 |
Summary of Security Items from January 26 through February 1, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Alt-N Technologies
WebAdmin 3.0.2 |
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists in 'useredit_account.wdm' due to insufficient sanitization of the 'user' parameter, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the 'useredit_account.wdm' script because an authenticated malicious user can edit other user's accounts; and a Cross-Site Scripting vulnerability exists in 'modalframe.wdm' due to insufficient sanitization of the 'file parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrade available at:
http://www.altn.com/download/default.asp?mode
=1&Step=1&sProduct=WebAdmin&sLang=
English&sFile=/Release/wa304_en.exe
There is no exploit code required; however, Proofs of Concept exploits have been published. |
Alt-N WebAdmin Multiple Remote Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
Securiteam, January 31, 2005 |
AMAX Information Technologies Inc.
Magic Winmail Server 4.0 (Build 1112) |
Multiple vulnerabilities exist: a Directory Traversal vulnerability exists in 'download.php' due to insufficient sanitization of the 'filename' parameter, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability exists in 'upload.php' due to insufficient sanitization of the 'filename' parameter, which could let a remote malicious user obtain sensitive information; a Cross-Site Scripting vulnerability exists in 'userinfo.php' due to insufficient of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; an input validation vulnerability exists due the way IMAP commands are handled, which could let a remote malicious user modify system/user information; and a vulnerability exists because the 'PORT' command can be requested for arbitrary IP addresses, which could let a remote malicious user conduct port scanning of arbitrary hosts.
Upgrades available at:
http://www.magicwinmail.net/download/winmail.exe
There is no exploit code required; however, Proofs of Concept exploits have been published. |
Magic Winmail Server Input Validation |
Medium/ High
(High if arbitrary code can be executed)
|
SIG^2 Vulnerability Research Advisory, January 27, 2005 |
Captaris
Infinite Mobile Delivery Webmail 2.6 |
Several vulnerabilities exist: a Cross-Site Scripting vulnerability exists due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists because the installation path can be obtained.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Captaris Infinite Mobile Delivery Input Validation |
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1013044, January 31, 2005 |
EternalLines.com
Eternal Lines Web Server 1.0 |
A remote Denial of Service vulnerability exists when a malicious user submits approximately 70 simultaneous connections to the target web server from the same originating host.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Eternal Lines Web Server Remote Denial of Service |
Low |
GSSIT Advisory, January 31, 2005 |
Eurofull
E-Commerce |
A Cross-Site Scripting vulnerability exists in the 'mensresp.asp' script due to insufficient validation of the 'nombre' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
Eurofull
E-Commerce 'mensresp.asp' Cross-Site Scripting |
High |
Security .Net Information Advisore, January 31, 2005 |
IceWarp
Web Mail 5.3 |
Multiple vulnerabilities exist: a vulnerability exists when accessing 'calendar_d.html,' 'calendar_m.html,' 'calendar_w.html,' and 'calendar_y.html' directly with a valid session ID in the 'id' parameter, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to weak encryption of user credentials in the 'users.cfg,' 'settings.cfg,' 'user.dat,' and 'users.dat' files, which could let a malicious user obtain sensitive information; and multiple Cross-Site Scripting and HTML injection vulnerabilities exist which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
IceWarp Web Mail Multiple Remote |
Medium/ High
(High if arbitrary code can be executed)
|
ShineShadow Security Report , January 29, 2005 |
INCA
nProtect Gameguard |
A vulnerability exists in the kernel driver functionality because the I/O permission mask can be modified, which could let an unauthorized malicious user obtain read/write access.
No workaround or patch available at time of publishing.
Another Proof of Concept exploit script has been published.
|
INCA nProtect Gameguard Unauthorized Read/Write Access |
|
Bugtraq, January 17, 2005
Bugtraq, January 28, 2005 |
Microsoft
Windows (XP SP2 is not affected) |
A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.
Updates available at:
http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
Another exploit script has been published. |
Microsoft Windows ANI File Parsing Errors
CVE Name:
CAN-2004-1305
|
Low |
VENUSTECH Security Lab, December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005
SecurityFocus, January 12, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005
Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005
PacketStorm, January 31, 2005 |
NullSoft
Winamp 5.01- 5.0 8 |
A buffer overflow vulnerability exists in the 'IN_CDDA.dll' library due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://forums.winamp.com/showthread.php?s=&threadid=202799
A Proof of Concept exploit script has been published. |
Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow
CVE Name:
CAN-2004-1150
|
High |
NSFOCUS Security Advisory, SA2005-01, January 27, 2005 |
SmarterTools Inc.
SmarterMail |
A Cross-Site Scripting vulnerability exists because attached files have a predictable URL and are placed inside the web root, which could let al remote malicious user execute arbitrary HTML and script code.
Update available at: http://www.smartertools.com/Products/SmarterMail/DL/V2.aspx
A Proof of Concept exploit has been published. |
SmarterMail Cross-Site Scripting |
High |
Secunia Advisory,
SA14080, January 31, 2005 |
SnugServer
SnugServer 3.0.0.40 |
A Directory Traversal vulnerability exists due to an input validation error, which could let a remote malicious user obtain sensitive information.
Update available at:
http://www.snugserver.com/download.php
There is no exploit code required. |
SnugServer FTP Service Directory Traversal
|
|
Secunia Advisory,
SA14063, January 28, 2005 |
Techland
Xpand Rally 1.x |
A remote Denial of Service vulnerability exists due to an unchecked memory allocation.
Update available at:
http://www.xpandrally.com/en/show.php?006
A Proof of Concept exploit script has been published. |
Xpand Rally Remote Denial of Service |
Low |
Securiteam, February 1, 2005 |
URsoftware
W32Dasm 8.94 |
A buffer overflow vulnerability exists due to insufficient validation of string length of files loaded for debugging, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
|
W32Dasm Remote Buffer Overflow |
|
SecurityTracker Alert, 1012997, January 25, 2005 |
War FTP Daemon
War FTP Daemon 1.8, 1.82 RC9 |
A remote Denial of Service vulnerability exist due to an error when handling 'CWD' commands.
Upgrades available at:
ftp://ftp.jgaa.com/pub/products/Windows/
WarFtpDaemon/1.7_Series/i386/
warftpd-1.82-00-RC10-i386.exe
A Proof of Concept exploit script has been published. |
War FTP Daemon Remote Denial of Service |
Low |
Secunia Advisory,
SA14054, January 28, 2005 |
webwasher AG
Webwasher Classic 2.2.1, 3.3 build 44, 3.3 |
A vulnerability exists due to a design error because connections to the local host interface are allowed by the proxy, which could let a remote malicious user bypass security restrictions.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proofs of Concept exploit has been published.
|
WebWasher Classic HTTP CONNECT Unauthorized Access |
Medium |
Secunia Advisory,
SA14058, January 28, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Alexander Barton
ngIRCd 0.6, 0.6.1, 0.7, 0.7.1, 0.7.5-0.7.7, 0.8, 0.8.1 |
A buffer overflow vulnerability exists in 'lists.c' in the 'Lists_MakeMask()' function due to insufficient boundary checks, which could let a remote malicious user cause a Denial or Service or obtain unauthorized access.
Update available at:
http://download.berlios.de/ngircd/ngircd-0.8.2.tar.gz
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-40.xml
Currently we are not aware of any exploits for this vulnerability. |
ngIRCd Remote Buffer Overflow |
Low/ Medium
(Medium if unauthorized access can be obtained)
|
Gentoo Linux Security Advisory, GLSA 200501-40, January 28,2005 |
Apache Software Foundation
Conectiva
Gentoo
HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat
SGI
Trustix
Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD –current, 3.4, 3.5 |
A buffer overflow vulnerability exists in Apache mod_proxy when a ‘ContentLength:’ header is submitted that contains a large negative value, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at:
http://marc.theaimsgroup.com/
?l=apache-httpd-dev&m=108687304202140&q=p3
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
OpenPKG:
ftp://ftp.openpkg.org/release/2.0/
UPD/apache-1.3.29-2.0.3.src.rpm
Gentoo:
http://security.gentoo.org/glsa/glsa-200406-16.xml
Mandrake:
http://www.mandrakesoft.com/security/advisories
SGI:
ftp://patches.sgi.com/support/free/security/
Fedora Legacy:
http://download.fedoralegacy.org/redhat/
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/Turbo
Linux/TurboLinux/ia32/
Apple:
http://www.apple.com/swupdates/
HP:
http://itrc.hp.com/service/cki/
docDisplay.do?docId=HPSBUX01113
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1010462, June 10, 2004
Gentoo Linux Security Advisory, GLSA 200406-16, June 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:065, June 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.029, June 11, 2004
SGI Security Advisory, 20040605-01-U, June 21, 2004
Fedora Legacy Update Advisory, FLSA:1737, October 14, 2004
US-Cert Vulnerability Note VU#541310, October 19, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Turbolinux Security Announcement, November 18, 2004
Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004
Secunia Advisory, SA14081, January 31, 2005 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31 |
A buffer overflow vulnerability exists in the 'get_tag()' function, which could let a malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-03.xml
Slackware:
ftp://ftp.slackware.com/pub/slackware/s
Trustix:
http://http.trustix.org/pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-600.html
Avaya:
http://support.avaya.com/elmodocs2/security/
ASA-2005-010_RHSA-2004-600.pdf
HP:
http://itrc.hp.com/service/cki/
docDisplay.do?docId=HPSBUX01113
Exploit scripts have been published. |
|
High |
SecurityFocus, October 20, 2004
Slackware Security Advisory, SA:2004-305-01, November 1, 2004
Gentoo Linux Security Advisory, GLSA 200411-03, November 2, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:134, November 17,2004
Turbolinux Security Announcement, November 18, 2004
Red Hat Advisory: RHSA-2004:600-12, December 13, 2004
Avaya Security Advisory, ASA-2005-010, January 14, 2005
Secunia Advisory, SA14081, January 31, 2005 |
Apple
Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, 10.0, 10.1-10.1.5, Mac OS X Server 10.2-10.2.8, 10.3-10.3.7 |
A buffer overflow vulnerability exists in the International Color Consortium (ICC) color profile processing functionality due to insufficient validation of user-supplied data prior to copying it into static process buffers, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.apple.com/support/downloads/
Currently we are not aware of any exploits for this vulnerability. |
Apple ColorSync ICC Header Remote Buffer Overflow
CVE Name:
CAN-2005-0126
|
High |
Apple Security Update, APPLE-SA-2005-01-25, January 25, 2005
US-CERT Vulnerability Note, VU#980078, January 27, 2005 |
Apple
Mac OS X 10.3-10.3.6, Mac OS X Server 10.3-10.3.6, |
A vulnerability exists in the 'at' utility due to improper access controls on job schedule files, which could let a malicious user obtain sensitive information.
Apple:
http://www.apple.com/support/downloads/
There is no exploit required; however, a Proof of Concept exploit has been published. |
Apple Mac OS X 'at' Utility Information Disclosure
CVE Name:
CAN-2005-0125
|
Medium |
Immunity Advisory, January 17, 2005
Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005
US-CERT Vulnerability Note, VU#678150, January 28, 2005 |
Apple
Mail |
A vulnerability exists because the globally unique Ethernet MAC address is used in computing the Message-ID header in outgoing e-mail messages, which could let a remote malicious user obtain sensitive information.
Update available at:
http://www.apple.com/support/downloads/
There is no exploit required. |
Apple Mail EMail Message ID Header Information Disclosure
CVE Name:
CAN-2005-0127
|
Medium |
Apple Security Update, APPLE-SA-2005-01-25, January 25, 2005
US-CERT Vulnerability Note, VU#464662, January 31, 2005 |
Apple
Safari 1.2.4 |
A vulnerability exists which could allow a remote malicious user to inject content into an open window in certain cases to spoof web site contents. If the target name of an open window is known, a remote user can create Javascript that, when loaded by the target user, will display arbitrary content in the opened window. A remote user can exploit this to spoof the content of potentially trusted web sites.
Apple:
http://www.apple.com/support/downloads/
A Proof of Concept exploit has been published. |
|
Medium |
SecurityTracker Alert ID: 1012459, December 8, 2004
Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 |
ARJ Software Inc.
UNARJ 2.62-2.65
|
A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-29.xml
SUSE:
http://www.suse.de/de/security/
2004_03_sr.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-007.html
Debian:
http://security.debian.org/pool/updates/
non-free/u/unarj/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-022_RHSA-2005-007.pdf
Currently we are not aware of any exploits for this vulnerability. |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SecurityTracker Alert I,: 1012194, November 11, 2004
Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004
SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004
Fedora Update Notification
FEDORA-2004-414, December 11, 2004
RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005
Debian Security Advisory, DSA 652-1, January 21, 2005
Avaya Security Advisory, ASA-2005-022, January 25, 2005 |
Berlios
gpsd 1.10, 1.20, 1.90 |
A format string vulnerability exists in the 'gpsd_report()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Berlios GPSD Remote Format String |
High |
Securiteam, January 26, 2005 |
Black List Daemon
bld 0.3 |
A buffer overflow vulnerability exists due to the way the 'select()' system call is implemented, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit has been published but has not been released to the public. |
Black List Daemon select() Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Bugtraq, January 24, 2005 |
cadsoft.de
vdr daemon 1.0 |
A vulnerability exists in 'dvbapi.c' because files are created in an unsafe manner, which c could let a remote malicious user overwrite arbitrary files.
Debian:
http://security.debian.org/pool/updates/main/v/vdr/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-42.xml
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Debian Security Advisory, DSA 656-1, January 25, 2005
Gentoo Linux Security Advisory, GLSA 200501-42, January 30,2005 |
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-05.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-546.html
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://security.debian.org/pool/updates/
main/c/cyrus-sasl/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
OpenPGK:
ftp ftp.openpkg.org
Currently we are not aware of any exploits for these vulnerabilities.
|
Cyrus SASL Buffer Overflow & Input Validation
CVE Name:
CAN-2004-0884
|
|
SecurityTracker Alert ID: 1011568, October 7, 2004
Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12 , 14, & 16, 2004
Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004
OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005 |
Carsten Haitzler
imlib 1.x |
Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-03.xml
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-651.html
SUSE:
http://www.suse.com/en/private/
download/updates
Debian:
http://www.debian.org/security/2004/dsa-618
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/imlib2/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
TurboLinux:
http://www.turbolinux.com/update/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities. |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026
CAN-2004-1025 |
High |
Secunia Advisory ID,
SA13381, December 7, 2004
Red Hat Advisory, RHSA-2004:651-03, December 10, 2004
SecurityFocus, December 14, 2004
Debian DSA-618-1 imlib, December 24, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:007, January 12, 2005
Turbolinux Security Announcement, January 20, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 |
Citadel/UX
Citadel/UX 5.90, 5.91, 6.08, 6.0 7, 6.23, 6.24, 6.26, 6.27 |
A buffer overflow vulnerability exists due to the way the 'select()' system call is implemented, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code.
Upgrades available at:
http://easyinstall.citadel.org/citadel-6.30.tar.gz
An exploit has been published but has not been released to the public. |
Citadel/UX select() System Call Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Bugtraq, January 24, 2005 |
David M. Gay
f2c Fortran 77 Translator 1.3.1 |
Several vulnerabilities exist due to the insecure creation of temporary files, which could let a malicious user modify information or obtain elevated privileges.
Debian:
http://security.debian.org/pool/updates/main/f/f2c/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-43.xml
There is no exploit required.
|
|
Medium |
Debian Security Advisory, DSA 661-1, January 27, 2005
Gentoo Linux Security Advisory GLSA 200501-43, January 30, 2005 |
Debian
Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha |
A vulnerability exists because during installation a PAM radius configuration file is set world-readable, which could let a malicious user obtain sensitive information.
Upgrades available at:
http://security.debian.org/pool/updates/main/libp/
There is no exploit required. |
Debian Pam Radius Auth File Information Disclosure
CVE Name:
CAN-2004-1340
|
Medium |
Debian Security Advisory, DSA 659-1, January 26, 2005 |
FireHOL
FireHOL 1.214 |
A vulnerability exists due to the insecure creation of various temporary files, which could let a malicious user overwrite arbitrary files.
Update available at:
http://firehol.sourceforge.net/
There is no exploit required |
FireHOL Insecure Local Temporary File Creation |
Medium |
Secunia Advisory, SA13970, January 25, 2005 |
FreeRADIUS Server Project
mod_auth_radius 1.3.9, 1.5, 1.5.2, 1.5.4 |
A vulnerability exists in the 'radcpy()' function in the 'mod_auth_radius' module for Apache when handling server-supplied integer values, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Debian:
http://security.debian.org/pool/updates
/main/libp/libpam-radius-auth/
A Proof of Concept exploit has been published. |
FreeRADIUS Server Project Apache 'mod_auth_radius' Integer Overflow
CVE Name:
CAN-2005-0108
|
Low/High
(High if arbitrary code can be executed)
|
LSS Security Advisory, LSS-2005-01-02, January 10, 2005
Debian Security Advisory, DSA 659-1, January 26, 2005 |
Glyph and Cog
XPDF prior to 3.00pl3 |
A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.foolabs.com/xpdf/download.html
Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Debian:
http://security.debian.org/pool/updates/main/c/cupsys/
http://security.debian.org/pool/updates/main/x/xpdf/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/
KDE:
ftp://ftp.kde.org/pub/kde/security_patches
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow
CVE Name:
CAN-2005-0064
|
High |
iDEFENSE Security Advisory, January 18, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
|
GNU
a2ps 4.13 |
A vulnerability exists that could allow a malicious user to execute arbitrary shell commands on the target system. a2ps will execute shell commands contained within filenames. A user can create a specially crafted filename that, when processed by a2ps, will execute shell commands with the privileges of the a2ps process.
A patch for FreeBSD is available at:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/
ports/ print/a2ps-letter/files/patch-select.c?
rev=1.1&content-type=text/plain
Debian:
http://www.debian.org/security/2004/dsa-612
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-02.xml
OpenPKG:
ftp://ftp.openpkg.org/release/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
TurboLinux/ia32/
A Proof of Concept exploit has been published. |
GNU a2ps Filenames Shell Commands Execution |
|
SecurityTracker Alert ID, 1012475, December 10, 2004
Debian Security Advisory
DSA-612-1 a2ps, December 20, 2004
Gentoo GLSA 200501-02, January 5, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.003, January 17, 2005
Turbolinux Security Advisory, TLSA-2005-8, January 26, 2005
|
GNU
cpio 1.0, 1.1, 1.2 |
A vulnerability exists in 'cpio/main.c' due to a failure to create files securely, which could let a malicious user obtain sensitive information.
Upgrades available at:
http://ftp.gnu.org/gnu/cpio/cpio-2.6.tar.gz
There is no exploit required. |
|
Medium |
SecurityTracker Alert, 1013041, January 30, 2005 |
GNU
Vim 6.x, GVim 6.x; Avaya Converged Communications Server 2.0, CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing, S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
Multiple vulnerabilities exist which can be exploited by local malicious users to gain escalated privileges. The vulnerabilities are caused due to some errors in the modelines options. This can be exploited to execute shell commands when a malicious file is opened. Successful exploitation can lead to escalated privileges but requires that modelines is enabled.
Apply patch for vim 6.3: f
tp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200412-10.xml
Red Hat:
http://rhn.redhat.com/errata/RHSA-2005-010.html
Mandrake:
http://www.mandrakesoft.com/security/advisories
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-020_RHSA-2005-019.pdf
Currently we are not aware of any exploits for these vulnerabilities.
|
GNU Vim / Gvim Modelines Command Execution Vulnerabilities
CVE Name:
CAN-2004-1138
|
Medium |
Gentoo Linux Security Advisory, GLSA 200412-10 / vim, December 15, 2004
Red Hat Advisory RHSA-2005:010-05, January 5, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:003, January 6, 2005
Avaya Security Advisory, ASA-2005-020, January 25, 2005 |
GNU
xine prior to 0.99.3 |
Multiple vulnerabilities exist that could allow a remote user to execute arbitrary code on the target user's system. There is a buffer overflow in pnm_get_chunk() in the processing of the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG, and CONT_TAG parameters.
The vendor has issued a fixed version of xine-lib (1-rc8), available at: http://xinehq.de/index.php/releases
A patch is also available at:
http://cvs.sourceforge.net/viewcvs.py/xine/
xine-lib/src/input/pnm.c?r1=
1.20&r2=1.21
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200501-07.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
A Proof of Concept exploit has been published. |
|
High |
iDEFENSE Security Advisory 12.21.04
Gentoo, GLSA 200501-07, January 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 |
GNU
xine-lib 1.x |
Multiple vulnerabilities with unknown impacts exist due to errors in the PNM and Real RTSP clients.
Update to version 1-rc8:
http://xinehq.de/index.php/download
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-07.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities. |
GNU xine-lib
Unspecified PNM &
Real RTSP Clients Vulnerabilities
CVE Name:
CAN-2004-1300
|
Not Specified |
Secunia Advisory, SA13496, December 16, 2004
Gentoo Linux Security Advisory, GLSA 200501-07, January 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 |
GNU
Xpdf prior to 3.00pl2 |
A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.
A fixed version (3.00pl2) is available at: http://www.foolabs.com/xpdf/download.html
A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch
KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-24.xml
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165
Mandrakesoft (update for kdegraphics): http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163
Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162
Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161
Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166
Debian:
http://www.debian.org/security/2004/dsa-619
Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
GNU Xpdf Buffer Overflow in doImage()
CVE Name:
CAN-2004-1125 |
High |
iDEFENSE Security Advisory 12.21.04
KDE Security Advisory, December 23, 2004
Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004
Fedora Update Notification,
FEDORA-2004-585, January 6, 2005
Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Avaya Security Advisory, ASA-2005-027, January 25, 2005
|
Hewlett-Packard Company
VirtualVault A.04.70, A.04.60, A.04.50 |
A remote Denial of Service vulnerability exists due to a failure to handle malformed network data.
Patches available at:
http://itrc.hp.com/service/cki/
docDisplay.do?docId=HPSBUX01111
Currently we are not aware of any exploits for this vulnerability. |
HP-UX VirtualVault Remote Denial of Service |
Low |
HP Security Bulletin, HPSBUX01111, January 26, 2005 |
ImageMagick
ImageMagick 6.x |
A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.imagemagick.org/
www/download.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-26.xml
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-37.xml
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick Photoshop Document Buffer Overflow
CVE Name:
CAN-2005-0005
|
High |
iDEFENSE Security Advisory, January 17, 2005
Ubuntu Security Notice, USN-62-1, January 18, 2005
Debian Security Advisory, DSA 646-1, January 19, 2005
Gentoo Linux Security Advisory, GLSA 200501-26, January 20, 2005
Gentoo Linux Security Advisory, GLSA 200501-37, January 26, 2005 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=24099
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
i/imagemagick/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-11.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/i386/update/
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:143
(Red Hat has re-issued it's update.)
http://rhn.redhat.com/errata/RHSA-2004-480.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1011946, October 26, 2004
Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004
Debian Security Advisory DSA 593-1, November 16, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004
Mandrakesoft Security Advisory, MDKSA-2004:143, December 6, 2004
Red Hat Security Advisory, RHSA-2004:636-03, December 8, 2004
Turbolinux Security Advisory, TLSA-2005-7, January 26, 2005 |
Info-ZIP
Zip 2.3; Avaya CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing |
A buffer overflow vulnerability exists due to a boundary error when doing recursive compression of directories with 'zip,' which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/z/zip/
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-16.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-634.html
Debian:
http://www.debian.org/security/2005/dsa-624
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-019_RHSA-2004-634.pdf
Currently we are not aware of any exploits for this vulnerability.
|
Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow
CVE Name:
CAN-2004-1010
|
High |
Bugtraq, November 3, 2004
Ubuntu Security Notice, USN-18-1, November 5, 2004
Fedora Update Notification,
FEDORA-2004-399 & FEDORA-2004-400, November 8 & 9, 2004
Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004
SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004
Red Hat Advisory, RHSA-2004:634-08, December 16, 2004
Debian DSA-624-1, January 5, 2005
Turbolinux Security Announcement, 20050131, January 31, 2005
Avaya Security Advisory, ASA-2005-019, January 25, 2005
|
JabberStudio
jabberd 1.4.1 |
A buffer overflow vulnerability exists due to the way the 'select()' system call is implemented, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit has been published but has not been released to the public. |
Jabber select() Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Bugtraq, January 24, 2005 |
mpg123
mpg123 0.59 m-0.59 s |
A buffer overflow vulnerability exists when parsing frame headers for layer-2 streams, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-14.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
MPG123 Layer 2 Frame Header Buffer Overflow
CVE Name:
CAN-2004-0991
|
High |
Gentoo Linux Security Advisory, GLSA 200501-14, January 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:009, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 |
mpg123.de
mpg123 pre0.59s, 0.59r |
A buffer overflow vulnerability exists in the 'getauthfromURL()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/
non-free/m/mpg123/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-27.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
A Proof of Concept exploit has been published. |
|
High |
Securiteam, October 21, 2004
Gentoo Linux Security Advisory, GLSA 200410-27, October 27, 2004
Debian Security Advisory, DSA 578-1 , November 1, 2004
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, rc1-rc3; libdbi-perl libdbi-perl 1.21, 1.42 |
A vulnerability exists libdbi-perl due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files.
Debian:
http://security.debian.org/pool/updates/
main/libd/libdbi-perl/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-38.xml
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-069.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libd/libdbi-perl/
There is no exploit required. |
Libdbi-perl Insecure Temporary File Creation
CVE Name:
CAN-2005-0077
|
Medium |
Debian Security Advisory, DSA 658-1, January 25, 2005
Ubuntu Security Notice, USN-70-1, January 25, 2005
Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005
RedHat Security Advisory, RHSA-2005:069-08, February 1, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9 |
A vulnerability exists in 'iptables.c' and 'ip6tables.c' due to a failure to load the required modules, which could lead to a false sense of security because firewall rules may not always be loaded.
Debian:
http://security.debian.org/pool/
updates/main/i/iptables/i
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
SUSE:
ftp.SUSE.com/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit required. |
|
Medium |
Debian Security Advisory, DSA 580-1 , November 1, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Fedora Update Notification,
FEDORA-2004-417, December 1, 2004
Turbolinux Security Advisory, TLSA-2005-10, January 26, 2005 |
Multiple Vendors
Exim 4.43 & prior |
Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process.
The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software
/email/exim/ Testing/exim-snapshot.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/
email/exim/Testing/exim-snapshot.tar.gz.sig
Also, patches for 4.43 are available at:
http://www.exim.org/mail-archives/
exim-announce/2005/msg00000.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/exim4/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-23.xml
Debian:
http://security.debian.org/pool/
updates/main/e/exim/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
SecurityTracker Alert ID: 1012771, January 5, 2005
Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005
Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
US-CERT Vulnerability Note, VU#132992, January 28, 2005 |
Multiple Vendors
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
m/mailman/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-29.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker, January 12, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 |
Multiple Vendors
gzip |
A vulnerability exists in the gzip(1) command, which could let a malicious user access the files of other users that were processed using gzip.
Sun Solaris:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57600-1
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:142
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://www.debian.org/security/2004/dsa-588
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Sun(sm) Alert Notification, 57600, October 1, 2004
US-CERT Vulnerability Note VU#635998, October 18, 2004
Mandrakesoft Security Advisory, MDKSA-2004:142, December 6, 2004
Trustix Advisory TSL-2004-0050, September 30, 2004
Debian Security Advisory DSA 588-1, November 8, 2004
Turbolinux Security Advisory, TLSA-2005-9, January 26, 2005 |
Multiple Vendors
ISC BIND 8.4.4, 8.4.5 |
A remote Denial of Service vulnerability exists in the 'q_usedns' array due to in sufficient validation of the length of user-supplied input prior to copying it into static process buffers. This could possibly lead to the execution of arbitrary code.
Upgrade available at:
http://www.isc.org/index.pl?/sw/bind/
Currently we are not aware of any exploits for this vulnerability. |
ISC BIND 'Q_UseDNS' Remote Denial of Service
CVE Name:
CAN-2005-0033
|
Low/High
(High if arbitrary code can be executed)
|
US-CERT Vulnerability Note, VU#327633, January 25, 2005 |
Multiple Vendors
ISC BIND 9.3;
MandrakeSoft Linux Mandrake 10.1 X86_64, 10.1 |
A remote Denial of Service vulnerability exists in the 'authvalidated()' function due to an error in the validator.
Upgrade available at:
http://www.isc.org/index.pl
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
BIND Validator Self Checking Remote Denial of Service
CVE Name:
CAN-2005-0034
|
Low |
US-CERT Vulnerability Note. VU#938617, January 25, 2005 |
Multiple Vendors
KDE 2.0, BETA, 2.0.1, 2.1-2.1.2, 2.2-2.2.2 |
A vulnerability exists in 'kdesktop/lockeng.cc' and 'kdesktop/lockdlg.cc' due to insufficient return value checking, which could let a malicious user bypass the screensaver lock mechanism.
Debian:
http://security.debian.org/pool/
updates/main/k/kdebase/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Debian Security Advisory, DSA 660-1, January 26, 2005 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability was reported in the Linux kernel in the auxiliary message (scm) layer. A local malicious user can cause Denial of Service conditions. A local user can send a specially crafted auxiliary message to a socket to trigger a deadlock condition in the __scm_send() function.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-689.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel Auxiliary Message Layer State Error
CVE Name:
CAN-2004-1016 |
Low |
iSEC Security Research Advisory 0019, December 14, 2004
SecurityFocus, December 25, 2004
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0 |
Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel IGMP Integer Underflow
CVE Name:
CAN-2004-1137 |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
iSEC Security Research Advisory 0018, December 14, 2004
SecurityFocus, December 25, 2005
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 |
Multiple Vendors
Linux Kernel 2.6.x |
Some potential vulnerabilities exist with an unknown impact in the Linux Kernel. The vulnerabilities are caused due to boundary errors within the 'sys32_ni_syscall()' and 'sys32_vm86_warning()' functions and can be exploited to cause buffer overflows. Immediate consequences of exploitation of this vulnerability could be a kernel panic. It is not currently known whether this vulnerability may be leveraged to provide for execution of arbitrary code.
Patches are available at:
http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
http://linux.bkbits.net:8080/linux-2.6/
gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors Linux Kernel 'sys32_ni_syscall' and 'sys32_vm86_warning' Buffer Overflows
CVE Name:
CAN-2004-1151
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory ID, SA13410, December 9, 2004
SecurityFocus, December 14, 2004
SecurityFocus, December 25, 2004
Secunia, SA13706, January 4, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 |
Multiple Vendors
Linux Kernel versions except 2.6.9 |
A race condition vulnerability exists in the Linux Kernel terminal subsystem. This issue is related to terminal locking and is exposed when a remote malicious user connects to the computer through a PPP dialup port. When the remote user issues the switch from console to PPP, there is a small window of opportunity to send data that will trigger the vulnerability. This may cause a Denial of Service.
This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases: http://www.kernel.org/pub/linux/kernel/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Linux Kernel Terminal Locking Race Condition
CVE Name:
CAN-2004-0814 |
Low |
SecurityFocus, December 14, 2004
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 |
Multiple Vendors
Linux Kernel versions except 2.6.9 |
The Linux Kernel is prone to a local vulnerability in the terminal subsystem. Reportedly, this issue can be triggered by issuing a TIOCSETD ioctl to a terminal interface at the moment a read or write operation is being performed by another thread. This could result in a Denial of Service or allow kernel memory to be read.
This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases: http://www.kernel.org/pub/linux/kernel/
Ubuntu: | |
| |
