Skip to content

customize
National Cyber Alert System
Cyber Security Bulletin SB05-040archive

Summary of Security Items from February 2 through February 8, 2005

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.


Bugs, Holes, & Patches

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

DelphiTurk

CodeBank 3.1 & prior

A vulnerability exists because username and passwords are stored in the Registry, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

DelphiTurk CodeBank Password Disclosure
Medium
SecurityTracker Alert, 1013093, February 7, 2005

EternalLines.com

Eternal Lines Web Server 1.0

A remote Denial of Service vulnerability exists when a malicious user submits approximately 70 simultaneous connections to the target web server from the same originating host.

No workaround or patch available at time of publishing.

An exploit script has been published.

 

Eternal Lines Web Server Remote Denial of Service
Low

GSSIT Advisory, January 31, 2005

SecurityFocus, February 1, 2005

Foxmail

Email Server 2.0

A buffer overflow vulnerability in the 'Mail From:' command due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Foxmail
'MAIL FROM:' Remote Buffer Overflow

Low/High

(High if arbitrary code can be executed)

Secunia Advisory,
SA14145, February 8, 2005

IceWarp

Web Mail 5.3

Multiple vulnerabilities exist: a vulnerability exists when accessing 'calendar_d.html,' 'calendar_m.html,' 'calendar_w.html,' and 'calendar_y.html' directly with a valid session ID in the 'id' parameter, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to weak encryption of user credentials in the 'users.cfg,' 'settings.cfg,' 'user.dat,' and 'users.dat' files, which could let a malicious user obtain sensitive information; and multiple Cross-Site Scripting and HTML injection vulnerabilities exist which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://www.icewarp.com/downloads/
webmail.html?PHPSESSID=
363e38e9f350cceda950cc146f67196f

There is no exploit code required; however, Proofs of Concept exploits have been published.

IceWarp Web Mail Multiple Remote Vulnerabilities

Medium/ High

(High if arbitrary code can be executed)

ShineShadow Security Report, January 29, 2005

SecurityFocus, February 3, 2005

Microsoft

Internet Explorer 6.0, SP1

A Cross-Zone Scripting vulnerability exists when using the 'AddChannel' method to add a channel, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft Internet Explorer AddChannel Cross-Zone Scripting

High
GreyHats Security Group, February 2, 2005

Microsoft

Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2

Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/security/
bulletin/MS05-009.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft Media Player & Windows/MSN Messenger PNG Processing

CVE Names:
CAN-2004-1244
CAN-2004-0597

High

Microsoft Security Bulletin, MS05-009, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#259890

Microsoft

Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A vulnerability exists in the DHTML Edit ActiveX control, which could let a remote malicious user inject arbitrary scripting code into a different window on the target user's system.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-013.msp

A Proof of Concept exploit has been published.

Microsoft Internet Explorer DHTML Edit Control Script

CVE Name:
CAN-2004-1319

High

Bugtraq, December 15, 2004

Microsoft Security Bulletin, MS05-013, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#356600

Microsoft

Windows 2000 SP3 &SP4, Windows XP SP1 & SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Server 2003 for Itanium-based Systems, Windows 98, SE, ME

A vulnerability exists due to the way Drag-and-Drop events are handled, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-008.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Drag and Drop

CVE Name:
CAN-2005-0053

High

Microsoft Security Bulletin, MS05-008, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#698835

Microsoft

ASP.NET 1.x

A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.

Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx

A Proof of Concept exploit has been published.

Microsoft ASP.NET Canonicalization

CVE Name:
CAN-2004-0847

Medium

Microsoft, October 7, 2004

Microsoft Security Bulletin, MS05-004, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Vulnerability Note VU#283646

Microsoft

Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004

A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Office URL File Location Handling Buffer Overflow

CVE Name:
CAN-2004-0848

High

Microsoft Security Bulletin, MS05-005, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#416001

Microsoft

Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-011.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows SMB Buffer Overflow

CVE Name:
CAN-2005-0045

High

Microsoft Security Bulletin, MS05-011, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#652537

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

Multiple vulnerabilities exist: a vulnerability exists due to insufficient validation of drag and drop events from the Internet zone to local resources, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to the way certain encoded URLs are parsed, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the validation of URLs in CDF (Channel Definition Format) files, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists due to an input validation error in the 'createControlRange()' javascript function, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to insufficient cross-zone restrictions; a vulnerability exists due to the way web sites are handled inside the 'Temporary Internet Files' folder; and a vulnerability exists in the 'codebase' attribute of the 'object' tag due to a parsing error.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-014.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft Internet Explorer Vulnerabilities

CVE Names:
CAN-2005-0053
CAN-2005-0054
CAN-2005-0055
CAN-2005-0056

High

Microsoft Security Bulletin, MS05-014, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Notes VU#580299, VU#823971 VU#843771
VU#698835

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

Two vulnerabilities exist: a vulnerability exists in OLE due to the way input validation is handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists when processing COM structured storage files, which could let a remote malicious execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-012.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft Windows OLE / COM Remote Code Execution

CVE Names:
CAN-2005-0044
CAN-2005-0047

High

Microsoft Security Bulletin, MS05-012, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Notes VU#597889, VU#927889

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1,
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-015.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Hyperlink Object Library Buffer Overflow

CVE Name:
CAN-2005-0057

High

Microsoft Security Bulletin, MS05-015, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#820427

Microsoft

Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server
Edition SP6a, Windows 2000 Server SP3 & SP4, Windows 2003, Windows 2003 for Itanium-based Systems

A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows License Logging Service Buffer Overflow

CVE Name:
CAN-2005-0050

Low/High

(High if arbitrary code can be executed)

Microsoft Security Bulletin, MS05-010, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#130433

Microsoft

Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003

A remote code execution vulnerability exists in the Windows Server 2003 SMTP component due to the way Domain Name System (DNS) lookups are handled. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.

Updates available at:
http://www.microsoft.com/technet/
security/bulletin/MS04-035.mspx

Bulletin updated to clarify restart requirement for Windows Server 2003 and Windows XP 64-Bit.

Bulletin updated to advise of the availability of an update for Exchange 2000 Server.

Currently we are not aware of any exploits for this vulnerability.

Microsoft SMTP Remote Code Execution

CVE Name:
CAN-2004-0840

High

Microsoft Security Bulletin, MS04-035, October 12, 2004

US-CERT Cyber Security Alert, SA04-286A

US-CERT Vulnerability Note VU#394792

Microsoft Security Bulletin MS04-035, November 9, 2004

Microsoft Security Bulletin MS04-035 V2.0 February 8, 2005

Microsoft

Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft

A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-006.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing

CVE Name:
CAN-2005-0049

High

Microsoft Security Bulletin, MS05-006, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#340409

Microsoft

Windows XP SP1 & SP2, XP 64-Bit Edition SP1

A vulnerability exists in the authentication validation process when using named pipe connections, which could let a remote malicious user obtain sensitive information.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-007.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows XP Named Pipe Information Disclosure

CVE Name:
CAN-2005-0051

Medium

Microsoft Security Bulletin, MS05-007, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#939074

Netscape

Netscape 7.x

A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Netscape IDN Implementation URL Spoof
Medium
Secunia Advisory,
SA14165, February 7, 2005

People Can Fly

Painkiller 1.35 & prior

A buffer overflow vulnerability exists due to insufficient bounds checking in the Gamespy CD-key hash, which could let a remote malicious user cause a Denial of Service.

Update available at: www.painkillergame.com/

A Proof of Concept exploit has been published.

Painkiller Buffer Overflow Remote Denial of Service
Low
Securiteam, February 3, 2005

Piotr Kowalski

LANChat Pro Revival1.666c

A remote Denial of Service vulnerability exists due to a failure to process unexpected data.

No workaround or patch available at time of publishing.

An exploit script has been published.

Piotr Kowalski LANChat Pro Remote Denial of Service
Low
SecurityTracker Alert ID, 1013082, February 3, 2005

Qualcomm

Eudora 6.2.0 & prior

Several vulnerabilities exist when viewing emails and handling stationary and mailbox files due to unspecified errors, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://www.eudora.com/products/

Currently we are not aware of any exploits for these vulnerabilities.

Eudora E-mail, Stationary/Mailbox Files Remote Code Execution
High
NGSSoftware Advisory, February 2, 2005

RaidenHTTPD TEAM

RaidenHTTPD 1.1.27

A Directory Traversal vulnerability when handling HTTP requests that contain relative pathnames due to an input validation error, which could let a remote malicious user obtain sensitive information.

Upgrade available at:
http://www.raidenhttpd.com/en/download.html

A Proof of Concept exploit has been published.

RaidenHTTPD Directory Traversal

Medium
Securiteam, February 6, 2005

RARLAB

WinRar 3.0 .0, 3.10, beta 5, beta 3, 3.11, 3.20, 3.40-3.42

A Directory Traversal vulnerability exists when attempting to decompress a file by right clicking, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

RARLAB WinRAR Directory Traversal
Medium
7a69ezine Advisories, 7a69Adv#21, February 2, 2005

Real Networks

RealPlayer 10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5

A vulnerability exists due to insufficient enforcement of security zones, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

RealPlayer Security Zone Bypass

High

Bugtraq, February 1, 2005

Savant

Savant Webserver 3.1

A buffer overflow vulnerability exists due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Exploit scripts have been published.

Savant Web Server Remote Buffer Overflow
High
Securiteam, February 2, 2005

Software602

602LAN SUITE 2004

A vulnerability exists due to improper validation of user-supplied filenames before uploading files as e-mail attachments, which could let a remote malicious user execute arbitrary code.

Update available at: http://www.software602.com/download/

Currently we are not aware of any exploits for this vulnerability.

602LAN SUITE Input Validation
High
SIG^2 Vulnerability Research Advisory, February 8, 2005

ZipGenius

ZipGenius Standard Edition 5.5, Suite Edition 5.5

Multiple Directory Traversal vulnerabilities exist due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://web.rossoalice.it/zipgenius/zg6/zg6sui_b5.exe

There is no exploit code required.

ZipGenius Multiple Directory Traversal Vulnerabilities
Medium
7a69ezine Advisories, 7a69Adv#19 & 20, February 2, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source
Alexander Barton

ngIRCd 0.6, 0.6.1, 0.7, 0.7.1, 0.7.5-0.7.7, 0.8-0.8.2

A format string vulnerability exists in 'log.c' due to insufficient sanitization of the 'Log_Resolver()' function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Alexander Barton ngIRCd Remote Format String
High
No System Group, Advisory #11, February 3, 2005

Apple

Safari 1.2.4 v125.12

 

An input validation vulnerability exists because the HTTP 'Content-type' header value is ignored by the web server, which could let a remote malicious user modify system information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple Safari Input Validation
Medium
SecurityTracker Alert ID: 1013087, February 5, 2005

Apple

Safari 1.2.5

A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple Safari IDN Implementation URL Spoof
Medium
Secunia Advisory,
SA14164, February 7, 2005

ARJ Software Inc.

UNARJ 2.62-2.65

 

A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-29.xml

SUSE:
http://www.suse.de/de/security/
2004_03_sr.html

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-007.html

Debian:
http://security.debian.org/pool/updates/
non-free/u/unarj/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-022_RHSA-2005-007.pdf

Fedora Legacy:
http://download.fedoralegacy.org/redhat/

http://download.fedoralegacy.org
/fedora/1/updates/

Currently we are not aware of any exploits for this vulnerability.

ARJ Software UNARJ Remote Buffer Overflow

CVE Name:
CAN-2004-0947

High

SecurityTracker Alert I,: 1012194, November 11, 2004

Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004

SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004

Fedora Update Notification
FEDORA-2004-414, December 11, 2004

RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005

Debian Security Advisory, DSA 652-1, January 21, 2005

Avaya Security Advisory, ASA-2005-022, January 25, 2005

Fedora Legacy Update Advisory, FLSA:2272, February 1, 2005

FireHOL

FireHOL 1.214

A vulnerability exists due to the insecure creation of various temporary files, which could let a malicious user overwrite arbitrary files.

Update available at:
http://firehol.sourceforge.net/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-01.xml

There is no exploit required

FireHOL Insecure Local Temporary File Creation
Medium

Secunia Advisory, SA13970, January 25, 2005

Gentoo Linux Security Advisory, GLSA 200502-01, February 1, 2005

Freedesktop.org

D-BUS 0.23 & prior

A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.

Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/3/

There is no exploit code required.

D-BUS Session Hijack

CVE Name:
CAN-2005-0201

Medium
SecurityTracker Alert ID,1013075, February 3, 2005

FreeRADIUS Server Project

FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0

A remote Denial of Service vulnerability exists in 'radius.c' and 'eap_tls.c' due to a failure to handle malformed packets.

Upgrades available at:
ftp://ftp.freeradius.org/pub/radius/
freeradius-1.0.1.tar.gz

Gentoo:
http://security.gentoo.org/glsa/
glsa-200409-29.xml

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

RedHat: http://rhn.redhat.com/errata/
RHSA-2004-609.html

Fedora Legacy:
http://download.fedoralegacy.org/
fedora/1/updates/

There is no exploit code required.

FreeRADIUS Access-Request Denial of Service

CVE Names:
CAN-2004-0938
CAN-2004-0960
CAN-2004-0961

Low

Gentoo Linux Security Advisory, GLSA 200409-29, September 22, 2004

US-CERT Vulnerability Note VU#541574, October 11, 2004

Fedora Update Notification,
FEDORA-2004-355, October 28, 2004

RedHat Security Advisory, RHSA-2004:609-06, November 12, 2004

Fedora Legacy Update Advisory, FLSA:2187, February 1, 2005

US-CERT Vulnerability Note VU#541574

Frox

Frox 0.7.16, 0.7.17

A vulnerability exists in 'config.c' due to improper parsing of Deny ACLs in the 'parse_match()' function, which could let a remote malicious user bypass security restrictions.

Update available at:
http://frox.sourceforge.net/download/

Currently we are not aware of any exploits for this vulnerability.

Frox Deny ACL Parsing
Medium
Secunia Advisory,
SA14182, February 8, 2005

Gallery Project

Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux

A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://sourceforge.net/project/showfiles.
php?group_id=7130

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-10.xml

Debian:
http://security.debian.org/pool/updates
/main/g/gallery/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-45.xml

It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed.

There is no exploit code required.

Gallery Cross-Site Scripting

CVE Name:
CAN-2004-1106

High

Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004

Debian Security Advisory, DSA 642-1, January 17, 2005

Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005

SecurityFocus, February 2, 2005

Glyph and Cog

XPDF prior to 3.00pl3

A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.

Update available at:
http://www.foolabs.com/xpdf/download.html

Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch

Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/

http://security.debian.org/pool/
updates/main/x/xpdf/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates

Gentoo:
http://security.gentoo.org/glsa/

KDE:
ftp://ftp.kde.org/pub/kde/security_patches

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow

CVE Name:
CAN-2005-0064

High

iDEFENSE Security Advisory, January 18, 2005

Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005

Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

 

 

GNU

Emacs prior to 21.4.17

 

A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.

Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4

Currently we are not aware of any exploits for this vulnerability.

Emacs Format String

CVE Name:
CAN-2005-0100

High
SecurityTracker Alert, 1013100, February 7, 2005

GNU Midnight Commander Project

Midnight Commander 4.x

Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.

Debian:
http://security.debian.org/pool/
updates/main/m/mc/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

Low/ Medium/ High

(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)

SecurityTracker Alert, 1012903, January 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

GNU

ChBg 1.5

A vulnerability was reported in ChBg. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted ChBg scenario file that, when processed by the target user with ChBg, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the simplify_path() function in 'config.c.' FreeBSD is not affected because PATH_MAX is set to 1024, preventing the buffer overflow.

Debian:
http://security.debian.org/pool/
updates/main/c/chbg/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

A Proof of Concept exploit script has been published.

GNU ChBg simplify_path() Buffer Overflow

CVE Name:
CAN-2004-1264

High

Secunia Advisory ID, SA13529, December 17, 2004

Debian Security Advisory, DSA 644-1, January 18, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:027, February 2, 2005

GNU

CUPS 1.1.22

A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SGI:
http://www.sgi.com/support/security/

SuSE:
ftp://ftp.suse.com/pub/suse/

A Proof of Concept exploit script has been published.

GNU CUPS HPGL ParseCommand() Buffer Overflow

CVE Name:
CAN-2004-1267


High

CUPS Advisory STR #1023, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

GNU

CUPS Ippasswd 1.1.22

A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/security/

A Proof of Concept exploit has been published.

GNU CUPS lppasswd Denial of Service

CVE Name:
CAN-2004-1268

 

Low

SecurityTracker Alert ID, 1012602, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

GNU

Xpdf prior to 3.00pl2

A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.

A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/download.html

A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch

KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt

Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/

Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165

Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163

Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162

Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161

Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166

Debian:
http://www.debian.org/security/2004/dsa-619

Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

GNU Xpdf Buffer Overflow in doImage()

CVE Name:
CAN-2004-1125

High

iDEFENSE Security Advisory 12.21.04

KDE Security Advisory, December 23, 2004

Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004

Fedora Update Notification,
FEDORA-2004-585, January 6, 2005

Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005

Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Avaya Security Advisory, ASA-2005-027, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

 

Hewlett-Packard

HP-UX 11.x

A vulnerability exists which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in SAM (System Administration Manager).

Apply patches:
http://www.itrc.hp.com/service/
patch/mainPage.do

Rev 2: Added B.11.04 patch

Currently we are not aware of any exploits for this vulnerability.

Hewlett-Packard HP-UX SAM Privilege Escalation Vulnerability
Medium

HP Advisory, SSRT4699, December 22, 2004

HP Security Bulletin, HPSBUX01104 Rev 2, February 1, 2004

IBM

AIX 5.3

A vulnerability exists in the NIS client, which could let a remote malicious user execute arbitrary code.

Patch available at:
ftp://aix.software.ibm.com/aix/
efixes/security/nis_efix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM AIX NIS Client Remote Code Execution
High
SecurityFocus, February 1, 2005

IBM

AIX 5.1-5.3

A format string vulnerability exists in '/usr/sbin/chdev,' which could let a malicious user obtain root privileges.

Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html

Currently we are not aware of any exploits for this vulnerability.

IBM AIX chdev Format String
High
iDEFENSE Security Advisory, February 7, 2005

IBM

AIX 5.2, 5.3

A format string vulnerability exists in auditselect, which could let a malicious user obtain root privileges.

Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html

Currently we are not aware of any exploits for this vulnerability.

IBM AIX auditselect Format String

CVE Name:
CAN-2005-0250

High
SecurityTracker Alert, 1013103, February 8, 2005

Info-ZIP

Zip 2.3; Avaya CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing

A buffer overflow vulnerability exists due to a boundary error when doing recursive compression of directories with 'zip,' which could let a remote malicious user execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zip/

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-16.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-634.html

Debian:
http://www.debian.org/
security/2005/dsa-624

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-019_RHSA-2004-634.pdf

Fedora Legacy:
http://download.fedoralegacy.org/redhat/

http://download.fedoralegacy.org
/fedora/1/updates/

Currently we are not aware of any exploits for this vulnerability.

 

Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow

CVE Name:
CAN-2004-1010

High

Bugtraq, November 3, 2004

Ubuntu Security Notice, USN-18-1, November 5, 2004

Fedora Update Notification,
FEDORA-2004-399 & FEDORA-2004-400, November 8 & 9, 2004

Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004

SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004

Red Hat Advisory, RHSA-2004:634-08, December 16, 2004

Debian DSA-624-1, January 5, 2005

Turbolinux Security Announcement, 20050131, January 31, 2005

Avaya Security Advisory, ASA-2005-019, January 25, 200

Fedora Legacy Update Advisory, FLSA:2255, February 1, 2005

 

Jim Faulkner

Newspost 2.0, 2.1.1

A buffer overflow vulnerability exists in 'socket.c' in the the 'socket_getline()' function when handling NNTP server responses, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-05.xml

A Proof of Concept exploit script has been published.

Newspost Remote Buffer Overflow

CVE Name:
CAN-2005-0101

High

Secunia Advisory,
SA14092, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-05, February 3, 2004

KDE.org

Konqueror 3.x

A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

KDE Konqueror IDN Implementation URL Spoof
Medium
Secunia Advisory,
SA14162, February 7, 2005

KDE

KDE 3.x, 2.x

A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.

The vulnerability has been fixed in the CVS repository.

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160

Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

KDE kio_ftp FTP Command Injection Vulnerability

CVE Name:
CAN-2004-1165

Medium

KDE Advisory Bug 95825, December 26, 2004

Debian Security Advisory, DSA 631-1, January 10, 2005

Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

KDE

Konqueror 3.2.2-6

 

A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:150

Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-16.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

KDE Konqueror Window Injection

CVE Name:
CAN-2004-1158

Medium

Secunia Advisory ID, SA13254, December 8, 2004

Secunia Advisory ID, SA13486, December 16, 2004

Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

 

KDE

Konqueror prior to 3.32

Two vulnerabilities exist in KDE Konqueror, which can be exploited by malicious people to compromise a user's system.The vulnerabilities are caused due to some errors in the restriction of certain Java classes accessible via applets and Javascript. This can be exploited by a malicious applet to bypass the sandbox restriction and read or write arbitrary files.

Update to version 3.3.2:
http://kde.org/download/

Apply patch for 3.2.3:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.2.3-kdelibs-khtml-java.tar.bz2

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:154

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-16.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

KDE Konqueror
Java Sandbox Vulnerabilities

CVE Name:
CAN-2004-1145

High

KDE Security Advisory, December 20, 2004

Mandrakesoft MDKSA-2004:154, December 22, 2004

US-CERT Vulnerability Note, VU#420222, January 5, 2005

Gentoo Linux Security Advisory, GLSA 200501-16, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

LOGICNOW

PerlDesk 1.x

An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

PerlDesk 'view' Parameter Input Validation
High
SecurityTracker Alert, 1013090, February 7, 2005

Matt Wright

WWWBoard 2.0 Alpha 2.1, 2.0 Alpha 2

A vulnerability exists in the password database file due to insufficient access controls, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

WWWBoard Password Database Access Controls
Medium
SecurityFocus, February 5, 2005

Mike Neuman

osh 1.7

A buffer overflow vulnerability exists in 'main.c' due to insufficient bounds checking in the 'iopen()' function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Mike Neuman OSH Command Line Argument Buffer Overflow
High
Secunia Advisory,
SA14159, February 8, 2005

Multiple Vendors

ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1

A remote Denial of Service vulnerability exists due to an error in the handling of file
information in corrupted ZIP files.

Upgrade available at:
http://sourceforge.net/project/showfiles.
php?group_id=86638&release_id=300116

Gentoo:
http://security.gentoo.org/glsa/glsa-200501-46.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Clam Anti-Virus ClamAV Remote Denial of Service

CVE Name:
CAN-2005-0133

Low

SecurityFocus, January 31, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005

Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2

A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

SuSE:
ftp://ftp.suse.com/pub/suse/

There is no exploit code required; however, a Proof of Concept exploit has been published.

ht://Dig Cross-Site Scripting

CVE Name:
CAN-2005-0085

High
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Evolution Camel-Lock-Helper Application Remote Buffer Overflow

CVE Name:
CAN-2005-0102

High

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, 9.2;
Squid Web Proxy Cache 2.5 .STABLE3-STABLE7, 2.5 .STABLE1

A vulnerability exists due to a failure to handle malformed HTTP headers. The impact was not specified.

Patches available at:
http://www.squid-cache.org/Versions/v2/2.5/
bugs/squid-2.5.STABLE7-oversize_reply_headers.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-04.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy Malformed HTTP Headers

CVE Name:
CAN-2005-0174

Not Specified

Gentoo Linux Security Advisory, GLSA 200502-04:02, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

US-CERT Vulnerability Note VU#768702

US-CERT Vulnerability Note VU#823350

Multiple Vendors

FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1

A remote Denial of Service vulnerability during the decompression process due to a failure to handle malformed input.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200408-26.xml

FileZilla:
http://sourceforge.net/project/showfiles.
php?group_id=21558

OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch

OpenPKG:
ftp ftp.openpkg.org

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2004.17

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/2/

We are not aware of any exploits for this vulnerability.

Zlib Compression Library Remote
Denial of Service

CVE Name:
CAN-2004-0797

Low

SecurityFocus, August 25, 2004

SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004

Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004

US-CERT Vulnerability Note VU#238678, October 1, 2004

SCO Security Advisory, SCOSA-2004.17, October 19, 2004

Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004

Fedora Update Notification,
FEDORA-2005-095, January 28, 2005

Multiple Vendors

Hylafax.org Hylafax 4.0 pl0-pl2, 4.0.2, 4.1, beta1-beta3, 4.1.1-4.1.3, 4.1.5-4.1.8; 4.2;
MandrakeSoft Linux Mandrake 10.0, AMD64, 10.1 X86_64, 10.1

A vulnerability exists because the username is incorrectly compared with an entry in the 'hosts.hfaxd' database, which could let a remote malicious user obtain unauthorized access.

Patches available at:
ftp://ftp.hylafax.org/source/hylafax-4.2.1.tar.gz

Debian:
http://security.debian.org/
pool/updates/main/h/hylafax/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-21.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.suse.com/pub/suse/

There is no exploit required.

HylaFAX Remote Access Bypass

CVE Name:
CAN-2004-1182

Medium

SecurityTracker Alert, 101284, January 12, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

 

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/

Currently we are not aware of any exploits for these vulnerabilities.

Perl SuidPerl Multiple Vulnerabilities

CVE Names:
CAN-2005-0155
CAN-2005-0156

Medium/ High

(High if arbitrary code can be executed)

Ubuntu Security Notice, USN-72-1, February 2, 2005

Multiple Vendors

Linux Kernel 2.6.x

A Denial of Service vulnerability exists in 'fs/ntfs/debug.c' because kernel error messages are not properly limited.

Update available at: http://kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel NTFS File System Denial of Service
Low
Secunia Advisory, SA14117, February 7, 2005

Multiple Vendors

ncpfs 2.2.1 - 2.2.4

A buffer overflow exists that could lead to local execution of arbitrary code with elevated privileges. The vulnerability is in the handling of the '-T' option in the ncplogin and ncpmap utilities, which are both installed as SUID root by default.

Gentoo: Update to 'net-fs/ncpfs-2.2.5' or later
http://www.gentoo.org/security/en
/glsa/glsa-200412-09.xml

SUSE: Apply updated packages. Updated packages are available via YaST Online Update or the SUSE FTP site.

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors ncpfs: ncplogin and ncpmap Buffer Overflow

CVE Name:
CAN-2004-1079

High

Gentoo Linux Security Advisory, GLSA 200412-09 / ncpfs, December 15, 2004

Secunia SA13617, December 22, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005

Multiple Vendors

Samba 2.2.9, 3.0.8 and prior

An integer overflow vulnerability in all versions of Samba's smbd 0.8 could allow an remote malicious user to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

Patches available at:
http://www.samba.org/samba/ftp/patches/
security/samba-3.0.9-CAN-2004-1154.patch

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-670.html

Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200412-13.xml

Trustix:
http://www.trustix.net/errata/2004/0066/

Red Hat (Updated):
http://rhn.redhat.com/errata/
RHSA-2004-670.html

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

SUSE:
http://www.novell.com/linux/security/
advisories/2004_45_samba.html

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:158

Conectiva:
ftp://atualizacoes.conectiva.com.br/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-020.html

HP:
http://software.hp.com

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Samba smbd Security
Descriptor

CVE Name:
CAN-2004-1154

High

iDEFENSE Security Advisory 12.16.04

Red Hat Advisory, RHSA-2004:670-10, December 16, 2004

Gentoo Security Advisory, GLSA 200412-13 / Samba, December 17, 2004

US-CERT, Vulnerability Note VU#226184, December 17, 2004

Trustix Secure Linux Advisory #2004-0066, December 17, 2004

Red Hat, RHSA-2004:670-10, December 16, 2004

SUSE, SUSE-SA:2004:045, December 22, 2004

RedHat Security Advisory, RHSA-2005:020-04, January 5, 2005

Conectiva Linux Security Announcement, CLA-2005:913,January 6, 2005

Turbolinux Security Announcement, February 7, 2005

HP Security Advisory, HPSBUX01115, February 3, 2005

Multiple Vendors

Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0

A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.

Patch available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.
STABLE7-fakeauth_auth.patch

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

SUSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM fakeauth_auth Helper Remote Denial of Service

CVE Name:
CAN-2005-0096

Low

Secunia Advisory,
SA13789, January 11, 2005

Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Multiple Vendors

SuSE Linux 8.0, i386, 8.1, 8.2, 9.0 x86_64, 9.0-9.2; Wietse Venema Postfix 2.1.3