 |
Summary of Security Items from January 12 through January 18, 2005
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Brat Designs
Breed |
A remote Denial of Service vulnerability exists when a malicious user submits an empty UDP datagram.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Brat Designs Breed Remote Denial of Service |
Low |
Securiteam, January 17, 2005 |
forumKIT
forumKIT 1.0 |
A Cross-Site Scripting vulnerability exists in the 'f.aspx' script due to insufficient sanitization of the 'members' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit required; however, a Proof of Concept exploit has been published.
|
forumKIT Cross-Site Scripting |
|
SecurityTracker Alert, 1012895, January 14, 2005 |
Gracebyte Software
Gracebyte Network Assistant 3.2.5 .2260 |
A remote Denial of Service vulnerability exists due to a failure to properly handle UDP datagrams.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Gracebyte Network Assistant Remote Denial of Service |
Low |
Network Security Team Advisory, January 12, 2005 |
Ipswitch
IMail 8.13 |
A buffer overflow vulnerability exists in the 'DELETE' command due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code.
Patch available at:
ftp://ftp.ipswitch.com/Ipswitch/Product_
Support/IMail/imail814.exe
Another exploit script has been published. |
Ipswitch IMail Server Remote Buffer Overflow |
High |
Securiteam, November 15, 2004
SecurityFocus, November 16, 2004
SecurityFocus, January 11, 2005 |
Microsoft
Internet Explorer 6.0, SP1&SP2 |
A vulnerability exists because the security warning can be bypassed when a document contains a specially crafted HTML body tag and a dynamic IFRAME, which could let a remote malicious user bypass the file download security warning mechanism.
No workaround or patch available at time of publishing.
There is no exploit required; however, a Proof of Concept exploit has been published. |
Microsoft Internet Explorer Dynamic IFRAME Security Bypass |
Medium |
SecurityFocus, January 15, 2005 |
Microsoft
Office 2000, SR1, SP2&SP3, 2000, SP1, Office XP, SP1-SP3 |
A security vulnerability exists in the RC4 stream cipher due to incorrect implementation, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
|
Microsoft Office RC4 Stream Cipher |
Medium |
Bugtraq, January 11, 2005 |
Microsoft
Windows (XP SP2 is not affected) |
A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.
Updates available at: http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
An exploit script has been published. |
Microsoft Windows ANI File Parsing Errors
CVE Name:
CAN-2004-1305
|
Low |
VENUSTECH Security Lab, December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005
SecurityFocus, January 12, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005 |
Microsoft
Windows (XP SP2 is not affected) |
An integer overflow vulnerability was reported in the LoadImage API. A remote user can execute arbitrary code. A remote user can create a specially crafted image file that, when processed by the target user, will trigger an overflow in the USER32 library LoadImage API and execute arbitrary code. The code will run with the privileges of the target user.
Updates available at: http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
A Proof of Concept exploit has been published. |
Microsoft Windows LoadImage API Buffer Overflow
CVE Names:
CAN-2004-1049
|
High |
VENUSTECH Security Lab. December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Note, VU#625856, January 11, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005 |
Microsoft
Windows 2000 SP3 & SP4, XP SP1 & SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME |
A cross-domain vulnerability exists in the HTML Help ActiveX control, which could let a remote malicious user execute arbitrary code.
Updates available at: http://www.microsoft.com/technet/security/bulletin/
MS05-001.mspx
Exploits have been published. |
Microsoft Windows HTML Help ActiveX Control
CVE Name:
CAN-2004-1043
|
High |
Microsoft Security Bulletin MS05-001, January 11, 2005
Technical Cyber Security Alert ,TA05-012B, January 12, 2005
US-CERT Vulnerability Note, VU#972415, January 18, 2005 |
Microsoft
Windows 2000/XP Resource Kit
|
Several vulnerabilities exist in the 'w3who.dll' Microsoft ISAPI extension in the Windows 2000/XP Resource Kit: Cross-Site Scripting vulnerabilities exist when displaying HTTP headers and in error messages, which could let a remote malicious user execute arbitrary HTML and script code; and a buffer overflow vulnerability exists when processing input parameters, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
High |
Exaprobe Security Advisory, December 6, 2004
SecurityFocus, January 11, 2005 |
Microsoft
Windows NT Server 4.0 SP 6a, NT Server 4.0 Terminal Server Edition SP 6, Windows 2000 Server SP 3 & SP4, Windows Server 2003, 2003 64-Bit Edition |
A vulnerability exists due to an unchecked buffer in the handling of the 'Name' parameter from certain packets, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://www.microsoft.com/technet/security/
bulletin/MS04-045.mspx
An exploit script has been published. |
|
High |
Microsoft Security Bulletin, SB04-045, December 14, 2004
US-CERT Vulnerability Note, VU#378160, December 16, 2004
Packetstorm, January 2, 2005
SecurityFocus, January 11, 2005 |
Mnet Soft Factor
NodeManager Professional version 2.00 |
A buffer overflow vulnerability exists due to a boundary error when logging SNMPv1 traps, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.h4.dion.ne.jp/~you4707/Node
ManagerPro.html
Currently we are not aware of any exploits for this vulnerability. |
NodeManager SNMPv1 Traps Buffer Overflow
|
High |
Securiteam, January 18, 2005 |
Multiple Vendors
Mozilla Browser 1.7.5, Firefox 1.0,
Netscape Netscape 7.1 |
A vulnerability exists because popup windows can overlay modal dialogs, which could lead to a false sense of security.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing
|
Medium |
Securiteam, January 11, 2005 |
Nullsoft
Winamp 5.0 1-5.0 8 |
Vulnerabilities exist in 'in_mp4.dll,' 'enc_mp4.dll,' 'libmp4v2.dll' and a buffer overflow vulnerability exists in 'in_cdda.dll'. The impact was not specified.
Upgrades available at:
http://forums.winamp.com/showthread.php?
s=&threadid=202799
Currently we are not aware of any exploits for these vulnerabilities. |
Nullsoft Winamp Multiple Unspecified Vulnerabilities |
Not Specified |
SecurityTracker Alert, 1012880, January 14, 2005 |
peer2mail.com
peer2mail 1.4 & prior |
A vulnerability exists in the 'p2m.exe' process, which could let a malicious user obtain the password from memory.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Peer2Mail Password Disclosure |
Medium |
SecurityTracker Alert, 1012912, January 16, 2005 |
RhinoSoft
Serv-U 2.5 |
A remote Denial of Service vulnerability exists because multiple connection attempts are not handled properly.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
|
RhinoSoft Serv-U FTP Server Remote Denial of Service
|
|
SecurityFocus, January 10, 2005 |
Veritas Software
Backup Exec 8.0, 8.5, 8.6, 9.0, 9.1 |
A buffer overflow vulnerability exists due to a boundary error in the Agent Browser service when processing received registration requests, which could let a remote malicious user execute arbitrary code.
Hotfix available at:
http://seer.support.veritas.com/docs/273422.htm
Exploit scripts have been published. |
VERITAS Backup Exec Buffer Overflow
CVE Name:
CAN-2004-1172 |
High |
Veritas Software Security Advisory, 273419, December 16, 2004
SecurityFocus, January 11, 2005
US-CERT Vulnerability Note, VU#907729, January 15, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
4D, Inc.
4D WebSTAR 5.3.2 and prior versions |
Multiple vulnerabilities exist including a buffer overflow that could allow a malicious user to escalate privileges or obtain access to protected resources. A remote user can issue a specially crafted FTP command to trigger a stack-based overflow and execute arbitrary code.
The vendor has released a fixed version (5.3.3), available at:
http://www.4d.com/products/downloads_4dws.html
An exploit script has been published. |
4D WebSTAR
Grants Access to Remote Users and Elevated Privileges to Local Users |
High |
SecurityTracker Alert, 1010696, July 13, 2004
SecurityFocus, January 11, 2005 |
Adobe
Adobe Acrobat Reader 5.0.9 for Unix |
A buffer overflow vulnerability exists in in Adobe Acrobat Reader for Unix. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted PDF file that, when processed by the target user, will trigger a buffer overflow in the mailListIsPdf() function and execute arbitrary code. The code will run with the privileges of the target user.
The vendor has issued a fixed version (5.0.10): http://www.adobe.com/support/techdocs/331153.html
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200412-12.xml
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-674.html
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Adobe Acrobat Reader mailListIsPdf() Buffer Overflow
CVE Name:
CAN-2004-1152
|
High |
iDEFENSE Security Advisory 12.14.04
Gentoo Security Advisory, GLSA 200412-12 / acroread, December 16, 2004
Red Hat: RHSA-2004:674-07, December 23, 2004
SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 |
A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections.
Apache:
http://nagoya.apache.org/bugzilla/
show
bug.cgi?id=29964
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-349.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/i386/update/
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Trustix:
http://http.trustix.org/pub/trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP:
http://software.hp.com
Apple:
http://www.apple.com/swupdates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub
/TurboLinux/TurboLinux/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
SecurityFocus, September 6, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004
Gentoo Linux Security Advisory, GLSA 200409-21, September 16, 2004
Trustix Secure Linux Security Advisory,TSLSA-2004-0047, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
HP Security Bulletin,
HPSBUX01090, October 26, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004
TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 |
Apache Software Foundation
Apache 2.0.50 |
A remote Denial of Service vulnerability exists in 'char_buffer_read()' when using a RewriteRule to reverse proxy SSL connections.
Patch available at:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?
r1=1.125&r2=1.126
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-463.html
Gentoo:
http://security.gentoo.org/glsa/
glsa-200409-21.xml
Trustix:
http://www.trustix.org/errata/2004/0047/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
HP:
http://h30097.www3.hp.com/internet/
download.htm
Apple:
http://www.apple.com/swupdates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
There is no exploit code required; however, Proofs of Concept exploits have been published. |
|
Low |
SecurityTracker Alert ID, 1011213, September 10, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004
RedHat Security Advisory, RHSA-2004:463-09, September 15, 2004
Gentoo Linux Security Advisory GLSA 200409-21, September 16, 2004
Trustix Secure Linux Security Advisory , TSLSA-2004-0047, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
HP Security Bulletin,
HPSBUX01090 & HPSBGN01091, October 26 & 29, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004
TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 |
Apache Software Foundation
Gentoo
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Tinysofa
Trustix
Apache 1.3-2.0.49 |
A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a Denial of Service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
Patch available at:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=
1.105&r2=1.106
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
OpenPKG:
ftp://ftp.openpkg.org
Tinysofa:
http://www.tinysofa.org/support/errata/2004/008.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200406-05.xml
OpenBSD:
http://www.openbsd.org/errata.html
SGI:
ftp://patches.sgi.com/support/free/security/
patches/ProPack/2.4/
Apple:
http://www.apple.com/support/security/
security_updates.html
Fedora Legacy:
http://download.fedoralegacy.org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Currently we are not aware of any exploits for this vulnerability. |
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow
CVE Name:
CAN-2004-0488
|
Low/High
(High if arbitrary code can be executed)
|
Security Focus, May 17, 2004
Gentoo Linux Security Advisory, GLSA 200406-05, June 9, 2004
Mandrakelinux Security Update Advisories, MDKSA-2004:054 & 055, June 1. 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.026, May 27, 2004
RedHat Security Advisory, RHSA-2004:342-10, July 6, 2004
SGI Security Advisory, 20040605-01-U, June 21, 2004
Tinysofa Security Advisory, TSSA-2004-008, June 2, 2004
Trustix Security Advisory, TSLSA-2004-0031, June 2, 2004
Fedora Legacy Update Advisory, FLSA:1888, October 14, 2004
TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 |
ARJ Software Inc.
UNARJ 2.62-2.65
|
A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings prior to processing, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-29.xml
SUSE:
http://www.suse.de/de/security/2004_03_sr.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-007.html
Currently we are not aware of any exploits for this vulnerability. |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SecurityTracker Alert I,: 1012194, November 11, 2004
Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004
SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004
Fedora Update Notification
FEDORA-2004-414, December 11, 2004
RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005 |
Carsten Haitzler
imlib 1.x |
Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library.
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-03.xml
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-651.html
SUSE:
http://www.suse.com/en/private/download/updates
Debian:
http://www.debian.org/security/2004/dsa-618
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Currently we are not aware of any exploits for these vulnerabilities. |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026
CAN-2004-1025 |
High |
Secunia Advisory ID,
SA13381, December 7, 2004
Red Hat Advisory, RHSA-2004:651-03, December 10, 2004
SecurityFocus, December 14, 2004
Debian DSA-618-1 imlib, December 24, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:007, January 12, 2005 |
David Mischler
IPRoute 20010824, 0.973, 0.974, 1.10, 1.18, 2.2.4, 2.4.7, |
A vulnerability exists in the 'netbug' script because temporary files are created in an insecure manner, which could let a malicious user delete arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit required |
David Mischler Linux IPRoute2 'Netbug' Script Insecure Temporary File |
Medium |
Secunia Advisory,
SA13758, January 10, 2005 |
Debian
lintian 1.2 0.17.1 |
A vulnerability exists because temporary files are created in an insecure manner, which could let a malicious user delete arbitrary files.
Upgrade available at:
http://security.debian.org/pool/updates/
main/l/lintian/lintian_1.20.17.1_all.deb
There is no exploit required. |
|
Medium |
Debian Security Advisory DSA, 630-1, January 10, 2004 |
| Ethereal
Ethereal 0.x |
Multiple Denial of Service and buffer overflow vulnerabilities exist due to errors in the iSNS, SNMP, and SMB dissectors which may allow an attacker to run arbitrary code or crash the program.
Updates available at:
http://www.ethereal.com/download.html
or disable the affected protocol dissectors.
Fedora:
http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/1/
Debian:
http://lists.debian.org/debian-security-
announce/debian- security-announce
-2004/msg00129.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/
An exploit script has been published. |
|
Low/High
(High if arbitrary code can be executed)
|
Gentoo Linux Security Advisory, GLSA 200407-08 / Ethereal, July 9, 2004
Secunia Advisory, 12034 & 12035, July 12, 2004
Ethereal Advisory, enpa-sa-00015, July 6, 2004
US-CERT Vulnerability Notes VU#518782, VU#829422, VU#835846, September 7, 2004
Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005 |
FreeRADIUS Server Project
mod_auth_radius 1.3.9, 1.5, 1.5.2, 1.5.4 |
A vulnerability exists in the 'radcpy()' function in the 'mod_auth_radius' module for Apache when handling server-supplied integer values, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
FreeRADIUS Server Project Apache 'mod_auth_radius' Integer Overflow |
Low/High
(High if arbitrary code can be executed)
|
LSS Security Advisory, LSS-2005-01-02, January 10, 2005 |
Gallery Project
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux |
A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/project/showfiles.
php?group_id=7130
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-10.xml
Debian:
http://security.debian.org/pool/updates
/main/g/gallery/
There is no exploit code required. |
Gallery Cross-Site Scripting |
High |
Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004
Debian Security Advisory, DSA 642-1, January 17, 2005 |
GNU Midnight Commander Project
Midnight Commander 4.x |
Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/main/m/mc/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium/ High
(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012903, January 14, 2005 |
GNU
unrtf 0.19.3 |
A vulnerability was reported in unrtf. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted RTF file that, when processed by the target user with unrtf, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the process_font_table() function in 'convert.c.'.
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200501-15.xml
A Proof of Concept exploit script has been published. |
GNU unrtf process_font_table() Buffer Overflow |
High |
SecurityTracker Alert ID, 1012595, December 16, 2004
Gentoo Linux Security Advisory, GLSA 200501-15, January 10, 2005 |
ilohamail.org
lohaMail 0.8.6-0.8.13, 0.8.14 RC1&RC2 |
A vulnerability exists in the default installation due to a failure to securely install sensitive files, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit required. |
lohaMail Insecure Default Installation Information Disclosure |
Medium |
Secunia Advisory,
SA13807, January 13, 2005 |
ImageMagick
ImageMagick 6.x |
A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.imagemagick.org/www/download.html
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick Photoshop Document Buffer Overflow |
High |
iDEFENSE Security Advisory, January 17, 2005 |
Jan Kybic
BMV 1.2 |
A vulnerability exists in 'gsinterf.c' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/pool/updates/main/b/bmv/bmv
_1.2-14.2_i386.deb
There is no exploit required.
|
|
Medium |
Debian Security Advisory, DSA 633-1, January 11, 2005 |
KDE
KDE 3.x, 2.x |
A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.
The vulnerability has been fixed in the CVS repository.
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160
Debian:
http://security.debian.org/pool/updates/main/k/kdelibs/
Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml
Currently we are not aware of any exploits for this vulnerability. |
KDE kio_ftp FTP Command Injection Vulnerability
CVE Name:
CAN-2004-1165
|
Medium |
KDE Advisory Bug 95825, December 26, 2004
Debian Security Advisory, DSA 631-1, January 10, 2005
Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005 |
KDE
Konqueror prior to 3.32 |
Two vulnerabilities exist in KDE Konqueror, which can be exploited by malicious people to compromise a user's system.The vulnerabilities are caused due to some errors in the restriction of certain Java classes accessible via applets and Javascript. This can be exploited by a malicious applet to bypass the sandbox restriction and read or write arbitrary files.
Update to version 3.3.2:
http://kde.org/download/
Apply patch for 3.2.3:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.2.3-kdelibs-khtml-java.tar.bz2
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:154
Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-16.xml
Currently we are not aware of any exploits for these vulnerabilities. |
KDE Konqueror
Java Sandbox Vulnerabilities
CVE Name:
CAN-2004-1145
|
High |
KDE Security Advisory, December 20, 2004
Mandrakesoft MDKSA-2004:154, December 22, 2004
US-CERT Vulnerability Note, VU#420222, January 5, 2005
Gentoo Linux Security Advisory, GLSA 200501-16, January 11, 2005 |
Larry Wall
Perl 5.8.3 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-04.xml
Debian:
http://security.debian.org/pool/updates/main/p/perl/
OpenPKG:
ftp://ftp.openpkg.org/release/2.1/UPD/
perl-5.8.4-2.1.1.src.rpm
There is no exploit code required. |
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice, USN-16-1, November 3, 2004
Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004
Debian Security Advisory, DSA 620-1, December 30, 2004
OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005 |
MIT
Kerberos 5 krb5-1.3.5 and prior |
A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code.
A patch is available at:
http://web.mit.edu/kerberos/advisories/
2004-004-patch_1.3.5.txt
Gentoo:
http://www.gentoo.org/security/en/glsa/glsa-
200501-05.xml
Debian:
http://security.debian.org/pool/updates/main/
k/krb5/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/k/krb5/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1012640, December 20, 2004
Gentoo GLSA 200501-05, January 5, 2005
Ubuntu Security Notice, USN-58-1, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005
|
mpg123
mpg123 0.59 m-0.59 s |
A buffer overflow vulnerability exists when parsing frame headers for layer-2 streams, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-14.xml
Currently we are not aware of any exploits for this vulnerability. |
MPG123 Layer 2 Frame Header Buffer Overflow
CVE Name:
CAN-2004-0991
|
High |
Gentoo Linux Security Advisory, GLSA 200501-14, January 11, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3
|
A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
A Proof of Concept exploit script has been published. |
Linux Kernel Local RLIMIT_MEMLOCK
Bypass Denial
of Service |
Low |
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4;
RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
A remote Denial of Service vulnerability exists in the Apache mod_dav module when an authorized malicious user submits a specific sequence of LOCK requests.
Update available at:
http://httpd.apache.org/
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200409-21.xml
RedHat:
ftp://updates.redhat.com/enterprise
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Debian:
http://security.debian.org/pool/updates/main/liba/
HP:
http://software.hp.com
IBM:
http://www-1.ibm.com/support/docview.
wss?uid=swg21190212
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/T
urboLinux/TurboLinux/
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
|
SecurityTracker Alert ID, 1011248, September 14, 2004
Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004
Fedora Update Notification,
FEDORA-2004-313, September 23, 2004
Debian Security Advisory DSA 558-1 , October 6, 2004
HP Security Bulletin,
HPSBUX01090, October 26, 2004
1190212
IBM Group Advisory, 1190212, November 18, 2004
TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 |
Multiple Vendors
Exim 4.43 & prior |
Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process.
The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software
/email/exim/
Testing/exim-snapshot.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/
email/exim/Testing/exim-snapshot.tar.gz.sig
Also, patches for 4.43 are available at:
http://www.exim.org/mail-archives/
exim-announce/2005/msg00000.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/exim4/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-23.xml
Debian:
http://security.debian.org/pool/
updates/main/e/exim/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
SecurityTracker Alert ID: 1012771, January 5, 2005
Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005
Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, 2005 |
Multiple Vendors
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
m/mailman/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker, January 12, 2005 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability was reported in the Linux kernel in the auxiliary message (scm) layer. A local malicious user can cause Denial of Service conditions. A local user can send a specially crafted auxiliary message to a socket to trigger a deadlock condition in the __scm_send() function.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-689.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel Auxiliary Message Layer State Error
CVE Name:
CAN-2004-1016 |
Low |
iSEC Security Research Advisory 0019, December 14, 2004
SecurityFocus, December 25, 2004
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0 |
Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel IGMP Integer Underflow
CVE Name:
CAN-2004-1137 |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
iSEC Security Research Advisory 0018, December 14, 2004
SecurityFocus, December 25, 2005
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Multiple Vendors
Linux Kernel 2.4.x; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0, Network Routing |
Two vulnerabilities exist in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) A boundary error exists in the system call handling in the 32bit system call emulation on AMD64 / Intel EM64T systems. 2) An unspecified error within the memory management handling of ELF executables in "load_elf_binary" can be exploited to crash the system via a specially crafted ELF binary (this issue only affects Kernel versions prior to 2.4.26).
Issue 2 has been fixed in Kernel version 2.4.26 and later.
Red Hat: h
ttp://rhn.redhat.com/errata/RHSA-2004-689.html
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Secunia, SA SA13627, December 24, 2004
Red Hat RHSA-2004-689, December 23, 2004
Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Multiple Vendors
Linux Security Modules (LSM); Ubuntu Linux 4.1 ppc, ia64, ia32 |
A security issue in Linux Security Modules (LSM) may grant normal user processes escalated privileges. When loading the Capability LSM module as a loadable kernel module, all existing processes gain unintended capabilities granting them root privileges.
Only use the Capability LSM module when compiled into the kernel and grant only trusted users access to affected systems.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendors Linux Security Modules
Escalation Vulnerability
CVE Name:
CAN-2004-1337
|
High |
Secunia SA13650, December 27, 2004
Ubuntu Security Notice, USN-57-1, January 9, 2005 |
Multiple Vendors
nfs-utils 1.0.6 |
A vulnerability exists due to an error in the NFS statd server in 'statd.c' where the 'SIGPIPE' signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely.
Upgrade to 1.0.7-pre1:
http://sourceforge.net/project/
showfiles.php?group_id=14&package_id=174
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:146
Debian:
http://www.debian.org/security/2004/dsa-606
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-583.html
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors nfs-utils 'SIGPIPE' TCP Connection Termination Denial of Service
CVE Name:
CAN-2004-0946
CAN-2004-1014
|
Low |
Secunia Advisory ID, SA13384, December 7, 2004
Debian Security Advisory
DSA-606-1 nfs-utils, December 8, 2004
Red Hat Security Advisory, RHSA-2004:583-09, December 20, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:005, January 12, 2005 |
Multiple Vendors
Perl |
A race condition vulnerability was reported in the 'File::Path::rmtree()' function. A remote user may be able to obtain potentially sensitive information. A remote user may be able to obtain potentially sensitive information or modify files.
The vendor has released Perl version 5.8.4-5 to address this vulnerability. Customers are advised to contact the vendor for information regarding update availability.
Debian:
http://security.debian.org/pool/updates/main/p/perl/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/
OpenPKG:
ftp://ftp.openpkg.org/release/2.1/UPD/
perl-5.8.4-2.1.1.src.rpm
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Perl File::Path::rmtree() Permission
Modification
Vulnerability
CVE Name:
CAN-2004-0452 |
Medium |
Ubuntu Security Notice, USN-44-1, December 21, 2004
Debian Security Advisory, DSA 620-1, December 30, 2004
OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005 |
Multiple Vendors
telnetd-ssl |
A format string vulnerability exists that could allow a remote user to cause arbitrary code to be executed on the target system. The flaw resides in 'telnetd/telnetd.c' in the processing of SSL error messages.
Debian:
http://www.debian.org/security/2004/dsa-616
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors telnetd-ssl SSL_accept error Format String Flaw
CVE Name:
CAN-2004-0998
|
High |
SecurityTracker Alert ID: 1012666, December 23, 2004
US-Cert Vulnerability Note, VU#995038, January 14, 2005 |
Multiple Vendors
Unix Linux kernel 2.4, 2.4 .0-test1
test12, 2.4.1 2.4.25, 2.6, test1 test11, 2.6.1 -rc1&rc2, 2.6.2 2.6.4; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0 |
A vulnerability exists in the Linux kernel when writing to an ext3 file system due to a design error that causes some kernel information to be leaked, which could let a malicious user obtain sensitive information.
Upgrade available at:
http://www.kernel.org/pub/linux
/kernel/v2.4/linux-2.4.26.tar.bz2
Conectiva:
ftp://ul.conectiva.com.br/updates/1.0/
Debian:
http://security.debian.org/pool/updates/main/k/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat (updated kernel package):
http://rhn.redhat.com/errata/
RHSA-2004-504.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Engarde:
http://infocenter.guardiandigital.com/advisories/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
We are not aware of any exploits for this vulnerability. |
Multiple Vendors Linux Kernel EXT3 File System Information Leakage
CVE Name:
CAN-2004-0177
|
Medium |
Mandrakelinux Security Update Advisory, MDKSA-2004:029, April 14, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0020, April 15, 2004
Debian Security Advisories, DSA 489-1 & 491-1, April 17, 2004
Conectiva Security Advisory, CLSA-2004:829, April 15, 2004
Red Hat Security Advisories, RHSA-2004:166-01 & 166-08, April 21, 2004
Guardian Digital Security Advisory, ESA-20040428-004, April 28, 2004
Red Hat Security Advisories, RHSA-2004:505-14 & 505-13, December 13, 2004
Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Gentoo Linux;
LibTIFF LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1;
RedHat Fedora Core2& Core 3;
Ubuntu Ubuntu Linux 4.1 ppc, ia64, ia32 |
A vulnerability exists in the tiffdump utility, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/main/t/tiff/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-06.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-
019.html
Currently we are not aware of any exploits for this vulnerability. |
LibTIFF TIFFDUMP Heap Corruption
Integer Overflow
CVE Name:
CAN-2004-1183
|
High |
SecurityTracker Alert ID, 1012785, January 6, 2005
RedHat Security Advisory, RHSA-2005:019-11, January 13, 2005 |
Multiple Vendors
Hylafax.org Hylafax 4.0 pl0-pl2, 4.0.2, 4.1, beta1-beta3, 4.1.1-4.1.3, 4.1.5-4.1.8; 4.2;
MandrakeSoft Linux Mandrake 10.0, AMD64, 10.1 X86_64, 10.1 |
A vulnerability exists because the username is incorrectly compared with an entry in the 'hosts.hfaxd' database, which could let a remote malicious user obtain unauthorized access.
Patches available at:
ftp://ftp.hylafax.org/source/hylafax-4.2.1.tar.gz
Debian:
http://security.debian.org/pool/updates/main/h/hylafax/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
There is no exploit required.
|
|
Medium |
SecurityTracker Alert, 101284, January 12, 2005 |
Multiple Vendors
Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10 |
A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.
Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/l/
Exploit scripts have been published. |
Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges
CVE Name:
CAN-2005-0001
|
High |
SecurityTracker Alert, 1012862, January 12, 2005 |
Multiple Vendors
Linux kernel 2.2-2.2.25, 2.3, 2.3.99, pre1-pre7, 2.4 .0, test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.5 .0-2.5.65 |
Multiple buffer overflow vulnerabilities exist in the 'drivers/char/moxa.c' file due to insufficient bounds checks prior to copying user-supplied data to fixed-size memory buffers, which could let a malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for these vulnerabilities. |
Linux Kernel Multiple Local MOXA Serial Driver
Buffer Overflows |
High |
Bugtraq, January 7, 2005
Ubuntu Security Notice, USN-60-0, January 14, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability exists in the 'AF_UNIX' address family due to a serialization error, which could let a malicious user obtain elevated privileges or possibly execute arbitrary code.
Upgrades available at:
http://kernel.org/pub/linux/kernel/
v2.4/linux-2.4.28.tar.bz2
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-504.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-54
9RHSA-2004-505RHSA-2004-689.pdf
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendors Linux Kernel AF_UNIX Arbitrary Kernel
Memory Modification
CVE Name:
CAN-2004-1068
|
Medium/ High
(High if arbitrary code can be executed)
|
Bugtraq, November 19, 2004
SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004
SecurityFocus, December 14, 2004
Fedora Update Notifications, FEDORA-2004-581 & 582, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Multiple Vendors
Linux kernel 2.4, 2.4 .0 test1-test 12, 2.4-2.4.28, 2.4.29 -rc2, 2.6 .10, 2.6, test1-test11, 2.6.1-2.6.10, 2.6.10 rc; RedHat Fedora Core2&3 |
An integer overflow vulnerability exists in the 'random.c' kernel driver due to insufficient sanitization of the 'poolsize_strategy' function, which could let a malicious user cause a Denial of Service or execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
A Proof of Concept exploit script has been published.
|
Linux Kernel Random Poolsize SysCTL Handler Integer
Overflow |
Low/High
(High if arbitrary code can be executed)
|
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005 |
Multiple Vendors
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2 |
A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are properly processed, which could let a remote malicious user execute arbitrary code with root privileges.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Trustix:
http://http.trustix.org/pub/trustix/updates/
A Proof of Concept exploit script has been published. |
|
High |
iSEC Security Research Advisory, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 |
Multiple Vendors
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2 |
A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at:
http://linux.bkbits.net:8080/linux-2.6/cset@
41a6721cce-LoPqkzKXudYby_3TUmg
Trustix: f
tp://ftp.trustix.org/pub/trustix/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if root access can be obtained)
|
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 |
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0
|
Multiple vulnerabilities exist due to various errors in the 'load_elf_binary' function of the 'binfmt_elf.c' file, which could let a malicious user obtain elevated privileges and potentially execute arbitrary code.
Patch available at:
http://linux.bkbits.net:8080/
linux-2.6/gnupatch@41925edcVccs
XZXObG444GFvEJ94GQ
Trustix:
http://http.trustix.org/pub/trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
http://www.SUSE.de/de/security/2004_42_
kernel.html
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-549.html
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-504.html
http://rhn.redhat.com/errata/RHSA-2004-505.html
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Proofs of Concept exploit scripts have been published. |
Multiple Vendors Linux Kernel BINFMT_ELF
Loader Multiple Vulnerabilities
CVE Names:
CAN-2004-1070
CAN-2004-1071
CAN-2004-1072
CAN-2004-1073 |
Medium/ High
(High if arbitrary code can be executed)
|
Bugtraq, November 11, 2004
Fedora Update Notifications,
FEDORA-2004-450 & 451, November 23, 2004
SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004
Red Hat Advisory: RHSA-2004:549-10, December 2, 2004
RedHat Security Advisories, RHSA-2004:504-13 & 505-14, December 13, 2004
Avaya Security Advisory, ASA-2005-006, January 14, 2006
|
Multiple Vendors
Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3 |
An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel
SCSI IOCTL Integer
Overflow |
High |
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005 |
Multiple Vendors
Linux kernel 2.6.x, 2.4.x , SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Turbolinux Turbolinux Server 10.0 |
Two vulnerabilities exist: a Denial of Service vulnerability exists via a specially crafted 'a.out' binary; and a vulnerability exists due to a race condition in the memory management, which could let a malicious user obtain sensitive information.
SUSE:
http://www.SUSE.de/de/security/2004_42_
kernel.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
TurboLinux/ia32/Server/10/updates/RPMS/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors Linux Kernel Local DoS &
Memory Content
Disclosure
CVE Name:
CAN-2004-1074 |
Low/ Medium
(Medium if sensitive information can be obtained)
|
Secunia Advisory,
SA13308, November 25, 2004
SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004
SecurityFocus, December 16, 2004
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 |
Multiple Vendors
Linux Kernel USB Driver prior to 2.4.27; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability exists in certain USB drivers because uninitialized structures are used and then 'copy_to_user(...)' kernel calls are made from these structures, which could let a malicious user obtain obtain uninitialized kernel memory contents.
Update available at:
http://kernel.org/
Gentoo:
http://www.gentoo.org/security/en/glsa/glsa-
200408-24.xml</ | |
| |
