3Com

3CServer

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

ArGoSoft

ArGoSoft Mail Server 1.8.7.3 & prior

Multiple vulnerabilities exist: a Directory Traversal vulnerability exists in attachment handling due to insufficient input validation, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability exists in the '_msgatt.rec' file, which could let a remote malicious user include arbitrary files as a email attachment; and a vulnerability exists due to insufficient sanitization of the 'Folder' parameter in 'msg,' 'delete,' 'folderdelete,' and 'folderadd,' which could let a remote malicious user create/delete arbitrary directories.

Update available at:
http://www.argosoft.com/mailserver/download.aspx

There is no exploit code required.

Several vulnerabilities exist: a vulnerability exists in the '/admin/login.asp' script due to insufficient sanitization of the 'User' and 'Password' parameters, which could let a remote malicious user obtain administrative access; and a vulnerability exists in 'delete.asp' due to insufficient authorization, which could let a remote malicious user delete arbitrary messages.

No workaround or patch available at time of publishing.

There is no exploit code required.

Computer Associates

BrightStor ARCserve 2000 Backup Windows Japanese, ARCServe Backup for NetWare 9.0, 11.1, BrightStor ARCServe Backup for Windows 9.0.1, 11.0, 11.1, Windows 64 bit 9.0.1, 11.0, 11.1, Enterprise Backup 10.0, 10.5, Enterprise Backup for Windows 64 bit 10.5

A buffer overflow vulnerability exists when a specially crafted UDP probe is submitted to the Discovery Service, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://supportconnect.ca.com/sc/

An exploit script has been published.

DelphiTurk

DelphiTurk FTP 1.0

A vulnerability exists in the 'profile.dat' file due to insecure storage of account information, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

DelphiTurk

CodeBank (KodBank) 3.1 & prior

A vulnerability exist because the registry can be searched to obtain usernames & passwords, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

F-Secure

Anti-Virus 2004, 2005.

A buffer overflow vulnerability exists when processing the ARJ archives, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.f-secure.com/security/fsc-2005-1.shtml

Currently we are not aware of any exploits for this vulnerability.

IBM

DB2 Universal Database for Windows 7.1, 7.2, 8.0, 8.1

A vulnerability exists which could let a malicious user cause a Denial of Service or obtain sensitive information.

Updates available at:
http://www-1.ibm.com/support/docview.wss?rs
=0&uid=swg24008763

Currently we are not aware of any exploits for this vulnerability.

IBM

Websphere Application Server 5.0.2.5-5.0.2.9, 5.1.0.2-5.1.0.5, 5.1.1.1-5.1.1.3

Updates available at:
ftp://ftp.software.ibm.com/software/websphere/
appserv/support/fixes/PQ99537/PQ99537_fix.jar

There is no exploit code required.

IBM

Websphere Application Server 6.0

Updates available at: ftp://ftp.software.ibm.com/software/websphere/
appserv/support/fixes/PK00091/6.0.0.1-WS-WAS-IFPK00091.pak

There is no exploit code required.

Microsoft

ASP.NET 1.x

A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.

Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx

V1.1: Bulletin updated to include Knowledge Base
Article numbers for each individual download under Affected Products.

A Proof of Concept exploit has been published.

Microsoft, October 7, 2004

Microsoft Security Bulletin, MS05-004, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Vulnerability Note VU#283646

Microsoft Security Bulletin, MS05-004 V1.1, February 15, 2005

Microsoft

Internet Explorer 5.0.1, SP1-SP4, r 5.5, SP1&SP2, 6.0 SP1&SP2

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Internet Explorer 5.5, SP1 & SP2, 6.0, SP1 & SP2

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Internet Explorer 6.0 SP1

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Microsoft

Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx

V1.1: Bulletin updated to clarify prerequisites
under Visio 2002 Update Information.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-005, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#416001

Microsoft Security Bulletin, MS05-005 V1.1, February 15, 2005

Microsoft

Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft

A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-006.mspx

V1.1: Bulletin updated to document information
about other software that may include the affected software.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-006, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#340409

Microsoft Security Bulletin, MS05-006 V1.1, February 15, 2005

Microsoft

Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2

Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-009.mspx

V1.1 Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger – CAN-2004-0597

V1.2: Bulletin updated with correct file version
information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to "Non-Affected Software" list.

An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability.

Microsoft Security Bulletin, MS05-009, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#259890

SecurityFocus, February 10, 2005

Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005

Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005

Microsoft

Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-013.mspx

V1.1: Updated the Caveats section to reflect
"None" as there are no caveats associated with this update.

A Proof of Concept exploit has been published.

Bugtraq, December 15, 2004

Microsoft Security Bulletin, MS05-013, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#356600

Microsoft Security Bulletin, MS05-013 V1.1, February 15, 2005

Microsoft

Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1,
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-015.mspx

V1.1: Mitigating factor for ISA 2004 updated.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Security Bulletin, MS05-015, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#820427

Microsoft Security Bulletin, MS05-015 V1.1, February 15, 2005

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows 2000 Professional, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Datacenter Edition, Windows 98, Windows 98 SE, Windows ME;

Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server
Avaya S8100 Media Servers

A Shell vulnerability and Program Group vulnerability exists in Microsoft Windows. These vulnerabilities could allow remote code execution.

Updates available at:
http://www.microsoft.com/technet/security/
bulletin/MS04-037.mspx

Bulletin updated to reduce the scope of a documented workaround to only support Windows XP, Windows XP Service Pack 1, and Windows Server 2003.

Avaya: Customers are advised to follow Microsoft's guidance for applying patches. Advisories are located at the following locations: http://support.avaya.com/japple/css/japple?
temp.groupID=128450&temp.selectedFamily=
128451&temp.selectedProduct=154235&temp.
selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&
PAGE=avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()

http://support.avaya.com/japple/css/japple?temp.groupID
=128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()

V1.2 Bulletin “Caveats” section updated to reflect the availability of Microsoft Knowledge Base Article 891534 as a known issue with this security update on Windows NT Server 4.0 Terminal Server Edition Service Pack 6. This bulletin has also been updated to document that this security update does not replace MS04-024 as was originally described in the bulletin.

We are not aware of any exploits for these vulnerabilities.

Microsoft

Windows (XP SP2 is not affected)

A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.

Updates available at:
http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx

Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.

V1.2: Frequently Asked Questions section updated to reflect an additional known attack vector.

Another exploit script has been published.

VENUSTECH Security Lab, December 23, 2004

Microsoft Security Bulletin MS05-002, January 11, 2005

US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005

SecurityFocus, January 12, 2005

Technical Cyber Security Alert, TA05-012A, January 12, 2005

Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005

PacketStorm, January 31, 2005

Microsoft Security Bulletin, MS05-002, V1.2, February 15, 2005

Microsoft

Exchange Server 2003, SP1

A vulnerability exists in Microsoft Outlook Web Access due to is insufficient sanitization of URI supplied data, which could let a remote malicious user conduct phishing attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Multiple Vendors

Check Point Software Integrity Client 4.5, Integrity Client 5.0;
Zone Labs ZoneAlarm 2.1-2.6, 3.0, 3.1, 3.7 .202, 4.0, 4.5 .538.001, 5.1, ZoneAlarm Pro 2.4, 2.6, 3.0, 3.1, 4.0, 4.5 .538.001, 4.5, 5.0.590.015, 5.1, 5.5 .062, ZoneAlarm Security Suite 5.1, 5.5 .062, 5.5

A Denial of Service vulnerability exists in the 'NtConnectPort' function due to insufficient verification of the 'ServerPortName' argument.

Updates available at:
http://download.zonelabs.com/bin/free/securityAlert/19.html

Currently we are not aware of any exploits for this vulnerability.

RealNetworks

RealArcade 1.2.0.994 & prior

Two vulnerabilities exist: a vulnerability exists due to the way RGS files are handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in RGP files that contain a specially crafted 'FILENAME' tag, which could let a remote malicious modify system/user information.

No workaround or patch available at time of publishing.

Exploit scripts have been published.

Safenet

SoftRemote VPN Client

A vulnerability exists because the 'IreIKE.exe' process stores the VPN password in memory, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Software602

602LAN SUITE 2004

Update available at: http://www.software602.com/download/

Currently we are not aware of any exploits for this vulnerability.

Sybase

Adaptive Server Enterprise 11.5 Win, 11.5.1 Win, 11.9.2 Win, 12.0 Win, 12.0 .0.8 EDS#3, 12.5 Win, 12.5.2, 12.5.3 ESD#1, 12.5.3

Vendor recommendations located at: http://www.sybase.com/detail/1,6904,1033894,00.html

Currently we are not aware of any exploits for this vulnerability.

Apple

Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.7

A remote Denial of Service vulnerability exists in the AppleFileServer due to a failure to handle integer signedness properly.

No workaround or patch available at time of publishing.

An exploit script has been published.

Apple

Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.7

A vulnerability exists in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

An exploit script has been published.

Apple

Safari 1.2.4 v125.12

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Brooky

CubeCart 2.0.1, 2.0.4

Multiple vulnerabilities exist: a Directory Traversal vulnerability exists due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability exists due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://www.cubecart.com/site/downloads/

There is no exploit code required; however, a Proof of Concept exploit has been published.

Updates available at:
http://www.abisource.com/bonsai/
cvsview2.cgi?diff_mode=context&whitespace_mode=show&
root=/cvsroot&subdir=wv&command=DIFF_
FRAMESET&root =/cvsroot&file=field.c&rev
1=1.19&rev2=1.20

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/glsa-200407-11.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Debian:
http://security.debian.org/pool/updates/main/w/wv/

FedoraLegacy:
http://download.fedoralegacy.org/redhat/

A Proof of Concept exploit has been published.

iDEFENSE Security Advisory, July 9, 2004

Conectiva Linux Security Announcement, CLA-2004:863, September 10, 2004

Debian Security Advisory, DSA 550-1, September 20, 2004

Debian Security Advisory, DSA 579-1, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:902, December 1, 2004

Fedora Legacy Update Advisory, FLSA:1906, February 8, 2005

Computer Associates

BrightStor ARCserve 2000, ARCserve Backup 11.x, 9.x, Enterprise Backup 10.x

Updates available at:
http://supportconnect.ca.com/sc/solcenter/

There is no exploit code required

Debian

Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha,
Debian toolchain-source 3.0.3 -1-3.0.3-3, 3.0.4

A vulnerability exists due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.

Update available at:
http://security.debian.org/pool/updates/
main/t/toolchain-source/toolchain-source
_3.0.4-1woody1_all.deb

There is no exploit code required.

Ethereal Group

Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8

Ethereal:
http://www.ethereal.com/download.html

Debian:
http://security.debian.org/pool/
updates/main/e/ethereal/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-27.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

SGI:
ftp://oss.sgi.com/projects/sgi_
propack/download/3/updates/

Currently we are not aware of any exploits for these vulnerabilities.

SecurityTracker Alert, 1012962, January 21, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

Gallery Project

Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux

A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://sourceforge.net/project/showfiles.
php?group_id=7130

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-10.xml

Debian:
http://security.debian.org/pool/updates
/main/g/gallery/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-45.xml

It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed.

Gentoo: The cross-site scripting vulnerability that Gallery 1.4.4-pl5 was intended to fix, did not actually resolve the issue.

There is no exploit code required.

Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004

Debian Security Advisory, DSA 642-1, January 17, 2005

Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005

SecurityFocus, February 2, 2005

Gentoo Linux Security Advisory [UPDATE] GLSA 200501-45:03, February 10, 2005

Gentoo

webmin-1.140.ebuild, 1.150.ebuild, 1.160.ebuild, 1.170-r1.ebuild, 1.170-r2.ebuild

Update available at:
http://security.gentoo.org/glsa/glsa-200502-12.xml

There is no exploit required.

gFTP

gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17

A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz

There is no exploit code required.

Glyph and Cog

XPDF prior to 3.00pl3

A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.

Update available at:
http://www.foolabs.com/xpdf/download.html

Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch

Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/

http://security.debian.org/pool/
updates/main/x/xpdf/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates

Gentoo:
http://security.gentoo.org/glsa/

KDE:
ftp://ftp.kde.org/pub/kde/security_patches

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.suse.com/pub/suse/

FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-10.xml

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Trustix:
http://http.trustix.org/pub/trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory, January 18, 2005

Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005

Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

Gentoo Linux Security Advisory, GLSA 200502-10, February 9, 2005

Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.org/pool/
updates/main/e/enscript/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-03.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-039.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

SecurityTracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

GNU

Emacs prior to 21.4.17

Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4

Debian:
http://security.debian.org/pool/.../e/emacs20/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/emacs21/

Currently we are not aware of any exploits for this vulnerability.

SecurityTracker Alert, 1013100, February 7, 2005

Debian Security Advisory,
DSA-670-1 & 671-1, February 8, 2005

Ubuntu Security Notice, USN-76-1, February 7, 2005

Fedora Update Notifications
FEDORA-2005-145 & 146, February 14, 2005

GNU

wget 1.9.1

A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

A Proof of Concept exploit script has been published.

SecurityTracker Alert ID: 1012472, December 10, 2004

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

GNU

Xpdf prior to 3.00pl2

A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.

A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/download.html

A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch

KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt

Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/

Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165

Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163

Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162

Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161

Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166

Debian:
http://www.debian.org/security/2004/dsa-619

Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SuSE:
ftp://ftp.suse.com/pub/suse/

FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/

Currently we are not aware of any exploits for this vulnerability.

GNU Xpdf Buffer Overflow in doImage()

CVE Name:
CAN-2004-1125

iDEFENSE Security Advisory 12.21.04

KDE Security Advisory, December 23, 2004

Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004

Fedora Update Notification,
FEDORA-2004-585, January 6, 2005

Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005

Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Avaya Security Advisory, ASA-2005-027, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005

Hewlett Packard Company

HP-UX B.11.23, HP-UX B.11.11, HP-UX B.11.00

A remote Denial of Service vulnerability exists due to a failure to handle malformed network data.

Upgrades available at:
http://software.hp.com/

Currently we are not aware of any exploits for this vulnerability.

Hewlett Packard

HP-UX 11.x

A vulnerability exists in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the debug logging routine of ftpd. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long command request. Successful exploitation may allow execution of arbitrary code, but requires that the FTP daemon is configured to log debug information (not default setting).

Apply patches:
http://www.itrc.hp.com/service/patch/mainPage.do

HP:
http://itrc.hp.com

Currently we are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory 12.21.04

HP Security Bulletin, HPSBUX01118, February 9, 2005

IBM

AIX 5.1-5.3

A buffer overflow vulnerability exists in 'netpmon' command, which could let a malicious user execute arbitrary code as root.

Patches available at:
ftp://aix.software.ibm.com/aix/efixes/
security/netpmon_efix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM

AIX 5.1-5.3

A buffer overflow vulnerability exists in the 'ipl_varyon' utility due to a failure to copy user-supplied input securely, which could let a malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

IBM

AIX 5.2, 5.3

A vulnerability exists in the 'lspath' command, which could let a malicious user obtain sensitive information.

Updates available at:
ftp://aix.software.ibm.com/aix/efixes/
security/lspath_efix.tar.Z

There is no exploit code required.

KAME Project

IPsec-Tools 0.3, rc1-rc5, 0.3.1, 0.3.2;
KAME Racoon, 20040503, 20040407b, 20040405, 20030711

A vulnerability exists due to an authentication error in the
‘eay_check_x509cert()’ function when verifying certificates, which could lead to the validation of invalid certificates.

Upgrades available at:
http://prdownloads.sourceforge.net/ipsec-tools/
ipsec-tools-0.3.3.tar.gz?download

SGI:
http://www.sgi.com/support/security/

Apple:
http://download.info.apple.com/Mac_OS_X/

RedHat:
http://rhn.redhat.com/errata/RHSA-2004-308.html

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SCO:
ftp://ftp.sco.com/pub/updates
/UnixWare/SCOSA-2005.10

There is no exploit code required.

Bugtraq, June 14, 2004

SCO Security Advisory, SCOSA-2005.10, February 7, 2005

KAME Project

Racoon 20040405, 20030711, Racoon

A remote Denial of Service vulnerability exists due to an error when processing certain
malformed IKE messages.

Upgrades available at:
ftp://ftp.kame.net/pub/kame/snap/kame-20040503-openbsd34-snap.tgz

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.10

Currently we are not aware of any exploits for this vulnerability.

SecurityFocus, May 6, 2004

SCO Security Advisory, SCOSA-2005.10, February 7, 2005

KAME Project

Racoon
Apple Mac OS X 10.2.8, 10.3.3, Mac OS X Server 10.2.8, 10.3.3

A Denial of Service vulnerability exits due to an error when allocating memory
for ISAKMP messages.

Patch available at:
http://www.securityfocus.com/data
/vulnerabilities/patches/racoon_patch

Apple:
http://download.info.apple.com/Mac_OS_X/

RedHat:
http://rhn.redhat.com/errata/RHSA-2004-165.html

SGI:
http://www.sgi.com/support/security/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200404-17.xml

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.10

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory, SA11410, April 19, 2004

Apple Security Advisory, APPLE-SA-2004-05-03, May 3, 2004

SCO Security Advisory, SCOSA-2005.10, February 7, 2005

KDE

kdelibs 3.3.2

A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.

Patch available at:
http://bugs.kde.org/attachment.cgi?id=9205&action=view

Currently we are not aware of any exploits for this vulnerability.

KDE

KDE 3.x, 2.x

A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.

The vulnerability has been fixed in the CVS repository.

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160

Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-009.html

Currently we are not aware of any exploits for this vulnerability.

KDE Advisory Bug 95825, December 26, 2004

Debian Security Advisory, DSA 631-1, January 10, 2005

Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005

KDE

Konqueror 3.2.2-6

A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:150

Gentoo:
http://security.gentoo.org/glsa/
glsa-200412-16.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat: h
ttp://rhn.redhat.com/errata/
RHSA-2005-009.html

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory ID, SA13254, December 8, 2004

Secunia Advisory ID, SA13486, December 16, 2004

Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005

Konversation

IRC Client 0.15

Upgrade available at:
http://konversation.berlios.de/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-34.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit required; however, Proofs of Concept exploits have been published.

Bugtraq, January 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Larry Wall

Perl 5.8.3

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/

Gentoo:
http://security.gentoo.org/glsa/glsa-200412-04.xml

Debian:
http://security.debian.org/pool/updates/main/p/perl/

OpenPKG:
ftp://ftp.openpkg.org/release/2.1/UPD/
perl-5.8.4-2.1.1.src.rpm

Mandrake:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:031

There is no exploit code required.

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Ubuntu Security Notice, USN-16-1, November 3, 2004

Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004

Debian Security Advisory, DSA 620-1, December 30, 2004

OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 8, 2005

LOGICNOW

PerlDesk 1.x

An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands.

Upgrades available at:
http://www.perldesk.com/helpdesk.0.html

An exploit script has been published.

SecurityTracker Alert, 1013090, February 7, 2005

SecurityFocus, February 7, 2005

MIT

Kerberos 5 1.3.4

Trustix: ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo: http://security.gentoo.org/glsa/glsa-200410-24.xml

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-036_RHSA-2005-012.pdf

There is no exploit code required.

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory GLSA 200410-24, October 25, 2004

Avaya Security Advisory, ASA-2005-036, February 7, 2005

MIT

Kerberos 5 krb5-1.3.5 & prior; Avaya S8700/S8500/S8300 (CM2.0 and later), MN100, Intuity LX 1.1- 5.x, Modular Messaging MSS

A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code.

A patch is available at:
http://web.mit.edu/kerberos/advisories/
2004-004-patch_1.3.5.txt

Gentoo:
http://www.gentoo.org/security/en/glsa/glsa-
200501-05.xml

Debian:
http://security.debian.org/pool/updates/main/
k/krb5/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/k/krb5/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-036_RHSA-2005-012.pdf

Currently we are not aware of any exploits for this vulnerability.

SecurityTracker Alert ID, 1012640, December 20, 2004

Gentoo GLSA 200501-05, January 5, 2005

Ubuntu Security Notice, USN-58-1, January 10, 2005

Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005

Avaya Security Advisory, ASA-2005-036, February 7, 2005

Multiple Vendors

ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1

A remote Denial of Service vulnerability exists due to an error in the handling of file
information in corrupted ZIP files.

Upgrade available at:
http://sourceforge.net/project/showfiles.
php?group_id=86638&release_id=300116

Gentoo:
http://security.gentoo.org/glsa/glsa-200501-46.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Trustix:
http://www.trustix.org/errata/2005/0003/

Currently we are not aware of any exploits for this vulnerability.

SecurityFocus, January 31, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005

Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

Multiple Vendors

Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9

Debian:
http://security.debian.org/pool/
updates/main/i/iptables/i

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

SUSE:
ftp.SUSE.com/pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.org/redhat/

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/i/iptables/

There is no exploit required.

Debian Security Advisory, DSA 580-1 , November 1, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004

SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004

Fedora Update Notification,
FEDORA-2004-417, December 1, 2004

Turbolinux Security Advisory, TLSA-2005-10, January 26, 2005

Fedora Legacy Update Advisory, FLSA:2252, February 10, 2005

Ubuntu Security Notice, USN-81-1, February 11, 2005

Multiple Vendors

Exim 4.43 & prior

Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process.

The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software
/email/exim/ Testing/exim-snapshot.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/
email/exim/Testing/exim-snapshot.tar.gz.sig

Also, patches for 4.43 are available at:
http://www.exim.org/mail-archives/
exim-announce/2005/msg00000.html

Fedora: