 |
Summary of Security Items from February 16 through February 22, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
3Com
3CDaemon 2.0 revision 10 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists when a remote malicious user submits a specially crafted FTP username, which could lead to the execution of arbitrary code; a buffer overflow vulnerability exists in several FTP commands, including cd, send, ls, put, delete, rename, rmdir, literal, stat, and cwd, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user submits an FTP user command with format string characters; a format string vulnerability exists in the cd, delete, rename, rmdir, literal, stat, and cwd [and others] commands, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user connects to the TFTP service and requests an MS-DOS device name; a vulnerability exists when the directory to an MS-DOS device name or a filename is changed, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Low/Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
[I.T.S] Security Research Team Advisory, January 4, 2005
SecurityFocus, 12155, February 19, 2005 |
DigiPen
Bontago 1.1 |
A buffer overflow vulnerability exists in 'nickname' values due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Bontago Game Server Nickname Remote Buffer Overflow
CVE Name:
CAN-2005-0501
|
High |
Secunia Advisory,
SA14350, February 21, 2005 |
GD Software
SD Server 4.0.70 & prior |
A Directory Traversal vulnerability exists due to insufficient validation of user-supplied input, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://www.gdsoftware.dk/dl_file.asp?
link=SDServer%204.0.0.72.zip
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
x0n3-h4ck Italian Security Team Advisory, February 21, 2005 |
KarjaSoft
Sami HTTP Server 1.0.5 |
Several vulnerabilities exist: a Directory Traversal vulnerability exists due to an input validation error, which could let a remote malicious user obtain sensitive information; and a remote Denial of Service vulnerability exists due to a NULL pointer dereference error.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
|
Low/Medium
(Medium if sensitive information can be obtained)
|
Global Security Solution IT Advisory, February 15, 2005 |
Microsoft
ASP.NET 1.0, SP1 & SP2, 1.1, SP1 |
Multiple Cross-Site Scripting vulnerabilities exist when Unicode characters ranging from U+ff00-U+ff60 are converted to ASCII due to insufficient validation, which could let a remote malicious user execute arbitrary HTML or script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting
CVE Name:
CAN-2005-0452
|
High |
SecurityFocus, 12574, February 16, 2005 |
Microsoft
Internet Explorer 6.0, SP1&SP2 |
A vulnerability exists because the title bar can be spoofed when a malicious user submits an overly long hostname due to a flaw in script-initiated pop-up windows.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
Microsoft Internet Explorer Script-initiated Pop-up Windows Spoofing
CVE Name:
CAN-2005-0500
|
Medium |
SecurityFocus, 12602, February 21, 2005 |
OpenConnect Systems
WebConnect 6.4.4, 6.5 |
Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits a request that has an MS-DOS device name; and a vulnerability exists in the ''jretest.html' script due to insufficient validation of the 'WCP_USER' parameter, which could let a remote malicious user obtain sensitive information.
Updates available at: http://www.oc.com/solutions/webconnect.jsp
Proofs of Concept exploits have been published. |
|
Low/Medium
(Medium if sensitive information can be obtained)
|
CIRT Advisory, February 20, 2005 |
TrackerCam
TrackerCam 5.12 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the TrackerCam HTTP server, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in TrackerCam PHP scripts due to insufficient bounds checks on arguments, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability exists in the 'ComGetLogFile.php3' script, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to insufficient sanitization of HTML content in the username and password fields, which could let a remote malicious user launch phishing style attacks; and multiple remote Denial of Service vulnerabilities exist.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Low/ Medium/ High
(Low of a DoS; medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SecurityFocus, 12592, February 18, 2005 |
webwasher AG
Webwasher Classic 2.2.1, 3.3 build 44, 3.3 |
A vulnerability exists due to a design error because connections to the local host interface are allowed by the proxy, which could let a remote malicious user bypass security restrictions.
Upgrades available at:
ftp://ftp.webwasher.com/pub/
wwash/wash34.ex
There is no exploit code required; however, a Proofs of Concept exploit has been published.
|
WebWasher Classic HTTP CONNECT Unauthorized Access
CVE Name:
CAN-2005-0316
|
Medium |
Secunia Advisory,
SA14058, January 28, 2005
SecurityFocus, 12394, February 18, 2005 |
Xinkaa
WEB Station 1.0.3 |
A Directory Traversal vulnerability exists due to an input validation error when handling certain types of requests, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is not exploit code required; however, Proofs of Concept exploits have been published. |
|
Medium |
Secunia Advisory,
SA14349, February 21, 2005 |
Yahoo! Inc.
Yahoo! Messenger 6.0 .0.1750 |
A vulnerability exists during the installation process due to a failure to properly secure directories and executables, which could let a malicious user obtain elevated privileges.
Upgrade available at:
http://messenger.yahoo.com/
There is no exploit code required. |
Yahoo! Messenger Insecure Default Installation
CVE Name:
CAN-2005-0242
|
Medium |
Secunia Advisory,
SA11815, February 18, 2005 |
Yahoo! Inc.
Yahoo! Messenger 6.0 .0.1750 |
A vulnerability exists due to a failure to correctly display files with long filenames in the file transfer dialogue box, which could let a remote malicious user spoof downloaded file names.
Upgrade available: http://messenger.yahoo.com/
There is no exploit code required.
|
Yahoo! Messenger Download Dialogue Box File Name Spoofing
CVE Name:
CAN-2005-0243
|
Medium |
Secunia Advisory,
SA13712, February 18, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
ADP
Elite System Max 9000 Series |
A vulnerability exists because certain configuration files can be overwritten via the FTP server, which could let a malicious user obtain shell access.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
ADP Elite System Max 9000 Series Shell Access
CVE Name:
CAN-2005-0497
|
Medium |
Secunia Advisory, SA14358, February 22, 2005 |
bidwatcher
bidwatcher 1.3-1.3.16 |
A vulnerability exists due to a failure of the application to properly implement a formatted string function, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.net/
bidwatcher/bidwatcher-1.3.17.tar.gz
Debian:
http://security.debian.org/pool/
updates/main/b/bidwatcher/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory DSA 687-1, February 18, 2005 |
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-05.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-546.html
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://security.debian.org/pool/updates/
main/c/cyrus-sasl/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
OpenPGK:
ftp ftp.openpkg.org
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
Currently we are not aware of any exploits for these vulnerabilities.
|
Cyrus SASL Buffer Overflow & Input Validation
CVE Name:
CAN-2004-0884
|
|
SecurityTracker Alert ID: 1011568, October 7, 2004
Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12 , 14, & 16, 2004
Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004
OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005 |
Dan Stromberg
fallback-reboot 0.9, 0.95, 0.96 |
A remote Denial of Service vulnerability when the daemon status is written to a non-existent terminal.
Upgrades available at:
http://dcs.nac.uci.edu/~strombrg/fallback-
reboot/fallback-reboot.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia Advisory,
SA14328, February 22, 2005 |
Dotcom-Projects.com
DCP-Portal 6.1.1 |
Multiple vulnerabilities exist due to insufficient validation of user-supplied input in the 'index.php' and 'forums.php' scripts,which could let a remote malicious user inject arbitrary SQL commands.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
|
High |
hackgen-2005-#003, February 16, 2005 |
gFTP
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 |
A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz
Debian:
http://security.debian.org/pool/
updates/main/g/gftp/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
There is no exploit code required. |
|
Medium |
SecurityFocus, February 14, 2005
Debian Security Advisory, DSA 686-1, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005 |
GlFtpd
GlFtpd 1.26-1.29.1, 1.31, 1.32, 2.0, RC1-RC7
|
Multiple Directory Traversal vulnerabilities exists in various ZIP related plugins due to insufficient sanitization of user-supplied data, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
glFTPD ZIP Plugins Multiple Directory Traversal
CVE Name:
CAN-2005-0483
|
Medium |
SecurityFocus, 12586, February 18, 2005 |
GNU
Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4
|
Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.
Debian:
http://security.debian.org/pool/
updates/main/e/enscript/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
/universe/e/enscript/
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-03.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-039.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
SGI:
http://www.sgi.com/support/security/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID: 1012965, January 21, 2005
RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005
Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005 |
GNU Midnight Commander Project
Midnight Commander 4.x |
Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/m/mc/
SUSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-24.xml
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium/ High
(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012903, January 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005 |
GNU
CUPS 1.1.22 |
A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SGI:
http://www.sgi.com/support/security/
SuSE:
ftp://ftp.suse.com/pub/suse/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
A Proof of Concept exploit script has been published. |
GNU CUPS HPGL ParseCommand() Buffer Overflow
CVE Name:
CAN-2004-1267
|
High |
CUPS Advisory STR #1023, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Turbolinux Security Announcement, February 17, 2005 |
GNU
CUPS Ippasswd 1.1.22 |
A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/security/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
A Proof of Concept exploit has been published. |
|
Low |
SecurityTracker Alert ID, 1012602, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
Turbolinux Security Announcement, February 17, 2005 |
GNU
Emacs prior to 21.4.17
|
A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4
Debian:
http://security.debian.org/pool/.../e/emacs20/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/emacs21/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-20.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Debian:
http://security.debian.org/pool/
updates/main/e/emacs21/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert, 1013100, February 7, 2005
Debian Security Advisory,
DSA-670-1 & 671-1, February 8, 2005
Ubuntu Security Notice, USN-76-1, February 7, 2005
Fedora Update Notifications
FEDORA-2005-145 & 146, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-20, February 15, 2005
Mandrakelinux Security Update Advisory,MDKSA-2005:03, February 15, 2005
Debian Security Advisory, DSA 685-1, February 17, 2005 |
INL
Ulog-php 08- 0.8.2 |
Multiple SQL injection vulnerabilities exist due to insufficient sanitization of user-supplied input before used in SQL queries, which could let a malicious user modify data or exploit database implementation vulnerabilities.
Upgrades available at:
http://www.inl.fr/download/
ulog-php-1.0.tar.gz
There is no exploit code required. |
|
Medium |
SecurityFocus, 12610, February 21, 2005 |
J. Schilling
CDRTools 2.0, 2.0.1 a18, 2.0.3. |
A vulnerability exists in 'cdrecord,' which could let a malicious user obtain root privileges.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-18.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/10/updates/
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/9/updates/
Exploit scripts have been published. |
CDRTools Unspecified Privilege Escalation
CVE Name:
CAN-2004-0806
|
|
SecurityFocus, August 31, 2004
US-CERT Vulnerability Note VU#700326, September 17, 2004
Fedora Legacy Update Advisory, FLSA:2058, February 21, 2005 |
Jouni Malinen
wpa_supplicant prior to 0.2.7 and 0.3.8 |
A remote Denial of Service vulnerability exists in 'wpa.c' when processing WPA2 frames due to insufficient validation of the Key Data Length.
Update available at:
http://hostap.epitest.fi/wpa_supplicant/
Currently we are not aware of any exploits for this vulnerability. |
Jouni Malinen wpa_supplicant Remote Denial of Service
CVE Name:
CAN-2005-0470
|
Low |
SecurityTracker Alert, 1013226, February 17, 2005 |
KDE
KDE 3.3- 3.3.2 |
Several buffer overflow vulnerabilities exist in the 'FLICCD' utility due to boundary errors, which could let a malicious user obtain elevated privileges vulnerabilities and execute arbitrary code.
Patches available at:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.3.2-kdeedu-kstars.diff
Currently we are not aware of any exploits for these vulnerabilities. |
KDE 'FLICCD' Utility Multiple Buffer Overflows
CVE Name:
CAN-2005-0011
|
High |
Secunia Advisory,
SA14306, February 16, 2005 |
KDE
kdelibs 3.3.2 |
A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.
Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
SecurityFocus, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005 |
KDE
KDE 3.x, 2.x |
A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.
The vulnerability has been fixed in the CVS repository.
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160
Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/
Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-009.html
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
KDE kio_ftp FTP Command Injection Vulnerability
CVE Name:
CAN-2004-1165
|
Medium |
KDE Advisory Bug 95825, December 26, 2004
Debian Security Advisory, DSA 631-1, January 10, 2005
Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005
Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3
|
A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
A Proof of Concept exploit script has been published. |
Linux Kernel Local RLIMIT_MEMLOCK
Bypass Denial
of Service
CVE Name:
CAN-2005-0179
|
Low |
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
Multiple Vendors
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-29.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool/
updates/main/m/mailman/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker, January 12, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005
SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005
Debian Security Advisory, DSA 674-3, February 21, 2005 |
Multiple Vendors
ISC BIND 8.4.4, 8.4.5 |
A remote Denial of Service vulnerability exists in the 'q_usedns' array due to in sufficient validation of the length of user-supplied input prior to copying it into static process buffers. This could possibly lead to the execution of arbitrary code.
Upgrade available at:
http://www.isc.org/index.pl?/sw/bind/
Astaro Linux:
http://www.astaro.org/showflat.php?Cat=
&Number=55637&page=0&view=
collapsed&sb=5&o=&fpart=1#55637
Currently we are not aware of any exploits for this vulnerability. |
ISC BIND 'Q_UseDNS' Remote Denial of Service
CVE Name:
CAN-2005-0033
|
Low/High
(High if arbitrary code can be executed)
|
US-CERT Vulnerability Note, VU#327633, January 25, 2005
Astaro Security Linux Announcement, February 17, 2005 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0 |
Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel IGMP Integer Underflow
CVE Name:
CAN-2004-1137 |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
iSEC Security Research Advisory 0018, December 14, 2004
SecurityFocus, December 25, 2005
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
Multiple Vendors
MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta) |
A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.
Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/
SUSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://security.debian.org/pool/
updates/main/e/evolution/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability. |
Evolution Camel-Lock-Helper Application Remote Buffer Overflow
CVE Name:
CAN-2005-0102
|
High |
Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005
Ubuntu Security Notice, USN-69-1, January 25, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory, DSA 673-1, February 10, 2005
Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005 |
Multiple Vendors
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1 |
A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.
Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html
SuSE:
ftp://ftp.suse.com/pub/suse
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit code required.
|
MySQL Database Unauthorized GRANT Privilege
CVE Name:
CAN-2004-0957
|
Medium |
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005 |
Multiple Vendors
OpenLDAP 2.0-2.0.23, 2.0.25, 2.0.27, 2.1 .20, 2.1.4, 2.1.10-2.1.19, 2.1.22, 2.2.6, 2.2.15; SuSE Linux 8.2, 9.0 x86_64, 9.0, 9.1 x86_64, 9.1, 9.2 x86_64, 9.2 |
Multiple unspecified remote vulnerabilities exist in the 'slapd' daemon.
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for these vulnerabilities. |
OpenLDAP SlapD Multiple Remote Denials of Service |
Low |
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005 |
Multiple Vendors
OpenSSH 3.0 p1-3.0.2 pl1, 3.0-3.0.2, 3.1-3.5, 3.1pl1, 3.2.2 p1, 3.2.3 p1, 3.3 p1-3.5pl1, 3.6.1 p1&pl2, 3.6.1, 3.7, 3.7.1, 3.7 p1&pl2, 3.7.1 p1, 3.8.1 p1, 3.9.1 pl1 |
An information disclosure vulnerability exists in the portable version of OpenSSH that is distributed for operating systems other than its native OpenBSD platform, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssh/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
There is no exploit code required. |
OpenSSH-portable Remote Information Disclosure
CVE Name:
CAN-2003-0190
|
Medium |
Ubuntu Security Notice, USN-34-1 November 30, 2004
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0 |
Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Debian:
http://security.debian.org/pool/
updates/main/s/squid/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-061.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit required. |
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA13825, January 13, 2005
Debian Security Advisory, DSA 651-1, January 20, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005
Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005
Turbolinux Security Announcement, February 17, 2005
|
Multiple Vendors
ALSA alsa-lib 1.0.6;
RedHat Enterprise Linux WS 4, ES 4, Enterprise Linux Desktop version 4, Enterprise Linux AS 4 |
A vulnerability exists in the Advanced Linux Sound Architecture (ALSA) mixer code, which could let a malicious user modify system information.
RedHat:
http://www.redhat.com/support/errata/
RHSA-2005-033.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Red Hat Security Advisory, RHSA-2005:033-01, February 15, 2005 |
Multiple Vendors
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 |
A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows
CVE Name:
CAN-2005-0490
|
High |
iDEFENSE Security Advisory , February 21, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml
KDE:
ftp://ftp.kde.org/pub/kde/security_patches/
post-3.3.1-kdegraphics.diff
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/
SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-132.html
Currently we are not aware of any exploits for these vulnerabilities.
|
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CVE Names:
CAN-2004-0888
CAN-2004-0889 |
High |
SecurityTracker Alert ID, 1011865, October 21, 2004
Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004
Debian Security Advisory, DSA 599-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005
Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136, February 8 & 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:041-044, February 18, 2005
RedHat Security Advisory, RHSA-2005:132-09, February, 18. 2005 |
Multiple Vendors
Gentoo Linux;
GNU Mailman 2.1-2.1.5; RedHat Fedora Core3 & Core2; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A Directory Traversal vulnerability exists in 'private.py' due to an input validation error, which could let a remote malicious user obtain sensitive information.
Debian:
http://security.debian.org/pool/
updates/main/m/mailman/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-11.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-136.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 674-1, February 10, 2005
Ubuntu Security Notice USN-78-1, February 10, 2005
Fedora Update Notifications
FEDORA-2005-131 & 132, February 10, 2005
Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005
RedHat Security Advisory, RHSA-2005:136-08, February 10, 2005
Fedora Update Notifications,
FEDORA-2005-131 & 132, February 10, 2005
Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005
Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005
SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:037, February 14, 2005
Ubuntu Security Notice, USN-78-2 , February 17, 2005
Debian Security Advisory, DSA 674-3, February 21, 2005 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information, or cause a Denial of Service.
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-28.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
X.org:
http://www.x.org/pub/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:137 (libxpm)
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:138 (XFree86)
Debian:
http://www.debian.org/
security/2004/dsa-607 (XFree86)
SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/
TurboLinux:
http://www.turbolinux.com/update/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-023_RHSA-2004-537.pdf
http://support.avaya.com/elmodocs2/
security/ASA-2005-025_RHSA-2005-004.pdf
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-06.xml
http://security.gentoo.org/
glsa/glsa-200502-07.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors LibXPM Multiple Vulnerabilities
CVE Name:
CAN-2004-0914
|
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
X.Org Foundation Security Advisory, November 17, 2004
Fedora Update Notifications,
FEDORA-2004-433 & 434, November 17 & 18, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004
Fedora Security Update Notifications
FEDORA-2003-464, 465, 466, & 467, December 1, 2004
RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004
Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004
Debian Security Advisory
DSA-607-1 xfree86 -- several vulnerabilities, December 10, 2004
Turbolinux Security Announcement, January 20, 2005
Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005
Gentoo Linux Security Advisories, GLSA 200502-06 & 07, February 7, 2005
Ubuntu Security Notice, USN-83-1 February 16, 2005 |
Multiple Vendors
Gentoo Linux;
GProFTPD GProFTPD 8.1.7 |
A format string vulnerability exists in the 'gprostats' utility, which could let a remote malicious user execute arbitrary code.
Upgrade available at:
http://mange.dynup.net/linux.html#Download
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-26.xml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200502-26, February 18, 2005 |
Multiple Vendors
Gentoo Linux;
lighttpd lighttpd 1.3.7 |
A vulnerability exists in the 'buffer_urldecode()' function because encoded control sequences are handled incorrectly, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://www.lighttpd.net/download/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-21.xml
There is no exploit code required.
|
Lighttpd 'buffer_urldecode()' Function Information Disclosure
CVE Name:
CAN-2005-0453
|
Medium |
Gentoo Linux Security Advisory, GLSA 200502-21, February 15, 2005 |
Multiple Vendors
Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10 |
A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.
Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-016.html
http://rhn.redhat.com/errata/
RHSA-2005-017.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Exploit scripts have been published. |
Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges
CVE Name:
CAN-2005-0001
|
High |
SecurityTracker Alert, 1012862, January 12, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005
RedHat Security Advisory, RHSA-2005:016-13 & 017-14, January 21, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
Multiple Vendors
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing |
A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are not properly processed, which could let a remote malicious user execute arbitrary code with root privileges.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005
-016RHSA-2006-017RHSA-2005-043.pdf
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Another exploit script has been published. |
|
High |
iSEC Security Research Advisory, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
PacketStorm, January 27, 2005
Avaya Security Advisory, ASA-2005-034, February 8, 2005
Ubuntu Security Notice, USN-57-1, February 9, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.10 rc2 |
The DRM module in the Linux kernel is susceptible to a local Denial of Service vulnerability. This vulnerability likely results in the corruption of video memory, crashing the X server. Malicious users may be able to modify the video output.
Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Linux Kernel Local DRM Denial of Service
CVE Name:
CAN-2004-1056 |
Low |
Ubuntu Security Notice USN-38-1 December 14, 2004
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
Multiple Vendors
Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3 |
An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 |
Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/Medium
(Low if a DoS)
|
Ubuntu Security Notice, USN-82-1, February 15, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 |
MySQL AB
Conectiva
Debian
Engarde
FreeBSD
Gentoo
HP
IBM
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
Trustix
Sun
SuSE
MySQL AB MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, 3.23.8- 3.23.10, 3.23.22- 3.23.34, 3.23.36- 3.23.56, 3.23.58, 4.0 .0- 4.0.15, 4.0.18, 4.1.0-0, 4.1 .0-alpha |
A vulnerability exists in the MySQL 'mysqld_multi' script due to insecure temporary file handling, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/pool/
updates/main/m/mysql/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
OpenPKG:
ftp://ftp.openpkg.org/release/
2.0/UPD/mysql-4.0.18-2.0.1.src.rpm
Gentoo:
http://security.gentoo.org/glsa/
glsa-200405-20.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is not exploit code required.
|
MySQL 'mysqld_multi' Insecure Temporary File Handling
CVE Name:
CAN-2004-0388
|
Medium |
Debian Security Advisory, DSA 483-1, April 14, 2004
Gentoo Linux Security Advisory, GLSA 200405-20, May 25, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:034, April 20, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.014, April 14, 2004
Turbolinux Security Announcement, February 17, 2005 |
MySQL AB
MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0 |
A buffer overflow vulnerability exists in the 'mysql_real_connect' function due to insufficient boundary checking, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Note: Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue.
Debian:
http://security.debian.org/pool/
updates/main/m/mysql/
Trustix:
http://http.trustix.org/pub/trustix/updates/
OpenPKG:
ftp://ftp.openpkg.org/release/
Mandrake:
http://www.mandrakesoft.com/
security/advisories
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SUSE:
ftp://ftp.suse.com/pub/suse
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
We are not aware of any exploits for this vulnerability. |
MySQL Mysql_real_connect Function Remote Buffer Overflow
CVE Name:
CAN-2004-0836
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory,
SA12305, August 20, 2004
Debian Security Advisory, DSA 562-1, October 11, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005 |
MySQL AB
MySQL 3.23.49, 4.0.20 |
A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/pool/
updates/main/m/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-02.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata
/RHSA-2004-569.html
OpenPKG:
ftp://ftp.openpkg.org/release/
Mandrake:
http://www.mandrakesoft.com/
security/advisories
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit code required. |
MySQL
'Mysqlhotcopy' Script Elevated Privileges
CVE Name:
CAN-2004-0457
|
Medium |
Debian Security Advisory, DSA 540-1, August 18, 2004
Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004
SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004
RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004
SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005 |
MySQL AB
MySQL 3.x, 4.x
|
Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'
Updates available at:
http://dev.mysql.com/downloads/mysql/
Debian:
http://security.debian.org/pool/
updates/main/m/mysql
Trustix:
http://http.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesoft.com
/security/advisories
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/
SuSE:
ftp://ftp.suse.com/pub/suse
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
We are not aware of a | |
| |
