 |
Summary of Security Items from February 23 through March 1, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Acute Websight Incorporated
PeerFTP_5
|
A vulnerability exists in the 'Program Files\AcuteWebsight\PeerFTP_5\PeerFTP.ini' file, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
|
|
SecurityTracker Alert, 1013263, February 23, 2005 |
| ArGoSoft
FTP Server 1.0, 1.2.2.2, 1.4.1 .1-1.4.1.9, 1.4.2.0-1.4.2.2, 1.4.2 .7 |
A vulnerability exists in the 'SITE COPY' command because shortcut files can be copied, which could let a malicious user obtain sensitive information.
Upgrades available at:
http://www.argosoft.com/dl/
default.aspx?filename=fssetup.exe
There is no exploit code required. |
|
Medium |
Secunia Advisory,
SA14372, February 23, 2005 |
Bfriendly.com
Einstein 1.01 & prior
|
A vulnerability exists because usernames and passwords are stored in plaintext form in the Windows Registry, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Einstein Password Disclosure |
Medium |
SecurityTracker Alert, 1013316, February 28, 2005 |
| CIS WebServer 3.5.13 |
A Directory Traversal vulnerability exists when handling certain types of requests, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
SecurityFocus, 12662, February 25, 2005 |
Computer Knacks, Inc.
SendLink 1.5 |
A vulnerability exists in 'Program Files\SendLink\User\data.eat' because passwords are stored in plaintext, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
|
Medium |
SecurityTracker Alert, 1013269, February 23, 2005 |
eXeem
eXeem 0.21 |
A vulnerability exists because plaintext passwords and configuration data is stored in the Windows Registry, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Medium |
SecurityTracker Alert, 1013266, February 23, 2005 |
| Gaim.sourceforge.net
Gaim 1.1.3; possibly other versions |
A remote Denial of Service vulnerability exists in the file transfer feature.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Low |
SecurityTracker Alert, 1013300, February 28, 2005
|
GFI Ltd.
LanGuard Network Security Scanner 5.0 |
A vulnerability exists in 'Inss.exe' because loaded saved credentials are stored in memory, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
GFI LANguard Network Security Scanner Password Disclosure
CAN-2005-0604
|
Medium |
Hat-Squad Advisory, February 28, 2005 |
KMiNT21 Software
Golden FTP Server Pro 2.05b & prior |
A buffer overflow vulnerability exists when a specially crafted RNTO command is submitted, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.goldenftpserver.com/
download.htm
An exploit script has been published. |
|
High |
Secunia Advisory,
SA13966, January 24, 2005
US-CERT VU#620862 |
LionMax Software
ChatAnywhere 2.72a |
A vulnerability exists in the 'Program Files\Chat Anywhere\room\[chatroomname].ini' file because passwords and usernames are stored in plaintext, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Medium |
SecurityTracker Alert, 1013270, February 23, 2005 |
MercurySteam Entertainment
Scrapland 1.0 |
Several remote Denial of Service vulnerabilities exist due to a failure to handle exceptional conditions.
No workaround or patch available at time of publishing.
An exploit script has been published. |
MercurySteam Scrapland Game Server Remote Denials of Service |
Low |
Secunia Advisory, SA14435, March 1, 2005 |
Microsoft
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 |
A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx
V1.1: Bulletin updated to clarify prerequisites
under Visio 2002 Update Information.
V1.2: Bulletin updated to add an additional FAQ as well as clarify install steps under Update Information.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Office URL File Location Handling Buffer Overflow
CAN-2004-0848
|
High |
Microsoft Security Bulletin, MS05-005, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT VU#416001
Microsoft Security Bulletin, MS05-005 V1.1, February 15, 2005
Microsoft Security Bulletin, MS05-005 V1.2, February 23, 2005 |
Microsoft
Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003 |
A remote code execution vulnerability exists in the Windows Server 2003 SMTP component due to the way Domain Name System (DNS) lookups are handled. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.
Updates available at:
http://www.microsoft.com/technet/
security/bulletin/MS04-035.mspx
Bulletin updated to clarify restart requirement for Windows Server 2003 and Windows XP 64-Bit.
Bulletin updated to advise of the availability of an update for Exchange 2000 Server.
V2.1: Bulletin updated to clarify restart requirement for Exchange 2000 Server
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Microsoft Security Bulletin, MS04-035, October 12, 2004
US-CERT Cyber Security Alert, SA04-286A
US-CERT VU#394792
Microsoft Security Bulletin MS04-035, November 9, 2004
Microsoft Security Bulletin MS04-035 V2.0 February 8, 2005
Microsoft Security Bulletin MS04-035 V2.1 February 23, 2005
|
Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4 |
A vulnerability exists due to the way group policies are enforced, which could let a malicious user bypass drive access restriction.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
SecurityFocus, 12641, February 23, 2005 |
Microsoft
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server
Edition SP6a, Windows 2000 Server SP3 & SP4, Windows 2003, Windows 2003 for Itanium-based Systems |
A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx
V1.1: Bulletin updated to reflect a revised “Security Update Information” section for Windows Server 2003
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows License Logging Service Buffer Overflow
CAN-2005-0050
|
Low/High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin, MS05-010, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT VU#130433
Microsoft Security Bulletin, MS05-010 V1.1, February 23, 2005
|
Multiple Vendors
Mozilla Browser 1.7.5, Firefox 1.0,
Netscape Netscape 7.1 |
A vulnerability exists because popup windows can overlay modal dialogs, which could lead to a false sense of security.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Mozilla:
http://ftp.mozilla.org/pub/mozilla.org/
firefox/releases/1.0.1/source/
firefox-1.0.1-source.tar.bz2
Proofs of Concept exploits have been published. |
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing
|
Medium |
Securiteam, January 11, 2005
Fedora Update Notification,
FEDORA-2005-182, February 26, 2005 |
NullSoft
Winamp 5.07 |
A remote Denial of Service vulnerability exists due to a failure to properly process '.mp4' and '.m4a' files.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
Nullsoft Winamp Malformed MP4 Remote Denial of Service
CAN-2004-1119
|
Low |
SecurityTracker Alert ID, 1012525, December 15, 2004
US-CERT VU#986504 |
OpenConnect Systems
WebConnect 6.4.4, 6.5 |
Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits a request that has an MS-DOS device name; and a vulnerability exists in the ''jretest.html' script due to insufficient validation of the 'WCP_USER' parameter, which could let a remote malicious user obtain sensitive information.
Updates available at: http://www.oc.com/solutions/webconnect.jsp
Exploit scripts have been published. |
|
Low/Medium
(Medium if sensitive information can be obtained)
|
CIRT Advisory, February 20, 2005
PacketStorm, February 26, 2005
US-CERT VU#628411
US-CERT VU#552561 |
RaidenHTTPD TEAM
RaidenHTTPD 1.1.32 |
Several vulnerabilities exist: a vulnerability exists in the default installation CGI scripts, which could let a malicious user obtain sensitive information; and a buffer overflow vulnerability exists when processing long URI HTTP requests, which could let a malicious user execute arbitrary code.
Upgrade available at:
http://www.raidenhttpd.com/
en/download.html
Currently we are not aware of any exploits for these vulnerabilities. |
RaidenHTTPD Multiple Remote Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SIG^2 Vulnerability Research Advisory, March 1, 2005 |
Stormy Studios
KNet 1.0, 1.2, 1.3, 1.4 c, 1.4 b |
A buffer overflow vulnerability exists due to a failure to securely copy user-supplied input into finite process buffers, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
|
High |
SecurityFocus, 12671, February 25, 2005 |
Working Resources Inc.
BadBlue 2.55 |
A buffer overflow vulnerability exists in 'ext.dll' in the 'mfcisapicommand' parameter due to a boundary error when processing HTTP requests, which could let a remote malicious user execute arbitrary code.
Upgrade available at: http://badblue.com/bb95.exe
Exploit scripts have been published. |
Working Resources BadBlue MFCISAPICommand Remote Buffer Overflow
CAN-2005-0595
|
High |
SIA International Security Advisory, February 26, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Carnegie Mellon University
Cyrus IMAP Server 2.x
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.
Update available at:
http://ftp.andrew.cmu.edu/pub/cyrus/
cyrus-imapd-2.2.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory,
SA14383, February 24, 2005
Gentoo Linux Security Advisory, GLSA 200502-29, February 23, 2005
SUSE Security Announcement, SUSE-SA:2005:009, February 24, 2005
Ubuntu Security Notice USN-87-1, February 28, 2005 |
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-05.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-546.html
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://security.debian.org/pool/updates/
main/c/cyrus-sasl/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
OpenPGK:
ftp ftp.openpkg.org
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities.
|
|
|
SecurityTracker Alert ID: 1011568, October 7, 2004
Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12, 14, & 16, 2004
Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004
OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
Daisuke NISHIKAWA
DNA mkbold-mkitalic 0.1-0.6 |
A format string vulnerability exists when converting BDF font files, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://hp.vector.co.jp/authors/
VA013651/lib/mkbold-mkitalic-0.08.tar.bz2
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory: SA14398, February 25, 2005 |
Debian
reportbug 2.60, 2.6 |
Multiple vulnerabilities exist: a vulnerability exists in '.reportbugrc' files because it contains world-readable permissions, which could let a malicious user obtain sensitive information; and a vulnerability exists in 'smtppasswd' password setting because it is included in '.bugreportrc' which could let a malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/r/reportbug/
There is no exploit code required. |
Debian Reportbug Multiple Information Disclosure |
Medium |
Ubuntu Security Notice USN-88-1 , February 28, 2005 |
GNU Midnight Commander Project
Midnight Commander 4.x |
Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/m/mc/
SUSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-24.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium/ High
(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)
|
SecurityTracker Alert, 1012903, January 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005
Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
GNU
Emacs prior to 21.4.17
|
A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4
Debian:
http://security.debian.org/pool/.../e/emacs20/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/emacs21/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-20.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Debian:
http://security.debian.org/pool/
updates/main/e/emacs21/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert, 1013100, February 7, 2005
Debian Security Advisory,
DSA-670-1 & 671-1, February 8, 2005
Ubuntu Security Notice, USN-76-1, February 7, 2005
Fedora Update Notifications
FEDORA-2005-145 & 146, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-20, February 15, 2005
Mandrakelinux Security Update Advisory,MDKSA-2005:03, February 15, 2005
Debian Security Advisory, DSA 685-1, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
GNU
Vim 6.x, GVim 6.x |
Multiple vulnerabilities exist which can be exploited by local malicious users to gain escalated privileges. The vulnerabilities are caused due to some errors in the modelines options. This can be exploited to execute shell commands when a malicious file is opened. Successful exploitation can lead to escalated privileges but requires that modelines is enabled.
Apply patch for vim 6.3: ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200412-10.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-010.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-020_RHSA-2005-019.pdf
OpenPKG: ftp.openpkg.org
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/v/vim/
SGI: http://support.sgi.com/
Fedora:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for these vulnerabilities.
|
GNU Vim / Gvim Modelines Command Execution Vulnerabilities
CAN-2004-1138
|
Medium |
Gentoo Linux Security Advisory, GLSA 200412-10 / vim, December 15, 2004
Fedora Legacy Update Advisory, FLSA:2343, February 24, 2005 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
A Proof of Concept exploit script has been published. |
|
Medium |
SecurityTracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
GNU
xine prior to 0.99.3 |
Multiple vulnerabilities exist that could allow a remote user to execute arbitrary code on the target user's system. There is a buffer overflow in pnm_get_chunk() in the processing of the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG, and CONT_TAG parameters.
The vendor has issued a fixed version of xine-lib (1-rc8), available at: http://xinehq.de/index.php/releases
A patch is also available at:
http://cvs.sourceforge.net/viewcvs.py/xine/
xine-lib/src/input/pnm.c?r1=
1.20&r2=1.21
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Gentoo:
http://www.gentoo.org/security/en/glsa/
glsa-200501-07.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
A Proof of Concept exploit has been published. |
|
High |
iDEFENSE Security Advisory 12.21.04
Gentoo, GLSA 200501-07, January 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
GNU
xine-lib 1.x |
Multiple vulnerabilities with unknown impacts exist due to errors in the PNM and Real RTSP clients.
Update to version 1-rc8:
http://xinehq.de/index.php/download
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-07.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for these vulnerabilities. |
GNU xine-lib
Unspecified PNM &
Real RTSP Clients Vulnerabilities
CAN-2004-1300
|
Not Specified |
Secunia Advisory, SA13496, December 16, 2004
Gentoo Linux Security Advisory, GLSA 200501-07, January 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
Hewlett Packard Company
HP-UX B.11.00, B.11.04, B.11.11, B.11.22, B.11.23 |
A vulnerability exists in ftpd which could let a remote malicious user obtain unauthorized access.
Updates available at:
http://software.hp.com/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
HP Security Bulletin,
HPSBUX01119, February 23, 2005 |
Hewlett Packard
HP-UX 11.x |
A vulnerability exists in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the debug logging routine of ftpd. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long command request. Successful exploitation may allow execution of arbitrary code, but requires that the FTP daemon is configured to log debug information (not default setting).
Apply patches:
http://www.itrc.hp.com/service/
patch/mainPage.do
HP:
http://itrc.hp.com
Currently we are not aware of any exploits for this vulnerability. |
Hewlett Packard HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability
CAN-2004-1332
|
High |
iDEFENSE Security Advisory 12.21.04
HP Security Bulletin, HPSBUX01118, February 9, 2005
US-CERT VU#647438 |
IBM
AIX 5.2, 5.3 |
A format string vulnerability exists in auditselect, which could let a malicious user obtain root privileges.
Updates available at:
http://www-1.ibm.com/servers/eserver/
support/pseries/aixfixes.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert, 1013103, February 8, 2005
US-CERT VU#896729 |
Jouni Malinen
wpa_supplicant prior to 0.2.7 and 0.3.8 |
A remote Denial of Service vulnerability exists in 'wpa.c' when processing WPA2 frames due to insufficient validation of the Key Data Length.
Update available at:
http://hostap.epitest.fi/wpa_supplicant/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-22.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Jouni Malinen wpa_supplicant Remote Denial of Service
CAN-2005-0470
|
Low |
SecurityTracker Alert, 1013226, February 17, 2005
Gentoo Linux Security Advisory, GLSA 200502-22, February 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
Kalum Somaratna
ProZilla Download Accelerator 1.0 x, 1.3.0-1.3.4, 1.3.5 .2, 1.3.5 .1, 1.3.5-1.3.5.2 1.3.6 |
A vulnerability exists due to improper implementation of a formatted string function when handling initial server responses, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
High |
SecurityFocus, 12635, February 23, 2005 |
Krzysztof Dabrowski
cmd5checkpw 0.20-0.22 |
A vulnerability exists in the 'poppasswd' file, which could let a malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-30.xml
There is no exploit code required. |
|
Medium |
Gentoo Linux Security Advisor, GLSA 200502-30, February 25, 2005 |
LGPL
NASM 0.98.38 |
A vulnerability was reported in NASM. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted asm file that, when processed by the target user with NASM, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the error() function in 'preproc.c.'
Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200412-20.xml
Debian:
http://www.debian.org/security/2005/dsa-623
Mandrake:
http://www.mandrakesoft.com/security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
A Proof of Concept exploit script has been published. |
|
High |
Secunia Advisory ID, SA13523, December 17, 2004
Debian Security Advisory
DSA-623-1 nasm, January 4, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:004, January 6, 2005
Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
MIT
Kerberos 5 krb5-1.3.5 & prior; Avaya S8700/S8500/S8300 (CM2.0 and later), MN100, Intuity LX 1.1- 5.x, Modular Messaging MSS |
A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code.
A patch is available at:
http://web.mit.edu/kerberos/advisories/
2004-004-patch_1.3.5.txt
Gentoo:
http://www.gentoo.org/security/en/glsa/glsa-
200501-05.xml
Debian:
http://security.debian.org/pool/updates/main/
k/krb5/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/k/krb5/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-036_RHSA-2005-012.pdf
Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57712-1
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1012640, December 20, 2004
Gentoo GLSA 200501-05, January 5, 2005
Ubuntu Security Notice, USN-58-1, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005
Avaya Security Advisory, ASA-2005-036, February 7, 2005
Sun(sm) Alert Notification, 57712, February 25, 2005
|
Mozilla.org
Firefox 1.0 |
A vulnerability exists because a predictable name issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.
Update available at:
http://www.mozilla.org/products/
firefox/all.html
An exploit has been published.
|
Mozilla Firefox Predictable Plugin Temporary Directory
CAN-2005-0578
|
Low/Medium
(Medium if user/system information can be modified)
|
Mozilla Foundation Security Advisory, 2005-28, February 25, 2005 |
Multiple Vendors
Bernd Johanness Wueb kppp 1.1.3;
KDE KDE 1.1-1.1.2, 1.2, 2.0 BETA, 2.0-2.2.2, 3.0-3.0.5, 3.1-3.1.5, KDE KPPP 2.1.2 |
A vulnerability exists due to a file descriptor leak, which could let a malicious user obtain sensitive information.
Patch available at: ftp://ftp.kde.org/pub/kde/security_patches
There is no exploit code required.
|
KPPP Privileged File Descriptor Information Disclosure
CAN-2005-0205
|
Medium |
iDEFENSE Security Advisory, February 28, 2005 |
Multiple Vendors
FreeNX 0.2 -0-0.2 -3, 0.2.4-0.2.7 |
A vulnerability exists in the 'XAUTHORITY' environment variable, which could let a malicious user bypass authentication.
Update available at:
http://debian.tu-bs.de/knoppix/
nx/freenx-0.2.8.tar.gz
SuSE:
ftp://ftp.suse.com/pub/suse/
There is no exploit code required. |
|
Medium |
SUSE Security Summary Report, ID: SUSE-SR:2005:006, February 25, 2005 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability was reported in the Linux kernel in the auxiliary message (scm) layer. A local malicious user can cause Denial of Service conditions. A local user can send a specially crafted auxiliary message to a socket to trigger a deadlock condition in the __scm_send() function.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-689.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel Auxiliary Message Layer State Error
CAN-2004-1016 |
Low |
iSEC Security Research Advisory 0019, December 14, 2004
SecurityFocus, December 25, 2004
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 200
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
Turbolinux Security Announcement , February 28, 2005 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0 |
Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel IGMP Integer Underflow
CAN-2004-1137 |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
iSEC Security Research Advisory 0018, December 14, 2004
SecurityFocus, December 25, 2005
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005
Turbolinux Security Announcement , February 28, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Multiple Vendors
Linux Kernel 2.4.x; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0, Network Routing |
Two vulnerabilities exist in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) A boundary error exists in the system call handling in the 32bit system call emulation on AMD64 / Intel EM64T systems. 2) An unspecified error within the memory management handling of ELF executables in "load_elf_binary" can be exploited to crash the system via a specially crafted ELF binary (this issue only affects Kernel versions prior to 2.4.26).
Issue 2 has been fixed in Kernel version 2.4.26 and later.
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-689.html
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
Medium |
Secunia, SA SA13627, December 24, 2004
Red Hat RHSA-2004-689, December 23, 2004
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Multiple Vendors
Linux Kernel 2.6.x |
Some potential vulnerabilities exist with an unknown impact in the Linux Kernel. The vulnerabilities are caused due to boundary errors within the 'sys32_ni_syscall()' and 'sys32_vm86_warning()' functions and can be exploited to cause buffer overflows. Immediate consequences of exploitation of this vulnerability could be a kernel panic. It is not currently known whether this vulnerability may be leveraged to provide for execution of arbitrary code.
Patches are available at:
http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
http://linux.bkbits.net:8080/linux-2.6/
gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors Linux Kernel 'sys32_ni_syscall' and 'sys32_vm86_warning' Buffer Overflows
CAN-2004-1151
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory ID, SA13410, December 9, 2004
SecurityFocus, December 14, 2004
SecurityFocus, December 25, 2004
Secunia, SA13706, January 4, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Turbolinux Security Announcement , February 28, 2005 |
Multiple Vendors
Linux Kernel versions except 2.6.9 |
A race condition vulnerability exists in the Linux Kernel terminal subsystem. This issue is related to terminal locking and is exposed when a remote malicious user connects to the computer through a PPP dialup port. When the remote user issues the switch from console to PPP, there is a small window of opportunity to send data that will trigger the vulnerability. This may cause a Denial of Service.
This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases: http://www.kernel.org/pub/linux/kernel/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Linux Kernel Terminal Locking Race Condition
CAN-2004-0814 |
Low |
SecurityFocus, December 14, 2004
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
Turbolinux Security Announcement , February 28, 2005
|
Multiple Vendors
bsmtpd bsmtpd 2.3;
Debian Linux 3.0 sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha
|
A vulnerability exists in the bsmtpd daemon due to insufficient sanitization of e-mail addresses, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/b/bsmtpd/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 690-1, February 25, 2005 |
Multiple Vendors
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 |
A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/curl/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows
CAN-2005-0490
|
High |
iDEFENSE Security Advisory, February 21, 2005
SUSE Security Announcements, SUSE-SR:2005:006 & SUSE-SA:2005:011, February 25 & 28, 2005
Ubuntu Security Notice, USN-86-1, February 28, 2005 |
Multiple Vendors
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1 |
A remote Denial of Service vulnerability exists during the decompression process due to a failure to handle malformed input.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200408-26.xml
FileZilla:
http://sourceforge.net/project/showfiles.
php?group_id=21558
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch
OpenPKG:
ftp ftp.openpkg.org
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2004.17
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/2/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
We are not aware of any exploits for this vulnerability.
|
|
Low |
SecurityFocus, August 25, 2004
SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004
US-CERT VU#238678, October 1, 2004
SCO Security Advisory, SCOSA-2004.17, October 19, 2004
Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004
Fedora Update Notification,
FEDORA-2005-095, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2043, February 24, 2005 |
Multiple Vendors
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8 |
Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.
Debian:
http://security.debian.org/pool/
updates/main/g/gdk-pixbuf/
Fedora: http://download.fedora.redhat.com/ pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200409-28.xml
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedoralegacy.org/
redhat/
We are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID, 1011285, September 17, 2004
Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004
US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004
Conectiva Linux Security Announcement, CLA-2004:875, October 18, 2004
Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005 |
Multiple Vendors
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-13.xml
Mandrake:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:031
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-105.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
IBM:
ftp://aix.software.ibm.com/
aix/efixes/security/perl58x.tar.Z
Proofs of Concept exploits have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Ubuntu Security Notice, USN-72-1, February 2, 2005
MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005
RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005
IBM SECURITY ADVISORY, February 28, 2005 |
Multiple Vendors
Linux Kernel 2.2, 2.4, 2.6 |
Several buffer overflow vulnerabilities exist in 'drivers/char/moxa.c' due to insufficient validation of user-supplied inputs to the 'MoxaDriverloctl(),' ' moxaloadbios(),' moxaloadcode(),' and 'moxaload320b()' functions, which could let a malicious user execute arbitrary code with root privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
SecurityTracker Alert, 1013273, February 23, 2005 |
Multiple Vendors
Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10 |
A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.
Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-016.html
http://rhn.redhat.com/errata/
RHSA-2005-017.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
SuSE:
ftp://ftp.suse.com/pub/suse/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Exploit scripts have been published. |
Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges
CAN-2005-0001
|
High |
SecurityTracker Alert, 1012862, January 12, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005
RedHat Security Advisory, RHSA-2005:016-13 & 017-14, January 21, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005
Turbolinux Security Announcement , February 28, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability exists in the 'AF_UNIX' address family due to a serialization error, which could let a malicious user obtain elevated privileges or possibly execute arbitrary code.
Upgrades available at:
http://kernel.org/pub/linux/kernel/
v2.4/linux-2.4.28.tar.bz2
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-504.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-54
9RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
FedoraLegacy: http://download.fedoralegacy.org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendors Linux Kernel AF_UNIX Arbitrary Kernel
Memory Modification
CAN-2004-1068
|
Medium/ High
(High if arbitrary code can be executed)
|
Bugtraq, November 19, 2004
SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004
SecurityFocus, December 14, 2004
Fedora Update Notifications, FEDORA-2004-581 & 582, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
Turbolinux Security Announcement , February 28, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2, 2.6 -test1-test11, 2.6-2.6.10, 2.6.10 rc1; RedHat Desktop 3.0, Enterprise Linux WS 3, Linux ES 3, Linux AS 3;
S.u.S.E. Linux 8.1, 8.2, 9.0-9.2, Linux Desktop 1.0, Linux Enterprise Server 9, 8, Novell Linux Desktop 9.0 |
A Denial of Service vulnerability exists in the audit subsystem of the Linux kernel. .
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-043.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
RedHat Security Advisory, RHSA-2005:043-13, January 18, 2005
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005
SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 |
Multiple Vendors
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing |
A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are not properly processed, which could let a remote malicious user execute arbitrary code with root privileges.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005
-016RHSA-2006-017RHSA-2005-043.pdf
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Another exploit script has been published. |
|
High |
iSEC Security Research Advisory, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
PacketStorm, January 27, 2005
Avaya Security Advisory, ASA-2005-034, February 8, 2005
Ubuntu Security Notice, USN-57-1, February 9, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005
Turbolinux Security Announcement , February 28, 2005 |
Multiple Vendors
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2 |
A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at:
http://linux.bkbits.net:8080/linux-2.6/cset@
41a6721cce-LoPqkzKXudYby_3TUmg
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-043.html
http://rhn.redhat.com/errata/
RHSA-2005-017.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Currently we are not aware of any exploits for this vulnerability. |
|
Low/High
(High if root access can be obtained)
|
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m January 18 & 21, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Turbolinux Security Announcement , February 28, 2005
|
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Avaya Converged Communications Server 2.0,
Avaya Intuity LX,
Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0,
Avaya Network Routing
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0
|
Multiple vulnerabilities exist due to various errors in the 'load_elf_binary' function of the 'binfmt_elf.c' file, which could let a malicious user obtain elevated privileges and potentially execute arbitrary code.
Patch available at: | |
| |
