29964
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-349.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/i386/update/
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Trustix:
http://http.trustix.org/pub/trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP:
http://software.hp.com
Apple:
http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
SecurityFocus, September 6, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004
Gentoo Linux Security Advisory, GLSA 200409-21, September 16, 2004
Trustix Secure Linux Security Advisory,TSLSA-2004-0047, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
HP Security Bulletin,
HPSBUX01090, October 26, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Apache Software Foundation
Apache 2.0.50 |
A remote Denial of Service vulnerability exists in 'char_buffer_read()' when using a RewriteRule to reverse proxy SSL connections.
Patch available at:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?
r1=1.125&r2=1.126
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-463.html
Gentoo:
http://security.gentoo.org/glsa/
glsa-200409-21.xml
Trustix:
http://www.trustix.org/errata/2004/0047/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP:
http://h30097.www3.hp.com/internet/
download.htm
Apple:
http://www.apple.com/swupdates/
There is
no exploit code required; however, Proofs of Concept exploits have been published. |
|
Low |
SecurityTracker Alert ID, 1011213, September 10, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004
RedHat Security Advisory, RHSA-2004:463-09, September 15, 2004
Gentoo Linux Security Advisory GLSA 200409-21, September 16, 2004
Trustix Secure Linux Security Advisory , TSLSA-2004-0047, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
HP Security Bulletin,
HPSBUX01090 & HPSBGN01091, October 26 & 29, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Apache Software Foundation
Conectiva
Gentoo
HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat
SGI
Trustix
Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD –current, 3.4, 3.5 |
A buffer overflow vulnerability exists in Apache mod_proxy when a ‘ContentLength:’ header is submitted that contains a large negative value, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at:
http://marc.theaimsgroup.com/
?l=apache-httpd-dev&m=108687304202140&q=p3
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
OpenPKG:
ftp://ftp.openpkg.org/release/2.0/
UPD/apache-1.3.29-2.0.3.src.rpm
Gentoo:
http://security.gentoo.org/glsa/glsa-200406-16.xml
Mandrake:
http://www.mandrakesoft.com/security/advisories
SGI:
ftp://patches.sgi.com/support/free/security/
Fedora Legacy:
http://download.fedoralegacy.org/redhat/
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/Turbo
Linux/TurboLinux/ia32/
Apple:
http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1010462, June 10, 2004
Gentoo Linux Security Advisory, GLSA 200406-16, June 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:065, June 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.029, June 11, 2004
SGI Security Advisory, 20040605-01-U, June 21, 2004
Fedora Legacy Update Advisory, FLSA:1737, October 14, 2004
US-Cert Vulnerability Note VU#541310, October 19, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Turbolinux Security Announcement, November 18, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability was reported in Apache running on an Apple HFS+ filesystem. A remote malicious user may be able to directly access file data or resource fork contents. Apple reported that a remote user can supply a specially crafted HTTP request to bypass the Apache file handler and directly access certain content using the special file names. The Apple HFS+ filesystem permits files to have multiple data streams and be access via special filenames.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Apache File Handlers Bypass & Directly Access
CVE Name:
CAN-2004-1084 |
Medium |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability was reported in Apache when running on Mac OS X with the Apple HFS+ filesystem. A remote malicious user may be able to gain access to certain files on the system. Apple reported that the web server configuration does not properly block access to '.DS_Store' files and files that start with the string '.ht'. The web server operates in a case sensitive manner but the HFS+ filesystem is case insensitive.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Apache on Apple HFS+ '.DS_Store' Files Disclosure
CVE Name:
CAN-2004-1083
|
Medium |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability was reported in Apple's AppKit. One application may be able to access ostensibly secure data from another application in the same window. The vendor reported that in some cases, secure input is not properly enabled. As a result, an application may be able to read characters entered into a secure text field of another window in that session.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple AppKit Secure Input
CVE Name:
CAN-2004-1081 |
Medium |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability exists in the Cyrus IMAP server when used with Kerberos authentication, affecting Mac OS X and possibly other operating systems which could allow a remote authenticated malicious user to gain access to another mailbox on the target system.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Cyrus IMAP Server Remote Mailbox Access
CVE Name:
CAN-2004-1089
|
Medium |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Server |
A vulnerability was reported in Apache mod_digest_apple. A remote malicious user can replay previously recorded authentication credentials. Apple reported that that a remote user may be able to exploit this flaw to gain access to the target web service.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Apache mod_digest_apple Authentication Credentials Replay
CVE Name:
CAN-2004-1082
|
Medium |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Server |
A vulnerability exists in Apples's QuickTime Streaming Server. A remote malicious user can cause Denial of Service conditions. Apple reported that a remote user can send specially crafted DESCRIBE requests to the target streaming server to cause Denial of Service conditions.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple QuickTime Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-1123 |
Low |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.3.6 Client; Mac OS X 10.3.6 Server
|
A vulnerability exists in HIToolbox that could allow a physically local malicious user to quit applications with a special key combination when in kiosk mode.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple HIToolbox Kiosk Mode Application Quit
CVE Name:
CAN-2004-1085
|
Low |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability exists in Postfix when using CRAM-MD5 authentication. A remote malicious user may be able to send mail via the target system. Apple reported that in some situations, a remote user may be able to replay previously recorded CRAM-MD5 authentication credentials during a small time period to send mail via the system.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Postfix CRAM-MD5 Replay Attack
CVE Name:
CAN-2004-1088 |
Medium |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability exists in PSNormalizer in the conversion of PostScript files to PDF format that could allow a remote malicious user to execute arbitrary code. Apple reported that a remote user can create a specially crafted PostScript document that, when converted by the target user, will execute arbitrary code with the privileges of the target user.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple PSNormalizer Buffer Overflow
CVE Name:
CAN-2004-1086 |
High |
Apple Security Update, December 2, 2004 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
A vulnerability exists in Mac OS X Terminal. The terminal may display the incorrect 'Secure Keyboard Entry'. The vendor reported that the 'Secure Keyboard Entry' menu setting may be displayed when it is not active.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Terminal Incorrect 'Secure Keyboard Entry' Status
CVE Name:
CAN-2004-1087 |
Low |
Apple Security Update, December 2, 2004 |
| Caolan McNamara & Dom Lachowicz
wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0 |
A buffer overflow vulnerability exists in the 'strcat()' function call due to the insecure bounds checking, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://www.abisource.com/bonsai/
cvsview2.cgi?diff_mode=context&whitespace_mode=show&
root=/cvsroot&subdir=wv&command=DIFF_
FRAMESET&root
=/cvsroot&file=field.c&rev
1=1.19&rev2=1.20
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200407-11.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/updates/main/w/wv/
A Proof of Concept exploit has been published. |
|
High |
Securiteam, July 11, 2004
iDEFENSE Security Advisory, July 9, 2004
Conectiva Linux Security Announcement, CLA-2004:863, September 10, 2004
Debian Security Advisory, DSA 550-1, September 20, 2004
Debian Security Advisory, DSA 579-1, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:902, December 1, 2004 |
Carsten Haitzler
imlib 1.x |
Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library.
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-03.xml
Currently we are not aware of any exploits for these vulnerabilities. |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026 |
High |
Secunia Advisory ID:
SA13381, December 7, 2004 |
Debian
Debian GNU/Linux 3.0, Debian GNU/Linux unstable alias sid
|
A vulnerability exists in hpsockd, which can be exploited by malicious people to cause a Denial of Service and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error, which can be exploited to cause a buffer overflow.
Updates available:
http://www.debian.org/security/2004/dsa-604
Currently we are not aware of any exploits for this vulnerability. |
Debian hpsockd Buffer Overflow Vulnerability
|
Low/High
(High if arbitrary code can be executed)
|
Debian Security Advisory
DSA-604-1, December 2, 2004 |
Dom Lachowicz
AbiWord 2.0.7 and prior
|
A vulnerability exists in the "wv" library of AbiWord, which could be exploited by an attacker to compromise a user's system.
Update to version 2.0.8 or later available at:
http://www.abisource.com/download/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/1/
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/2/
Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000902
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Dom Lachowicz AbiWord "wv" Library Buffer Overflow |
High |
AbiWord 2.0.7-2.0.9 Changes
Secunia, SA12136 and SA12146, July 26, 2004
Secunia Advisory ID: SA13344, December 2, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
Downhill Battle
Blog Torrent Preview Version 0.8 |
A vulnerability exists that could permit a remote malicious user to view files on the target system. The 'btdownload.php' script does not properly validate user-supplied input in the 'file' parameter. A remote user can submit a specially crafted URL to traverse the directory and view arbitrary files with the privileges of the target web service.
A fix is available via CVS at:
http://cvs.sourceforge.net/viewcvs.py/
battletorrent/btorrent_server/
btdownload.php?r1=1.6&r2=1.7
A Proof of Concept exploit has been published. |
Downhill Battle Blog Torrent 'btdownload.php' Input Validation
|
|
SecurityTracker Alert ID: 1012390, December 2, 2004 |
Federico D. Sacerdoti
Ansel 2.1 |
Multiple vulnerabilities exist which can be exploited by malicious people to conduct SQL injection and script insertion attacks. Input passed to the "image" parameter is not properly sanitized before being used in a SQL query. Also, input passed to the album name field is not properly sanitized before being used.
Update to version 2.2:
ftp://heron.sdsc.edu/pub/ansel-2.2.tar.gz
Currently we are not aware of any exploits for these vulnerabilities.
|
Federico D. Sacerdoti Ansel "image" SQL Injection & Script Insertion |
High |
Secunia Advisory ID: SA12856, December 6, 2004 |
FreeBSD Project
FreeBSD Kernel
|
A vulnerability exists in the kernel which can be exploited by malicious, local users to gain knowledge of sensitive information or cause a Denial of Service. The vulnerability is caused due to an error in "/proc/curproc/cmdline" of the procfs file system and "/proc/self/cmdline" of the linprocfs file system when reading an argument vector from a process address space. This can be exploited to disclose parts of kernel memory or crash a vulnerable system. Successful exploitation requires that the procfs or linprocfs file system is mounted.
Patches available:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/
advisories/FreeBSD-SA-04%3A17.procfs.asc
Currently we are not aware of any exploits for this vulnerability. |
FreeBSD Kernel Memory Disclosure
CVE Name:
CAN-2004-1066 |
Medium |
FreeBSD-SA-04:17 Security Advisory, December 1, 2004 |
GD Graphics Library
gdlib 2.0.23, 2.0.26-2.0.28 |
A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
OpenPKG:
ftp://ftp.openpkg.org/release/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-08.xml
Debian:
http://security.debian.org/pool/updates/main/libg
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Trustix:
http://http.trustix.org/pub/trustix/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool
/updates/main/libg/libgd/
An exploit script has been published. |
GD Graphics Library Remote Integer Overflow
CVE Name:
CAN-2004-0990
|
High |
Secunia Advisory,
SA12996, October 28, 2004
Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004
Ubuntu Security Notice, USN-21-1, November 9, 2004
Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004
Fedora Update Notifications,
FEDORA-2004-411 & 412, November 11, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Ubuntu Security Notice, USN-25-1, November 16, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004 |
Gentoo
mirrorselect-0.88 and prior
|
A vulnerability exists in mirrorselect, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.The vulnerability is caused due to temporary files being created
insecurely. This can be exploited via symlink attacks to overwrite arbitrary files on the system with the privileges of the user executing the mirrorselect tool.
Update to "app-portage/mirrorselect-0.89" or later: http://security.gentoo.org/glsa/glsa-200412-05.xml
Currently we are not aware of any exploits for this vulnerability.
|
Gentoo mirrorselect Insecure Temporary File Creation |
Medium |
Gentoo Security Advisory, GLSA 200412-05 / mirrorselect, December 7, 2004 |
Gentoo
PDFlib |
Multiple overflow vulnerabilities exists in PDFlib which can be exploited by malicious people to execute arbitrary code or cause a Denial of Service.
Update to "media-libs/pdflib-5.0.4_p1" or later available at: http://security.gentoo.org/glsa/glsa-200412-02.xml
Currently we are not aware of any exploits for this vulnerability.
|
Gentoo PDFlib Buffer Overflow
|
High |
Gentoo Linux Security Advisory, GLSA 200412-02 / PDFlib, December 2, 2004 |
Gentoo
perl |
Multiple vulnerabilities exist which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.
Update to "perl-5.8.5-r2" or later:
http://security.gentoo.org/
glsa/glsa-200412-04.xml
Currently we are not aware of any exploits for these vulnerabilities. |
Gentoo Perl Privilege Escalation |
Medium |
Gentoo Security Advisory, GLSA 200412-04 / perl, December 7, 2004 |
Global Moxie
Big Medium 1.0 |
A vulnerability exists due to an unspecified error, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.globalmoxie.com/cgi-bin/
license/download.cgi
Currently we are not aware of any exploits for this vulnerability. |
Global Moxie Big Medium Remote Script Code Execution |
High |
SecurityFocus, December 2, 2004 |
IBM
AIX 5.1, 5.2, 5.3 |
A vulnerability has been reported in AIX, which can be exploited by malicious, local users to inject arbitrary data into the ODM (Object Data Manager) or cause a vulnerable system to hang during boot.The vulnerability is caused due to an unspecified error within the system startup scripts.
Apply APARs:
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
Currently we are not aware of any exploits for this vulnerability.
|
IBM AIX Unspecified System Startup Scripts |
Low |
SecurityTracker Alert ID: 1012419, December 3, 2004 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=24099
Redhat:
http://rhn.redhat.com/errata/RHSA-2004-480.html
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
i/imagemagick/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-11.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/i386/update/
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:143
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick Remote EXIF Parsing Buffer Overflow
CVE Name:
CAN-2004-0981
|
High |
SecurityTracker Alert ID, 1011946, October 26, 2004
Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004
Debian Security Advisory DSA 593-1, November 16, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004
Mandrakesoft Security Advisory, MDKSA-2004:143, December 6, 2004 |
KDE
KDE Konqueror 3.3.1 and prior |
A vulnerability exists in the processing of FTP URLs that could allow a remote malicious user to cause FTP commands to be executed. A remote user can create a specially crafted FTP URL that, when loaded by the target user, will execute arbitrary FTP commands on the specified FTP server. The commands can be appended to the URL, separated by the string '%0a'. The target user must first be authenticated against the FTP server for the exploit to work.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
KDE Konqueror Input Validation |
High |
SecurityTracker Alert ID: 1012443, December 7, 2004
|
libtiff.org
LibTIFF 3.6.1 |
Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-11.xml
Fedora: http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
SuSE: ftp://ftp.suse.com/pub/suse/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Proofs of Concept exploits have been published.
|
|
Low/High
(High if arbitrary code can be execute)
|
Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004
Debian Security Advisory, DSA 567-1, October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004
SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004
Slackware Security Advisory, SSA:2004-305-02, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:888, November 8, 2004
US-CERT Vulnerability Notes VU#687568 & VU#948752, December 1, 2004 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4; MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core1&2;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1; Turbolinux Turbolinux Desktop 10.0 |
A buffer overflow vulnerability exists in the apr-util library's IPv6 URI
parsing functionality due to insufficient validation, which could let a remote malicious user execute arbitrary code. Note: On Linux based Unix variants this issue can only be exploited to trigger a Denial of Service condition.
Patch available at:
http://www.apache.org/dist/httpd/patches/
apply_to_2.0.50/CAN-2004-0747.patch
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200409-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Redhat:
http://rhn.redhat.com/errata/RHSA-2004-463.html
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/10/updates
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP:
http://h30097.www3.hp.com/internet/download.htm
Apple:
http://www.apple.com/swupdates/
Current
y we are not aware of any exploits for this vulnerability. |
Apache Web Server Remote IPv6 Buffer Overflow
CVE Name:
CAN-2004-0786
|
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notifications,
FEDORA-2004-307 & 308, September 16, 2004
HP Security Bulletin,
HPSBUX01090 & HPSBGN01091, October 26 & 29, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.1.7, 2.1.9, 2.1.10, 2.1.16, 2.2 .0 ALPHA, 2.2.1 BETA, 2.2.2 BETA, 2.2.3-2.2.8; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0-2.2;
Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PROXY' and 'LOGIN' commands if the 'IMAPMAGICPLUS' option is enabled, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument parser for the 'PARTIAL' command, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument handler for the 'FETCH' command, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handler for the 'APPEND' command, which could let a remote malicious user execute arbitrary code.
Carnegie Mellon University:
ftp://ftp.andrew.cmu.edu/pub/cyrus/
Debian:
http://security.debian.org/pool/updates
/main/c/cyrus-imapd/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-34.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main
/c/cyrus21-imapd/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
OpenPKG:
ftp://ftp.openpkg.org/release/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Securiteam, November 23, 2004
Debian Security Advisory, DSA 597-1, November 25, 2004
Gentoo Linux Security Advisory, GLSA 200411-34, November 25, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:139, November 26, 2004
Trustix Secure Linux Advisory, TSL-2004-0063. November 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.051, November 29, 2004
Conectiva Linux Security Announcement, CLA-2004:904, December 1, 2004
Fedora Update Notifications,
FEDORA-2004-487 & 489, December 1, 2004
SUSE Security Announcement, SUSE-SA:2004:043, December 3, 2004 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.2.9 & prior |
A buffer overflow vulnerability exists in the 'imap magic plus' support code, which could let a remote malicious user execute arbitrary code.
Update available at:
http://asg.web.cmu.edu/cyrus/download/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-34.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=a&anuncio=000904
SUSE:
ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Cyrus IMAP 'imap magic plus' Buffer Overflow
CVE Name:
CAN-2004-1015 |
High |
Gentoo Linux Security Advisory, GLSA 200411-34, November 25, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:139, November 26, 2004
Secunia SA13349, December 2, 2004
Secunia Advisory ID: SA13346, December 2, 2004
Secunia Advisory ID: 13366, December 6, 2004
|
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9 |
A vulnerability exists in 'iptables.c' and 'ip6tables.c' due to a failure to load the required modules, which could lead to a false sense of security because firewall rules may not always be loaded.
Debian:
http://security.debian.org/pool/updates/main/i/iptables/i
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
SUSE:
ftp.SUSE.com/pub/SUSE
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 580-1 , November 1, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Fedora Update Notification,
FEDORA-2004-417, December 1, 2004 |
Multiple Vendors
GD Graphics Library gdlib 1.8.4, 2.0.1, 2.0.20-2.0.23, 2.0.26-2.0.28 |
Multiple buffer overflow vulnerabilities exist due to insufficient bounds checking prior to processing user-supplied strings, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Debian:
http://security.debian.org/pool/updates/main/libg/
Currently we are not aware of any exploits for these vulnerabilities. |
GD Graphics Library Multiple Remote Buffer Overflows
CVE Name:
CAN-2004-0941
|
High |
SecurityTracker, 1012195, November 11, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Debian Security Advisories, DSA 601-1 & 601-2, November 29, 2004 |
Multiple Vendors
gzip |
A vulnerability exists in the gzip(1) command, which could let a malicious user access the files of other users that were processed using gzip.
Sun Solaris:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57600-1
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:142
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors
Gzip File Access |
Medium |
Sun(sm) Alert Notification, 57600, October 1, 2004
US-CERT Vulnerability Note VU#635998, October 18, 2004
Mandrakesoft Security Advisory, MDKSA-2004:142, December 6, 2004 |
Multiple Vendors
nfs-utils 1.0.6 |
A vulnerability exists due to an error in the NFS statd server in "statd.c" where the "SIGPIPE" signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely.
Upgrade to 1.0.7-pre1:
http://sourceforge.net/project/
showfiles.php?group_id=14&package_id=174
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:146
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors nfs-utils "SIGPIPE" TCP Connection Termination Denial of Service
|
Low |
Secunia Advisory ID: SA13384, December 7, 2004 |
Multiple Vendors
OpenSSH 3.0 p1-3.0.2 pl1, 3.0-3.0.2, 3.1-3.5, 3.1pl1, 3.2.2 p1, 3.2.3 p1, 3.3 p1-3.5pl1, 3.6.1 p1&pl2, 3.6.1, 3.7, 3.7.1, 3.7 p1&pl2, 3.7.1 p1, 3.8.1 p1, 3.9.1 pl1 |
An information disclosure vulnerability exists in the portable version of OpenSSH that is distributed for operating systems other than its native OpenBSD platform, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/
There is no exploit code required. |
OpenSSH-portable Remote Information Disclosure
CVE Name:
CAN-2003-0190
|
Medium |
Ubuntu Security Notice, USN-34-1 November 30, 2004 |
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.0, 1.0.6, 1.0.8, 1.1, 1.1.1, 1.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun SEAM 1.0.2 |
Multiple double-free vulnerabilities exist due to inconsistent memory handling routines in the krb5 library: various double-free errors exist in the KDC (Key Distribution Center) cleanup code and in client libraries, which could let a remote malicious user execute arbitrary code; various double-free errors exist in the 'krb5_rd_cred()' function, which could let a remote malicious user execute arbitrary code; a double-free vulnerability exists in krb524d, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in ASN.1 decoder when handling indefinite length BER encodings, which could let a remote malicious user cause a Denial of Service.
MIT Kerberos:
http://web.mit.edu/kerberos/advisories/
Cisco:
http://www.cisco.com/warp/public/707/
cisco-sa-20040831-krb5.shtml
Debian:
http://security.debian.org/pool/updates/main/k/krb5/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-09.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Sun:
http://sunsolve.sun.com/search
/document.do?assetkey=1-21-112908-15-1
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000860
OpenPKG:
ftp://ftp.openpkg.org/release/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Server/
IBM:
http://www.securityfocus.com/advisories/7269
Apple:
http://www.apple.com/swupdates/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004
US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004
US-CERT Vulnerability Notes, VU#350792, VU#795632, VU#866472, September 3, 2004
Conectiva Security Advisory, CLSA-2004:860, September 9, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.039, September 13, 2004
Turbolinux Security Advisory TLSA-2004-22, September 15, 2004
IBM Security Advisory, September 30, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.2.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun Solaris 9.0, 9.0 _x86 |
A remote Denial of Service vulnerability exists in the ASN.1 decoder when decoding a malformed ASN.1 buffer.
MIT Kerberos:
http://web.mit.edu/kerberos/advisories/
Cisco:
http://www.cisco.com/warp/public/
707/cisco-sa-20040831-krb5.shtml
Debian:
http://security.debian.org/pool/updates/main/k/krb5/
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-09.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57631-1&searchclause=
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva: http://distro.conectiva.com.br/atualizacoes
/index.php?id=a&anuncio=000860
OpenPKG:
ftp://ftp.openpkg.org/release/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Server/
Apple:
http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
MIT Kerberos 5 ASN.1 Decoder Remote Denial of Service
CVE Name:
CAN-2004-0644
|
Low |
MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004
US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004
US-CERT Vulnerability Note VU#550464, September 3, 2004
Conectiva Security Advisory, CLSA-2004:860, September 9, 2004
OpenPKG Security Advisory , OpenPKG-SA-2004.039, September 13, 2004
Turbolinux Security Advisory TLSA-2004-22, September 15, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/main/c/cupsys/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-20.xml
KDE:
ftp://ftp.kde.org/pub/kde/security_patches/
post-3.3.1-kdegraphics.diff
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/
SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities.
|
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CVE Names:
CAN-2004-0888
CAN-2004-0889 |
High |
SecurityTracker Alert ID, 1011865, October 21, 2004
Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004
Debian Security Advisory, DSA 599-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
Multiple Vendors
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14 |
Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
lmlib:
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
ImageMagick:
http://www.imagemagick.org/www/download.html
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-12.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-465.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Sun:
http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57648-1&searchclause=
http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57645-1&searchclause=
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-480.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/i
Currently we are not aware of any exploits for these vulnerabilities.
|
IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows
CVE Names:
CAN-2004-0817
CAN-2004-0802 |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 1, 2004
Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, 2004
Fedora Update Notifications,
FEDORA-2004-300 &301, September 9, 2004
Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004
RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004
Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004
Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004
Turbolinux Security Announcement, October 5, 2004
RedHat Security Update, RHSA-2004:480-05, October 20, 2004
Ubuntu Security Notice USN-35-1, November 30, 2004 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service.
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-28.xml
SUSE:
| |
| |
