 |
Summary of Security Items from February 2 through February 8, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
DelphiTurk
CodeBank 3.1 & prior |
A vulnerability exists because username and passwords are stored in the Registry, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
DelphiTurk CodeBank Password Disclosure |
Medium |
SecurityTracker Alert, 1013093, February 7, 2005 |
EternalLines.com
Eternal Lines Web Server 1.0 |
A remote Denial of Service vulnerability exists when a malicious user submits approximately 70 simultaneous connections to the target web server from the same originating host.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
Eternal Lines Web Server Remote Denial of Service |
Low |
GSSIT Advisory, January 31, 2005
SecurityFocus, February 1, 2005 |
Foxmail
Email Server 2.0 |
A buffer overflow vulnerability in the 'Mail From:' command due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Foxmail
'MAIL FROM:' Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory,
SA14145, February 8, 2005 |
IceWarp
Web Mail 5.3 |
Multiple vulnerabilities exist: a vulnerability exists when accessing 'calendar_d.html,' 'calendar_m.html,' 'calendar_w.html,' and 'calendar_y.html' directly with a valid session ID in the 'id' parameter, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to weak encryption of user credentials in the 'users.cfg,' 'settings.cfg,' 'user.dat,' and 'users.dat' files, which could let a malicious user obtain sensitive information; and multiple Cross-Site Scripting and HTML injection vulnerabilities exist which could let a remote malicious user execute arbitrary HTML and script code.
Upgrade available at:
http://www.icewarp.com/downloads/
webmail.html?PHPSESSID=
363e38e9f350cceda950cc146f67196f
There is no exploit code required; however, Proofs of Concept exploits have been published. |
IceWarp Web Mail Multiple Remote Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
ShineShadow Security Report, January 29, 2005
SecurityFocus, February 3, 2005 |
Microsoft
Internet Explorer 6.0, SP1 |
A Cross-Zone Scripting vulnerability exists when using the 'AddChannel' method to add a channel, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Microsoft Internet Explorer AddChannel Cross-Zone Scripting
|
High |
GreyHats Security Group, February 2, 2005 |
Microsoft
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 |
Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/security/
bulletin/MS05-009.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin, MS05-009, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#259890 |
Microsoft
Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A vulnerability exists in the DHTML Edit ActiveX control, which could let a remote malicious user inject arbitrary scripting code into a different window on the target user's system.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-013.msp
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer DHTML Edit Control Script
CVE Name:
CAN-2004-1319
|
High |
Bugtraq, December 15, 2004
Microsoft Security Bulletin, MS05-013, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#356600 |
Microsoft
Windows 2000 SP3 &SP4, Windows XP SP1 & SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Server 2003 for Itanium-based Systems, Windows 98, SE, ME |
A vulnerability exists due to the way Drag-and-Drop events are handled, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-008.mspx
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Microsoft Security Bulletin, MS05-008, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#698835 |
Microsoft
ASP.NET 1.x |
A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.
Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx
A Proof of Concept exploit has been published. |
|
Medium |
Microsoft, October 7, 2004
Microsoft Security Bulletin, MS05-004, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Vulnerability Note VU#283646
|
Microsoft
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 |
A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Office URL File Location Handling Buffer Overflow
CVE Name:
CAN-2004-0848
|
High |
Microsoft Security Bulletin, MS05-005, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#416001 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-011.mspx
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Microsoft Security Bulletin, MS05-011, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#652537 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
Multiple vulnerabilities exist: a vulnerability exists due to insufficient validation of drag and drop events from the Internet zone to local resources, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to the way certain encoded URLs are parsed, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the validation of URLs in CDF (Channel Definition Format) files, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists due to an input validation error in the 'createControlRange()' javascript function, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to insufficient cross-zone restrictions; a vulnerability exists due to the way web sites are handled inside the 'Temporary Internet Files' folder; and a vulnerability exists in the 'codebase' attribute of the 'object' tag due to a parsing error.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-014.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin, MS05-014, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Notes VU#580299, VU#823971 VU#843771
VU#698835 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
Two vulnerabilities exist: a vulnerability exists in OLE due to the way input validation is handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists when processing COM structured storage files, which could let a remote malicious execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-012.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin, MS05-012, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Notes VU#597889, VU#927889 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1,
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-015.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Hyperlink Object Library Buffer Overflow
CVE Name:
CAN-2005-0057
|
High |
Microsoft Security Bulletin, MS05-015, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#820427 |
Microsoft
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server
Edition SP6a, Windows 2000 Server SP3 & SP4, Windows 2003, Windows 2003 for Itanium-based Systems |
A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows License Logging Service Buffer Overflow
CVE Name:
CAN-2005-0050
|
Low/High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin, MS05-010, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#130433 |
Microsoft
Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003 |
A remote code execution vulnerability exists in the Windows Server 2003 SMTP component due to the way Domain Name System (DNS) lookups are handled. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.
Updates available at:
http://www.microsoft.com/technet/
security/bulletin/MS04-035.mspx
Bulletin updated to clarify restart requirement for Windows Server 2003 and Windows XP 64-Bit.
Bulletin updated to advise of the availability of an update for Exchange 2000 Server.
Currently we are not aware of any exploits for this vulnerability. |
|
High |
|
Microsoft
Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft |
A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-006.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing
CVE Name:
CAN-2005-0049
|
High |
Microsoft Security Bulletin, MS05-006, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#340409 |
Microsoft
Windows XP SP1 & SP2, XP 64-Bit Edition SP1 |
A vulnerability exists in the authentication validation process when using named pipe connections, which could let a remote malicious user obtain sensitive information.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-007.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows XP Named Pipe Information Disclosure
CVE Name:
CAN-2005-0051
|
Medium |
Microsoft Security Bulletin, MS05-007, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#939074 |
Netscape
Netscape 7.x |
A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Netscape IDN Implementation URL Spoof |
Medium |
Secunia Advisory,
SA14165, February 7, 2005 |
People Can Fly
Painkiller 1.35 & prior |
A buffer overflow vulnerability exists due to insufficient bounds checking in the Gamespy CD-key hash, which could let a remote malicious user cause a Denial of Service.
Update available at: www.painkillergame.com/
A Proof of Concept exploit has been published. |
Painkiller Buffer Overflow Remote Denial of Service |
Low |
Securiteam, February 3, 2005 |
Piotr Kowalski
LANChat Pro Revival1.666c |
A remote Denial of Service vulnerability exists due to a failure to process unexpected data.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Piotr Kowalski LANChat Pro Remote Denial of Service |
Low |
SecurityTracker Alert ID, 1013082, February 3, 2005 |
Qualcomm
Eudora 6.2.0 & prior |
Several vulnerabilities exist when viewing emails and handling stationary and mailbox files due to unspecified errors, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://www.eudora.com/products/
Currently we are not aware of any exploits for these vulnerabilities. |
Eudora E-mail, Stationary/Mailbox Files Remote Code Execution
|
High |
NGSSoftware Advisory, February 2, 2005 |
RaidenHTTPD TEAM
RaidenHTTPD 1.1.27 |
A Directory Traversal vulnerability when handling HTTP requests that contain relative pathnames due to an input validation error, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://www.raidenhttpd.com/en/download.html
A Proof of Concept exploit has been published. |
RaidenHTTPD Directory Traversal
|
Medium |
Securiteam, February 6, 2005 |
RARLAB
WinRar 3.0 .0, 3.10, beta 5, beta 3, 3.11, 3.20, 3.40-3.42 |
A Directory Traversal vulnerability exists when attempting to decompress a file by right clicking, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
RARLAB WinRAR Directory Traversal |
Medium |
7a69ezine Advisories, 7a69Adv#21, February 2, 2005 |
Real Networks
RealPlayer 10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5 |
A vulnerability exists due to insufficient enforcement of security zones, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
RealPlayer Security Zone Bypass |
|
Bugtraq, February 1, 2005 |
Savant
Savant Webserver 3.1 |
A buffer overflow vulnerability exists due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
Savant Web Server Remote Buffer Overflow |
High |
Securiteam, February 2, 2005 |
Software602
602LAN SUITE 2004 |
A vulnerability exists due to improper validation of user-supplied filenames before uploading files as e-mail attachments, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.software602.com/download/
Currently we are not aware of any exploits for this vulnerability. |
602LAN SUITE Input Validation |
High |
SIG^2 Vulnerability Research Advisory, February 8, 2005 |
ZipGenius
ZipGenius Standard Edition 5.5, Suite Edition 5.5 |
Multiple Directory Traversal vulnerabilities exist due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://web.rossoalice.it/zipgenius/zg6/zg6sui_b5.exe
There is no exploit code required. |
ZipGenius Multiple Directory Traversal Vulnerabilities |
Medium |
7a69ezine Advisories, 7a69Adv#19 & 20, February 2, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
| Alexander Barton
ngIRCd 0.6, 0.6.1, 0.7, 0.7.1, 0.7.5-0.7.7, 0.8-0.8.2 |
A format string vulnerability exists in 'log.c' due to insufficient sanitization of the 'Log_Resolver()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Alexander Barton ngIRCd Remote Format String |
High |
No System Group, Advisory #11, February 3, 2005 |
Apple
Safari 1.2.4 v125.12
|
An input validation vulnerability exists because the HTTP 'Content-type' header value is ignored by the web server, which could let a remote malicious user modify system information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Apple Safari Input Validation |
Medium |
SecurityTracker Alert ID: 1013087, February 5, 2005 |
Apple
Safari 1.2.5 |
A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Apple Safari IDN Implementation URL Spoof |
Medium |
Secunia Advisory,
SA14164, February 7, 2005 |
ARJ Software Inc.
UNARJ 2.62-2.65
|
A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-29.xml
SUSE:
http://www.suse.de/de/security/
2004_03_sr.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-007.html
Debian:
http://security.debian.org/pool/updates/
non-free/u/unarj/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-022_RHSA-2005-007.pdf
Fedora Legacy:
http://download.fedoralegacy.org/redhat/
http://download.fedoralegacy.org
/fedora/1/updates/
Currently we are not aware of any exploits for this vulnerability. |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SecurityTracker Alert I,: 1012194, November 11, 2004
Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004
SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004
Fedora Update Notification
FEDORA-2004-414, December 11, 2004
RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005
Debian Security Advisory, DSA 652-1, January 21, 2005
Avaya Security Advisory, ASA-2005-022, January 25, 2005
Fedora Legacy Update Advisory, FLSA:2272, February 1, 2005 |
FireHOL
FireHOL 1.214 |
A vulnerability exists due to the insecure creation of various temporary files, which could let a malicious user overwrite arbitrary files.
Update available at:
http://firehol.sourceforge.net/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-01.xml
There is no exploit required |
FireHOL Insecure Local Temporary File Creation |
Medium |
Secunia Advisory, SA13970, January 25, 2005
Gentoo Linux Security Advisory, GLSA 200502-01, February 1, 2005 |
Freedesktop.org
D-BUS 0.23 & prior |
A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.
Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/3/
There is no exploit code required. |
|
Medium |
SecurityTracker Alert ID,1013075, February 3, 2005 |
FreeRADIUS Server Project
FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0 |
A remote Denial of Service vulnerability exists in 'radius.c' and 'eap_tls.c' due to a failure to handle malformed packets.
Upgrades available at:
ftp://ftp.freeradius.org/pub/radius/
freeradius-1.0.1.tar.gz
Gentoo:
http://security.gentoo.org/glsa/
glsa-200409-29.xml
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
RedHat: http://rhn.redhat.com/errata/
RHSA-2004-609.html
Fedora Legacy:
http://download.fedoralegacy.org/
fedora/1/updates/
There is no exploit code required. |
|
Low |
Gentoo Linux Security Advisory, GLSA 200409-29, September 22, 2004
US-CERT Vulnerability Note VU#541574, October 11, 2004
Fedora Update Notification,
FEDORA-2004-355, October 28, 2004
RedHat Security Advisory, RHSA-2004:609-06, November 12, 2004
Fedora Legacy Update Advisory, FLSA:2187, February 1, 2005
US-CERT Vulnerability Note VU#541574 |
Frox
Frox 0.7.16, 0.7.17 |
A vulnerability exists in 'config.c' due to improper parsing of Deny ACLs in the 'parse_match()' function, which could let a remote malicious user bypass security restrictions.
Update available at:
http://frox.sourceforge.net/download/
Currently we are not aware of any exploits for this vulnerability. |
Frox Deny ACL Parsing |
Medium |
Secunia Advisory,
SA14182, February 8, 2005 |
Gallery Project
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux |
A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/project/showfiles.
php?group_id=7130
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-10.xml
Debian:
http://security.debian.org/pool/updates
/main/g/gallery/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-45.xml
It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed.
There is no exploit code required. |
|
High |
Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004
Debian Security Advisory, DSA 642-1, January 17, 2005
Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005
SecurityFocus, February 2, 2005 |
Glyph and Cog
XPDF prior to 3.00pl3 |
A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.foolabs.com/xpdf/download.html
Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/
http://security.debian.org/pool/
updates/main/x/xpdf/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/
KDE:
ftp://ftp.kde.org/pub/kde/security_patches
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow
CVE Name:
CAN-2005-0064
|
High |
iDEFENSE Security Advisory, January 18, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
GNU
Emacs prior to 21.4.17
|
A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert, 1013100, February 7, 2005 |
GNU Midnight Commander Project
Midnight Commander 4.x |
Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/m/mc/
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium/ High
(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012903, January 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
GNU
ChBg 1.5 |
A vulnerability was reported in ChBg. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted ChBg scenario file that, when processed by the target user with ChBg, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the simplify_path() function in 'config.c.' FreeBSD is not affected because PATH_MAX is set to 1024, preventing the buffer overflow.
Debian:
http://security.debian.org/pool/
updates/main/c/chbg/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
A Proof of Concept exploit script has been published. |
|
High |
Secunia Advisory ID, SA13529, December 17, 2004
Debian Security Advisory, DSA 644-1, January 18, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:027, February 2, 2005
|
GNU
CUPS 1.1.22 |
A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SGI:
http://www.sgi.com/support/security/
SuSE:
ftp://ftp.suse.com/pub/suse/
A Proof of Concept exploit script has been published. |
GNU CUPS HPGL ParseCommand() Buffer Overflow
CVE Name:
CAN-2004-1267
|
High |
CUPS Advisory STR #1023, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
GNU
CUPS Ippasswd 1.1.22 |
A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/security/
A Proof of Concept exploit has been published. |
|
Low |
SecurityTracker Alert ID, 1012602, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005 |
GNU
Xpdf prior to 3.00pl2 |
A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.
A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/download.html
A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch
KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt
Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165
Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163
Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162
Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161
Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166
Debian:
http://www.debian.org/security/2004/dsa-619
Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
GNU Xpdf Buffer Overflow in doImage()
CVE Name:
CAN-2004-1125 |
High |
iDEFENSE Security Advisory 12.21.04
KDE Security Advisory, December 23, 2004
Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004
Fedora Update Notification,
FEDORA-2004-585, January 6, 2005
Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Avaya Security Advisory, ASA-2005-027, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
Hewlett-Packard
HP-UX 11.x |
A vulnerability exists which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in SAM (System Administration Manager).
Apply patches:
http://www.itrc.hp.com/service/
patch/mainPage.do
Rev 2: Added B.11.04 patch
Currently we are not aware of any exploits for this vulnerability.
|
Hewlett-Packard HP-UX SAM Privilege Escalation Vulnerability |
Medium |
HP Advisory, SSRT4699, December 22, 2004
HP Security Bulletin, HPSBUX01104 Rev 2, February 1, 2004 |
IBM
AIX 5.3 |
A vulnerability exists in the NIS client, which could let a remote malicious user execute arbitrary code.
Patch available at:
ftp://aix.software.ibm.com/aix/
efixes/security/nis_efix.tar.Z
Currently we are not aware of any exploits for this vulnerability. |
IBM AIX NIS Client Remote Code Execution |
High |
SecurityFocus, February 1, 2005 |
IBM
AIX 5.1-5.3 |
A format string vulnerability exists in '/usr/sbin/chdev,' which could let a malicious user obtain root privileges.
Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html
Currently we are not aware of any exploits for this vulnerability. |
IBM AIX chdev Format String |
High |
iDEFENSE Security Advisory, February 7, 2005 |
IBM
AIX 5.2, 5.3 |
A format string vulnerability exists in auditselect, which could let a malicious user obtain root privileges.
Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert, 1013103, February 8, 2005 |
Info-ZIP
Zip 2.3; Avaya CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing |
A buffer overflow vulnerability exists due to a boundary error when doing recursive compression of directories with 'zip,' which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zip/
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-16.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-634.html
Debian:
http://www.debian.org/
security/2005/dsa-624
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-019_RHSA-2004-634.pdf
Fedora Legacy:
http://download.fedoralegacy.org/redhat/
http://download.fedoralegacy.org
/fedora/1/updates/
Currently we are not aware of any exploits for this vulnerability.
|
Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow
CVE Name:
CAN-2004-1010
|
High |
Bugtraq, November 3, 2004
Ubuntu Security Notice, USN-18-1, November 5, 2004
Fedora Update Notification,
FEDORA-2004-399 & FEDORA-2004-400, November 8 & 9, 2004
Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004
SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004
Red Hat Advisory, RHSA-2004:634-08, December 16, 2004
Debian DSA-624-1, January 5, 2005
Turbolinux Security Announcement, 20050131, January 31, 2005
Avaya Security Advisory, ASA-2005-019, January 25, 200
Fedora Legacy Update Advisory, FLSA:2255, February 1, 2005
|
Jim Faulkner
Newspost 2.0, 2.1.1 |
A buffer overflow vulnerability exists in 'socket.c' in the the 'socket_getline()' function when handling NNTP server responses, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-05.xml
A Proof of Concept exploit script has been published. |
|
High |
Secunia Advisory,
SA14092, February 1, 2005
Gentoo Linux Security Advisory, GLSA 200502-05, February 3, 2004 |
KDE.org
Konqueror 3.x |
A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
KDE Konqueror IDN Implementation URL Spoof |
Medium |
Secunia Advisory,
SA14162, February 7, 2005 |
KDE
KDE 3.x, 2.x |
A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.
The vulnerability has been fixed in the CVS repository.
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160
Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/
Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
KDE kio_ftp FTP Command Injection Vulnerability
CVE Name:
CAN-2004-1165
|
Medium |
KDE Advisory Bug 95825, December 26, 2004
Debian Security Advisory, DSA 631-1, January 10, 2005
Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005
Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
KDE
Konqueror 3.2.2-6
|
A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:150
Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-16.xml
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Secunia Advisory ID, SA13254, December 8, 2004
Secunia Advisory ID, SA13486, December 16, 2004
Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
KDE
Konqueror prior to 3.32 |
Two vulnerabilities exist in KDE Konqueror, which can be exploited by malicious people to compromise a user's system.The vulnerabilities are caused due to some errors in the restriction of certain Java classes accessible via applets and Javascript. This can be exploited by a malicious applet to bypass the sandbox restriction and read or write arbitrary files.
Update to version 3.3.2:
http://kde.org/download/
Apply patch for 3.2.3:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.2.3-kdelibs-khtml-java.tar.bz2
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:154
Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-16.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for these vulnerabilities. |
KDE Konqueror
Java Sandbox Vulnerabilities
CVE Name:
CAN-2004-1145
|
High |
KDE Security Advisory, December 20, 2004
Mandrakesoft MDKSA-2004:154, December 22, 2004
US-CERT Vulnerability Note, VU#420222, January 5, 2005
Gentoo Linux Security Advisory, GLSA 200501-16, January 11, 2005
Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
LOGICNOW
PerlDesk 1.x |
An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
PerlDesk 'view' Parameter Input Validation |
High |
SecurityTracker Alert, 1013090, February 7, 2005 |
Matt Wright
WWWBoard 2.0 Alpha 2.1, 2.0 Alpha 2 |
A vulnerability exists in the password database file due to insufficient access controls, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
WWWBoard Password Database Access Controls |
Medium |
SecurityFocus, February 5, 2005 |
Mike Neuman
osh 1.7 |
A buffer overflow vulnerability exists in 'main.c' due to insufficient bounds checking in the 'iopen()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Mike Neuman OSH Command Line Argument Buffer Overflow |
High |
Secunia Advisory,
SA14159, February 8, 2005 |
Multiple Vendors
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1 |
A remote Denial of Service vulnerability exists due to an error in the handling of file
information in corrupted ZIP files.
Upgrade available at:
http://sourceforge.net/project/showfiles.
php?group_id=86638&release_id=300116
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-46.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Clam Anti-Virus ClamAV Remote Denial of Service
CVE Name:
CAN-2005-0133
|
Low |
SecurityFocus, January 31, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005
Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Multiple Vendors
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 |
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SuSE:
ftp://ftp.suse.com/pub/suse/
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Multiple Vendors
MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta) |
A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.
Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Evolution Camel-Lock-Helper Application Remote Buffer Overflow
CVE Name:
CAN-2005-0102
|
High |
Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005
Ubuntu Security Notice, USN-69-1, January 25, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Multiple Vendors
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, 9.2;
Squid Web Proxy Cache 2.5 .STABLE3-STABLE7, 2.5 .STABLE1 |
A vulnerability exists due to a failure to handle malformed HTTP headers. The impact was not specified.
Patches available at:
http://www.squid-cache.org/Versions/v2/2.5/
bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-04.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
Not Specified |
Gentoo Linux Security Advisory, GLSA 200502-04:02, February 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
US-CERT Vulnerability Note VU#768702
US-CERT Vulnerability Note VU#823350 |
Multiple Vendors
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1 |
A remote Denial of Service vulnerability during the decompression process due to a failure to handle malformed input.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200408-26.xml
FileZilla:
http://sourceforge.net/project/showfiles.
php?group_id=21558
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch
OpenPKG:
ftp ftp.openpkg.org
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2004.17
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/2/
We are not aware of any exploits for this vulnerability.
|
Zlib Compression Library Remote
Denial of Service
CVE Name:
CAN-2004-0797
|
Low |
SecurityFocus, August 25, 2004
SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004
US-CERT Vulnerability Note VU#238678, October 1, 2004
SCO Security Advisory, SCOSA-2004.17, October 19, 2004
Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004
Fedora Update Notification,
FEDORA-2005-095, January 28, 2005 |
Multiple Vendors
Hylafax.org Hylafax 4.0 pl0-pl2, 4.0.2, 4.1, beta1-beta3, 4.1.1-4.1.3, 4.1.5-4.1.8; 4.2;
MandrakeSoft Linux Mandrake 10.0, AMD64, 10.1 X86_64, 10.1 |
A vulnerability exists because the username is incorrectly compared with an entry in the 'hosts.hfaxd' database, which could let a remote malicious user obtain unauthorized access.
Patches available at:
ftp://ftp.hylafax.org/source/hylafax-4.2.1.tar.gz
Debian:
http://security.debian.org/
pool/updates/main/h/hylafax/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
There is no exploit required.
|
|
Medium |
SecurityTracker Alert, 101284, January 12, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Multiple Vendors
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Ubuntu Security Notice, USN-72-1, February 2, 2005 |
Multiple Vendors
Linux Kernel 2.6.x |
A Denial of Service vulnerability exists in 'fs/ntfs/debug.c' because kernel error messages are not properly limited.
Update available at: http://kernel.org/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel NTFS File System Denial of Service |
Low |
Secunia Advisory, SA14117, February 7, 2005 |
Multiple Vendors
ncpfs 2.2.1 - 2.2.4 |
A buffer overflow exists that could lead to local execution of arbitrary code with elevated privileges. The vulnerability is in the handling of the '-T' option in the ncplogin and ncpmap utilities, which are both installed as SUID root by default.
Gentoo: Update to 'net-fs/ncpfs-2.2.5' or later
http://www.gentoo.org/security/en
/glsa/glsa-200412-09.xml
SUSE: Apply updated packages. Updated packages are available via YaST Online Update or the SUSE FTP site.
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendors ncpfs: ncplogin and ncpmap Buffer Overflow
CVE Name:
CAN-2004-1079 |
High |
Gentoo Linux Security Advisory, GLSA 200412-09 / ncpfs, December 15, 2004
Secunia SA13617, December 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005 |
Multiple Vendors
Samba 2.2.9, 3.0.8 and prior |
An integer overflow vulnerability in all versions of Samba's smbd 0.8 could allow an remote malicious user to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
Patches available at:
http://www.samba.org/samba/ftp/patches/
security/samba-3.0.9-CAN-2004-1154.patch
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-670.html
Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200412-13.xml
Trustix:
http://www.trustix.net/errata/2004/0066/
Red Hat (Updated):
http://rhn.redhat.com/errata/
RHSA-2004-670.html
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_45_samba.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:158
Conectiva:
ftp://atualizacoes.conectiva.com.br/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-020.html
HP:
http://software.hp.com
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Samba smbd Security
Descriptor
CVE Name:
CAN-2004-1154
|
|
iDEFENSE Security Advisory 12.16.04
Red Hat Advisory, RHSA-2004:670-10, December 16, 2004
Gentoo Security Advisory, GLSA 200412-13 / Samba, December 17, 2004
US-CERT, Vulnerability Note VU#226184, December 17, 2004
Trustix Secure Linux Advisory #2004-0066, December 17, 2004
Red Hat, RHSA-2004:670-10, December 16, 2004
SUSE, SUSE-SA:2004:045, December 22, 2004
RedHat Security Advisory, RHSA-2005:020-04, January 5, 2005
Conectiva Linux Security Announcement, CLA-2005:913,January 6, 2005
Turbolinux Security Announcement, February 7, 2005
HP Security Advisory, HPSBUX01115, February 3, 2005 |
Multiple Vendors
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 |
A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.
STABLE7-fakeauth_auth.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Squid NTLM fakeauth_auth Helper Remote Denial of Service
CVE Name:
CAN-2005-0096
|
Low |
Secunia Advisory,
SA13789, January 11, 2005
Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Multiple Vendors
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0 x86_64, 9.0-9.2; Wietse Venema Postfix 2.1.3 | |
| |
