DelphiTurk

CodeBank 3.1 & prior

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

EternalLines.com

Eternal Lines Web Server 1.0

A remote Denial of Service vulnerability exists when a malicious user submits approximately 70 simultaneous connections to the target web server from the same originating host.

No workaround or patch available at time of publishing.

An exploit script has been published.

GSSIT Advisory, January 31, 2005

SecurityFocus, February 1, 2005

Foxmail

Email Server 2.0

A buffer overflow vulnerability in the 'Mail From:' command due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

IceWarp

Web Mail 5.3

Multiple vulnerabilities exist: a vulnerability exists when accessing 'calendar_d.html,' 'calendar_m.html,' 'calendar_w.html,' and 'calendar_y.html' directly with a valid session ID in the 'id' parameter, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to weak encryption of user credentials in the 'users.cfg,' 'settings.cfg,' 'user.dat,' and 'users.dat' files, which could let a malicious user obtain sensitive information; and multiple Cross-Site Scripting and HTML injection vulnerabilities exist which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://www.icewarp.com/downloads/
webmail.html?PHPSESSID=
363e38e9f350cceda950cc146f67196f

There is no exploit code required; however, Proofs of Concept exploits have been published.

ShineShadow Security Report, January 29, 2005

SecurityFocus, February 3, 2005

Microsoft

Internet Explorer 6.0, SP1

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2

Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/security/
bulletin/MS05-009.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft Security Bulletin, MS05-009, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#259890

Microsoft

Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-013.msp

A Proof of Concept exploit has been published.

Bugtraq, December 15, 2004

Microsoft Security Bulletin, MS05-013, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#356600

Microsoft

Windows 2000 SP3 &SP4, Windows XP SP1 & SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Server 2003 for Itanium-based Systems, Windows 98, SE, ME

A vulnerability exists due to the way Drag-and-Drop events are handled, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-008.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-008, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#698835

Microsoft

ASP.NET 1.x

A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.

Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx

A Proof of Concept exploit has been published.

Microsoft, October 7, 2004

Microsoft Security Bulletin, MS05-004, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Vulnerability Note VU#283646

Microsoft

Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-005, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#416001

Microsoft

Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-011.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-011, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#652537

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

Multiple vulnerabilities exist: a vulnerability exists due to insufficient validation of drag and drop events from the Internet zone to local resources, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to the way certain encoded URLs are parsed, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the validation of URLs in CDF (Channel Definition Format) files, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists due to an input validation error in the 'createControlRange()' javascript function, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to insufficient cross-zone restrictions; a vulnerability exists due to the way web sites are handled inside the 'Temporary Internet Files' folder; and a vulnerability exists in the 'codebase' attribute of the 'object' tag due to a parsing error.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-014.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft Security Bulletin, MS05-014, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Notes VU#580299, VU#823971 VU#843771
VU#698835

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

Two vulnerabilities exist: a vulnerability exists in OLE due to the way input validation is handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists when processing COM structured storage files, which could let a remote malicious execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-012.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft Security Bulletin, MS05-012, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Notes VU#597889, VU#927889

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1,
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-015.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-015, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#820427

Microsoft

Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server
Edition SP6a, Windows 2000 Server SP3 & SP4, Windows 2003, Windows 2003 for Itanium-based Systems

A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-010, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#130433

Microsoft

Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003

A remote code execution vulnerability exists in the Windows Server 2003 SMTP component due to the way Domain Name System (DNS) lookups are handled. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.

Updates available at:
http://www.microsoft.com/technet/
security/bulletin/MS04-035.mspx

Bulletin updated to clarify restart requirement for Windows Server 2003 and Windows XP 64-Bit.

Bulletin updated to advise of the availability of an update for Exchange 2000 Server.

Currently we are not aware of any exploits for this vulnerability.

Microsoft

Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft

A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-006.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-006, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#340409

Microsoft

Windows XP SP1 & SP2, XP 64-Bit Edition SP1

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-007.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-007, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#939074

Netscape

Netscape 7.x

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

People Can Fly

Painkiller 1.35 & prior

A buffer overflow vulnerability exists due to insufficient bounds checking in the Gamespy CD-key hash, which could let a remote malicious user cause a Denial of Service.

Update available at: www.painkillergame.com/

A Proof of Concept exploit has been published.

Piotr Kowalski

LANChat Pro Revival1.666c

No workaround or patch available at time of publishing.

An exploit script has been published.

Qualcomm

Eudora 6.2.0 & prior

Updates available at:
http://www.eudora.com/products/

Currently we are not aware of any exploits for these vulnerabilities.

RaidenHTTPD TEAM

RaidenHTTPD 1.1.27

Upgrade available at:
http://www.raidenhttpd.com/en/download.html

A Proof of Concept exploit has been published.

RARLAB

WinRar 3.0 .0, 3.10, beta 5, beta 3, 3.11, 3.20, 3.40-3.42

A Directory Traversal vulnerability exists when attempting to decompress a file by right clicking, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Real Networks

RealPlayer 10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5

A vulnerability exists due to insufficient enforcement of security zones, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Savant

Savant Webserver 3.1

A buffer overflow vulnerability exists due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Exploit scripts have been published.

Software602

602LAN SUITE 2004

Update available at: http://www.software602.com/download/

Currently we are not aware of any exploits for this vulnerability.

ZipGenius

ZipGenius Standard Edition 5.5, Suite Edition 5.5

Multiple Directory Traversal vulnerabilities exist due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://web.rossoalice.it/zipgenius/zg6/zg6sui_b5.exe

There is no exploit code required.

ngIRCd 0.6, 0.6.1, 0.7, 0.7.1, 0.7.5-0.7.7, 0.8-0.8.2

No workaround or patch available at time of publishing.

An exploit script has been published.

Apple

Safari 1.2.4 v125.12

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple

Safari 1.2.5

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ARJ Software Inc.

UNARJ 2.62-2.65

Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-29.xml

SUSE:
http://www.suse.de/de/security/
2004_03_sr.html

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-007.html

Debian:
http://security.debian.org/pool/updates/
non-free/u/unarj/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-022_RHSA-2005-007.pdf

Fedora Legacy:
http://download.fedoralegacy.org/redhat/

http://download.fedoralegacy.org
/fedora/1/updates/

Currently we are not aware of any exploits for this vulnerability.

SecurityTracker Alert I,: 1012194, November 11, 2004

Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004

SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004

Fedora Update Notification
FEDORA-2004-414, December 11, 2004

RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005

Debian Security Advisory, DSA 652-1, January 21, 2005

Avaya Security Advisory, ASA-2005-022, January 25, 2005

Fedora Legacy Update Advisory, FLSA:2272, February 1, 2005

FireHOL

FireHOL 1.214

A vulnerability exists due to the insecure creation of various temporary files, which could let a malicious user overwrite arbitrary files.

Update available at:
http://firehol.sourceforge.net/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-01.xml

There is no exploit required

Secunia Advisory, SA13970, January 25, 2005

Gentoo Linux Security Advisory, GLSA 200502-01, February 1, 2005

Freedesktop.org

D-BUS 0.23 & prior

A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.

Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/3/

There is no exploit code required.

FreeRADIUS Server Project

FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0

A remote Denial of Service vulnerability exists in 'radius.c' and 'eap_tls.c' due to a failure to handle malformed packets.

Upgrades available at:
ftp://ftp.freeradius.org/pub/radius/
freeradius-1.0.1.tar.gz

Gentoo:
http://security.gentoo.org/glsa/
glsa-200409-29.xml

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

RedHat: http://rhn.redhat.com/errata/
RHSA-2004-609.html

Fedora Legacy:
http://download.fedoralegacy.org/
fedora/1/updates/

There is no exploit code required.

Gentoo Linux Security Advisory, GLSA 200409-29, September 22, 2004

US-CERT Vulnerability Note VU#541574, October 11, 2004

Fedora Update Notification,
FEDORA-2004-355, October 28, 2004

RedHat Security Advisory, RHSA-2004:609-06, November 12, 2004

Fedora Legacy Update Advisory, FLSA:2187, February 1, 2005

US-CERT Vulnerability Note VU#541574

Frox

Frox 0.7.16, 0.7.17

Update available at:
http://frox.sourceforge.net/download/

Currently we are not aware of any exploits for this vulnerability.

Gallery Project

Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux

A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://sourceforge.net/project/showfiles.
php?group_id=7130

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-10.xml

Debian:
http://security.debian.org/pool/updates
/main/g/gallery/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-45.xml

It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed.

There is no exploit code required.

Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004

Debian Security Advisory, DSA 642-1, January 17, 2005

Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005

SecurityFocus, February 2, 2005

Glyph and Cog

XPDF prior to 3.00pl3

A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.

Update available at:
http://www.foolabs.com/xpdf/download.html

Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch

Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/

http://security.debian.org/pool/
updates/main/x/xpdf/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates

Gentoo:
http://security.gentoo.org/glsa/

KDE:
ftp://ftp.kde.org/pub/kde/security_patches

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory, January 18, 2005

Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005

Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

GNU

Emacs prior to 21.4.17

Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4

Currently we are not aware of any exploits for this vulnerability.

GNU Midnight Commander Project

Midnight Commander 4.x

Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.

Debian:
http://security.debian.org/pool/
updates/main/m/mc/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

SecurityTracker Alert, 1012903, January 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

GNU

ChBg 1.5

A vulnerability was reported in ChBg. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted ChBg scenario file that, when processed by the target user with ChBg, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the simplify_path() function in 'config.c.' FreeBSD is not affected because PATH_MAX is set to 1024, preventing the buffer overflow.

Debian:
http://security.debian.org/pool/
updates/main/c/chbg/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

A Proof of Concept exploit script has been published.

Secunia Advisory ID, SA13529, December 17, 2004

Debian Security Advisory, DSA 644-1, January 18, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:027, February 2, 2005

GNU

CUPS 1.1.22

A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SGI:
http://www.sgi.com/support/security/

SuSE:
ftp://ftp.suse.com/pub/suse/

A Proof of Concept exploit script has been published.

CUPS Advisory STR #1023, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

GNU

CUPS Ippasswd 1.1.22

A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/security/

A Proof of Concept exploit has been published.

SecurityTracker Alert ID, 1012602, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

GNU

Xpdf prior to 3.00pl2

A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.

A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/download.html

A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch

KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt

Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/

Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165

Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163

Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162

Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161

Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166

Debian:
http://www.debian.org/security/2004/dsa-619

Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

GNU Xpdf Buffer Overflow in doImage()

CVE Name:
CAN-2004-1125

iDEFENSE Security Advisory 12.21.04

KDE Security Advisory, December 23, 2004

Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004

Fedora Update Notification,
FEDORA-2004-585, January 6, 2005

Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005

Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Avaya Security Advisory, ASA-2005-027, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Hewlett-Packard

HP-UX 11.x

A vulnerability exists which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in SAM (System Administration Manager).

Apply patches:
http://www.itrc.hp.com/service/
patch/mainPage.do

Rev 2: Added B.11.04 patch

Currently we are not aware of any exploits for this vulnerability.

HP Advisory, SSRT4699, December 22, 2004

HP Security Bulletin, HPSBUX01104 Rev 2, February 1, 2004

IBM

AIX 5.3

A vulnerability exists in the NIS client, which could let a remote malicious user execute arbitrary code.

Patch available at:
ftp://aix.software.ibm.com/aix/
efixes/security/nis_efix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM

AIX 5.1-5.3

A format string vulnerability exists in '/usr/sbin/chdev,' which could let a malicious user obtain root privileges.

Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html

Currently we are not aware of any exploits for this vulnerability.

IBM

AIX 5.2, 5.3

A format string vulnerability exists in auditselect, which could let a malicious user obtain root privileges.

Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html

Currently we are not aware of any exploits for this vulnerability.

Info-ZIP

Zip 2.3; Avaya CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zip/

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-16.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-634.html

Debian:
http://www.debian.org/
security/2005/dsa-624

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-019_RHSA-2004-634.pdf

Fedora Legacy:
http://download.fedoralegacy.org/redhat/

http://download.fedoralegacy.org
/fedora/1/updates/

Currently we are not aware of any exploits for this vulnerability.

Bugtraq, November 3, 2004

Ubuntu Security Notice, USN-18-1, November 5, 2004

Fedora Update Notification,
FEDORA-2004-399 & FEDORA-2004-400, November 8 & 9, 2004

Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004

SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004

Red Hat Advisory, RHSA-2004:634-08, December 16, 2004

Debian DSA-624-1, January 5, 2005

Turbolinux Security Announcement, 20050131, January 31, 2005

Avaya Security Advisory, ASA-2005-019, January 25, 200

Fedora Legacy Update Advisory, FLSA:2255, February 1, 2005

Jim Faulkner

Newspost 2.0, 2.1.1

A buffer overflow vulnerability exists in 'socket.c' in the the 'socket_getline()' function when handling NNTP server responses, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-05.xml

A Proof of Concept exploit script has been published.

Secunia Advisory,
SA14092, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-05, February 3, 2004

KDE.org

Konqueror 3.x

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

KDE

KDE 3.x, 2.x

A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.

The vulnerability has been fixed in the CVS repository.

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160

Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

KDE Advisory Bug 95825, December 26, 2004

Debian Security Advisory, DSA 631-1, January 10, 2005

Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

KDE

Konqueror 3.2.2-6

A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:150

Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-16.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory ID, SA13254, December 8, 2004

Secunia Advisory ID, SA13486, December 16, 2004

Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

KDE

Konqueror prior to 3.32

Two vulnerabilities exist in KDE Konqueror, which can be exploited by malicious people to compromise a user's system.The vulnerabilities are caused due to some errors in the restriction of certain Java classes accessible via applets and Javascript. This can be exploited by a malicious applet to bypass the sandbox restriction and read or write arbitrary files.

Update to version 3.3.2:
http://kde.org/download/

Apply patch for 3.2.3:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.2.3-kdelibs-khtml-java.tar.bz2

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:154

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-16.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

KDE Security Advisory, December 20, 2004

Mandrakesoft MDKSA-2004:154, December 22, 2004

US-CERT Vulnerability Note, VU#420222, January 5, 2005

Gentoo Linux Security Advisory, GLSA 200501-16, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

LOGICNOW

PerlDesk 1.x

An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Matt Wright

WWWBoard 2.0 Alpha 2.1, 2.0 Alpha 2

A vulnerability exists in the password database file due to insufficient access controls, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Mike Neuman

osh 1.7

A buffer overflow vulnerability exists in 'main.c' due to insufficient bounds checking in the 'iopen()' function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Multiple Vendors

ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1

A remote Denial of Service vulnerability exists due to an error in the handling of file
information in corrupted ZIP files.

Upgrade available at:
http://sourceforge.net/project/showfiles.
php?group_id=86638&release_id=300116

Gentoo:
http://security.gentoo.org/glsa/glsa-200501-46.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

SecurityFocus, January 31, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005

Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2

A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

SuSE:
ftp://ftp.suse.com/pub/suse/

There is no exploit code required; however, a Proof of Concept exploit has been published.

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, 9.2;
Squid Web Proxy Cache 2.5 .STABLE3-STABLE7, 2.5 .STABLE1

A vulnerability exists due to a failure to handle malformed HTTP headers. The impact was not specified.

Patches available at:
http://www.squid-cache.org/Versions/v2/2.5/
bugs/squid-2.5.STABLE7-oversize_reply_headers.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-04.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200502-04:02, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

US-CERT Vulnerability Note VU#768702

US-CERT Vulnerability Note VU#823350

Multiple Vendors

FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1

A remote Denial of Service vulnerability during the decompression process due to a failure to handle malformed input.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200408-26.xml

FileZilla:
http://sourceforge.net/project/showfiles.
php?group_id=21558

OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch

OpenPKG:
ftp ftp.openpkg.org

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2004.17

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/2/

We are not aware of any exploits for this vulnerability.

SecurityFocus, August 25, 2004

SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004

Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004

US-CERT Vulnerability Note VU#238678, October 1, 2004

SCO Security Advisory, SCOSA-2004.17, October 19, 2004

Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004

Fedora Update Notification,
FEDORA-2005-095, January 28, 2005

Multiple Vendors

Hylafax.org Hylafax 4.0 pl0-pl2, 4.0.2, 4.1, beta1-beta3, 4.1.1-4.1.3, 4.1.5-4.1.8; 4.2;
MandrakeSoft Linux Mandrake 10.0, AMD64, 10.1 X86_64, 10.1

Patches available at:
ftp://ftp.hylafax.org/source/hylafax-4.2.1.tar.gz

Debian:
http://security.debian.org/
pool/updates/main/h/hylafax/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-21.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.suse.com/pub/suse/

There is no exploit required.

SecurityTracker Alert, 101284, January 12, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors

Linux Kernel 2.6.x

Update available at: http://kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

ncpfs 2.2.1 - 2.2.4

A buffer overflow exists that could lead to local execution of arbitrary code with elevated privileges. The vulnerability is in the handling of the '-T' option in the ncplogin and ncpmap utilities, which are both installed as SUID root by default.

Gentoo: Update to 'net-fs/ncpfs-2.2.5' or later
http://www.gentoo.org/security/en
/glsa/glsa-200412-09.xml

SUSE: Apply updated packages. Updated packages are available via YaST Online Update or the SUSE FTP site.

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors ncpfs: ncplogin and ncpmap Buffer Overflow

CVE Name:
CAN-2004-1079

Gentoo Linux Security Advisory, GLSA 200412-09 / ncpfs, December 15, 2004

Secunia SA13617, December 22, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005

Multiple Vendors

Samba 2.2.9, 3.0.8 and prior

An integer overflow vulnerability in all versions of Samba's smbd 0.8 could allow an remote malicious user to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

Patches available at:
http://www.samba.org/samba/ftp/patches/
security/samba-3.0.9-CAN-2004-1154.patch

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-670.html

Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200412-13.xml

Trustix:
http://www.trustix.net/errata/2004/0066/

Red Hat (Updated):
http://rhn.redhat.com/errata/
RHSA-2004-670.html

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

SUSE:
http://www.novell.com/linux/security/
advisories/2004_45_samba.html

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:158

Conectiva:
ftp://atualizacoes.conectiva.com.br/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-020.html

HP:
http://software.hp.com

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory 12.16.04

Red Hat Advisory, RHSA-2004:670-10, December 16, 2004

Gentoo Security Advisory, GLSA 200412-13 / Samba, December 17, 2004

US-CERT, Vulnerability Note VU#226184, December 17, 2004

Trustix Secure Linux Advisory #2004-0066, December 17, 2004

Red Hat, RHSA-2004:670-10, December 16, 2004

SUSE, SUSE-SA:2004:045, December 22, 2004

RedHat Security Advisory, RHSA-2005:020-04, January 5, 2005

Conectiva Linux Security Announcement, CLA-2005:913,January 6, 2005

Turbolinux Security Announcement, February 7, 2005

HP Security Advisory, HPSBUX01115, February 3, 2005

Multiple Vendors

Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0

Patch available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.
STABLE7-fakeauth_auth.patch

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory,
SA13789, January 11, 2005

Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

SuSE Linux 8.0, i386, 8.1, 8.2, 9.0 x86_64, 9.0-9.2; Wietse Venema Postfix 2.1.3

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/postfix/

SuSE:
ftp://ftp.suse.com/pub/suse/

There is no exploit code required.

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Ubuntu Security Notice, USN-74-2, February 4, 2005

Netatalk

Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-25.xml

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory GLSA 200410-25, October 25, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:121, November 2, 2004

Fedora Update Notifications,
FEDORA-2004-505 & 506, December 6, 2004

Turbolinux Security Announcement, 20050131, January 31, 2005

Newsgrab

Newsgrab prior to 0.5.0pre4

Two vulnerabilities exist: a vulnerability exists in the 'newsgrab.pl' file due to the insecure creation of downloaded files in the output directory, which could let a remote malicious user overwrite arbitrary files; and a Directory Traversal vulnerability exists due to insufficient sanitization of input from newsgroups messages, which could let a remote malicious user place attachments in arbitrary locations.

Update available at:
http://sourceforge.net/project/showfiles.
php?group_id=52048

A Proof of Concept exploit has been published.

Omni Group

OmniWeb 5.x

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

OpenSSL Project

OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssl/

Debian:
http://www.debian.org/
security/2004/dsa-603

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:147

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

OpenSSL
Insecure Temporary File Creation

CVE Name:
CAN-2004-0975

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004

Ubuntu Security Notice, USN-24-1, November 11, 2004

Debian Security Advisory
DSA-603-1, December 1, 2004

Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004

Turbolinux Security Announcement, 20050131, January 31, 2005

Petr Vandrovec

ncpfs prior to 2.2.6

Two vulnerabilities exist: a vulnerability exists in 'ncpfs-2.2.0.18/lib/ncplib.c' due to improper access control in the 'ncp_fopen_nwc()' function, which could let a malicious user obtain unauthorized access; and a buffer overflow vulnerability exists in 'ncpfs-2.2.5/sutil/ncplogin.c' due to insufficient validation of the 'opt_set_volume_after_parsing_all_options()' function, which could let a malicious user execute arbitrary code.

Update available at:
ftp://platan.vc.cvut.cz/pub/linux/ncpfs/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-44.xml

Debian:
http://www.debian.org/
security/2005/dsa-665

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

An exploit script has been published.

SecurityTracker Alert ID: 1013019, January 28, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005

Debian Security Advisory, DSA-665-1, February 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

PHPGroupWare

phpMyAdmin 2.4.0 up to 2.6.1-rc1

Two vulnerabilities exist which can be exploited by malicious people to compromise a vulnerable system and by malicious users to disclose sensitive information.1) An input validation error in the handling of MySQL data allows injection of arbitrary shell commands. 2) Input passed to 'sql_localfile' is not properly sanitized in 'read_dump.php' before being used to disclose files.

Gentoo:
http://www.gentoo.org/security
/en/glsa/glsa-200412-19.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

A Proof of Concept exploit has been published.

Exaprobe, Security Advisory, December 13, 2004

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

phpMyAdmin Development Team

phpMyAdmin 2.5 .0-2.5.7, 2.6 .0pl1&2

Upgrades available at:
http://prdownloads.sourceforge.net/
phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-36.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

Proofs of Concept exploits have been published.

netVigilance Security Advisory 5, November 19, 2004

Gentoo Linux Security Advisory, GLSA 200411-36, November 27, 2004

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

ProZIlla

ProZilla Download Accelerator 1.0 x, 1.3.0-1.3.4, 1.3.5.2, 1.3.5 .1, 1.3.5, 1.3.6

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-31.xml

Debian:
http://security.debian.org/pool
/updates/main/p/prozilla/

Exploit scripts have been published.

Secunia Advisory,
SA13294, November 24, 2004

Debian Security Advisory, DSA 663-1, February 1, 2005

SCO

Unixware 7.1.1, 7.1.3, 7.1.4; Avaya Intuity Audix R5

Patches available at:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.1/erg712731.711.pkg.Z

Avaya:
http://support.avaya.com/japple/css/
japple?temp.groupID=128450&temp.
selectedFamily=128451&temp.selected
Product=154235&temp.selectedBucket=
126655&temp.feedbackState=askFor
Feedback&temp.documentID=215716&
PAGE=avaya.css.CSSLvl1Detail&execute
Transaction=avaya.css.UsageUpdate()

There is no exploit required.

SCO Security Advisory, SCOSA-2005.1, January 6, 2005

Avaya Security Advisory, ASA-2005-029, February 2, 2005

Squid-cache.org

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0

Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch

http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml

Debian:
http://security.debian.org/pool/
updates/main/s/squid/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

SUSE:
ftp://ftp.suse.com/pub/suse/

There is no exploit required.

Secunia Advisory, SA13825, January 13, 2005

Debian Security Advisory, DSA 651-1, January 20, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005

Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

SquirrelMail Development Team

SquirrelMail prior to 0.6

Updates available at:
http://www.squirrelmail.org
/plugin_view.php?id=54

http://www.squirrelmail.org/plugin_
download.php?id=54&rev=1141

Currently we are not aware of any exploits for this vulnerability.

SquirrelMail Development Team

SquirrelMail Vacation Plugin 0.14 -1.2rc2, 0.15 -1.43a

Two vulnerabilities exists in the 'ftpfile' program due to insufficient input validation, which could let a remote malicious user execute arbitrary commands with root privileges or obtain sensitive information.

Upgrades available at:
http://www.squirrelmail.org/countdl.php?
fileurl=http%3A%2F%2Fwww.squirrelmail.
org%2Fplugins%2Fvacation_local-1.0-1.4.tar.gz

Proofs of Concept exploits scripts have been published.

LSS Security Advisory, LSS-2005-01-03, January 11, 2005

SecurityFocus, February 4, 2005

SquirrelMail Development Team

SquirrelMail 1.2.6

A vulnerability exists in 'src/webmail.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.org/pool/updates/
main/s/squirrelmail/squirrelmail
_1.2.6-2_all.deb

Currently we are not aware of any exploits for this vulnerability.

SuSE

SuSE Linux Open-Xchange 4.1

A path traversal vulnerability exists, which could let a remote malicious user obtain sensitive information.

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Todd Miller

Sudo 1.5.6-1.5.9, 1.6-1.6.8

A vulnerability exists due to an error in the environment cleaning, which could let a malicious user execute arbitrary commands.

Patch available at:
http://www.courtesan.com/sudo/
download.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Trustix:
http://http.trustix.org/pub/trustix/
updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Debian:
http://security.debian.org/pool
/updates/main/s/sudo/

OpenPKG:
ftp://ftp.openpkg.org/release/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

Secunia Advisory,
SA13199, November 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:133, November 15, 2004

Trustix Secure Linux Security Advisories, TSLSA-2004-0058 & 061, November 16 & 19, 2004

Ubuntu Security Notice, USN-28-1, November 17, 2004

Debian Security Advisory, DSA 596-1, November 24, 2004

OpenPKG Security Advisory, OpenPKG-SA-2005.002, January 17, 2005

Turbolinux Security Announcement, 20050131, January 31, 2005

University of Washington

imap 2004b, 2004a, 2004, 2002b-2002e

A vulnerability exists due to a logic error in the Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) code, which could let a remote malicious user bypass authentication.

Update available at:
ftp://ftp.cac.washington.edu/
mail/imap-2004b.tar.Z

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-02.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

US-CERT Vulnerability Note, VU#702777, January 27, 2005

Gentoo Linux Security Advisory, GLSA 200502-02, February 2, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 2005

VIM Development Group

VIM 6.0-6.2, 6.3.011, 6.3.025, 6.3 .030, 6.3.044, 6.3 .045

Multiple vulnerabilities exist in 'tcltags' and 'vimspell.sh' due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/v/vim/

Mandrake:
http://www.mandrakesecure.net
/en/ftp.php

There is no exploit required.

Secunia Advisory,
SA13841, January 13, 2005

Ubuntu Security Notice, USN-61-1, January 18, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 2005

Yukihiro Matsumoto

Ruby 1.6, 1.8

A vulnerability exists in the CGI session management component due to the way temporary files are processed, which could let a malicious user obtain elevated privileges.

Upgrades available at:
http://security.debian.org
/pool/updates/main/r/ruby/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-08.xml

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-441.html

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Ruby CGI Session Management Unsafe Temporary File

CVE Name:
CAN-2004-0755

Debian Security Advisory, DSA 537-1, August 16, 2004

Gentoo Linux Security Advisory, GLSA 200409-08, September 3, 2004

RedHat Security Advisory, RHSA-2004:441-18, September 30, 2004

Fedora Update Notification,
FEDORA-2004-264, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:128, November 8, 2004

Fedora Update Notification,
FEDORA-2004-403, November 11, 2004

Turbolinux Security Announcement, 20050131, January 31, 2005

Yusuf Motiwala

Newsfetch 1.4, 1.21

A buffer overflow vulnerability exists in 'nntp.c' due to insecure sscanf calls, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

BXCP 0.2.9.7 and prior

An input verification vulnerability exists that may allow disclosure of sensitive information. Input passed to the 'show' parameter in 'index.php' isn't properly verified.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Chipmunk Forum 1.x

Multiple vulnerabilities exist which could permit SQL injection attacks. Input passed to various scripts isn't properly validated.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Secunia SA14143, February 7, 2005

Cisco

Cisco IPVC-3510-MCU,
Cisco IPVC-3520-GW-2B, Cisco IPVC-3520-GW-4B,
Cisco IPVC-3520-GW-2,
Cisco IPVC-3520-GW-4V,
Cisco IPVC-3520-GW-2B2V, Cisco IPVC-3525-GW-1P, Cisco IPVC-3530-VTA

Cisco has issued a workaround available at: http://www.cisco.com/public/
technotes/cisco-sa-20050202-ipvc.shtml

Currently we are not aware of any exploits for this vulnerability.

Cisco

Linksys PSUS4 firmware 6032

A vulnerability exists which can could permit a Denial of Service. The vulnerability is caused due to an error in the HTTP POST request parsing.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

CMScore

Multiple vulnerabilities exist which could permit SQL injection attacks due to improper validation of input passed to the 'EntryID,' 'searchterm,' and 'username' parameters.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

GPL

Claroline 1.5 - 1.5.3

An input validation vulnerability exists that could permit script insertion attacks. Input passed to the 'wantedCode,' 'faculte,' 'intitule,' 'languageCourse,' 'titulaires,' and 'email' parameters in 'add_course.php' is not properly validated.

Apply patch for version 1.5.3:
http://www.claroline.net/
dlarea/claroline153fix01.zip

Currently we are not aware of any exploits for this vulnerability.

JShop E-Commerce

JShop Server prior to 1.2.0

A vulnerability exists that could permit Cross-Site Scripting attacks. This is due to improper input validation in the 'xProd' and 'xSec' parameters in 'product.php.'

Update to version 1.3.0:
http://www.jshop.co.uk/

A Proof of Concept exploit has been published.

SystemSecure, SS#27012005, January 30, 2005

SecurityFocus, Bugtraq ID 12403, January 31, 2005

Miro International

Mambo 4.5.1

A vulnerability exists that could permit a user to administrative privileges and access the database. Global variables are not properly protected.

Apply patch for version 4.5 and 4.5.1: http://www.mamboportal.com/component/
option,com_remository/Itemid,46/

Currently we are not aware of any exploits for this vulnerability.

MamboPortal Notice, February 2, 2005

Mozilla

Mozilla 1.7.5, Firefox 1.0

A spoofing vulnerability exists that could permit a malicious website to spoof the URL displayed in the address bar, SSL certificate, and status bar. This is due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Mozilla

Mozilla 1.7.3

The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-03.xml

SGI:
http://support.sgi.com/browse_request/
linux_patches_by_os

SuSE:
ftp://ftp.suse.com/pub/suse/

HP:
http://itrc.hp.com/service/cki/doc
Display.do?docId=HPSBTU01114

A Proof of Concept exploit has been published.

iSEC Security ResearchAdvisory, December 29, 2004

Gentoo Linux Security Advisor, GLSA 200501-03, January 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

HP Security Advisory, HPSBTU01114, February 4, 2005

Multiple Vendors

Check Point Software FireWall-1 R55 HFA08 with SmartDefense;
Internet Security Systems SiteProtector 2.0.4.561, 2.0 SP3;
IronPort IronPort with Sophos AV Engine 3.88;
McAfee Webshield 3000 4.3.20;
TippingPoint Unity-One with Digital Vaccine 2.0.0.2070;
Trend Micro InterScan Messaging Security Suite 3.81, 5.5,
Trend Micro WebProtect 3.1

TippingPoint:
https://tmc.tippingpoint.com/TMC

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-46.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

There is no exploit required.

Bugtraq, January 11, 2005

SecurityFocus, January 18, 2005

Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:025, February 2, 2005

Multiple Vendors

Debian Linux 3.0 spar, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ethereal Group Ethereal 0.9-0.9.16, 0.10-0.10.7

Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists in the DICOM dissector; a remote Denial of Service vulnerability exists in the handling of RTP timestamps; a remote Denial of Service vulnerability exists in the HTTP dissector; and a remote Denial of Service vulnerability exists in the SMB dissector when a malicious user submits specially crafted SMB packets. Potentially these vulnerabilities may also allow the execution of arbitrary code.

Upgrades available at:
http://www.ethereal.com/download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200412-15.xml

Conectiva:
ftp://atualizacoes.conectiva.com.br/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-011.html

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

Ethereal Security Advisory, enpa-sa-00016, December 15, 2004

Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005

RedHat Security Advisory, RHSA-2005:011-11, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Opera Software

Opera

A spoofing vulnerability exists that could permit a malicious website to spoof the URL displayed in the address bar, SSL certificate, and status bar. This is due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

PEiD 0.x

A vulnerability exists due to a boundary error within the parsing of the PE (Portable Executable) import directory that could allow execution of arbitrary code.

Update available at:
http://www.absolutelock.de/
construction/files/releases/
PEiD-0.93-20050130.zip

Currently we are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory, January 24, 2005

SecurityFocus, January 31, 2005

PHP-Fusion 4.01

An information disclosure vulnerability exists due to an error in 'forum_search.php' when handling multiple search words. This may disclose the subjects of posts in protected forums.rafted search query.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Secunia SA14090, February 2, 2005

Python

SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4

A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected.

Patches for Python 2.2, 2.3, and 2.4, available at:
http://python.org/security/
PSF-2005-001/patch-2.2.txt (Python 2.2)

http://python.org/security/
PSF-2005-001/patch.txt (Python 2.3, 2.4)

The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1.

Debian:
http://www.debian.org/security/
2005/dsa-666

Currently we are not aware of any exploits for this vulnerability.

QNX Software Systems Ltd.

RTOS 2.4, 4.25, 6.1 .0, 6.2 .0 Update Patch A, 6.2 .0

No vendor patch available at time of publishing. Workaround available through US-CERT Vulnerability Notes.

Proof of Concept exploit has been published.

Securiteam, September 6, 2004

US-CERT Vulnerability Note, VU#577566

US-CERT Vulnerability Note, VU#961686

softtime

LiteForum 2.1.1

A vulnerability exists that could permit a remote user to inject SQL commands. 'enter.php' does not properly validate user-supplied data in the password parameter.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Squid-cache.org

Squid 2.5

A vulnerability exists that could permit a remote malicious user to send multiple Content-length headers with special HTTP requests to corrupt the cache on the Squid server.

A patch (squid-2.5.STABLE7-header_parsing.patch) is available at: http://www.squid-cache.org/Versions/v2/2.5/bugs/
squid-2.5.STABLE7-header_parsing.patch

Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000923

Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200502-04.xml

Debian:
http://www.debian.org/
security/2005/dsa-667

Ubuntu:
http://www.ubuntulinux.org/support/
documentation/usn/usn-77-1

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Squid Error in Parsing HTTP Headers

CVE Name:
CAN-2005-0175

SecurityTracker Alert ID, 1012992, January 25, 2005

Gentoo GLSA 200502-04, February 2, 2005

Debian Security Advisory
DSA-667-1, February 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

US-CERT Vulnerability Notes, VU#924198 & VU#625878

SquirrelMail Development Team

SquirrelMail 1.x

A Cross-Site Scripting vulnerability exists in the 'decodeHeader()' function in 'mime.php' when processing encoded text in headers due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.

Patch available at:
http://prdownloads.sourceforge.net/
squirrelmail/sm143a-xss.diff?download

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-25.xml

Conectiva:
ftp://atualizacoes.conectiva.com.br/9

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/updates/

Apple:
http://www.apple.com/support/downloads/

SuSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://www.debian.org/
security/2005/dsa-662

An exploit script is not required.

SquirrelMail Cross-Site Scripting

CVE Name:
CAN-2004-1036
CAN-2005-0104
CAN-2005-0152

Secunia Advisory,
SA13155, November 11, 2004

Gentoo Linux Security Advisory, GLSA 200411-25, November 17, 2004

Fedora Update Notifications,
FEDORA-2004-471 & 472, November 28, 2004

Conectiva Linux Security Announcement, CLA-2004:905, December 2, 2004

Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Debian DSA-662-1, February 1, 2005

Sun Microsystems, Inc.

Sun Java JRE 1.3.x, 1.4.x,
Sun Java SDK 1.3.x, 1.4.x; Conectiva Linux 10.0; Gentoo Linux;
HP HP-UX B.11.23, B.11.22, B.11.11, B.11.00,
HP Java SDK/RTE for HP-UX PA-RISC 1.3,
HP Java SDK/RTE for HP-UX PA-RISC 1.4; Symantec Gateway Security 5400 Series v2.0.1, v2.0, Enterprise Firewall v8.0

A vulnerability exists due to a design error because untrusted applets for some private and restricted classes used internally can create and transfer objects, which could let a remote malicious user turn off the Java security manager and disable the sandbox restrictions for untrusted applets.

Updates available at:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57591-1

Conectiva:
ftp://atualizacoes.conectiva.com.br/10/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-38.xml

HP:
http://www.hp.com/go/java

Symantec:
http://securityresponse.symantec.com
/avcenter/security/Content/2005.01.04.html

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Sun(sm) Alert Notification, 57591, November 22, 2004

US-CERT Vulnerability Note, VU#760344, November 23, 2004

Conectiva Linux Security Announcement, CLA-2004:900, November 26, 2004

Gentoo Linux Security Advisory, GLSA 200411-38, November 29, 2004

HP Security Bulletin,
HPSBUX01100, December 1, 2004

Sun(sm) Alert Notification, 57591, January 6, 2005 (Updated)

Symantec Security Response, SYM05-001,
January 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Turnkey Web Tools

SunShop Shopping Cart 3.4 RC4

A Cross-Site Scripting vulnerability exists due to improper validation of input passed to the 'search' parameter in 'index.php.'

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

SystemSecure, SS#25012005, February 3, 2005

University of California (BSD License)

PostgreSQL 7.x, 8.x

Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration.

Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7: http://wwwmaster.postgresql.org
/download/mirrors-ftp

Ubuntu:
http://www.ubuntulinux.org/support/
documentation/usn/usn-71-1

Debian:
http://www.debian.org/
security/2005/dsa-668

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-08.xml

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

Currently we are not aware of any exploits for these vulnerabilities.

PostgreSQL Security Release, February 1, 2005

Ubuntu Security Notice USN-71-1 February 01, 2005

Debian Security Advisory
DSA-668-1, February 4, 2005

Gentoo GLSA 200502-08, February 7, 2005

Ventia

DeskNow Mail and Collaboration Server 2.5.12

A vulnerability exists that could permit a remote user to upload or delete files to arbitrary locations on the target server. The 'attachment.do' script and the 'file.do' script do not properly validate user-supplied input.

A fixed version (2.5.14 and later) is available at: http://www.desknow.com/
desknowmc/downloads.html

Currently we are not aware of any exploits for this vulnerability.

SIG^2 Vulnerability Research Advisory, February 2, 2005

x-dev

xGB

A vulnerability exists that could permit a remote user to gain administrative access to the guest book.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.