 |
Summary of Security Items from March 2 through March 8, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
ArGo Software Design
FTP Server 1.4.2 .8 |
A buffer overflow vulnerability exists in the 'DELE' command, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
ArGoSoft FTP Server
'DELE'
Command
Remote Buffer Overflow
CAN-2005-0696
|
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 12755, March 8, 2005 |
Cerulean Studios
Trillian 3.0, Trillian Pro 3.0 |
A buffer overflow vulnerability exists due to insecure image data copying into finite process buffers, which could let a remote malicious user execute arbitrary code.
Cerulean Studios has released an upgrade dealing with this issue. Please contact the vendor for more information on obtaining updated packages.
An exploit script has been published. |
Cerulean Studios Trillian
Insecure
Image
Data Remote Buffer Overflow
CAN-2005-0633
|
High |
Security Focus, 12703, March 2, 2005 |
Computalynx Limited
CProxy Server 3.3 SP2, 3.4.1, 3.4.3, 3.4.4 |
Several vulnerabilities exist: a Directory Traversal vulnerability exits due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information; and a remote Denial of Service vulnerability exists when a malicious user submits an HTTP GET request to retrieve an ASCII file or an HTTP request to retrieve an executable file.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Computalynx CProxy Directory Traversal & Remote Denial of Service
CAN-2005-0657
|
Low/ Medium
(Medium if sensitive information can be obtained)
|
Security Tracker Alert, 1013359, March 2, 2005 |
Computer Associates
Unicenter Asset Management 4.0 |
Multiple vulnerabilities exist: a vulnerability exists in the admin console in the 'Change Credentials for Database' window because it is possible to obtain the Admin password, an input validation vulnerability exists in the Reporter, which could let a remote malicious user execute arbitrary HTML and script code; and an input validation vulnerability exists in Query Designer when importing queries, which could let a remote malicious user inject arbitrary SQL code in an imported files.
Update available at:
http://supportconnect.ca.com/sc/solcenter/
solresults.jsp?aparno=Qo64323
There is no exploit code required.
|
|
Medium/ High
(High if arbitrary code can be executed)
|
Secunia Advisory,
SA14454, March 2, 2005 |
Gene6
G6 FTP Server 2.0, 3.0-3.0.2, 3.1, 3.2, 3.3, 3.3.1, 3.4 |
A vulnerability exists due to a failure to secure critical functionality from default users, which could let a remote malicious user execute arbitrary code with SYSTEM privileges.
Workaround:
- create a new administrator account
- in Administration / Properties, uncheck Options / Allow all access to localhost.
Do not forget to adjust the "local machine" properties to use the new administration account.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 12739, March 7, 2005 |
Hosting Controller
Hosting Controller 1.1, 1.3, 1.4 b, 1.4, 1.4.1, 6.1 Hotfix 1.7, 6.1 Hotfix 1.4, 6.1 |
Two vulnerabilities exist: a vulnerability exists because the site updates log is inside the web root, which could let a remote malicious user obtain sensitive information; and a vulnerability exists in the admin login page due to an error in the password recovery feature, which could let a remote malicious user obtain sensitive information. Note: Successful exploitation requires that the owner's domain name is known.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Secunia Advisory,
SA14522, March 8, 2005 |
JoWood Productions
Chaser 1.0, 1.50 |
A buffer overflow vulnerability exists due to insecure copying of user-supplied input into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Low/High
(High if arbitrary code can be executed)
|
Security Focus, 12733, March 7, 2005 |
KMiNT21 Software
Golden FTP Server 1.0 0b, 1.20 b, 1.30 b, 1.31 b, 1.92 |
A buffer overflow vulnerability exists in the 'USER' command due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
|
High |
Security Focus, 12704, March 2, 2005 |
Microsoft
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 |
A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-005.mspx
V1.1: Bulletin updated to clarify prerequisites
under Visio 2002 Update Information.
V1.2: Bulletin updated to add an additional FAQ as well as clarify install steps under Update Information.
V1.3: Bulletin updated to add a feature list for all products under the Update Information section, Administrative Installation details.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Office URL File Location Handling Buffer Overflow
CAN-2004-0848
|
High |
Microsoft Security Bulletin, MS05-005, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT VU#416001
Microsoft Security Bulletin, MS05-005 V1.1, February 15, 2005
Microsoft Security Bulletin, MS05-005 V1.2, February 23, 2005
Microsoft Security Bulletin, MS05-005 V1.3, March 3, 2005 |
Microsoft
Windows (XP SP2 is not affected) |
A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.
Updates available at:
http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
V1.2 Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.
Another exploit script has been published. |
|
Low |
VENUSTECH Security Lab, December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005
Security Focus, January 12, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005
Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005
PacketStorm, January 31, 2005
Microsoft Security Bulletin, MS05-002, V1.2, March 8, 2005 ` |
Microsoft
Windows (XP SP2 is not affected) |
An integer overflow vulnerability was reported in the LoadImage API. A remote user can execute arbitrary code. A remote user can create a specially crafted image file that, when processed by the target user, will trigger an overflow in the USER32 library LoadImage API and execute arbitrary code. The code will run with the privileges of the target user.
Updates available at:
http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
V1.2 Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.
A Proof of Concept exploit has been published. |
|
High |
VENUSTECH Security Lab. December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT Vulnerability Note, VU#625856, January 11, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005
Microsoft Security Bulletin, MS05-002, V1.2, March 8, 2005 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1,
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-015.mspx
V1.1: Mitigating factor for ISA 2004 updated.
V1.2: Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Hyperlink Object Library Buffer Overflow
CAN-2005-0057
|
High |
Microsoft Security Bulletin, MS05-015, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#820427
Microsoft Security Bulletin, MS05-015 V1.1, February 15, 2005
Microsoft Security Bulletin, MS05-015 V1.2, March 8, 2005 |
Microsoft
Windows Server 2003 Datacenter Edition, Enterprise Edition, Standard Edition, Web Edition, Windows XP Home Edition, XP Professional
|
A remote Denial of Service vulnerability exists due to improper handling of IP packets that contain the same destination and source IP and the SYN flag set.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Microsoft Windows LAND Attack Remote Denial of Service
CAN-2005-0688
|
Low |
Secunia Advisory, A14512, March 7, 2005 |
SafeNet
Sentinel License Manager 7.2.0.2 |
A buffer overflow vulnerability exists in the 'Lservnt' service on UDP port 5093 due to a boundary error, which could let a remote malicious user execute arbitrary code with SYSTEM privileges.
Upgrade to version 8.0
Currently we are not aware of any exploits for this vulnerability. |
SafeNet Sentinel License Manager Remote Buffer Overflow
CAN-2005-0353
|
High |
CIRT.DK Advisory, March 7, 200
US-CERT VU#108790 |
TrackerCam
TrackerCam 5.12 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the TrackerCam HTTP server, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in TrackerCam PHP scripts due to insufficient bounds checks on arguments, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability exists in the 'ComGetLogFile.php3' script, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to insufficient sanitization of HTML content in the username and password fields, which could let a remote malicious user launch phishing style attacks; and multiple remote Denial of Service vulnerabilities exist.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Low/ Medium/ High
(Low of a DoS; medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
Security Focus, 12592, February 18, 2005
Security Focus, 12592, March 3, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Abuse
Abuse 2.0 |
Multiple vulnerabilities exist in the SDL port, including buffer overflows and an insecure file creation vulnerability, which could let a malicious user execute arbitrary code or overwrite arbitrary files with super user privileges.
Debian: http://security.debian.org/pool/updates/main/a/abuse/
Currently we are not aware of any exploits for these vulnerabilities. |
Abuse Multiple Vulnerabilities
CAN-2005-0098
CAN-2005-0099 |
High |
Debian Security Advisory, DSA 691-1, March 7, 2005 |
bidwatcher
bidwatcher 1.3-1.3.16 |
A vulnerability exists due to a failure of the application to properly implement a formatted string function, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.net/
bidwatcher/bidwatcher-1.3.17.tar.gz
Debian:
http://security.debian.org/pool/
updates/main/b/bidwatcher/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-06.xml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory DSA 687-1, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200503-06, March 3, 2005 |
BrT
CopperExport 0.1, 0.2 |
A vulnerability exists in 'xp_publish.php' due to insufficient sanitization before used in a SQL query, which could let a remote malicious user inject arbitrary SQL code.
Upgrades available at:
http://download.berlios.de/copperexport/CopperExport-0.2.1.zip
There is no exploit code required. |
|
High |
Secunia Advisory, SA14401, March 7, 2005 |
Carnegie Mellon University
Cyrus IMAP Server 2.x
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.
Update available at:
http://ftp.andrew.cmu.edu/pub/cyrus/
cyrus-imapd-2.2.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory,
SA14383, February 24, 2005
Gentoo Linux Security Advisory, GLSA 200502-29, February 23, 2005
SUSE Security Announcement, SUSE-SA:2005:009, February 24, 2005
Ubuntu Security Notice USN-87-1, February 28, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:051, March 4, 2005 |
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-05.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-546.html
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://security.debian.org/pool/updates/
main/c/cyrus-sasl/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
OpenPGK:
ftp ftp.openpkg.org
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities.
|
|
|
Security Tracker Alert ID: 1011568, October 7, 2004
Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12, 14, & 16, 2004
Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004
OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Announcement, SUSE-SA:2005:013, March 3, 2005 |
FreeBSD
FreeBSD 5.0 -RELENG, 5.0 -RELEASE-p14, 5.0, 5.1 -RELENG, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2, 5.2.1, 5.3 -STABLE, 5.3 -RELEASE, 5.3 |
A vulnerability exists related to SMP (Symmetric Multiprocessing), which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus, 12724, March 4, 2005 |
gFTP
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 |
A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz
Debian:
http://security.debian.org/pool/
updates/main/g/gftp/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
There is no exploit code required. |
|
Medium |
Security Focus, February 14, 2005
Debian Security Advisory, DSA 686-1, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005 |
Glyph and Cog
XPDF prior to 3.00pl3 |
A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.foolabs.com/xpdf/download.html
Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/
http://security.debian.org/pool/
updates/main/x/xpdf/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/
KDE:
ftp://ftp.kde.org/pub/kde/security_patches
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-10.xml
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Trustix:
http://http.trustix.org/pub/trustix/updates/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
Currently we are not aware of any exploits for this vulnerability. |
Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow
CAN-2005-0064
|
High |
iDEFENSE Security Advisory, January 18, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
Gentoo Linux Security Advisory, GLSA 200502-10, February 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005
|
GNU Midnight Commander Project
Midnight Commander 4.x |
Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/m/mc/
SUSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-24.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-217.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium/ High
(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)
|
Security Tracker Alert, 1012903, January 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005
RedHat Security Advisory, RHSA-2005:217-10, March 4, 2005 |
GNU
cpio 1.0, 1.1, 1.2 |
A vulnerability exists in 'cpio/main.c' due to a failure to create files securely, which could let a malicious user obtain sensitive information.
Upgrades available at:
http://ftp.gnu.org/gnu/cpio/cpio-2.6.tar.gz
SGI:
ftp://oss.sgi.com/projects/sgi_
propack/download/3/updates/
There is no exploit required. |
|
Medium |
Security Tracker Alert, 1013041, January 30, 2005
SGI Security Advisory, 20050204-01-U, March 7, 2005 |
GNU
CUPS 1.1.22 |
A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SGI:
http://www.sgi.com/support/security/
SuSE:
ftp://ftp.suse.com/pub/suse/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
A Proof of Concept exploit script has been published. |
|
High |
CUPS Advisory STR #1023, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Turbolinux Security Announcement, February 17, 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005 |
GNU
CUPS Ippasswd 1.1.22 |
A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.
Fixes are available in the CVS repository and are included in version 1.1.23rc1.
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/security/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
A Proof of Concept exploit has been published. |
|
Low |
Security Tracker Alert ID, 1012602, December 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005
SGI Security Advisory, 20050101-01-U, January 19, 2005
Turbolinux Security Announcement, February 17, 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005 |
GNU
Xpdf prior to 3.00pl2 |
A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.
A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/download.html
A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch
KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt
Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:165
Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:163
Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:162
Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:161
Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:166
Debian:
http://www.debian.org/security/2004/dsa-619
Fedora (update for tetex):
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/3/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-13.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os
Conectiva:
ftp://atualizacoes.conectiva.com.br/
SuSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
Currently we are not aware of any exploits for this vulnerability. |
GNU Xpdf Buffer Overflow in doImage()
CAN-2004-1125 |
High |
iDEFENSE Security Advisory 12.21.04
KDE Security Advisory, December 23, 2004
Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004
Fedora Update Notification,
FEDORA-2004-585, January 6, 2005
Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Avaya Security Advisory, ASA-2005-027, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005
|
Hashcash
Hashcash 1.0-1.16 |
A format string vulnerability exists due to the way the 'From:' mail header is handled, which could let a remote malicious user execute arbitrary code.
Gentoo: http://security.gentoo.org/glsa/glsa-200503-12.xml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200503-12, March 7, 2005 |
Hewlett Packard Company
HP-UX B.11.23, HP-UX B.11.11, HP-UX B.11.00 |
A remote Denial of Service vulnerability exists due to a failure to handle malformed network data.
Upgrades available at:
http://software.hp.com/
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
HP Security Bulletin, HPSBUX01117, February 9, 2005
HP Security Bulletin, HPSBUX01117, Revision 1, March 2, 2005 |
Hiroyuki Yamamoto
Sylpheed 0.8.11, 0.9.4-0.9.12, 0.9.99, 1.0 .0-1.0.2 |
A buffer overflow vulnerability exists in certain headers that contain non-ASCII characters, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Tracker Alert, 1013376, March 4, 2005 |
John Bradley
XV 3.10 a |
A format string vulnerability exists in a formatted printing function due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-09.xml
Currently we are not aware of any exploits for this vulnerability. |
|
Low/ High
(High if arbitrary code can be executed)
|
Gentoo Linux Security Advisory, GLSA 200503-09, March 4, 2005 |
KDE
kdelibs 3.3.2 |
A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.
Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-14.xml
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200503-14, March 7, 2005 |
libexif
libexif 0.6.9, 0.6.11 |
A vulnerability exists in the 'EXIF' library due to insufficient validation of 'EXIF' tag structure, which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libe/libexif/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Ubuntu Security Notice USN-91-1, March 7, 2005
Fedora Update Notifications,
FEDORA-2005-199 & 200, March 8, 2005 |
libtiff.org
LibTIFF 3.6.1
Avaya MN100 (All versions), Avaya Intuity LX (version 1.1-5.x), Avaya Modular Messaging MSS (All versions)
|
Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-11.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
KDE: Update to version 3.3.2:
http://kde.org/download/
Apple Mac OS X:
http://www.apple.com/swupdates/
Gentoo: KDE kfax:
http://www.gentoo.org/security
/en/glsa/glsa-200412-17.xml
Avaya: No solution but workarounds available at: http://support.avaya.com/elmodocs2/
security/ASA-2005-002_RHSA-2004-577.pdf
TurboLinux:
http://www.turbolinux.com/update/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Proofs of Concept exploits have been published.
|
|
Low/High
(High if arbitrary code can be execute)
|
Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004
Debian Security Advisory, DSA 567-1, October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004
SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004
Slackware Security Advisory, SSA:2004-305-02, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:888, November 8, 2004
US-CERT Vulnerability Notes VU#687568 & VU#948752, December 1, 2004
Gentoo Linux Security Advisory, GLSA 200412-02, December 6, 2004
KDE Security Advisory, December 9, 2004
Apple Security Update SA-2004-12-02
Gentoo Security Advisory, GLSA 200412-17 / kfax, December 19, 2004
Avaya Advisory ASA-2005-002, January 5, 2005
Conectiva Linux Security Announcement, CLA-2005:914, January 6, 2005
Turbolinux Security Announcement, January 20, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:052, March 4, 2005 |
mlterm
mlterm 2.5, 2.6-2.6.3, 2.7, 2.8, 2.9, 2.9.1 |
An integer overflow vulnerability exists due to insufficient sanity checks of malformed image files, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.net/
mlterm/mlterm-2.9.2.tar.gz?download
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-13.xml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200503-13, March 7, 2005 |
Multiple Vendors
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1 |
A remote Denial of Service vulnerability exists due to an error in the handling of file
information in corrupted ZIP files.
Upgrade available at:
http://sourceforge.net/project/showfiles.
php?group_id=86638&release_id=300116
Gentoo:
http://security.gentoo.org/glsa/glsa-200501-46.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
http://www.trustix.org/errata/2005/0003/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
10/RPMS/libclamav-devel-static-0.83
-70136U10_7cl.i386.rpm
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Focus, January 31, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005
Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
Conectiva Linux Security Announcement, CLA-2005:928, March 3, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3
|
A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/
A Proof of Concept exploit script has been published. |
Linux Kernel Local RLIMIT_MEMLOCK
Bypass Denial
of Service
CAN-2005-0179
|
Low |
Bugtraq, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005
Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005 |
Multiple Vendors
Bernd Johanness Wueb kppp 1.1.3;
KDE KDE 1.1-1.1.2, 1.2, 2.0 BETA, 2.0-2.2.2, 3.0-3.0.5, 3.1-3.1.5, KDE KPPP 2.1.2 |
A vulnerability exists due to a file descriptor leak, which could let a malicious user obtain sensitive information.
Patch available at:
ftp://ftp.kde.org/pub/kde/security_patches
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-175.html
Debian:
http://security.debian.org/pool/
updates/main/k/kdenetwork/
There is no exploit code required.
|
KPPP Privileged File Descriptor Information Disclosure
CAN-2005-0205
|
Medium |
iDEFENSE Security Advisory, February 28, 2005
RedHat Security Advisory, RHSA-2005:175-06, March 3, 2005
Debian Security Advisory, DSA 692-1, March 8, 2005 |
Multiple Vendors
Gentoo Linux;
Samba Samba 3.0-3.0.7
|
A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation.
Patch available at:
http://us4.samba.org/samba/ftp/patches/security
/samba-3.0.7-CAN-2004-0930.patch
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-632.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SGI:
http://www.sgi.com/support/security/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux
/TurboLinux/ia32/Server/10/updates/
OpenPKG:
http://www.openpkg.org/security.html
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17
There is no exploit code required. |
Multiple Vendors Samba Remote Wild Card Denial of Service
CAN-2004-0930
|
Low |
Security Focus, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004
Conectiva Linux Security Announcement, CLA-2004:899, November 25, 2004
Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004
Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004
SGI Security Advisory, 20041201-01-P, December 13, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004
SCO Security Advisory, SCOSA-2005.17, March 7, 2005 |
Multiple Vendors
ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2 |
A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Update available at:
http://www.imagemagick.org/script/
downloads.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Currently we are not aware of any exploits for this vulnerability.
|
ImageMagick File Name Handling Remote Format String
CAN-2005-0397
|
Low/ High
(High if arbitrary code can be executed)
|
Secunia Advisory,
SA14466, March 4, 2005
Ubuntu Security Notice, USN-90-1, March 3, 2004 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0 |
Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.
SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
A Proof of Concept exploit script has been published. |
Multiple Vendors Linux Kernel IGMP Integer Underflow
CAN-2004-1137 |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
iSEC Security Research Advisory 0018, December 14, 2004
Security Focus, December 25, 2005
Secunia, SA13706, January 4, 2005
Avaya Security Advisory, ASA-2005-006, January 14, 2006
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005
Turbolinux Security Announcement , February 28, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005 |
Multiple Vendors
Linux Security Modules (LSM); Ubuntu Linux 4.1 ppc, ia64, ia32 |
A security issue in Linux Security Modules (LSM) may grant normal user processes escalated privileges. When loading the Capability LSM module as a loadable kernel module, all existing processes gain unintended capabilities granting them root privileges.
Only use the Capability LSM module when compiled into the kernel and grant only trusted users access to affected systems.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/
main/l/linux-source-2.6.8.1/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendors Linux Security Modules
Escalation Vulnerability
CAN-2004-1337
|
High |
Secunia SA13650, December 27, 2004
Ubuntu Security Notice, USN-57-1, January 9, 2005
Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005 |
Multiple Vendors
Samba 3.0 - 3.0.7; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, 2.1, ES 3, 2.1 IA64, 2.1, AS 3, 2.1 IA64, 2.1; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A buffer overflow vulnerability exists in the 'QFILEPATHINFO' request handler when constructing 'TRANSACT2_QFILEPATHINFO' responses, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.samba.org/samba/download/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
Ubuntu Upgrade samba-doc_
3.0.7-1ubuntu6.2_all.deb
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux
/TurboLinux/ia32/Server/10/updates/
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-632.html
OpenPKG:
http://www.openpkg.org/security.html
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Samba 'QFILEPATHINFO' Buffer Overflow
CAN-2004-0882
|
High |
e-matters GmbH Security Advisory, November 14, 2004
SuSE Security Announcement, SUSE-SA:2004:040, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Ubuntu Security Notice, USN-29-1, November 18, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:136, November 19, 2004
US-CERT Vulnerability Note VU#457622, November 19, 2004
Conectiva Linux Security Announcement, CLA-2004:899, November 25, 2004
Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004
Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004
Red Hat Security Advisory RHSA-2004:632-17, November 16, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004
SCO Security Advisory, SCOSA-2005.17, March 7, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0 |
Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml
Debian:
http://security.debian.org/pool/
updates/main/s/squid/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates
RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-061.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/errata/2005/0003/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Astaro:
http://www.astaro.org/showflat.php?Cat=
&Number=56136&page=0&view=collapsed
&sb=5&o=&fpart=1#56136
There is no exploit required. |
|
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA13825, January 13, 2005
Debian Security Advisory, DSA 651-1, January 20, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005
Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005
Turbolinux Security Announcement, February 17, 2005
Security Focus, 12275 & 12276, March 7, 2005
|
Multiple Vendors
Squid Web Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7 |
A vulnerability exists when using the
Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.
Patches available at:
http://www.squid-cache.org/Versions
/v2/2.5/bugs/squid-2.5.STABLE9-setcookie.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
There is no exploit code required.
|
Squid Proxy Set-Cookie Headers Information Disclosure
CAN-2005-0626
|
Medium |
Secunia Advisory, SA14451, March 3, 2005
Ubuntu Security Notice, USN-93-1 March 08, 2005 |
Multiple Vendors
Apple Mac OS X 10.2-10.2.8, 10.3 -10.3.5, OS X Server 10.2-10.2.8, 10.3 -10.3.5; Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1,
1.1.4-5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.21 |
A vulnerability exists in 'error_log' when certain methods of remote printing are carried out by an authenticated malicious user, which could disclose user passwords.
Update available at:
http://www.cups.org/software.php
Apple:
http://wsidecar.apple.com/cgi-bin/nph-
reg3rdpty1.pl/product=04829&platform=osx&
method=sa/SecUpd2004-09-30Jag.dmg
http://wsidecar.apple.com/cgi-bin/nph-
reg3rdpty1.pl/product=04830&platform=osx&
method=sa/SecUpd2004-09-30Pan.dmg
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-06.xml
Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-543.html
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
There is no exploit code required.
|
|
Medium |
Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004
Fedora Update Notification,
FEDORA-2004-331, October 5, 2004
Gentoo Linux Security Advisory, GLSA 200410-06, October 9, 2004
Debian Security Advisory, DSA 566-1, October 14, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:116, October 21, 2004
RedHat Security Advisory, RHSA-2004:543-15, October 22, 2004
US-CERT Vulnerability Note, VU#557062, November 19, 2004
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005 |
Multiple Vendors
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 |
A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/curl/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Updates available at:
http://curl.haxx.se/download/
curl-7.13.1.tar.gz
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows
CAN-2005-0490
|
High |
iDEFENSE Security Advisory , February 21, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:048, March 4, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml
KDE:
ftp://ftp.kde.org/pub/kde/security_patches/
post-3.3.1-kdegraphics.diff
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/
SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-132.html
FedoraLegacy:
http://download.fedoralegacy.org/redhat/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-213.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Currently we are not aware of any exploits for these vulnerabilities.
|
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CAN-2004-0888
CAN-2004-0889 |
High |
Security Tracker Alert ID, 1011865, October 21, 2004
Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004
Debian Security Advisory, DSA 599-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005
Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136, February 8 & 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:041-044, February 18, 2005
RedHat Security Advisory, RHSA-2005:132-09, February, 18. 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:052, March 4, 2005
RedHat Security Advisory, RHSA-2005:213-04, March 4, 2005
SGI Security Advisory, 20050204-01-U, March 7, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Gentoo Linux;
LibTIFF LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1;
RedHat Fedora Core2& Core 3;
Ubuntu Ubuntu Linux 4.1 ppc, ia64, ia32; Avaya CVLAN, Integrated Management, Intuity LX, MN100 | |
| |
