 |
Summary of Security Items from January 19 through January 25, 2005
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Apple
QuickTime |
A remote Denial of Service vulnerability exists in the 'quicktime.qts' component when a specially crafted 'qtif' image file is created that contains an incomplete header.
No workaround or patch available at time of publishing.
An exploit has been published. |
Apple 'quicktime.qts' Error in Parsing 'qtif' Images Remote Denial of Service |
Low |
SecurityTracker Alert, 1012991, January 25, 2005 |
Comersus Open Technologies
Comersus Cart 6.0, 6.01
|
Multiple vulnerabilities exist: a vulnerability exists due to the incorrect removal of some installation files, which could let a remote malicious user obtain administrator access; a vulnerability exists in '/comersus/store/default.asp' due to insufficient sanitization of input passed to the 'Referer' header, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability exists in the 'comersus_supportError.asp' and 'comersus_backofficelite_supportError.asp' scripts due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at: http://www.comersus.com/download.html
A Proof of Concept exploit has been published. |
Comersus Cart Multiple Vulnerabilities |
High |
SecurityTracker Alert, 1012989, January 25, 2005 |
DivX Player
DivX Player 2.6 |
A Directory Traversal vulnerability exists when DPS '.dps', archive files are processed, which could let a remote malicious user obtain sensitive information and possibly execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
DivX Player Skin File Directory Traversal |
Medium/ High
(High if arbitrary code can b executed)
|
Securiteam, January 23, 2005 |
Funduc Software
Search and Replace 5.0 & prior
|
A buffer overflow vulnerability exists when a zip folder is created that contains a specially crafted filename, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Funduc Search and Replace Buffer Overflow |
High |
SecurityTracker Alert, 1012990, January 25, 2005 |
Halocon
Halocon 2.0.0.81 |
A remote Denial of Service vulnerability exists when a malicious user submits an empty UDP packet.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Halocon Remote Denial of Service |
Low |
Securiteam, January 17, 2005 |
INCA
nProtect Gameguard |
A vulnerability exists in the kernel driver functionality because the I/O permission mask can be modified, which could let an unauthorized malicious user obtain read/write access.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
|
INCA nProtect Gameguard Unauthorized Read/Write Access |
|
Bugtraq, January 17, 2005 |
KMiNT21 Software
Golden FTP Server Pro 2.05b & prior |
A buffer overflow vulnerability exists when a specially crafted RNTO command is submitted, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.goldenftpserver.com/download.htm
An exploit script has been published. |
Golden FTP Server RNTO Command Buffer Overflow |
High |
Secunia Advisory,
SA13966, January 24, 2005 |
Microsoft
Internet Explorer 5.0, 5.0.1, SP1-SP4, 5.5, preview, SP1&SP2, 6.0 SP1&SP2 |
A vulnerability exists due to a failure to secure scripts residing on a local computer, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit required. |
Microsoft Internet Explorer Remote Information Disclosure |
Medium |
SecurityFocus, January 18, 2005 |
Microsoft
Windows XP SP1 & prior service packs, 2003 |
A buffer overflow vulnerability exists in the Indexing Service due to the way query validation is handled, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Updates available at:
http://www.microsoft.com/technet/
security/bulletin/ms05-003.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Indexing Service Buffer Overflow
CVE Name:
CAN-2004-0897
|
Low/High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin MS05-003, January 11, 2005
US-CERT Vulnerability Note, VU#657118, January 20, 2005 |
Microsoft
Windows (XP SP2 is not affected) |
A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.
Updates available at: http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
A Proof of Concept exploit script has been published. |
Microsoft Windows ANI File Parsing Errors
CVE Name:
CAN-2004-1305
|
Low |
VENUSTECH Security Lab, December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005
SecurityFocus, January 12, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005
Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005
PacketStorm, January 25, 2005 |
Mnet Soft Factor
NodeManager Professional version 2.00 |
A buffer overflow vulnerability exists due to a boundary error when logging SNMPv1 traps, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.h4.dion.ne.jp/~you4707/Node
ManagerPro.html
An exploit script has been published. |
NodeManager SNMPv1 Traps Buffer Overflow
|
High |
Securiteam, January 18, 2005
PacketStorm, January 19, 2005 |
Opera Software
Opera 5.x
Opera 6.x
Opera 7.x |
A vulnerability exists due to an error in the processing of 'data:' URIs, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Opera 'data:' URI Handler Spoofing |
High |
US-CERT Vulnerability Note, VU#882926, January 21, 2005 |
peer2mail.com
peer2mail 1.4 & prior |
A vulnerability exists in the 'p2m.exe' process, which could let a malicious user obtain the password from memory.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Peer2Mail Password Disclosure |
Medium |
SecurityTracker Alert, 1012912, January 16, 2005
PacketStorm, January 19, 2005 |
VLAIBB
sig2dat |
Multiple vulnerabilities exist: an integer overflow vulnerability exists when a remote malicious user creates a specially crafted 'sig2dat' URL, which could lead to the execution of arbitrary code; and a remote Denial of Service vulnerability exists when a malicious user creates a specially crafted 'file:' parameter.
No workaround or patch available at time of publishing.
There is no exploit required; however, Proofs of Concept exploits have been published. |
VLAIBB 'sig2dat' Integer Overflow & Remote Denial of Service |
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012920, January 19, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Adobe
Adobe Acrobat Reader 5.0.9 for Unix |
A buffer overflow vulnerability exists in in Adobe Acrobat Reader for Unix. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted PDF file that, when processed by the target user, will trigger a buffer overflow in the mailListIsPdf() function and execute arbitrary code. The code will run with the privileges of the target user.
The vendor has issued a fixed version (5.0.10): http://www.adobe.com/support/techdocs/331153.html
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200412-12.xml
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-674.html
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Adobe Acrobat Reader mailListIsPdf() Buffer Overflow
CVE Name:
CAN-2004-1152
|
High |
iDEFENSE Security Advisory 12.14.04
Gentoo Security Advisory, GLSA 200412-12 / acroread, December 16, 2004
Red Hat: RHSA-2004:674-07, December 23, 2004
SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005
US-Cert Vulnerability Note, VU#253024, January 24, 2005 |
ALSA
alsa-lib 1.0.6 |
A vulnerability exists in the Advanced Linux Sound Architecture (ALSA) library due to a weakness that disables stack protection schemes, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Currently we are not aware of any exploits for this vulnerability. |
ALSA Stack Protection Weakness
|
High |
Fedora Update Notification,
FEDORA-2005-042, January 20, 2005 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31-1.3.33 |
A vulnerability exists due to the creation of insecure temporary files, which could let a malicious user corrupt, write, or create arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/a/apache/
There is no exploit required. |
Apache Insecure Temporary File Creation |
Medium |
SecurityFocus, January 19, 2005 |
Apache Software Foundation
Apache 2.0.35-2.0.52 |
A vulnerability exists when the 'SSLCipherSuite' directive is used in a directory or location context to require a restricted set of cipher suites, which could let a remote malicious user bypass security policies and obtain sensitive information.
OpenPKG:
ftp://ftp.openpkg.org/release/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-21.xml
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesoft.com/security/advisories
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-562.html
SuSE: In the process of releasing packages.
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-600.html
Avaya:
http://support.avaya.com/elmodocs2/security/
ASA-2005-010_RHSA-2004-600.pdf
VMware:
http://www.vmware.com/download/esx/
There is no exploit code required.
|
Apache mod_ssl SSLCipherSuite Access Validation
CVE Name:
CAN-2004-0885
|
Medium |
OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004
Gentoo Linux Security Advisory, GLSA 200410-21, October 22, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:122, November 2, 2004
Conectiva Linux Security Announcement, CLA-2004:885, November 4, 2004
Fedora Update Notification,
FEDORA-2004-420, November 12, 2004
RedHat Security Advisory, RHSA-2004:562-11, November 12, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
RedHat Security Advisory, RHSA-2004:600-12, December 13, 2004
Avaya Security Advisory, ASA-2005-010, January 14, 2005
WMware Advisory, January 14, 2005 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31 |
A buffer overflow vulnerability exists in the 'get_tag()' function, which could let a malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-03.xml
Slackware:
ftp://ftp.slackware.com/pub/slackware/s
Trustix:
http://http.trustix.org/pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-600.html
Avaya:
http://support.avaya.com/elmodocs2/security/
ASA-2005-010_RHSA-2004-600.pdf
Exploit scripts have been published. |
|
High |
SecurityFocus, October 20, 2004
Slackware Security Advisory, SA:2004-305-01, November 1, 2004
Gentoo Linux Security Advisory, GLSA 200411-03, November 2, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:134, November 17,2004
Turbolinux Security Announcement, November 18, 2004
Red Hat Advisory: RHSA-2004:600-12, December 13, 2004
Avaya Security Advisory, ASA-2005-010, January 14, 2005 |
Apple
Mac OS X 10.3-10.3.6, Mac OS X Server 10.3-10.3.6, |
A vulnerability exists in the 'at' utility due to improper access controls on job schedule files, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit required; however, a Proof of Concept exploit has been published. |
Apple Mac OS X 'at' Utility Information Disclosure |
Medium |
Immunity Advisory, January 17, 2005 |
Apple
Mac OS X 10.3-10.3.6, Mac OS X Server 10.3-10.3.6,
Darwin Kernel 7.1 |
A buffer overflow vulnerability exists in the 'searchfs()' system call due to an error when calculating size arguments from user-controlled integer values, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Apple Mac OS X Kernel searchfs() Buffer Overflow |
High |
Immunity Advisory, January 17, 2005 |
Apple
MacOSX 10.3.7 & prior |
A Denial of Service vulnerability exists in 'bsd/kern/mach_loader.c' due to insufficient validation of the 'parse_machfile()' function.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Apple Mac OS X 'parse_machfile()' Denial of Service |
Low |
SecurityTracker Alert , 1012941, January 19, 2005 |
Apple
Mac OS X 10.3.7 with iSync |
A buffer overflow vulnerability exists in 'mRouter' when specially crafted options to the '-v' and '-a' command line switches are submitted, which could let a malicious user obtain root privileges.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Apple iSync mRouter Buffer Overflow |
High |
Securiteam, January 23, 2005 |
ARJ Software Inc.
UNARJ 2.62-2.65
|
A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-29.xml
SUSE:
http://www.suse.de/de/security/
2004_03_sr.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-007.html
Debian:
http://security.debian.org/pool/updates/
non-free/u/unarj/
Currently we are not aware of any exploits for this vulnerability. |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SecurityTracker Alert I,: 1012194, November 11, 2004
Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004
SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004
Fedora Update Notification
FEDORA-2004-414, December 11, 2004
RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005
Debian Security Advisory, DSA 652-1, January 21, 2005 |
Carsten Haitzler
imlib 1.x |
Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-03.xml
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-651.html
SUSE:
http://www.suse.com/en/private/
download/updates
Debian:
http://www.debian.org/security/2004/dsa-618
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/imlib2/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
TurboLinux:
http://www.turbolinux.com/update/
Currently we are not aware of any exploits for these vulnerabilities. |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026
CAN-2004-1025 |
High |
Secunia Advisory ID,
SA13381, December 7, 2004
Red Hat Advisory, RHSA-2004:651-03, December 10, 2004
SecurityFocus, December 14, 2004
Debian DSA-618-1 imlib, December 24, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:007, January 12, 2005
Turbolinux Security Announcement, January 20, 2005 |
Darwin
Darwin Kernel 7.1 |
A Denial of Service exists in 'mach-o loader' due to a failure to properly handle integer signedness.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Darwin Kernel Denial of Service |
Low |
Bugtraq, January 19, 2005 |
Ethereal Group
Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8 |
Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.
Ethereal:
http://www.ethereal.com/download.html
Debian:
http://security.debian.org/pool/
updates/main/e/ethereal/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-27.xml
Currently we are not aware of any exploits for these vulnerabilities.
|
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012962, January 21, 2005 |
fkey
fkey .1, .2 |
A vulnerability exists due to improper usage of local files by fkey, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been pulsed. |
Fkey Remote Arbitrary File Disclosure |
Medium |
Securiteam, January 23, 2005 |
gatos
gatos .5 |
A buffer overflow vulnerability exists in 'xutils.c' due to a boundary error in the 'exported_display()' function, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/g/gatos/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory, :
SA13884, January 17, 2005 |
GD Graphics Library
gdlib 2.0.23, 2.0.26-2.0.28; Avaya Converged Communications Server 2.0, Intuity LX
Avaya MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing
Avaya S8300 R2.0.1,R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
OpenPKG:
ftp://ftp.openpkg.org/release/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libg/libgd2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-08.xml
Debian:
http://security.debian.org/pool/updates/main/libg
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Trustix:
http://http.trustix.org/pub/trustix/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool
/updates/main/libg/libgd/
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-638.html
Avaya:
http://support.avaya.com/elmodocs2/security/
ASA-2005-017_RHSA-2004-638.pdf
An exploit script has been published. |
|
High |
Secunia Advisory,
SA12996, October 28, 2004
Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004
Ubuntu Security Notice, USN-21-1, November 9, 2004
Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004
Fedora Update Notifications,
FEDORA-2004-411 & 412, November 11, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Ubuntu Security Notice, USN-25-1, November 16, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004
Red Hat Advisory, RHSA-2004:638-09, December 17, 2004
Avaya Security Advisory, ASA-2005-017, January 18, 2005 |
GForge
GForge 3.1-3.3, 3.21 |
A Directory Traversal vulnerability exists due to insufficient sanitization of the 'dir' parameter in 'controller.php' and the 'dire_name' parameter in 'controlleroo.php,' which could let a remote malicious user obtain sensitive information.
Update available at:
http://gforge.org/frs/?group_id=1
There is no exploit required. |
GForge Directory Traversal |
Medium |
STG Security Advisory, SSA-20050120-24, January 20, 2005 |
Glyph and Cog
XPDF prior to 3.00pl3 |
A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.foolabs.com/xpdf/download.html
Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Debian:
http://security.debian.org/pool/updates/main/c/cupsys/
http://security.debian.org/pool/updates/main/x/xpdf/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/
KDE:
ftp://ftp.kde.org/pub/kde/security_patches
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Currently we are not aware of any exploits for this vulnerability. |
Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow
CVE Name:
CAN-2005-0064
|
High |
iDEFENSE Security Advisory, January 18, 2005
|
GNU
Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4
|
Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.
Debian:
http://security.debian.org/pool/updates/main/e/enscript/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
/universe/e/enscript/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID: 1012965, January 21, 2005 |
GNU
Queue 1.x |
Several buffer overflow vulnerabilities exist in 'queue.c' and 'queued.c,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/
main/q/queue/
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Debian Security Advisory,
DSA-643-1, January 18, 2005 |
GNU
a2ps 4.13 |
A vulnerability exists that could allow a malicious user to execute arbitrary shell commands on the target system. a2ps will execute shell commands contained within filenames. A user can create a specially crafted filename that, when processed by a2ps, will execute shell commands with the privileges of the a2ps process.
A patch for FreeBSD is available at:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/
ports/
print/a2ps-letter/files/patch-select.c?
rev=1.1&content-type=text/plain
Debian:
http://www.debian.org/security/2004/dsa-612
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-02.xml
OpenPKG:
ftp://ftp.openpkg.org/release/
A Proof of Concept exploit has been published. |
GNU a2ps Filenames Shell Commands Execution |
|
SecurityTracker Alert ID, 1012475, December 10, 2004
Debian Security Advisory
DSA-612-1 a2ps, December 20, 2004
Gentoo GLSA 200501-02, January 5, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.003, January 17, 2005
|
GNU
ChBg 1.5 |
A vulnerability was reported in ChBg. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted ChBg scenario file that, when processed by the target user with ChBg, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the simplify_path() function in 'config.c.' FreeBSD is not affected because PATH_MAX is set to 1024, preventing the buffer overflow.
Debian:
http://security.debian.org/pool/
updates/main/c/chbg/
A Proof of Concept exploit script has been published. |
|
High |
Secunia Advisory ID, SA13529, December 17, 2004
Debian Security Advisory, DSA 644-1, January 18, 2005
|
GNU
CUPS 1.1.22 |
A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SGI:
http://www.sgi.com/support/security/
A Proof of Concept exploit script has been published. |
GNU CUPS HPGL ParseCommand() Buffer Overflow |
High |
CUPS Advisory STR #1023, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005 |
GNU
CUPS Ippasswd 1.1.22 |
A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SGI:
http://www.sgi.com/support/security/
A Proof of Concept exploit has been published. |
GNU CUPS lppasswd Denial of Service
|
Low |
SecurityTracker Alert ID, 1012602, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005 |
GNU
xine prior to 0.99.3 |
Multiple vulnerabilities exist that could allow a remote user to execute arbitrary code on the target user's system. There is a buffer overflow in pnm_get_chunk() in the processing of the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG, and CONT_TAG parameters.
The vendor has issued a fixed version of xine-lib (1-rc8), available at: http://xinehq.de/index.php/releases
A patch is also available at:
http://cvs.sourceforge.net/viewcvs.py/xine/
xine-lib/src/input/pnm.c?r1=
1.20&r2=1.21
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200501-07.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
A Proof of Concept exploit has been published. |
|
High |
iDEFENSE Security Advisory 12.21.04
Gentoo, GLSA 200501-07, January 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005 |
GNU
xine-lib 1.x |
Multiple vulnerabilities with unknown impacts exist due to errors in the PNM and Real RTSP clients.
Update to version 1-rc8:
http://xinehq.de/index.php/download
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-07.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Currently we are not aware of any exploits for these vulnerabilities. |
GNU xine-lib
Unspecified PNM &
Real RTSP Clients Vulnerabilities
CVE Name:
CAN-2004-1300
|
Not Specified |
Secunia Advisory, SA13496, December 16, 2004
Gentoo Linux Security Advisory, GLSA 200501-07, January 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005 |
ImageMagick
ImageMagick 6.x |
A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.imagemagick.org/
www/download.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-26.xml
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick Photoshop Document Buffer Overflow
CVE Name:
CAN-2005-0005
|
High |
iDEFENSE Security Advisory, January 17, 2005
Ubuntu Security Notice, USN-62-1, January 18, 2005
Debian Security Advisory, DSA 646-1, January 19, 2005
Gentoo Linux Security Advisory, GLSA 200501-26, January 20, 2005 |
Konversation
IRC Client 0.15 |
Multiple vulnerabilities exist: a vulnerability exists in the 'Server::parseWildcards' function due to insufficient filtering of various parameters, which could let a remote malicious user execute arbitrary code; a vulnerability exists in certain Perl scripts if shell metacharacters in channel names or song names aren't properly quoted, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Quick Connection dialog because the password is used as the nickname, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://konversation.berlios.de/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-34.xml
There is no exploit required; however, Proofs of Concept exploits have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Bugtraq, January 19, 2005 |
libtiff.org
LibTIFF 3.6.1
Avaya MN100 (All versions), Avaya Intuity LX (version 1.1-5.x), Avaya Modular Messaging MSS (All versions)
|
Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-11.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
KDE: Update to version 3.3.2:
http://kde.org/download/
Apple Mac OS X:
http://www.apple.com/swupdates/
Gentoo: KDE kfax:
http://www.gentoo.org/security
/en/glsa/glsa-200412-17.xml
Avaya: No solution but workarounds available at: http://support.avaya.com/elmodocs2/
security/ASA-2005-002_RHSA-2004-577.pdf
TurboLinux:
http://www.turbolinux.com/update/
Proofs of Concept exploits have been published.
|
|
Low/High
(High if arbitrary code can be execute)
|
Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004
Debian Security Advisory, DSA 567-1, October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004
SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004
Slackware Security Advisory, SSA:2004-305-02, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:888, November 8, 2004
US-CERT Vulnerability Notes VU#687568 & VU#948752, December 1, 2004
Gentoo Linux Security Advisory, GLSA 200412-02, December 6, 2004
KDE Security Advisory, December 9, 2004
Apple Security Update SA-2004-12-02
Gentoo Security Advisory, GLSA 200412-17 / kfax, December 19, 2004
Avaya Advisory ASA-2005-002, January 5, 2005
Conectiva Linux Security Announcement, CLA-2005:914, January 6, 2005
Turbolinux Security Announcement, January 20, 2005 |
Linux
Fedora
RedHat
SuSE
Linux kernel 2.4 through 2.4.26, 2.6 through 2.6.7 |
A vulnerability exists in the Linux kernel in the processing of 64-bit file offset pointers thus allowing a local malicious user to view kernel memory. The kernel's file handling API does not properly convert 64-bit file offsets to 32-bit file offsets. In addition, the kernel provides insecure access to the file offset member variable. As a result, a local user can gain read access to large portions of kernel memory.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
SuSE:
http://www.suse.de/de/
security/2004_24_kernel.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200408-24.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SGI:
ftp://patches.sgi.com/support/free/security/
patches/ProPack/3/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
VMware:
http://www.vmware.com/download/esx/
A Proof of Concept exploit script has been published. |
Linux Kernel 64-bit to 32-bit File Offset Conversion Errors Disclose Kernel Memory
CVE Name:
CAN-2004-0415 |
High |
ISEC Security Research, August 4, 2004
SGI Security Advisory, 20040804-01-U, August 26, 2004
Gentoo Linux Security Advisory GLSA 200408-24, August 25, 2004
Mandrakelinux Security Update Advisory, August 26, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0041, August 9, 2004
Conectiva Linux Security Announcement, CLA-2004:879, October 26, 2004
WMware Advisory, January 14, 2005 |
mpg123
mpg123 0.59 m-0.59 s |
A buffer overflow vulnerability exists when parsing frame headers for layer-2 streams, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-14.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
MPG123 Layer 2 Frame Header Buffer Overflow
CVE Name:
CAN-2004-0991
|
High |
Gentoo Linux Security Advisory, GLSA 200501-14, January 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:009, January 19, 2005 |
Multiple Vendors
MandrakeSoft Corporate Server 3.0, Linux Mandrake 10.0, AMD64, 10.1 X86_64, 10.1;
Playmidi Linux Midi Player 2.4 |
A buffer overflow vulnerability exists in 'playmidi' due to insufficient validation of the 'main()' function, which could let a malicious user execute arbitrary code.
Debian:
http://security.debian.org
/pool/updates/main/p/playmidi/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 641-1, January 17, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:010, January 19, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Gentoo Linux;
LibTIFF LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1;
RedHat Fedora Core2& Core 3;
Ubuntu Ubuntu Linux 4.1 ppc, ia64, ia32 |
A vulnerability exists in the tiffdump utility, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/
pool/updates/main/t/tiff/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-06.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/t/tiff/
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-
019.html
SGI:
http://support.sgi.com/browse_request/
linux_patches_by_os
TurboLinux:
http://www.turbolinux.com/update/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability. |
LibTIFF TIFFDUMP Heap Corruption
Integer Overflow
CVE Name:
CAN-2004-1183
|
High |
SecurityTracker Alert ID, 1012785, January 6, 2005
RedHat Security Advisory, RHSA-2005:019-11, January 13, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
Turbolinux Security Announcement, January 20, 2005
Conectiva Linux Security Announcement, CLA-2005:920, January 20, 2005 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service.
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-28.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
X.org:
http://www.x.org/pub/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:137 (libxpm)
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:138 (XFree86)
Debian:
http://www.debian.org/
security/2004/dsa-607 (XFree86)
SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/
TurboLinux:
http://www.turbolinux.com/update/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors LibXPM Multiple Vulnerabilities
CVE Name:
CAN-2004-0914
|
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
X.Org Foundation Security Advisory, November 17, 2004
Fedora Update Notifications,
FEDORA-2004-433 & 434, November 17 & 18, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004
Fedora Security Update Notifications
FEDORA-2003-464, 465, 466, & 467, December 1, 2004
RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004
Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004
Debian Security Advisory
DSA-607-1 xfree86 -- several vulnerabilities, December 10, 2004
Turbolinux Security Announcement, January 20, 2005 |
Multiple Vendors
glibc 2.2 |
A buffer overflow vulnerability exists in the resolver libraries of glibc 2.2.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-586.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:159
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-011_RHSA-2004-586.pdf
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors glibc Buffer Overflow
CVE Name:
CAN-2002-0029
CAN-2004-0968
|
Low |
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Red Hat RHSA-2004:586-15, December 20, 2004
Mandrakesoft, MDKSA-2004:159, December 29, 2004
Avaya Security Advisory, ASA-2005-011, January 14, 2005 |
Multiple Vendors
Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10 |
A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.
Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-016.html
http://rhn.redhat.com/errata/
RHSA-2005-017.html
Exploit scripts have been published. |
Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges
CVE Name:
CAN-2005-0001
|
High |
SecurityTracker Alert, 1012862, January 12, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005
RedHat Security Advisory, RHSA-2005:016-13 & 017-14, January 21, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2, 2.6 -test1-test11, 2.6-2.6.10, 2.6.10 rc1; RedHat Desktop 3.0, Enterprise Linux WS 3, Linux ES 3, Linux AS 3;
S.u.S.E. Linux 8.1, 8.2, 9.0-9.2, Linux Desktop 1.0, Linux Enterprise Server 9, 8, Novell Linux Desktop 9.0 |
A Denial of Service vulnerability exists in the audit subsystem of the Linux kernel. .
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-043.
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel Audit Subsystem Denial of Service
CVE Name:
CAN-2004-1237
|
Low |
RedHat Security Advisory, RHSA-2005:043-13, January 18, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.28, 2.4.29rc1&rc2, 2.5 .0-2.5.69, 2.6 -test1-test11, 2.6-2.6.10; SuSE . Linux 8.1, 8.2, 9.0 |
A Denial of Service vulnerability exists with Direct I/O access to NFS file systems.
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel NFS I/O Denial of Service
|
Low |
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 |
Multiple Vendors
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2 |
A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at:
http://linux.bkbits.net:8080/linux-2.6/cset@
41a6721cce-LoPqkzKXudYby_3TUmg
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-043.html
http://rhn.redhat.com/errata/
RHSA-2005-017.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if root access can be obtained)
|
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m January 18 & 21, 2005 |
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.9; Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0-2.2;
Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32; SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9
|
Multiple remote Denial of Service vulnerabilities exist in the SMB filesystem (SMBFS) implementation due to various errors when handling server responses. This could also possibly lead to the execution of arbitrary code.
Upgrades available at:
http://kernel.org/pub/linux/
kernel/v2.4/linux-2.4.28.tar.bz2
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/l/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
http://www.SUSE.de/de/security/
2004_42_kernel.html
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-549.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-504.html
http://rhn.redhat.com/errata/
RHSA-2004-505.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Currently we are not aware of any exploits for these vulnerabilities |
Multiple Vendors smbfs Filesystem Memory Errors Remote Denial of Service
CVE Names:
CAN-2004-0883
CAN-2004-0949 |
Low/High
(High if arbitrary code can be executed)
|
e-matters GmbH Security Advisory, November 11, 2004
Fedora Update Notifications,
FEDORA-2004-450 & 451, November 23, 2004
SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004
Red Hat Advisory: RHSA-2004:549-10, December 2, 2004
Ubuntu Security Notice, USN-39-1, December 16, 2004
RedHat Security Advisories, RHSA-2004:504-13 & 505-14, December 13, 2004
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 |
Multiple Vendors
Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3 |
An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel
SCSI IOCTL Integer
Overflow |
High |
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 |
Multiple Vendors
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32 |
A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-fakeauth_auth.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Currently we are not aware of any exploits for this vulnerability. |
Squid NTLM fakeauth_auth Helper Remote Denial of Service
|
Low |
Secunia Advisory,
SA13789, January 11, 2005
Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005 |
Open Group
Open Motif 2.x, Motif 1.x
|
Multiple vulnerabilities have been reported in Motif and Open Motif, which potentially can be exploited by malicious people to compromise a vulnerable system.
Updated versions of Open Motif and a patch are available. A
commercial update will also be available for Motif 1.2.6 for users,
who have a commercial version of Motif. http://www.ics.com/developers/
index.php?cont=xpm_security_alert
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-09.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imlib/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/universe/x/xfree86/
TurboLinux:
http://www.turbolinux.com/update/
Currently we are not aware of any exploits for these vulnerabilities. |
Open Group Motif / Open Motif libXpm Vulnerabilities
CVE Names:
CAN-2004-0687
CAN-2004-0688 |
High |
Integrated Computer Solutions
Secunia Advisory ID: SA13353, December 2, 2004
RedHat Security Advisory: RHSA-2004:537-17, December 2, 2004
Turbolinux Security Announcement, January 20, 2005 |
Remote Sensing
LibTIFF 3.5.7, 3.6.1, 3.7.0 |
Two vulnerabilities exist which can be exploited by malicious people to compromise a vulnerable system by executing arbitrary code. The vulnerabilities are caused due to an integer overflow in the "TIFFFetchStripThing()" function in "tif_dirread.c" when parsing TIFF files and"CheckMalloc()" function in "tif_dirread.c" and "tif_fax3.c" when handling data from a certain directory entry in the file header.
Update to version 3.7.1:
ftp://ftp.remotesensing.org/pub/libtiff/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Debian:
http://www.debian.org/security/
2004/dsa-617
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-06.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-019.html
SGI:
http://support.sgi.com/browse_request/
linux_patches_by_os
TurboLinux:
http://www.turbolinux.com/update/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for these vulnerabilities. |
Remote Sensing LibTIFF Two Integer Overflow Vulnerabilities
CVE Name:
CAN-2004-1308
|
High |
iDEFENSE Security Advisory 12.21.04
Secunia SA13629, December 23, 2004
SUSE Security Announcement, SUSE-SA:2005:001, January 10, 2005
RedHat Security Advisory, RHSA-2005:019-11, January 13, 2005
US-Cert Vulnerability Note, VU#125598, January 14, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
Turbolinux Security Announcement, January 20, 2005
Conectiva Linux Security Announcement, CLA-2005:920, January 20, 2005 |
SCO
Unixware 7.1.1, 7.1.3, 7.1.4 |
A vulnerability exists in the 'chroot()' feature due to errors in the implementation, which could let a malicious user break out of the chroot restriction and access arbitrary files.
Patches available at:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.2
An exploit script has been published. |
|
Medium |
SCO Security Advisory, SCOSA-2005.2, January 14, 2005 |
Squid-cache.org
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1 |
Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Debian:
http://security.debian.org/pool/
updates/main/s/squid/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
There is no exploit required. |
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA13825, January 13, 2005
Debian Security Advisory, DSA 651-1, January 20, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005 |
The SWORD Project
SWORD 1.5.3 |
A vulnerability exists in 'diatheke.pl' due to insufficient sanitization of user-supplied data, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/s/sword/
There is no exploit required. |
|
High |
Debian Security Advisory, DSA 650-1, January 20, 2005 |
Todd Miller
Sudo 1.5.6-1.5.9, 1.6-1.6.8 |
A vulnerability exists due to an error in the environment cleaning, which could let a malicious user execute arbitrary commands.
Patch available at:
http://www.courtesan.com/sudo/
download.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Trustix:
http://http.trustix.org/pub/trustix/
updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/
Debian:
http://security.debian.org/pool
/updates/main/s/sudo/
OpenPKG:
ftp://ftp.openpkg.org/release/
There is no exploit code required.
|
Sudo Restricted Command Execution Bypass |
High |
Secunia Advisory,
SA13199, November 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:133, November 15, 2004
Trustix Secure Linux Security Advisories, TSLSA-2004-0058 & 061, November 16 & 19, 2004
Ubuntu Security Notice, USN-28-1, November 17, 2004
Debian Security Advisory, DSA 596-1, November 24, 2004
OpenPKG Security Advisory, OpenPKG-SA-2005.002, January 17, 2005 |
VIM Development Group
VIM 6.0-6.2, 6.3.011, 6.3.025, 6.3 .030, 6.3.044, 6.3 .045 |
Multiple vulnerabilities exist in 'tcltags' and 'vimspell.sh' due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/v/vim/
There is no exploit required. |
|
Medium |
Secunia Advisory,
SA13841, January 13, 2005
Ubuntu Security Notice, USN-61-1, January 18, 2005 |
Yukihiro Matsumoto
Ruby 1.8.x |
A remote Denial of Service vulnerability exists due to an input validation error in 'cgi.rb.'
Debian:
http://security.debian.org/pool/
updates/main/r/ruby
Mandrake:
http://www.mandrakesoft.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/universe/r/ruby1.8/l
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-23.xml
Red Hat: | |
| |
