 |
Summary of Security Items from February 9 through February 15, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
3Com
3CServer |
Buffer overflow vulnerabilities exist in several FTP commands, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
3Com 3CServer FTP Command Buffer Overflows
CVE Name:
CAN-2005-0419
|
High |
Bugtraq, February 7, 2005 |
ArGoSoft
ArGoSoft Mail Server 1.8.7.3 & prior
|
Multiple vulnerabilities exist: a Directory Traversal vulnerability exists in attachment handling due to insufficient input validation, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability exists in the '_msgatt.rec' file, which could let a remote malicious user include arbitrary files as a email attachment; and a vulnerability exists due to insufficient sanitization of the 'Folder' parameter in 'msg,' 'delete,' 'folderdelete,' and 'folderadd,' which could let a remote malicious user create/delete arbitrary directories.
Update available at:
http://www.argosoft.com/mailserver/download.aspx
There is no exploit code required. |
ArGoSoft Mail Server Directory Traversals
CVE Name:
CAN-2005-0367
|
Medium |
SIG^2 Vulnerability Research Advisory, February 9,2005 |
| ASPJar Guestbook 1.0 |
Several vulnerabilities exist: a vulnerability exists in the '/admin/login.asp' script due to insufficient sanitization of the 'User' and 'Password' parameters, which could let a remote malicious user obtain administrative access; and a vulnerability exists in 'delete.asp' due to insufficient authorization, which could let a remote malicious user delete arbitrary messages.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium/ High
(High if administrative access can be obtained)
|
Bugtraq, February 10, 2005 |
Computer Associates
BrightStor ARCserve 2000 Backup Windows Japanese, ARCServe Backup for NetWare 9.0, 11.1, BrightStor ARCServe Backup for Windows 9.0.1, 11.0, 11.1, Windows 64 bit 9.0.1, 11.0, 11.1, Enterprise Backup 10.0, 10.5, Enterprise Backup for Windows 64 bit 10.5 |
A buffer overflow vulnerability exists when a specially crafted UDP probe is submitted to the Discovery Service, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://supportconnect.ca.com/sc/
An exploit script has been published. |
BrightStor ARCserve Backup Discovery Service Buffer Overflow
CVE Name:
CAN-2005-0260
|
High |
iDEFENSE Security Advisory, February 9, 2005 |
DelphiTurk
DelphiTurk FTP 1.0 |
A vulnerability exists in the 'profile.dat' file due to insecure storage of account information, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
SecurityTracker Alert, 1013139, February 10, 2005 |
DelphiTurk
CodeBank (KodBank) 3.1 & prior |
A vulnerability exist because the registry can be searched to obtain usernames & passwords, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
DelphiTurk CodeBank (KodBank) Elevated Privileges
CVE Name:
CAN-2005-0422
|
Medium |
SecurityTracker Alert, 1013139, February 10, 2005 |
F-Secure
Anti-Virus 2004, 2005. |
A buffer overflow vulnerability exists when processing the ARJ archives, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.f-secure.com/security/fsc-2005-1.shtml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
ISS X-Force Security Advisory, February 10, 2005 |
IBM
DB2 Universal Database for Windows 7.1, 7.2, 8.0, 8.1 |
A vulnerability exists which could let a malicious user cause a Denial of Service or obtain sensitive information.
Updates available at:
http://www-1.ibm.com/support/docview.wss?rs
=0&uid=swg24008763
Currently we are not aware of any exploits for this vulnerability. |
IBM DB2 Denial of Service & Information Disclosure |
Low/ Medium
(Medium if sensitive information can be obtained)
|
SecurityFocus, February 10, 2005 |
IBM
Websphere Application Server 5.0.2.5-5.0.2.9, 5.1.0.2-5.1.0.5, 5.1.1.1-5.1.1.3 |
A vulnerability exists because the source code of Java Script pages is disclosed via a specially crafted URL, which could let a remote malicious user obtain sensitive information.
Updates available at:
ftp://ftp.software.ibm.com/software/websphere/
appserv/support/fixes/PQ99537/PQ99537_fix.jar
There is no exploit code required.
|
IBM WebSphere Application Server JSP Engine Source Code Disclosure
CVE Name:
CAN-2005-0425
|
Medium |
Secunia Advisory,
SA14274, February 14, 2005 |
IBM
Websphere Application Server 6.0 |
A vulnerability exists in the file serving servlet, which could let a remote malicious user obtain sensitive information.
Updates available at: ftp://ftp.software.ibm.com/software/websphere/
appserv/support/fixes/PK00091/6.0.0.1-WS-WAS-IFPK00091.pak
There is no exploit code required. |
IBM WebSphere Application Server File Servlet Source Code Disclosure
CVE Name:
CAN-2005-0425
|
Medium |
Secunia Advisory,
SA14274, February 14, 2005 ` |
Microsoft
ASP.NET 1.x |
A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.
Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx
V1.1: Bulletin updated to include Knowledge Base
Article numbers for each individual download under Affected
Products.
A Proof of Concept exploit has been published. |
|
Medium |
Microsoft, October 7, 2004
Microsoft Security Bulletin, MS05-004, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Vulnerability Note VU#283646
Microsoft Security Bulletin, MS05-004 V1.1, February 15, 2005 |
Microsoft
Internet Explorer 5.0.1, SP1-SP4, r 5.5, SP1&SP2, 6.0 SP1&SP2 |
A vulnerability exists when certain mouse events are contained in a HREF tag, which could let a remote malicious user display false information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer HREF Tag Mouse Event |
Medium |
SecurityFocus, February 14, 2005 |
Microsoft
Internet Explorer 5.5, SP1 & SP2, 6.0, SP1 & SP2 |
A vulnerability exists if the 'CTRL-d' key combination is pressed to bookmark a website that contains a specially crafted pop-up window, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer Favorites List |
High |
SecurityFocus, February 14, 2005 |
Microsoft
Internet Explorer 6.0 SP1 |
A remote Denial of Service vulnerability exists when a malformed 'file:' URI is processed.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Microsoft Internet Explorer Malformed 'File:' URI Denial of Service |
Low |
SecurityFocus, February 15, 2005 |
Microsoft
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 |
A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx
V1.1: Bulletin updated to clarify prerequisites
under Visio 2002 Update Information.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Office URL File Location Handling Buffer Overflow
CVE Name:
CAN-2004-0848
|
High |
Microsoft Security Bulletin, MS05-005, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#416001
Microsoft Security Bulletin, MS05-005 V1.1, February 15, 2005 |
Microsoft
Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft |
A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-006.mspx
V1.1: Bulletin updated to document information
about other software that may include the affected software.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing
CVE Name:
CAN-2005-0049
|
High |
Microsoft Security Bulletin, MS05-006, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#340409
Microsoft Security Bulletin, MS05-006 V1.1, February 15, 2005 |
Microsoft
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 |
Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-009.mspx
V1.1 Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger – CAN-2004-0597
V1.2: Bulletin updated with correct file version
information for Windows Messenger 5.0 update, as well as added
Windows Messenger 5.1 to "Non-Affected Software" list.
An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability. |
|
High |
Microsoft Security Bulletin, MS05-009, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#259890
SecurityFocus, February 10, 2005
Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005
Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005 |
Microsoft
Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A vulnerability exists in the DHTML Edit ActiveX control, which could let a remote malicious user inject arbitrary scripting code into a different window on the target user's system.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-013.mspx
V1.1: Updated the Caveats section to reflect
"None" as there are no caveats associated with this update.
A Proof of Concept exploit has been published. |
Microsoft Internet Explorer DHTML Edit Control Script
CVE Name:
CAN-2004-1319
|
High |
Bugtraq, December 15, 2004
Microsoft Security Bulletin, MS05-013, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#356600
Microsoft Security Bulletin, MS05-013 V1.1, February 15, 2005 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1,
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-015.mspx
V1.1: Mitigating factor for ISA 2004 updated.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Hyperlink Object Library Buffer Overflow
CVE Name:
CAN-2005-0057
|
High |
Microsoft Security Bulletin, MS05-015, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#820427
Microsoft Security Bulletin, MS05-015 V1.1, February 15, 2005 |
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows 2000 Professional, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Datacenter Edition, Windows 98, Windows 98 SE, Windows ME;
Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server
Avaya S8100 Media Servers |
A Shell vulnerability and Program Group vulnerability exists in Microsoft Windows. These vulnerabilities could allow remote code execution.
Updates available at:
http://www.microsoft.com/technet/security/
bulletin/MS04-037.mspx
Bulletin updated to reduce the scope of a documented workaround to only support Windows XP, Windows XP Service Pack 1, and Windows Server 2003.
Avaya: Customers are advised to follow Microsoft's guidance for applying patches. Advisories are located at the following locations: http://support.avaya.com/japple/css/japple?
temp.groupID=128450&temp.selectedFamily=
128451&temp.selectedProduct=154235&temp.
selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&
PAGE=avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()
http://support.avaya.com/japple/css/japple?temp.groupID
=128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()
V1.2 Bulletin “Caveats” section updated to reflect the availability of Microsoft Knowledge Base Article 891534 as a known issue with this security update on Windows NT Server 4.0 Terminal Server Edition Service Pack 6. This bulletin has also been updated to document that this security update does not replace MS04-024 as was originally described in the bulletin.
We are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin MS04-037 v1.1, October 25, 2004
US-CERT Cyber Security Alert SA04-286A, October 12, 2004
US-CERT Vulnerability Note VU#543864, October 15, 2004
SecurityFocus, October 26, 2004
US-CERT Vulnerability Note, VU#616200, November 23, 2004
Microsoft Security Bulletin MS04-037 Ver. 1.2, February 15, 2006
|
Microsoft
Windows (XP SP2 is not affected) |
A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.
Updates available at:
http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
V1.2: Frequently Asked Questions section updated to reflect an additional known attack vector.
Another exploit script has been published. |
Microsoft Windows ANI File Parsing Errors
CVE Name:
CAN-2004-1305
|
Low |
VENUSTECH Security Lab, December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005
SecurityFocus, January 12, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005
Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005
PacketStorm, January 31, 2005
Microsoft Security Bulletin, MS05-002, V1.2, February 15, 2005 |
Microsoft
Exchange Server 2003, SP1 |
A vulnerability exists in Microsoft Outlook Web Access due to is insufficient sanitization of URI supplied data, which could let a remote malicious user conduct phishing attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
Microsoft Outlook Web Access URI Redirection
CVE Name:
CAN-2005-0420
|
Medium |
Secunia Advisory,
SA14144, February 8, 2005 |
Multiple Vendors
Check Point Software Integrity Client 4.5, Integrity Client 5.0;
Zone Labs ZoneAlarm 2.1-2.6, 3.0, 3.1, 3.7 .202, 4.0, 4.5 .538.001, 5.1, ZoneAlarm Pro 2.4, 2.6, 3.0, 3.1, 4.0, 4.5 .538.001, 4.5, 5.0.590.015, 5.1, 5.5 .062, ZoneAlarm Security Suite 5.1, 5.5 .062, 5.5 |
A Denial of Service vulnerability exists in the 'NtConnectPort' function due to insufficient verification of the 'ServerPortName' argument.
Updates available at:
http://download.zonelabs.com/bin/free/securityAlert/19.html
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor ZoneAlarm Denial of Service
CVE Name:
CAN-2005-0114
|
Low |
SecurityTeam, February 13, 2005 |
RealNetworks
RealArcade 1.2.0.994 & prior
|
Two vulnerabilities exist: a vulnerability exists due to the way RGS files are handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in RGP files that contain a specially crafted 'FILENAME' tag, which could let a remote malicious modify system/user information.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1013128, February 9, 2005 |
Safenet
SoftRemote VPN Client
|
A vulnerability exists because the 'IreIKE.exe' process stores the VPN password in memory, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
SafeNet SoftRemote VPN Client Key Disclosure
CVE Name:
CAN-2005-0346
|
Medium |
SecurityTracker Alert, 1013134, February 9, 2005 |
Software602
602LAN SUITE 2004 |
A vulnerability exists due to improper validation of user-supplied filenames before uploading files as e-mail attachments, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.software602.com/download/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SIG^2 Vulnerability Research Advisory, February 8, 2005 |
Sybase
Adaptive Server Enterprise 11.5 Win, 11.5.1 Win, 11.9.2 Win, 12.0 Win, 12.0 .0.8 EDS#3, 12.5 Win, 12.5.2, 12.5.3 ESD#1, 12.5.3 |
A vulnerability exists that affects all versions of Adaptive Server Enterprise prior to 12.0.0.8 ESD#3 and 12.5.3 ESD#1 running on Microsoft Windows platforms. The impact was not specified.
Vendor recommendations located at: http://www.sybase.com/detail/1,6904,1033894,00.html
Currently we are not aware of any exploits for this vulnerability. |
Sybase Adaptive Server Enterprise Unspecified Vulnerability
CVE Name:
CAN-2005-0441
|
Not Specified |
Sybase Security Alert , February 15, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Apple
Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.7
|
A remote Denial of Service vulnerability exists in the AppleFileServer due to a failure to handle integer signedness properly.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Apple Mac OS X AppleFileServer Remote Denial of Service
CVE Name:
CAN-2005-0340
|
Low |
Bugtraq, February 8, 2005 |
Apple
Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.7 |
A vulnerability exists in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
Apple Mac OS X Finder 'DS_Store' Insecure File Creation
CVE Name:
CAN-2005-0342
|
Medium |
Bugtraq, February 7, 2005 |
Apple
Safari 1.2.4 v125.12
|
An input validation vulnerability exists because the HTTP 'Content-type' header value is ignored by the web server, which could let a remote malicious user modify system information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
SecurityTracker Alert ID: 1013087, February 5, 2005 |
Brooky
CubeCart 2.0.1, 2.0.4 |
Multiple vulnerabilities exist: a Directory Traversal vulnerability exists due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability exists due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at:
http://www.cubecart.com/site/downloads/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
Medium/ High
(High if arbitrary code can be executed)
|
Bugtraq, February 14, 2005 |
| Caolan McNamara & Dom Lachowicz
wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0 |
A buffer overflow vulnerability exists in the 'strcat()' function call due to the insecure bounds checking, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://www.abisource.com/bonsai/
cvsview2.cgi?diff_mode=context&whitespace_mode=show&
root=/cvsroot&subdir=wv&command=DIFF_
FRAMESET&root =/cvsroot&file=field.c&rev
1=1.19&rev2=1.20
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200407-11.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/updates/main/w/wv/
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
A Proof of Concept exploit has been published. |
|
High |
Securiteam, July 11, 2004
iDEFENSE Security Advisory, July 9, 2004
Conectiva Linux Security Announcement, CLA-2004:863, September 10, 2004
Debian Security Advisory, DSA 550-1, September 20, 2004
Debian Security Advisory, DSA 579-1, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:902, December 1, 2004
Fedora Legacy Update Advisory, FLSA:1906, February 8, 2005 |
Computer Associates
BrightStor ARCserve 2000, ARCserve Backup 11.x, 9.x, Enterprise Backup 10.x |
A vulnerability exists due to a hard-coded backdoor account that contains a common authentication password, which could let a remote malicious user execute arbitrary commands with root privileges.
Updates available at:
http://supportconnect.ca.com/sc/solcenter/
There is no exploit code required |
CA BrightStor ARCserve Backup UniversalAgent Backdoor Account
CVE Name:
CAN-2005-0349
|
High |
iDEFENSE Security Advisory, February 10, 2005 |
Debian
Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha,
Debian toolchain-source 3.0.3 -1-3.0.3-3, 3.0.4 |
A vulnerability exists due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.
Update available at:
http://security.debian.org/pool/updates/
main/t/toolchain-source/toolchain-source
_3.0.4-1woody1_all.deb
There is no exploit code required. |
Debian Toolchain-Source Multiple Insecure Temporary File Creation
CVE Name:
CAN-2005-0159
|
Medium |
Debian Security Advisory DSA 679-1, February 14, 2005 |
Ethereal Group
Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8 |
Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.
Ethereal:
http://www.ethereal.com/download.html
Debian:
http://security.debian.org/pool/
updates/main/e/ethereal/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-27.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
SGI:
ftp://oss.sgi.com/projects/sgi_
propack/download/3/updates/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012962, January 21, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005 |
Gallery Project
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux |
A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/project/showfiles.
php?group_id=7130
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-10.xml
Debian:
http://security.debian.org/pool/updates
/main/g/gallery/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-45.xml
It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed.
Gentoo: The cross-site scripting vulnerability that Gallery 1.4.4-pl5 was intended to fix, did not actually resolve the issue.
There is no exploit code required. |
|
High |
Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004
Debian Security Advisory, DSA 642-1, January 17, 2005
Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005
SecurityFocus, February 2, 2005
Gentoo Linux Security Advisory [UPDATE] GLSA 200501-45:03, February 10, 2005 |
Gentoo
webmin-1.140.ebuild, 1.150.ebuild, 1.160.ebuild, 1.170-r1.ebuild, 1.170-r2.ebuild |
A vulnerability exists in the 'miniserv.users' file due to exposure of the encrypted root password, which could let a remote malicious user obtain sensitive information.
Update available at:
http://security.gentoo.org/glsa/glsa-200502-12.xml
There is no exploit required. |
Gentoo Portage-Built Webmin Root Password Disclosure
CVE Name:
CAN-2005-0427
|
Medium |
Gentoo Linux Security Advisory, GLSA 200502-12, February 11, 2005 |
gFTP
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 |
A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz
There is no exploit code required. |
|
Medium |
SecurityFocus, February 14, 2005 |
Glyph and Cog
XPDF prior to 3.00pl3 |
A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.foolabs.com/xpdf/download.html
Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/
http://security.debian.org/pool/
updates/main/x/xpdf/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/
KDE:
ftp://ftp.kde.org/pub/kde/security_patches
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-10.xml
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Currently we are not aware of any exploits for this vulnerability. |
Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow
CVE Name:
CAN-2005-0064
|
High |
iDEFENSE Security Advisory, January 18, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
Gentoo Linux Security Advisory, GLSA 200502-10, February 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
|
GNU
Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4
|
Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.
Debian:
http://security.debian.org/pool/
updates/main/e/enscript/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
/universe/e/enscript/
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-03.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-039.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID: 1012965, January 21, 2005
RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005
Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005 |
GNU
Emacs prior to 21.4.17
|
A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4
Debian:
http://security.debian.org/pool/.../e/emacs20/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/emacs21/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert, 1013100, February 7, 2005
Debian Security Advisory,
DSA-670-1 & 671-1, February 8, 2005
Ubuntu Security Notice, USN-76-1, February 7, 2005
Fedora Update Notifications
FEDORA-2005-145 & 146, February 14, 2005 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
A Proof of Concept exploit script has been published. |
|
Medium |
SecurityTracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
GNU
Xpdf prior to 3.00pl2 |
A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.
A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/download.html
A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch
KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt
Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165
Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163
Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162
Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161
Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166
Debian:
http://www.debian.org/security/2004/dsa-619
Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SuSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
Currently we are not aware of any exploits for this vulnerability. |
GNU Xpdf Buffer Overflow in doImage()
CVE Name:
CAN-2004-1125 |
High |
iDEFENSE Security Advisory 12.21.04
KDE Security Advisory, December 23, 2004
Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004
Fedora Update Notification,
FEDORA-2004-585, January 6, 2005
Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Avaya Security Advisory, ASA-2005-027, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
|
Hewlett Packard Company
HP-UX B.11.23, HP-UX B.11.11, HP-UX B.11.00 |
A remote Denial of Service vulnerability exists due to a failure to handle malformed network data.
Upgrades available at:
http://software.hp.com/
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
HP Security Bulletin, : HPSBUX01117, February 9, 2005 |
Hewlett Packard
HP-UX 11.x |
A vulnerability exists in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the debug logging routine of ftpd. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long command request. Successful exploitation may allow execution of arbitrary code, but requires that the FTP daemon is configured to log debug information (not default setting).
Apply patches:
http://www.itrc.hp.com/service/patch/mainPage.do
HP:
http://itrc.hp.com
Currently we are not aware of any exploits for this vulnerability. |
Hewlett Packard HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability
CVE Name:
CAN-2004-1332
|
High |
iDEFENSE Security Advisory 12.21.04
HP Security Bulletin, HPSBUX01118, February 9, 2005 |
IBM
AIX 5.1-5.3 |
A buffer overflow vulnerability exists in 'netpmon' command, which could let a malicious user execute arbitrary code as root.
Patches available at:
ftp://aix.software.ibm.com/aix/efixes/
security/netpmon_efix.tar.Z
Currently we are not aware of any exploits for this vulnerability. |
IBM AIX 'Netpmon' Command Buffer Overflow
CVE Name:
CAN-2005-0263
|
High |
iDefense Security Advisory, February 10, 2005 |
IBM
AIX 5.1-5.3 |
A buffer overflow vulnerability exists in the 'ipl_varyon' utility due to a failure to copy user-supplied input securely, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
High |
iDefense Security Advisory, February 10, 2005 |
IBM
AIX 5.2, 5.3 |
A vulnerability exists in the 'lspath' command, which could let a malicious user obtain sensitive information.
Updates available at:
ftp://aix.software.ibm.com/aix/efixes/
security/lspath_efix.tar.Z
There is no exploit code required. |
|
Medium |
IBM Security Advisory, February 9, 2005 |
KAME Project
IPsec-Tools 0.3, rc1-rc5, 0.3.1, 0.3.2;
KAME Racoon, 20040503, 20040407b, 20040405, 20030711
|
A vulnerability exists due to an authentication error in the
‘eay_check_x509cert()’ function when verifying certificates, which could lead to the validation of invalid certificates.
Upgrades available at:
http://prdownloads.sourceforge.net/ipsec-tools/
ipsec-tools-0.3.3.tar.gz?download
SGI:
http://www.sgi.com/support/security/
Apple:
http://download.info.apple.com/Mac_OS_X/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-308.html
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SCO:
ftp://ftp.sco.com/pub/updates
/UnixWare/SCOSA-2005.10
There is no exploit code required.
|
|
Medium |
Bugtraq, June 14, 2004
SCO Security Advisory, SCOSA-2005.10, February 7, 2005 |
KAME Project
Racoon 20040405, 20030711, Racoon |
A remote Denial of Service vulnerability exists due to an error when processing certain
malformed IKE messages.
Upgrades available at:
ftp://ftp.kame.net/pub/kame/snap/kame-20040503-openbsd34-snap.tgz
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.10
Currently we are not aware of any exploits for this vulnerability.
|
Kame Racoon Remote IKE Message Denial of Service
CVE Name:
CAN-2004-0392
|
Low |
SecurityFocus, May 6, 2004
SCO Security Advisory, SCOSA-2005.10, February 7, 2005 |
KAME Project
Racoon
Apple Mac OS X 10.2.8, 10.3.3, Mac OS X Server 10.2.8, 10.3.3
|
A Denial of Service vulnerability exits due to an error when allocating memory
for ISAKMP messages.
Patch available at:
http://www.securityfocus.com/data
/vulnerabilities/patches/racoon_patch
Apple:
http://download.info.apple.com/Mac_OS_X/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-165.html
SGI:
http://www.sgi.com/support/security/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200404-17.xml
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.10
Currently we are not aware of any exploits for this vulnerability.
|
Kame Racoon Malformed ISAKMP Packet
Denial of Service
CVE Name:
CAN-2004-0403
|
Low |
Secunia Advisory, SA11410, April 19, 2004
Apple Security Advisory, APPLE-SA-2004-05-03, May 3, 2004
SCO Security Advisory, SCOSA-2005.10, February 7, 2005
|
KDE
kdelibs 3.3.2 |
A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.
Patch available at:
http://bugs.kde.org/attachment.cgi?id=9205&action=view
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
SecurityFocus, February 11, 2005 |
KDE
KDE 3.x, 2.x |
A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.
The vulnerability has been fixed in the CVS repository.
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160
Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/
Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-009.html
Currently we are not aware of any exploits for this vulnerability. |
KDE kio_ftp FTP Command Injection Vulnerability
CVE Name:
CAN-2004-1165
|
Medium |
KDE Advisory Bug 95825, December 26, 2004
Debian Security Advisory, DSA 631-1, January 10, 2005
Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005
Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005 |
KDE
Konqueror 3.2.2-6
|
A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:150
Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-16.xml
SUSE:
ftp://ftp.suse.com/pub/suse/
RedHat: h
ttp://rhn.redhat.com/errata/
RHSA-2005-009.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Secunia Advisory ID, SA13254, December 8, 2004
Secunia Advisory ID, SA13486, December 16, 2004
Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005
|
Konversation
IRC Client 0.15 |
Multiple vulnerabilities exist: a vulnerability exists in the 'Server::parseWildcards' function due to insufficient filtering of various parameters, which could let a remote malicious user execute arbitrary code; a vulnerability exists in certain Perl scripts if shell metacharacters in channel names or song names aren't properly quoted, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Quick Connection dialog because the password is used as the nickname, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://konversation.berlios.de/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-34.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
There is no exploit required; however, Proofs of Concept exploits have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Bugtraq, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Larry Wall
Perl 5.8.3 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-04.xml
Debian:
http://security.debian.org/pool/updates/main/p/perl/
OpenPKG:
ftp://ftp.openpkg.org/release/2.1/UPD/
perl-5.8.4-2.1.1.src.rpm
Mandrake:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:031
There is no exploit code required. |
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice, USN-16-1, November 3, 2004
Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004
Debian Security Advisory, DSA 620-1, December 30, 2004
OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005
MandrakeSoft Security Advisory, MDKSA-2005:031, February 8, 2005 |
LOGICNOW
PerlDesk 1.x |
An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands.
Upgrades available at:
http://www.perldesk.com/helpdesk.0.html
An exploit script has been published. |
PerlDesk 'view' Parameter Input Validation
CVE Name:
CAN-2005-0343
|
High |
SecurityTracker Alert, 1013090, February 7, 2005
SecurityFocus, February 7, 2005 |
MIT
Kerberos 5 1.3.4 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-24.xml
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-036_RHSA-2005-012.pdf
There is no exploit code required. |
MIT
Kerberos 5 Insecure Temporary File Creation
CVE Name:
CAN-2004-0971
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory GLSA 200410-24, October 25, 2004
Avaya Security Advisory, ASA-2005-036, February 7, 2005 |
MIT
Kerberos 5 krb5-1.3.5 & prior; Avaya S8700/S8500/S8300 (CM2.0 and later), MN100, Intuity LX 1.1- 5.x, Modular Messaging MSS |
A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code.
A patch is available at:
http://web.mit.edu/kerberos/advisories/
2004-004-patch_1.3.5.txt
Gentoo:
http://www.gentoo.org/security/en/glsa/glsa-
200501-05.xml
Debian:
http://security.debian.org/pool/updates/main/
k/krb5/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/k/krb5/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-036_RHSA-2005-012.pdf
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1012640, December 20, 2004
Gentoo GLSA 200501-05, January 5, 2005
Ubuntu Security Notice, USN-58-1, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005
Avaya Security Advisory, ASA-2005-036, February 7, 2005
|
Multiple Vendors
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1 |
A remote Denial of Service vulnerability exists due to an error in the handling of file
information in corrupted ZIP files.
Upgrade available at:
http://sourceforge.net/project/showfiles.
php?group_id=86638&release_id=300116
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-46.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
http://www.trustix.org/errata/2005/0003/
Currently we are not aware of any exploits for this vulnerability. |
Clam Anti-Virus ClamAV Remote Denial of Service
CVE Name:
CAN-2005-0133
|
Low |
SecurityFocus, January 31, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005
Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9 |
A vulnerability exists in 'iptables.c' and 'ip6tables.c' due to a failure to load the required modules, which could lead to a false sense of security because firewall rules may not always be loaded.
Debian:
http://security.debian.org/pool/
updates/main/i/iptables/i
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
SUSE:
ftp.SUSE.com/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/i/iptables/
There is no exploit required. |
|
Medium |
Debian Security Advisory, DSA 580-1 , November 1, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Fedora Update Notification,
FEDORA-2004-417, December 1, 2004
Turbolinux Security Advisory, TLSA-2005-10, January 26, 2005
Fedora Legacy Update Advisory, FLSA:2252, February 10, 2005
Ubuntu Security Notice, USN-81-1, February 11, 2005 |
Multiple Vendors
Exim 4.43 & prior |
Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process.
The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software
/email/exim/ Testing/exim-snapshot.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/
email/exim/Testing/exim-snapshot.tar.gz.sig
Also, patches for 4.43 are available at:
http://www.exim.org/mail-archives/
exim-announce/2005/msg00000.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/exim4/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-23.xml
Debian:
http://security.debian.org/pool/
updates/main/e/exim/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
An exploit script has been published.
|
|
High |
SecurityTracker Alert ID: 1012771, January 5, 2005
Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005
Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
US-CERT Vulnerability Note, VU#132992, January 28, 2005
SecurityFocus, February 12, 2005 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, rc1-rc3; libdbi-perl libdbi-perl 1.21, 1.42 |
A vulnerability exists libdbi-perl due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files.
Debian:
http://security.debian.org/pool/updates/
main/libd/libdbi-perl/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-38.xml
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-069.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libd/libdbi-perl/
Mandrake:
http://www.mandrakesoft.com
/security/advisories?name=MDKSA-2005:030
SUSE:
ftp://ftp.suse.com/pub/suse/
There is no exploit code required. |
Libdbi-perl Insecure Temporary File Creation
CVE Name:
CAN-2005-0077
|
Medium |
Debian Security Advisory, DSA 658-1, January 25, 2005
Ubuntu Security Notice, USN-70-1, January 25, 2005
Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005
RedHat Security Advisory, RHSA-2005:069-08, February 1, 2005
MandrakeSoft Security Advisory, MDKSA-2005:030, February 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Multiple Vendors
Gentoo Linux;
VMWare VMWare Workstation 3.2.1 patch 1, 3.4, 4.0-4.0.2, 4.5.2 |
A vulnerability exists because binary searches for a shared library is in a world-writeable location, which could let a malicious execute arbitrary code.
Updates available at:
http://security.gentoo.org/glsa/glsa-200502-18.xml
There is no exploit code required. |
VMWare Workstation For Linux Shared Library
CVE Name:
CAN-2005-0444
|
High |
Gentoo Linux Security Advisory, GLSA 200502-18, February 14, 2005 |
Multiple Vendors
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
m/mailman/
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-29.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool/
updates/main/m/mailman/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker, January 12, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005
SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005 |
Multiple Vendors
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 |
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SuSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://security.debian.org/pool/updates/main/h/htdig/
Gentoo:
http://security.gentoo.org/glsa/glsa-200502-16.xml
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory ,DSA 680-1, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-16, February 14, 2005 |
Multiple Vendors
ISC BIND 9.3;
MandrakeSoft Linux Mandrake 10.1 X86_64, 10.1 |
A remote Denial of Service vulnerability exists in the 'authvalidated()' function due to an error in the validator.
Upgrade available at:
http://www.isc.org/index.pl
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Trustix:
http://www.trustix.org/errata/2005/0003/
Currently we are not aware of any exploits for this vulnerability. |
BIND Validator Self Checking Remote Denial of Service
CVE Name:
CAN-2005-0034
|
Low |
US-CERT Vulnerability Note. VU#938617, January 25, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Multiple Vendors
KDE 2.0, BETA, 2.0.1, 2.1-2.1.2, 2.2-2.2.2 |
A vulnerability exists in 'kdesktop/lockeng.cc' and 'kdesktop/lockdlg.cc' due to insufficient return value checking, which could let a malicious user bypass the screensaver lock mechanism.
Debian:
http://security.debian.org/pool/
updates/main/k/kdebase/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-009.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Debian Security Advisory, DSA 660-1, January 26, 2005
RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005 |
Multiple Vendors
MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta) |
A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.
Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/
SUSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://security.debian.org/pool/
updates/main/e/evolution/
Currently we are not aware of any exploits for this vulnerability. |
Evolution Camel-Lock-Helper Application Remote Buffer Overflow
CVE Name:
CAN-2005-0102
|
High |
Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005
Ubuntu Security Notice, USN-69-1, January 25, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory, DSA 673-1, February 10, 2005 |
Multiple Vendors
Perl |
A race condition vulnerability was reported in the 'File::Path::rmtree()' function. A remote user may be able to obtain potentially sensitive information. A remote user may be able to obtain potentially sensitive information or modify files.
The vendor has released Perl version 5.8.4-5 to address this vulnerability. Customers are advised to contact the vendor for information regarding update availability.
Debian:
http://security.debian.org/pool/updates/main/p/perl/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/
OpenPKG:
ftp://ftp.openpkg.org/release/2.1/UPD/
perl-5.8.4-2.1.1.src.rpm
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-38.xml
Mandrake:
http://www.mandrakesoft.com/
security/advisories?name=MDKSA-2005:031
SUSE:
ftp://ftp.suse.com/pub/suse/
|
Multiple Vendors Perl File::Path::rmtree() Permission
Modification
Vulnerability
CVE Name:
CAN-2004-0452 |
Medium |
Ubuntu Security Notice, USN-44-1, December 21, 2004
Debian Security Advisory, DSA 620-1, December 30, 2004
OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005
Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005
MandrakeSoft Security Advisory, MDKSA-2005:031, February 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0 |
Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Debian:
http://security.debian.org/pool/
updates/main/s/squid/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-061.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
There is no exploit required. |
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA13825, January 13, 2005
Debian Security Advisory, DSA 651-1, January 20, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005
Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 |
Multiple Vendors
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, 9.2;
Squid Web Proxy Cache 2.5 .STABLE3-STABLE7, 2.5 .STABLE1 |
A vulnerability exists due to a failure to handle malformed HTTP headers. The impact was not specified.
Patches available at:
http://www.squid-cache.org/Versions/v2/2.5/
bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-04.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-061.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/
Currently we are not aware of any exploits for this vulnerability. |
|
Not Specified |
Gentoo Linux Security Advisory, GLSA 200502-04:02, February 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
US-CERT Vulnerability Note VU#768702
US-CERT Vulnerability Note VU#823350
Ubuntu Security Notice, USN-77-1 , February 7, 2005
SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:034, February 11, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml
KDE:
ftp://ftp.kde.org/pub/kde/security_patches/
post-3.3.1-kdegraphics.diff
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/
SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
Currently we are not aware of any exploits for these vulnerabilities.
|
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CVE Names:
CAN-2004-0888
CAN-2004-0889 |
High |
SecurityTracker Alert ID, 1011865, October 21, 2004
Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004
Debian Security Advisory, DSA 599-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005
Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136, February 8 & 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005 |
Multiple Vendors
Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0, 1.0.1; Slackware Linux -current, 9.0, 9.1, 10.0 |
A buffer overflow vulnerability exists in the processing of MSNSLP messages due to insufficient verification, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-23.xml
Rob Flynn:
http://prdownloads.sourceforge.net/gaim/
gaim-1.0.2.tar.gz?download
RedHat:
ftp://updates.redhat.com
Slackware:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/
patches/packages/gaim-1.0.2-i486-1.tgz
Ubuntu:http://security.ubuntu.com/ubuntu/
pool/main/g/gaim/
Mandrake:
http://www.mandrakesoft.com/security/advisories
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
We are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200410-23, October 25, 2004
RedHat Security Advisory, RHSA-2004:604-01, October 20, 2004
Slackware Security Advisory, SSA:2004-296-01, October 22, 2004
Ubuntu Security Notice, USN-8-1 October 27, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:117, November 1, 2004
Fedora Legacy Update Advisory, FLSA:2188, February 11, 2005 |
Multiple Vendors
Gentoo Linux;
GNU Mailman 2.1-2.1.5; RedHat Fedora Core3 & Core2; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A Directory Traversal vulnerability exists in 'private.py' due to an input validation error, which could let a remote malicious user obtain sensitive information.
Debian:
http://security.debian.org/pool/updates/main/m/mailman/
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/glsa-200502-11.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-136.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 674-1, February 10, 2005
Ubuntu Security Notice USN-78-1, February 10, 2005
Fedora Update Notifications
FEDORA-2005-131 & 132, February 10, 2005
Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005
RedHat Security Advisory, RHSA-2005:136-08, February 10, 2005
Fedora Update Notifications,
FEDORA-2005-131 & 132, February 10, 2005
Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005
Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005
SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:037, February 14, 2005 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service.
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-28.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
X.org:
http://www.x.org/pub/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:137 (libxpm)
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:138 (XFree86)
Debian:
http://www.debian.org/
security/2004/dsa-607 (XFree86)
SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/
TurboLinux:
http://www.turbolinux.com/update/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-023_RHSA-2004-537.pdf
http://support.avaya.com/elmodocs2/
security/ASA-2005-025_RHSA-2005-004.pdf
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-06.xml
http://security.gentoo.org/
glsa/glsa-200502-07.xml
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors LibXPM Multiple Vulnerabilities
CVE Name:
CAN-2004-0914
|
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
X.Org Foundation Security Advisory, November 17, 2004
Fedora Update Notifications,
FEDORA-2004-433 & 434, November 17 & 18, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004
Fedora Security Update Notifications
FEDORA-2003-464, 465, 466, & 467, December 1, 2004
RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004
Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004
Debian Security Advisory
DSA-607-1 xfree86 -- several vulnerabilities, December 10, 2004
Turbolinux Security Announcement, January 20, 2005
Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005
Gentoo Linux Security Advisories, GLSA 200502-06 & 07, February 7, 2005 |
Multiple Vendors
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-13.xml
Mandrake:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:031
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-105.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
Proofs of Concept exploits have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Ubuntu Security Notice, USN-72-1, February 2, 2005
MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005
RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Multiple Vendors
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing |
A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are properly processed, which could let a remote malicious user execute arbitrary code with root privileges.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/l/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005
-016RHSA-2006-017RHSA-2005-043.pdf
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Another exploit script has been published. |
|
High |
iSEC Security Research Advisory, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
PacketStorm, January 27, 2005
Avaya Security Advisory, ASA-2005-034, February 8, 2005
Ubuntu Security Notice, USN-57-1, February 9, 2005 |
Multiple Vendors
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2;Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing |
A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at:
http://linux.bkbits.net:8080/linux-2.6/cset@
41a6721cce-LoPqkzKXudYby_3TUmg
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-043.html
http://rhn.redhat.com/errata/
RHSA-2005-017.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005-
016RHSA-2006-017RHSA-2005-043.pdf
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if root access can be obtained)
|
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m January 18 & 21, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Avaya Security Advisory, ASA-2005-034, February 8, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.28; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing |
A vulnerability exists in the device drivers due to failure to implement all required virtual memory access flags.
RedHat:
http://rhn.redhat.com/errata/RHSA-2005-016.html
http://rhn.redhat.com/errata/RHSA-2005-017.html
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005-
016RHSA-2006-017RHSA-2005-043.pdf
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel Device Driver Virtual Memory Flags Implementation Failure
CVE Name:
CAN-2004-1057
|
Not Specified |
RedHat Security Advisories, RHSA-2005:016-13 & 076-14, January 21, 2005
Avaya Security Advisory, ASA-2005-034, February 8, 2005 |
Multiple Vendors
Linux kernel 2.6 .10, 2.6-2.6.11 |
Multiple vulnerabilities exist: a vulnerability exists in the 'radeon' driver due to a race condition, which could let a malicious user obtain elevated privileges; a buffer overflow vulnerability exists in the 'i2c-viapro' driver, which could let a malicious user execute arbitrary code; a buffer overflow vulnerability exists in the 'locks_read_proc()' function, which could let a malicious user execute arbitrary code; a vulnerability exists in 'drivers/char/n_tty.c' due to a signedness error, which could let a malicious user obtain sensitive information; and potential errors exist in the 'atm_get_addr()' function and the 'reiserfs_copy_from_user_to_file_region()' function.
Patches available at:
http://kernel.org/pub/linux/kernel/
v2.6/testing/patch-2.6.11-rc4.bz2
Exploit scripts have been published. |
Linux Kernel Multiple Local Buffer Overflows & Information Disclosure |
Medium/ High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA14270, February 15, 2005 |
Multiple Vendors
LinuxPrinting.org Foomatic-Filters 3.03.0.2, 3.1;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
A vulnerability exists in the foomatic-rip print filter due to insufficient validation of command-lines and environment variables, which could let a remote malicious user execute arbitrary commands.
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Fedora: http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-24.xml
Sun:
http://sunsolve.sun.com/search/document.do
?assetkey=1-26-57646-1&searchclause=
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora Legacy:
http://download.fedoralegacy.org/fedora/1/updates/
SCO:
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12
We are not aware of any exploits for this vulnerability. |
LinuxPrinting.org Foomatic-Filter Arbitrary Code Execution
CVE Name:
CAN-2004-0801
|
High |
Secunia Advisory, SA12557, September 16, 2004
Fedora Update Notification,
FEDORA-2004-303, September 21, 2004
Gentoo Linux Security Advisory, GLSA 200409-24, September 17, 2004
Sun(sm) Alert Notification, 57646, October 7, 2004
Conectiva Linux Security Announcement, CLA-2004:880, October 26, 2004
Fedora Legacy Update Advisory, FLSA:2076, November 5, 2004
SCO Security Advisory, SCOSA-2005.12, February 8, 2005 |
Multiple Vendors
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 |
A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.
STABLE7-fakeauth_auth.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
Currently we are not aware of any exploits for this vulnerability. |
Squid NTLM fakeauth_auth Helper Remote Denial of Service
CVE Name:
CAN-2005-0096
|
Low |
Secunia Advisory,
SA13789, January 11, 2005
Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 |
MySQL
MySQL 4.x |
A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges.
Update available at:
http://lists.mysql.com/internals/20600
Ubuntu:
http://www.ubuntulinux.org/support/
documentation/usn/usn-63-1
Debian:
http://www.debian.org/security/2005/dsa-647
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200501-33.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
MySQL 'mysqlaccess.sh' Unsafe Temporary Files
CVE Name:
CAN-2005-0004 |
Medium |
SecurityTracker Alert, 1012914, January 17,2005
Ubuntu Security Notice USN-63-1 January 18, 2005
Debian Security Advisory
DSA-647-1 mysql, January 19, 2005
Gentoo GLSA 200501-33, January 23, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Netkit
Linux Netkit 0.17 |
A Denial of Service vulnerability exists when processing malformed size packets.
Debian:
http://security.debian.org/pool/u
pdates/main/n/netkit-rwho/
Currently we are not aware of any exploits for this vulnerability. |
Netkit RWho Malformed Packet Size Denial of Service
CVE Name:
CAN-2004-1180
|
Low |
Debian Security Advisory DSA 678-1, February 11, 2005 |
Open Group
Open Motif 2.x, Motif 1.x; Avaya CMS Server 8.0, 9.0, 11.0, CVLAN, Integrated Management, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing
|
Multiple vulnerabilities have been reported in Motif and Open Motif, which potentially can be exploited by malicious people to compromise a vulnerable system.
Updated versions of Open Motif and a patch are available. A
commercial update will also be available for Motif 1.2.6 for users,
who have a commercial version of Motif.
http://www.ics.com/developers/
index.php?cont=xpm_security_alert
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-09.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imlib/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/universe/x/xfree86/
TurboLinux:
http://www.turbolinux.com/update/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-023_RHSA-2004-537.pdf
http://support.avaya.com/elmodocs2/
security/ASA-2005-025_RHSA-2005-004.pdf
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-07.xml
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=a&anuncio=000924
Currently we are not aware of any exploits for these vulnerabilities. |
Open Group Motif / Open Motif libXpm Vulnerabilities
CVE Names:
CAN-2004-0687
CAN-2004-0688 |
High |
Integrated Computer Solutions
Secunia Advisory ID: SA13353, December 2, 2004
RedHat Security Advisory: RHSA-2004:537-17, December 2, 2004
Turbolinux Security Announcement, January 20, 2005
Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Gentoo Linux Security Advisory, GLSA 200502-07, February 7, 2005
Conectiva Security Advisory, CLSA-2005:924, February 14, 2005 |
Open Webmail
Open Webmail 1.7, 1.8, 1.71, 1.81, 1.90, 2.5, 2.20, 2.21, 2.30-2.32 |
A Cross-Site Scripting vulnerability exists in the 'logindomain' parameter due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code.
Patch available at:
http://turtle.ee.ncku.edu.tw/openwebmail/
download/cert/patches/SA-05:01/2.5x.patch
There is no exploit code required. |
Open WebMail 'Logindomain' Parameter Cross-Site Scripting
CVE Name:
CAN-2005-0445
|
High |
Secunia Advisory,
SA14253, February 14, 2005 |
Opera Software
Opera 7.54 on Linux with KDE 3.2.3; Gentoo Linux |
A vulnerability exists that could permit a remote user to cause the target user to execute arbitrary commands. KDE uses 'kfmclient exec' as the default application for processing saved files. A remote user can cause arbitrary shell commands to be executed on the target system.
Opera:
http://www.opera.com/download/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-17.xml
A Proof of Concept exploit has been published. |
Opera Default 'kfmclient exec' Configuration |
High |
Zone-H Advisory, ZH2004-19SA, December 12, 2004
Gentoo Linux Security Advisory, GLSA 200502-17, February 14, 2005 |
PHP Group
Debian
Slackware
Fedora
pp 4.3.7 and prior |
Updates to fix multiple vulnerabilities with php4 which could allow remote code execution.
Debian:
Update to Debian GNU/Linux 3.0 alias woody at
http://www.debian.org/releases/stable/
Slackware:
http://www.slackware.com/security/viewer.
php?l=slackware- security&y=2004&m=
slackware-security.406480
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/ia32/Server/
Apple:
http://www.apple.com/support/downloads/
Debian:
http://security.debian.org/pool/
updates/main/p/php3/
An exploit script has been published. |
|
High |
Secunia, SA12113 and SA12116, July 21, 2004
Debian, Slackware, and Fedora Security Advisories
Turbolinux Security Advisory TLSA-2004-23, September 15, 2004
PacketStorm, December 11, 2004
Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005
Debian Security Advisory DSA, 669-1, February 7, 2005 |
PNG Development Group
Conectiva
Debian
Fedora
Gentoo
Mandrakesoft
RedHat
SUSE
Sun Solaris
HP-UX
GraphicsMagick
ImageMagick
Slackware
libpng 1.2.5 and 1.0.15 |
Multiple vulnerabilities exist in the libpng library which could allow a remote malicious user to crash or execute arbitrary code on an affected system. These vulnerabilities include:
- libpng fails to properly check length of transparency chunk (tRNS) data,
- libpng png_handle_iCCP() NULL pointer dereference,
- libpng integer overflow in image height processing,
- libpng png_handle_sPLT() integer overflow,
- libpng png_handle_sBIT() performs insufficient bounds checking,
- libpng contains integer overflows in progressive display image reading.
If using original, update to libpng version 1.2.6rc1 (release candidate 1) available at:
http://www.libpng.org/pub/png/libpng.html
Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000856
Debian:
http://lists.debian.org/debian-security-announce/
debian-security-announce-2004/msg00139.html
Gentoo:
http://security.gentoo.org/glsa/glsa-200408-03.xml
Mandrakesoft:
http://www.mandrakesoft.com/security/advisories
?name=MDKSA-2004:079
RedHat
http://rhn.redhat.com/
SUSE:
http://www.SUSE.de/de/security/2004_23_libpng.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/1/
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Sun Solaris:
http://sunsolve.sun.com/pub-cgi/
retrieve.pl?doc=fsalert/57617
HP-UX:
http://www4.itrc.hp.com/service/cki/doc
Display.do?docId=HPSBUX01065
GraphicsMagick:
http://www.graphicsmagick.org/
www/download.html
ImageMagick:
http://www.imagemagick.org/www/
download.html
Slackware:
http://www.slackware.com/security
/viewer.php?l=slackware-security&y=2004&m=
slackware-security.439243
Yahoo:
http://messenger.yahoo.com/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2004.16
Fedora Legacy:
http://download.fedoralegacy.org/redhat/
Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57683-1
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
A Proof of Concept exploit has been published. |
Multiple Vulnerabilities in libpng
CVE Names:
CAN-2004-0597
CAN-2004-0598
CAN-2004-0599 |
High |
US-CERT Technical Cyber Security Alert TA04-217A, August 4, 2004
US-CERT Vulnerability Notes VU#160448, VU#388984, VU#817368, VU#236656, VU#477512, VU#286464, August 4, 2004
SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004
SCO Security Advisory, SCOSA-2004.16, October 12, 2004
Fedora Legacy Update Advisory, FLSA:2089, October 27, 2004
Sun(sm) Alert Notification, 57683, November 30, 2004
Fedora Legacy Update Advisory, FLSA:1943, February 8, 2005 |
PowerDNS
PowerDNS 2.0 RC1, 2.8, 2.9.15
|
A remote Denial of Service vulnerability exists in the'DNSPacket::expand' method in 'dnspacket.cc' due to a failure to handle exceptional conditions.
Upgrades available at:
http://www.powerdns.com/downloads/index.php
Gentoo:
http://security.gentoo.org/glsa/glsa-200502-15.xml
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
Gentoo Linux Security Advisory, GLSA 200502-15, February 14, 2005 |
SCO
Open Server 5.0.6 a, 5.0.6, 5.0.7 |
Multiple buffer overflow vulnerabilities exist due to insecure copying of user-supplied input, which could let a malicious user execute arbitrary code.
OpenServer 5.0.6:
ftp://ftp.sco.com/pub/updates/OpenServer/
SCOSA-2005.13/VOL.000.000
OpenServer 5.0.7:
ftp://ftp.sco.com/pub/openserver5/507
/mp/mp3/507mp3_vol.tar
Currently we are not aware of any exploits for these vulnerabilities. |
SCO OpenServer Multiple Local Buffer Overflows
CVE Name:
CAN-2004-1131
|
High |
SCO Security Advisory, SCOSA-2005.13, February 8, 2005 |
Squid-cache.org
Squid Web Proxy Cache 2.5 .STABLE5-STABLE8 |
A remote Denial of Service vulnerability exists when performing a Fully Qualify Domain Name (FQDN) lookup and and unexpected response is received.
Patches available at:
http://downloads.securityfocus.com/
vulnerabilities/patches/
Currently we are not aware of any exploits for this vulnerability. |
Squid Proxy FQDN Remote Denial of Service
CVE Name:
CAN-2005-0446
|
Low |
Secunia Advisory,
SA14271, February 14, 2005 |
SquirrelMail Development Team
SquirrelMail 1.2.6 |
A vulnerability exists in 'src/webmail.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/
main/s/squirrelmail/squirrelmail
_1.2.6-2_all.deb
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 662-1, February 1, 2005
US-CERT Vulnerability Note VU#203214 |
SquirrelMail
S/MIME Plugin 0.4, 0.5 |
A vulnerability exists in the S/MIME plug-in due to insufficient sanitization of the 'exec()' function, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.squirrelmail.org/plugin_view.php?id=54
There is no exploit code required. |
SquirrelMail S/MIME Plug-in Remote Command Execution
CVE Name:
CAN-2005-0239
|
High |
iDEFENSE Security Advisory, February 7, 2005
US-CERT Vulnerability Note VU#502328 |
Sun Microsystems, Inc.
Sun Java JDK 1.5.x
Sun Java JRE 1.1.x, 1.2.x, 1.3.x, 1.4.x, 1.5.x, SDK 1.1.x, 1.2.x, 1.3.x, SDK 1.4.x |
A vulnerability exists in the in Sun Java Plugin due to the creation of temporary files that use a predictable filename, which could let a malicious user write arbitrary content to a file with a predictable name.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Sun Java Plugin Temporary File Predictable Filenames |
Medium |
US-CERT Vulnerability Note VU#544392 |
Sun Microsystems, Inc.
Solaris 8.0 _x86, 8.0, 9.0 _x86, 9.0; Avaya CMS Server 9.0, 11.0, 12.0 |
A Denial of Service vulnerability exists due to a failure to handle excessive UDP endpoint activity.
Patches available at:
http://sunsolve.sun.com/search/document.do?
assetkey=urn:cds:docid:1-21-117351-16-1
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-033_SUN-1-29-2005.pdf
Currently we are not aware of any exploits for this vulnerability. |
Sun Solaris UDP Processing Denial of Service
CVE Name:
CAN-2005-0426
|
Low |
Sun(sm) Alert Notification, 57728, January 26, 2005
Avaya Security Advisory, ASA-2005-033, February 7, 2005 |
Sun Microsystems, Inc.
Solaris 7.0, 7.0 _x86, 8.0, 8.0 _x86, 9.0, 9.0 _x86 |
A remote Denial of Service vulnerability exists due to a failure to handle a flood of ARP packets.
Patches available at:
http://classic.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57673&
zone_32=category%3Asecurity
Currently we are not aware of any exploits for this vulnerability. |
Sun Solaris ARP Handling Remote Denial of Service
CVE Name:
CAN-2005-0447
|
Low |
Sun(sm) Alert Notification, 57673, February 11, 2005 |
Sympa
Sympa 3.3.3 |
A buffer overflow vulnerability exists in 'src/queue.c' in the 'listname' parameter, which could let a malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/s/sympa/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 677-1 , February 11, 2005 |
Synaesthesia
Synaesthesia 2.1 .0 |
A vulnerability exists due to a failure to secure access files, which could let a malicious user obtain sensitive information.
Debian:
http://security.debian.org/pool/
updates/main/s/synaesthesia/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 681-1 , February 14, 2005 |
xpcd
xpcd 2.0 8
|
A buffer overflow vulnerability exists in 'pcdsvgaview' due to a failure to copy user-supplied input securely, which could let a malicious user execute arbitrary code.
Update available at:
http://security.debian.org/pool/
updates/main/x/xpcd/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 676-1 , February 11, 2005 |
xview
xview 3.2 p1.4 |
Multiple buffer overflow vulnerabilities exist in the xview library, which could let a malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/x/xview/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Debian Security Advisory, DSA 672-1, February 9, 2005 |
Yongguang Zhang
hztty 2.0 |
A vulnerability exists due to an unknown cause, which could let a malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/h/hztty/
Currently we are not aware of any exploits for this vulnerability. |
Yongguang Zhang HZTTY Arbitrary Command Execution
CVE Name:
CAN-2005-0019
|
High |
Debian Security Advisory, DSA 675-1, February 10, 2005 |
Yukihiro Matsumoto
Ruby 1.8.x |
A remote Denial of Service vulnerability exists due to an input validation error in 'cgi.rb.'
Debian:
http://security.debian.org/pool/
updates/main/r/ruby
Mandrake:
http://www.mandrakesoft.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/universe/r/ruby1.8/l
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-23.xml
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-635.html
SGI:
ftp://patches.sgi.com/support/free/
security/advisories/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-635.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Yukihiro Matsumoto Ruby Infinite Loop Remote Denial of Service
CVE Name:
CAN-2004-0983
|
Low |
Secunia Advisory,
SA13123, November 8, 2004
Ubuntu Security Notice, USN-20-1, November 9, 2004
Fedora Update Notification,
FEDORA-2004-402 & 403, November 11 & 12, 2004
Gentoo Linux Security Advisory, GLSA 200411-23, November 16, 2004
Red Hat Advisory, RHSA-2004:635-03, December 13, 2004
RedHat Security Advisory, RHSA-2004:635-06, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
Turbolinux Security Announcement, 20050131, January 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
[back to top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Apache
mod_python |
A vulnerability exists in mod_python in the publisher handler that could permit a remote malicious user to view certain python objects. A remote user can submit a specially crafted URL to view the names and values of variables.
Red Hat: http://rhn.redhat.com/errata/RHSA-2005-104.html
Ubuntu: http://www.ubuntulinux.org/support/documentation/usn/usn-80-1
Fedora: http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
Gentoo: http://www.gentoo.org/security/en/glsa/glsa-200502-14.xml
Trustix: http://www.trustix.org/errata/2005/0003/
Currently we are not aware of any exploits for this vulnerability. |
Apache mod_python Information Disclosure Vulnerability
CVE Name:
CAN-2005-0088 |
Medium |
SecurityTracker Alert ID: 1013156, February 11, 2005
Red Hat RHSA-2005:104-03, February 10, 2005
Ubuntu, USN-80-1 February 11, 2005
Trustix #2005-0003, February 11, 2005 |
Barracuda Networks
Barracuda Spam Firewall 3.1.10 and prior
|
A vulnerability exists that could permit white-listed senders to use the product as an open mail relay.
Update to firmware 3.1.11 or later.
Currently we are not aware of any exploits for this vulnerability. |
Barracuda Spam Firewall 200 Open Mail Relay Vulnerability
CVE Name:
CAN-2005-0431
|
Low |
Secunia SA14243, February 11, 2005 |
BEA Systems
BEA WebLogic 8.1 through 8.1 SP3; 7.0 through 7.0 SP5 |
A vulnerability exists that could permit a remote malicious user to determine the reason for a failed authentication attempt. This allows a remote user to conduct a brute force password guessing attack.
For WebLogic Server 8.1, upgrade to WebLogic Server 8.1 Service Pack 4.
For WebLogic Server 7.0, upgrade to WebLogic Server 7.0 Service Pack 5 and then apply the following patch: ftp://ftpna.beasys.com/pub/releases/security/CR184612_70sp5.jar
This fix will be included in WebLogic Server 7.0 Service Pack 6.
Currently we are not aware of any exploits for this vulnerability. |
BEA WebLogic Authentication Vulnerability
CVE Name:
CAN-2005-0432
|
Medium |
BEA Security Advisory, BEA05-74.00 |
Cisco
Cisco devices running IOS enabled for BGP |
A remote Denial of Service vulnerability exists if malformed BGP packets are submitted.
The vendor has issued a solution at:
http://www.cisco.com/warp/public/
707/cisco-sa-20050126-bgp.shtml
Rev. 1.4: Modifications and additions to the Details section.
Currently we are not aware of any exploits for this vulnerability. |
Cisco IOS BGP Packets Denial of Service |
Low |
Cisco Security Advisory 63845, January 29, 2005
Technical Cyber Security Alert, TA05-026A, January 26, 2005
US-CERT Vulnerability Note VU#689326, January 26, 2005
Cisco Security Advisory 63845, Revision 1.4, February 9, 2005 |
Francisco Burzi
PHP-Nuke 6.x-7.6 |
Multiple vulnerabilities exist that could permit a remote user to determine the installation path or conduct Cross-Site Scripting attacks. The Downloads module does not properly validate user-supplied input in the 'newdownloadshowdays' parameter.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
SecurityFocus, Bugtraq ID 12561, February 15, 2005 |
F-Secure
F-Secure Anti-Virus for multiple platforms |
A buffer overflow vulnerability exists when processing ARJ archives. A remote malicious user can execute arbitrary code on the target system because of input validation errors. This vulnerability can be exploited on some systems without user interaction.
Vendor updates are available:
http://www.f-secure.com/
security/fsc-2005-1.shtml
Currently we are not aware of any exploits for this vulnerability. |
F-Secure Anti-Virus Buffer Overflow Vulnerability
CVE Name:
CAN-2005-0350
|
High |
F-Secure Security Bulletin FSC-2005-1, February 10, 2005 |
F-Secure
F-Secure Internet Gatekeeper version 6.41 and earlier;
F-Secure Internet Gatekeeper for Linux 2.06 |
A buffer overflow vulnerability exists when processing ARJ archives. A remote malicious user can execute arbitrary code on the target system because of input validation errors.
Vendor patches are available: http://www.f-secure.com/
security/fsc-2005-1.shtml
Currently we are not aware of any exploits for this vulnerability. |
F-Secure Internet Gatekeeper Buffer Overflow Vulnerability
CVE Name:
CAN-2005-0350
|
High |
F-Secure Security Bulletin FSC-2005-1, February 10, 2005 |
GNU
Armagetron 0.2.6.0 and prior |
Multiple vulnerabilities exist that could permit a remote malicious user to cause a Denial of Service in the target game service. This is due to buffer overflow and wait state errors.
No workaround or patch available at time of publishing.
An exploit script has been published. |
GNU Armagetron Denial of Service Vulnerability
CVE Name:
CAN-2005-0369
CAN-2005-0370
CAN-2005-0371
|
Low |
SecurityTracker Alert ID: 1013180, February 15, 2005
|
GNU
AWStats 5.0-5.9, 6.0-6.2 |
Several vulnerabilities exist: a vulnerability exists in the 'awstats.pl' script due to insufficient validation of the 'configdir' parameter, which could let a remote malicious user execute arbitrary code; and an unspecified input validation vulnerability exists.
Upgrades available at:
http://awstats.sourceforge.net/files/awstats-6.3.tgz
SuSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-36.xml
Currently we are not aware of any exploits for these vulnerabilities.
|
GNU AWStats Multiple Remote Input Validation
CVE Name:
CAN-2005-0116
|
High |
Securiteam, January 18, 2005
Gentoo Linux Security Advisory [UPDATE] GLSA 200501-36:03, February 14, 2005
US-CERT Vulnerability Note VU#272296 |
GNU
AWStats 6.3 and prior |
Multiple vulnerabilities exist which could permit local malicious users to gain escalated privileges, disclose system information, and cause a Denial of Service. This is due to errors in "awstats.pl" and the "loadplugin" and "pluginmode" parameters input validation.
The vulnerabilities have reportedly been fixed in the CVS repository.
A Proof of Concept exploit has been published.
|
|
Low/ Medium
(Medium if sensitive information can be obtained or elevated privileges are obtained)
|
SecurityFocus, Bugtraq ID 12545, February 14, 2005
|
GNU
CitrusDB prior to 0.3.6 |
A vulnerability exists that could permit a remote malicious user to obtain credit card import and export data.
The vendor has issued a fixed version (0.3.6), available at: http://www.citrusdb.org/download.php
A Proof of Concept exploit has been published. |
|
Medium |
OSVDB Reference: 13228, January 28, 2005
SecurityFocus, 12402, February 13, 2005 |
GNU
ELOG 2.5.6 and prior |
Two vulnerabilities exist that could permit disclosure of sensitive information or remote code execution. This is because of an input validation error and unprotected configuration file.
Update to version 2.5.7: http://midas.psi.ch/elog/download.html
A Proof of Concept exploit has been published. |
|
High |
SecurityFocus, Bugtraq ID 12556, February 15, 2005 |
GNU
Siteman 1.1.0 - 1.1.10 |
A vulnerability exists that could permit a malicious user to bypass certain security restrictions. This is due to an unspecified error in "users.php."
Apply patch: http://prdownloads.sourceforge.net/
sitem/1.1.10x_patch.zip?download
Currently we are not aware of any exploits for this vulnerability. |
GNU Siteman Security Bypass Vulnerability
CVE Name:
CAN-2005-0305
|
Medium |
Sourceforge.net, Siteman Release Notes 1.1.10x_patch |
GPL
Emdros 1.x |
Multiple vulnerabilities due to memory leaks within the MQL parse which could permit a Denial of Service.
Update to version 1.1.22: http://emdros.org/download.html
Currently we are not aware of any exploits for these vulnerabilities.
|
GPL Emdros MQL Parser Denial of Service Vulnerability
CVE Name:
CAN-2005-0415
|
Low |
SourceForge.net, Project Emdros, [ 1116935 ], February 8, 2005 |
GPL
MercuryBoard 1.1.1 |
An input validation vulnerability in the 'func/post.php' script could permit a remote malicious user to inject SQL commands.
The vendor has issued a fixed version (1.1.2), available at: http://www.mercuryboard.com/index.php?a=downloads
A Proof of Concept exploit has been published. |
GPL MercuryBoard SQL Injection Vulnerability
CVE Name:
CAN-2005-0414
|
High |
SecurityTracker Alert ID: 1013137, February 9, 2005 |
GPL
MyPHP Forum |
A vulnerability exists that could permit a remote malicious user to inject SQL commands. This is because several scripts do not properly validate user-supplied input in certain fields. These scripts are: 'forum.php', 'member.php', 'forgot.php', and 'include.php'.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
GPL MyPHP Forum SQL Injection Vulnerability
CVE Name:
CAN-2005-0413
|
High |
SecurityTracker Alert ID: 1013136, February 9, 2005 |
Hewlett-Packard
HP HTTP Server 5.0 through 5.95 |
A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target system or cause a Denial of Service.
The vendor has issued a fixed version (5.96 or later). Alternately, the vendor indicates that you can update to the System Management Homepage Version 2.0 or later. Management Software Security Patch for Windows Version 5.96 (or later) is available at: http://h18023.www1.hp.com/support/files/
Server/us/download/22192.html
Currently we are not aware of any exploits for this vulnerability.
|
HP HTTP Server Buffer Overflow Vulnerability |
Low/High
(High if arbitrary code can be executed)
|
HP Security Bulletin, HPSBMA01116, February 14, 2005 |
IBM
DB2 Universal Database 8.x |
Multiple vulnerabilities exist that could permit a malicious user to cause a Denial of Service, obtain knowledge of sensitive information, read and manipulate file content, or execute arbitrary code.
Apply DB2 8.1 FixPak 8: http://www-306.ibm.com/software/
data/db2/udb/support/downloadv8.html
Currently we are not aware of any exploits for these vulnerabilities. |
IBM DB2 Universal Database Multiple Vulnerabilities
CVE Name:
CAN-2005-0417
|
Medium/ High
(High if arbitrary code can be executed)
|
IBM Advisory, Reference #:
1196289, January 20, 2005 |
Jelsoft Enterprises
VBulletin VBulletin 3.0 Gamma, beta 2-beta7. 3.0-3.0.4 |
A vulnerability exists in the 'forumdisplay.php' script due to insufficient sanitization when the 'showforumusers' option is enabled, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit required; however, a Proof of Concept exploit has been published. |
Jelsoft VBulletin 'Forumdisplay.PHP' Script Remote Command Execution
CVE Name:
CAN-2005-0429
|
High |
SecurityFocus, February 14, 2005 |
Mozilla
Firefox 1.0 |
There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows.
A fix is available via the CVS repository
A Proof of Concept exploit has been published. |
Mozilla Firefox Multiple Vulnerabilities
CVE Name:
CAN-2005-0230
CAN-2005-0231
CAN-2005-0232 |
High |
SecurityTracker Alert ID: 1013108, February 8, 2005 |
Multiple Vendors
Debian Linux 3.0 spar, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ethereal Group Ethereal 0.9-0.9.16, 0.10-0.10.7
|
Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists in the DICOM dissector; a remote Denial of Service vulnerability exists in the handling of RTP timestamps; a remote Denial of Service vulnerability exists in the HTTP dissector; and a remote Denial of Service vulnerability exists in the SMB dissector when a malicious user submits specially crafted SMB packets. Potentially these vulnerabilities may also allow the execution of arbitrary code.
Upgrades available at:
http://www.ethereal.com/download.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200412-15.xml
Conectiva:
ftp://atualizacoes.conectiva.com.br/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-011.html
SuSE:
ftp://ftp.suse.com/pub/suse/
SGI: ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
Ethereal Security Advisory, enpa-sa-00016, December 15, 2004
Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005
RedHat Security Advisory, RHSA-2005:011-11, February 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005 |
Multiple Vendors
OpenPGP |
A vulnerability exists that could permit a remote malicious user to conduct an adaptive-chosen-ciphertext attack against OpenPGP's cipher feedback mode. The flaw is due to an ad-hoc integrity check feature in OpenPGP.
A solution will be available in the next release of the product.
A Proof of Concept exploit has been published. |
Multiple Vendors OpenPGP CFB Mode Vulnerable to Cipher-Text Attack
CVE Name:
CAN-2005-0366
|
Medium |
US-CERT Vulnerability Note VU#303094 |
OpenConf
OpenConf 1.0 4 |
An HTML injection vulnerability exists is due to input validation errors. This may permit a malicious user to execute arbitrary code. Disclosure of cookie-based credentials is also possible.
Upgrade to OpenConf 1.10: http://www.zakongroup.com/technology/openconf-download.php
There is no exploit required. |
OpenConf Paper Submission HTML Injection Vulnerability
CVE Name:
CAN-2005-0407
|
High |
SecurityFocus, Bugtraq ID 12554, February 15, 2005 |
Opera Software
Opera |
A spoofing vulnerability exists that could permit a malicious website to spoof the URL displayed in the address bar, SSL certificate, and status bar. This is due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.
Gentoo: http://security.gentoo.org/glsa/glsa-200502-17.xml
A Proof of Concept exploit has been published. |
|
Medium |
SecurityTracker Alert ID: 1013096, February 7, 2005
Gentoo GLSA 200502-17, February 14, 2005 |
Python
SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4 |
A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected.
Patches for Python 2.2, 2.3, and 2.4, available at:
http://python.org/security/ PSF-2005-001/patch-2.2.txt (Python 2.2)
http://python.org/security/ PSF-2005-001/patch.txt (Python 2.3, 2.4)
The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1.
Debian:
http://www.debian.org/security/ 2005/dsa-666
Gentoo:
http://security.gentoo.org/glsa/glsa-200502-09.xml
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:035
Trustix:
http://www.trustix.org/errata/2005/0003/
Red Hat:
http://rhn.redhat.com/errata/RHSA-2005-109.html
Currently we are not aware of any exploits for this vulnerability. |
Python SimpleXMLRPCServer Remote Code
CVE Name:
CAN-2005-0089
CAN-2005-0088 |
|
Python Security Advisory: PSF-2005-001, February 3, 2005
Gentoo, GLSA 200502-09, February 08, 2005
Mandrakesoft, MDKSA-2005:035, February 10, 2005
Trustix #2005-0003, February 11, 2005
RedHat Security Advisory, RHSA-2005:109-04, February 14, 2005 |
Spidean
PostWrap |
An input validation vulnerability exists that could permit a malicious remote user to conduct Cross-Site Scripting attacks. The module is designed to let remote web pages to be displayed on the target web site.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Spidean PostWrap Cross-Site Scripting Vulnerability
CVE Name:
CAN-2005-0412 |
High |
Internet Security Systems, postwrap-xss (19261), February 9, 2005 |
Squid-cache.org
Squid 2.5 |
A vulnerability exists that could permit a remote malicious user to send multiple Content-length headers with special HTTP requests to corrupt the cache on the Squid server.
A patch (squid-2.5.STABLE7-header_parsing.patch) is available at: http://www.squid-cache.org/Versions/v2/2.5/bugs/
squid-2.5.STABLE7-header_parsing.patch
Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000923
Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200502-04.xml
Debian:
http://www.debian.org/
security/2005/dsa-667
Ubuntu:
http://www.ubuntulinux.org/support/
documentation/usn/usn-77-1
SuSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html
SuSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/s/squid/
Currently we are not aware of any exploits for this vulnerability. |
Squid Error in Parsing HTTP Headers
CVE Name:
CAN-2005-0174
CAN-2005-0175 |
Medium |
SecurityTracker Alert ID, 1012992, January 25, 2005
Gentoo GLSA 200502-04, February 2, 2005
Debian DSA-667-1, February 4, 2005
SUSE, SUSE-SR:2005:003, February 4, 2005
US-CERT Vulnerability Note, VU#924198
US-CERT Vulnerability Note, VU#625878
Trustix #2005-0003, February 11, 2005
Ubuntu Security Notice, USN-77-1, February 7, 2005
SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:034, February 11, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005
|
SquirrelMail Development Team
SquirrelMail 1.x |
A Cross-Site Scripting vulnerability exists in the 'decodeHeader()' function in 'mime.php' when processing encoded text in headers due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.
Patch available at:
http://prdownloads.sourceforge.net/
squirrelmail/sm143a-xss.diff?download
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-25.xml
Conectiva:
ftp://atualizacoes.conectiva.com.br/9
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/updates/
Apple:
http://www.apple.com/support/downloads/
SuSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://www.debian.org/security/2005/dsa-662
Red Hat: http://rhn.redhat.com/errata/RHSA-2005-135.html
An exploit script is not required. |
SquirrelMail Cross-Site Scripting
CVE Name:
CAN-2004-1036
CAN-2005-0104
CAN-2005-0152 |
|
Secunia Advisory,
SA13155, November 11, 2004
Gentoo Linux Security Advisory, GLSA 200411-25, November 17, 2004
Fedora Update Notifications,
FEDORA-2004-471 & 472, November 28, 2004
Conectiva Linux Security Announcement, CLA-2004:905, December 2, 2004
Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Debian DSA-662-1, February 1, 2005
Red Hat RHSA-2005:135-04, February 10, 2005 |
Symantec
Norton AntiVirus for Microsoft Exchange 2.1, prior to build 2.18.85;
Symantec Norton Antivirus 2004 for Windows;
Symantec Norton Antivirus 2004 for Macintosh;
Symantec Norton Antivirus 9.0 for Macintosh
|
A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target system. The DEC2EXE engine does not properly parse UPX compressed files when inspecting them for viruses.
A fix is available via LiveUpdate and at: http://www.symantec.com/techsupp
Currently we are not aware of any exploits for this vulnerability. |
Symantec Norton Anti-Virus Buffer Overflow
CVE Name:
CAN-2005-0249 |
High |
Symantec Security Response, SYM05-003, February 8, 2005
US-CERT Vulnerability Note VU#107822 |
University of California (BSD License)
PostgreSQL 7.x, 8.x
|
Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration.
Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7: http://wwwmaster.postgresql.org/download/mirrors-ftp
Ubuntu:
http://www.ubuntulinux.org/support/documentation/usn/usn-71-1
Debian:
http://www.debian.org/security/2005/dsa-668
Gentoo:
http://security.gentoo.org/glsa/glsa-200502-08.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Trustix: http://http.trustix.org/pub/trustix/updates/
Ubuntu: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
RedHat: http://rhn.redhat.com/errata/RHSA-2005-141.html
Gentoo: http://security.gentoo.org/glsa/glsa-200502-19.xml
Debian: http://security.debian.org/pool/updates/main/p/postgresql/
Currently we are not aware of any exploits for these vulnerabilities.
|
University of California PostgreSQL Multiple Vulnerabilities
CVE Name:
CAN-2005-0227
CAN-2005-0246
CAN-2005-0244
CAN-2005-0245
CAN-2005-0247 |
Medium/ High
(High if arbitrary code can be executed)
|
PostgreSQL Security Release, February 1, 2005
Ubuntu Security Notice USN-71-1 February 01, 2005
Debian Security Advisory
DSA-668-1, February 4, 2005
Gentoo GLSA 200502-08, February 7, 2005
Fedora Update Notifications,
FEDORA-2005-124 & 125, February 7, 2005
Ubuntu Security Notic,e USN-79-1 , February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
Gentoo Linux Security Advisory, GLSA 200502-19, February 14, 2005
RedHat Security Advisory, RHSA-2005:141-06, February 14, 2005
Debian Security Advisory, DSA 683-1, February 15, 2005 |
[back to top]
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script
(Reverse Chronological Order) |
Script name |
Workaround or Patch Available |
Script Description |
| February 14, 2005 |
cabrightstor_disco.pm
brightstor.c.php |
Yes |
Script that exploits the BrightStor ARCserve Backup Discovery Service Buffer Overflow vulnerability. |
| February 14, 2005 |
ex_perl.c
ex_perl2.c |
Yes |
Proofs of Concept exploits for the Perl SuidPerl Multiple Vulnerabilities. |
| February 12, 2005 |
ecl-eximspa.c
p_exim.c |
Yes |
Exploit for the GNU Exim
Buffer Overflows vulnerability. |
| February 11, 2005 |
rkhunter-1.2.0.tar.gz |
N/A |
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. |
| February 10, 2005 |
atronboom.zip |
No |
Exploit for the Armagetron Advanced Multiple Remote Denial of Service Vulnerabilities. |
| February 10, 2005 |
msnMessengerPNGexploit.c |
Yes |
Script that exploits the Windows/MSN Messenger PNG Processing vulnerability. |
| February 8, 2005 |
fm-afp.c
|
No |
Script that exploits the Apple Mac OS X AppleFileServer Remote Denial of Service vulnerability. |
| February 8, 2005 |
rna_deleter.rgp
rna_bof.rgs
|
No |
Exploits for the RealNetworks RealArcade Multiple Remote Vulnerabilities. |
| February 7, 2005 |
3csploit.c |
No |
Script that exploits the 3Com 3CServer FTP Command Buffer Overflows vulnerability. |
| February 7, 2005 |
pde.txt |
Yes |
Exploit for the PerlDesk 'view' Parameter Input Validation vulnerability. |
| February 7, 2005 |
xfinder-ds.pl |
No |
Perl script that exploits the Apple Mac OS X Finder 'DS_Store' Insecure File Creation vulnerability. |
[back to
top]
Trends
- IBM has announced the results from its 2004 Global Business Security Index Report for potential security threats in 2005. For more information, see "IBM Security Report Predicts Mobile/Satellite Attacks in 2005," located at: http://sys-con.com/story/?storyid=48190&DE=1.
- An Internet browser feature that permits web addresses in Chinese, Arabic, and other languages could encourage online fraudsters by making scam Web sites look legitimate to visitors due to a lack of support internationalized domain names. For more information, see " Browser Feature Could Make Scams Easier," located at: http://www.washingtonpost.com/wp-dyn/articles/A5709-2005Feb7.html?sub=AR.
- WholeSecurity announced the industry's first worldwide anti-phishing network (www.phishreport.net). For more information, see "Microsoft, EBay, Paypal, And Visa Join WholeSecurity To Launch Phish Report Network, The Internet’s First Global Anti-Phishing Aggregation Service" located at: http://www.phishreport.net/releases/launch_release.html and "Microsoft, eBay join antiphishing initiative" located at: http://news.com.com/Microsoft%2C+eBay+join+antiphishing+initiative/2100-1029_3-5575106.html.
[back to top]
Viruses/Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank |
Common Name |
Type of Code |
Trends |
Date |
1 |
Netsky-P |
Win32 Worm |
Stable |
March 2004 |
2 |
Zafi-D |
Win32 Worm |
Stable |
December 2004 |
3 |
Netsky-Q |
Win32 Worm |
Stable |
March 2004 |
4 |
Zafi-B |
Win32 Worm |
Slight Increase |
June 2004 |
5 |
Netsky-D |
Win32 Worm |
Slight Increase |
March 2004 |
6 |
Sober-I |
Win32 Worm |
Decrease |
November 2004 |
7 |
Bagle.bj |
Win32 Worm |
Stable |
January 2005 |
8 |
Netsky-B |
Win32 Worm |
Stable |
February 2004 |
9 |
Bagle.z |
Win32 Worm |
Stable |
April 2004 |
10 |
Bagle-AU |
Win32 Worm |
Stable |
October 2004 |
Table Updated February 15, 2005
Viruses or Trojans Considered to be a High Level of Threat
- Troj/BankAsh-A: Anti-virus firms said they uncovered the first malware, Troj/BankAsh-A, that switches off Microsoft AntiSpyware, along with its other functions. Troj/BankAsh-A includes a keylogger and attempts to steal credit card details, turn off other anti-virus applications, delete files, install other malicious code and download code from the Internet. For more information see: http://www.eweek.com/article2/0,1759,1763560,00.asp
-
Worm_Aimdes.A: Last week saw instant messaging (IM) viruses and worms hit popular IM systems from both Microsoft and AOL. In the Microsoft MSN Messenger case, exploit code that could be used to create an IM virus was published on the Web. AOL's AIM was hit with a virus dubbed Worm_Aimdes.A. The virus sends a copy of itself to all online contacts in an affected user's Buddy List, sending a message in an attempt to trick recipient into thinking the file was send from a trusted source. For more information see: http://www.infoworld.com/article/05/02/11/HNimvirus_1.html
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Name |
Aliases |
Type |
| Backdoor.Netshadow |
Backdoor.Win32.NetShadow.a |
Trojan |
| Downloader-ME.dr |
|
Trojan |
| Mydoom.AK |
W32/Mydoom.AK.worm |
Win32 Worm |
| PWS-Banker.j |
PWS-Banker.j.dll |
Trojan |
| PWSteal.Bancos.O |
PWS-Banker.f
Trojan-Spy.Win32.Banker.jj
TROJ_BANKER.EY
Win32.Formglieder.D |
Trojan |
| PWSteal.Bancos.P |
PWS-Banker.f
Trojan-Spy.Win32.Banker.jj
TROJ_BANKER.EY |
Trojan |
| PWSteal.Bankash.A |
PWS-Banker.j
PWSteal.Bankash.A
Troj/BankAsh-A
Trojan-Downloader.Win32.Small.ain |
Trojan |
| Troj/LowZone-O |
Trojan.Win32.LowZones.o |
Trojan |
| TROJ_BANKER.EY |
|
Trojan |
| TROJ_SPYBANK.A |
|
Trojan |
| Trojan.Eneles |
|
Trojan |
| Trojan.KillAV.E |
|
Trojan |
| Trojan.Rplay.A |
|
Trojan |
| VBS/Mcon-G |
VBS.Mcon.c
VBS/Pica.worm.gen
VBS.Sorry.A
VBS_MCON.A |
Visual Basic Worm |
| W32.Kipis.J@mm |
|
Win32 Worm |
| W32.Mydoom.AS@mm |
|
Win32 Worm |
| W32.Randex.COX |
|
Win32 Worm |
| W32/Agobot-PQ |
|
Win32 Worm |
| W32/Agobot-PR |
|
Win32 Worm |
| W32/Bropia.worm |
WORM_BROPIA.I |
Win32 Worm |
| W32/Bropia-J |
Bropia.J
W32/Bropia.J.worm |
Win32 Worm |
| W32/Codbot-B |
|
Win32 Worm |
| W32/Dopbot-A |
Backdoor.Win32.IRCBot.q
WORM_DOPBOT.A |
Win32 Worm |
| W32/Mydoom.ba@MM |
Email-Worm.Win32.Mydoom.ak
W32.Mydoom.AU@mm
W32/Mydoom.ba@MM |
Win32 Worm |
| W32/MyDoom-AQ |
|
Win32 Worm |
| W32/MyDoom-AR |
W32/Mydoom.ba@MM |
Win32 Worm |
| W32/MyDoom-AR |
WORM_MYDOOM.AR |
Win32 Worm |
| W32/Rbot-ALO |
WORM_RBOT.ALO |
Win32 Worm |
| W32/Rbot-TF |
|
Win32 Worm |
| W32/Rbot-VQ |
|
Win32 Worm |
| W32/Rbot-VT |
|
Win32 Worm |
| W32/Rbot-VX |
|
Win32 Worm |
| W32/Sdbot-UW |
|
Win32 Worm |
| W32/Sdbot-UZ |
|
Win32 Worm |
| W97M.Lebani |
|
IRC Worm |
| W97M.MJ |
|
IRC Worm |
| Win32.BettInet |
Win32.BettInet.C
Win32.BettInet.C!CAB
Win32.BettInet.D
Win32.BettInet.E
Win32.BettInet.F
Win32.BettInet.F!CAB
|
Win32 Worm |
| Win32.Faxbat |
BackDoor-CMA
Backdoor.Win32.Agent.ek
W32.SillyP2P
Win32.Faxbat.A
Win32.Faxbat.B
Win32/Faxbat.A!DLL!Worm
Win32/Faxbat.B.Worm
Win32/SillyP2P.L!P2P!Worm |
Win32 Worm |
| Win32.Imiserv Family |
|
Trojan |
| Win32.Linkbot Family |
|
Win32 Worm |
| Win32.Mugly Family |
|
Win32 Worm |
| Win32.Mydoom.AP |
Email-Worm.Win32.Mydoom.ak
W32/Mydoom.ba@MM
Win32/Mydoom.33792!Worm |
Win32 Worm |
| Win32.Mydoom.AQ |
Email-Worm.Win32.Mydoom.ak
W32/MyDoom-AR
W32/Mydoom.ba@MM
Win32/Mydoom.33792.A!Worm
WORM_MYDOOM.AR |
Win32 Worm |
| Win32.Mydoom.AR |
Email-Worm.Win32.Mydoom.ak
W32/MyDoom-AR
W32/Mydoom.ba@MM
Win32/MyDoom.BA!Worm
WORM_MYDOOM.AR |
Win32 Worm |
| WORM_AHKER.C |
|
Win32 Worm |
| WORM_AIMDES.A |
IM-Worm.Win32.Aimes.a
W32.Aimdes.A@mm
W32/AimDes.worm |
Win32 Worm |
| WORM_BROPIA.H |
|
Win32 Worm |
| WORM_BROPIA.J |
|
Win32 Worm |
| WORM_BROPIA.M |
IM-Worm.Win32.VB.g
W32.Bropia.M
W32/Bropia-M
W32/Bropia.worm.m |
Win32 Worm |
| WORM_BROPIA.N |
|
Win32 Worm |
| WORM_KIPIS.E |
|
Win32 Worm |
| WORM_SDBOT.ANY |
|
Win32 Worm |
[back to
top]
|
|
|
|
Last updated
February 13, 2008
|
|
Get Adobe Reader
US-CERT is part of the Department of Homeland Security