 |
Summary of Security Items from March 16 through March 22, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
asppress
ACS Blog 0.8 - 1.1b |
An input validation vulnerability has been reported that could let a remote malicious user conduct Cross-Site Scripting attacks. This is due to input validation errors in the 'search.asp' script in the 'search' parameter.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
asppress ACS Blog Cross-Site Scripting Vulnerability |
High |
Security Tracker Alert, 1013470, March 18, 2005 |
| Citrix MetaFrame Conferencing Manager 3.0 |
A vulnerability has been reported that could let a remote malicious user obtain keyboard and mouse control of a conference.
Hotfix MCM300W012 available: http://support.citrix.com/kb/
entry.jspa?externalID=CTX105574
Currently we are not aware of any exploits for this vulnerability. |
Citrix MetaFrame Conferencing Manager Access Control Vulnerability
CAN-2005-0821
|
Low |
Citrix Document ID CTX105574, February 24, 2005
|
Code Ocean
Ocean FTP Server 1.0 |
A vulnerability has been reported due to a connection handling error which could let remote users cause a Denial of Service.
Update to version 1.01:
http://www.codeocean.com/
oceanftpserver/index.html
A Proof of Concept exploit script has been published. |
Code Ocean Ocean FTP Server Multiple Connections Denial of Service |
Low |
Secunia SA14662, March 22, 2005 |
FUN Labs
4X4 Off-road Adventure III;
Cabela's Big Game Hunter 2004 Season;
Cabela's Big Game Hunter 2005;
Cabela's Dangerous Hunts;
Cabela's Deer Hunt 2005 Season;
Revolution;
Secret Service - In harm's Way;
Shadow Force: Razor Unit;
US Most Wanted: Nowhere To Hide |
A vulnerability has been reported that could let a remote malicious user cause the game service to crash or to stop accepting packets. A remote user can send an empty UDP packet or a special join packet to cause these errors.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
FUN labs Games Denial of Service Vulnerability |
Low |
Security Tracker Alert, 1013492, March 21, 2005 |
GNU
FileZilla Server prior to 0.9.6 |
Multiple vulnerabilities have been reported that could let a remote malicious user cause a Denial of Service. This is due to an error when attempting to access a file containing a reserved MS-DOS device name and an error in the transfer logic when using zlib compression.
Update to version 0.9.6:
http://sourceforge.net/project/
showfiles.php?group_id=21558
There is no exploit code required. |
GNU FileZilla Server Denial of Service Vulnerabilities |
Low |
Security Focus, 12865, March 22, 2005 |
MailEnable
MailEnable Standard 1.8 |
A vulnerability has been reported that could let remote malicious users cause a Denial of Service or execute arbitrary code. This is due to a format string error when handling command arguments in the SMTP communication.
No workaround or patch available at time of publishing.
An exploit script has been published. |
MailEnable Standard SMTP Format String Vulnerability
CAN-2005-0804
|
High |
Secunia SA14627, March 18, 2005 |
Massimiliano Montoro
Cain Abel 2.65 |
Multiple vulnerabilities have been reported, one of which, could let a remote malicious user execute arbitrary code. This is due to boundary errors which could lead to buffer overflows in IKE-PSK sniffer filter and the HTTP sniffer filter.
A fixed version (2.66) is available at: http://www.oxid.it/cain.html
Currently we are not aware of any exploits for these vulnerabilities. |
Massimiliano Montoro Cain Abel Buffer Overflow Causes Remote Code Execution |
High |
Secunia SA14630, March 18, 2005 |
Microsoft
Office InfoPath 2003 SP1 |
A vulnerability has been reported that could let a remote malicious user obtain system information and authentication data from form template files. This is because private information may be included in the form template file when the administrator creates a form and adds a connection to the database table or to a web service.
While there is no solution at this time, the vendor has issued a Knowledge Base article to describe security and privacy considerations for creating forms:
http://support.microsoft.com/kb/867443/
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Office InfoPath 2003 Information Disclosure Vulnerability
CAN-2005-0820
|
Medium |
Microsoft Knowledge Base 867443, February 22, 2005 |
Microsoft
Windows XP Home SP1
Windows XP Media Center Edition SP1
Windows XP Professional SP1
Windows XP Tablet PC Edition SP1 |
A vulnerability has been reported that could permit a local malicious user to cause a Denial of Service. This is caused when a raw IP over IP socket is created and data is transferred over the newly created socket.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Windows Local Denial Of Service Vulnerability |
Low |
Security Focus, 12870, March 22, 2005 |
Microsoft
ASP.NET 1.x |
A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema.
Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx
V1.1: Bulletin updated to include Knowledge Base
Article numbers for each individual download under Affected Products.
V1.2: Bulletin "Caveats" section has been updated to document known issues that customers may experience when installing the available security updates.
A Proof of Concept exploit has been published. |
Microsoft ASP.NET Canonicalization
CVE Name:
CAN-2004-0847
|
Medium |
Microsoft, October 7, 2004
Microsoft Security Bulletin, MS05-004, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT VU#283646
Microsoft Security Bulletin, MS05-004 V1.1, February 15, 2005
Microsoft Security Bulletin, MS05-004 V1.2, March 16, 2005 |
Microsoft
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
|
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. This is due to an error when processing EMF (Microsoft Enhanced Metafile) files in the
'GetEnhMetaFilePaletteEntries()' API in 'GDI32.DLL.'
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows EMF File Denial of Service Vulnerability
CAN-2005-0803
|
Low |
Secunia SA14631, March 18, 2005 |
Microsoft
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server
Edition SP6a,
Windows 2000 Server SP3 & SP4, Windows 2003,
Windows 2003 for Itanium-based Systems
Windows Advanced Server SP4
|
A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx
V1.1: Bulletin updated to reflect a revised “Security Update Information” section for Windows Server 2003
Windows 2000 Advanced Server vulnerable if Service Pack 4 not installed separately.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows License Logging Service Buffer Overflow
CAN-2005-0050
|
Low/High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin, MS05-010, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT VU#130433
Microsoft Security Bulletin, MS05-010 V1.1, February 23, 2005
Immunity, Inc. Advisory, March 16, 2005 |
Notify Technology
NotifyLink Enterprise Server |
Multiple vulnerabilities have been reported that could let a remote malicious user obtain sensitive information, bypass certain security restrictions, and conduct SQL injection attacks. These vulnerabilities are caused because administrative users can view other users' private credentials or disable functions for users via the web interface but functions are still accessible via the URL. Also, certain input is not properly validated before being used in an SQL query and AES keys can be obtained by submitting a special POST request.
Update to version 3.0 or later and configure NotifyLink to use "Manual Key Generation".
There is no exploit code required. |
|
High |
Secunia SA14617, March 18, 2005
US-CERT VU#770532
US-CERT VU#131828
US-CERT VU#264097
US-CERT VU#581068 |
Oleh Yuschuk
OllyDbg 1.10 and prior |
A vulnerability has been reported in OllyDbg that could let a remote malicious user cause a Denial of Service. This is due to a flaw when loading a special DLL filename as a process.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Oleh Yuschuk OllyDbg Error in Loading Causes Denial of Service Vulnerability |
Low |
Security Focus,12850, March 19, 2005 |
ThePoolClub
iPool 1.6.81 and prior |
A vulnerability has been reported that could let a local malicious user obtain passwords. This is because the software stores user passwords in clear text in the 'Program Files\ThePoolClub\iPool\MyDetails.txt' file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
ThePoolClub iPool Information Disclosure Vulnerability
CAN-2005-0823
|
Medium |
Security Tracker Alert, 1013458
Date: March 16 2005
|
ThePoolClub
iSnooker 1.6.81 and prior |
A vulnerability has been reported that could let a local malicious user obtain passwords. This is because the software stores user passwords in clear text in the 'Program Files\TheSnookerClub\iSnooker\ MyDetails.txt' file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
ThePoolClub iSnooker Information Disclosure Vulnerability
CAN-2005-0823
|
Medium |
Security Tracker Alert, 1013459, March 16, 2005 |
Webroot Software
My Firewall Plus 5.0 (build 1117) |
A vulnerability has been reported that could let local malicious users change the content of arbitrary files. This is because the Log Viewer's export functionality saves log files without first dropping its privileges.
Update to version 5.0 (build 1119) or apply patch: http://www.webroot.com/
services/mfp_patch.exe
Currently we are not aware of any exploits for this vulnerability. |
Webroot Software My Firewall Plus Arbitrary File Corruption Vulnerability
CAN-2005-0515
|
Medium |
Secunia SA13577, March 18, 2005 |
Woodstone bvba
Servers Alive 4.1, 5.0 |
A vulnerability has been reported in the Help function that could let a local malicious user can gain system privileges and execute arbitrary files. This is because a local user can open a help file in Notepad with system privileges. The user can then open 'cmd.exe.'
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Woodstone Servers Alive Help Function Escalated Privilege Vulnerability
CAN-2005-0352 |
High |
Security Focus, 12822, March 16, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apache Software Foundation
Apache 2.0.35-2.0.52 |
A vulnerability exists when the 'SSLCipherSuite' directive is used in a directory or location context to require a restricted set of cipher suites, which could let a remote malicious user bypass security policies and obtain sensitive information.
OpenPKG:
ftp://ftp.openpkg.org/release/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-21.xml
Slackware:
ftp://ftp.slackware.com/pub/
slackware/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Mandrake:
http://www.mandrakesoft.com/
security/advisories
Fedora:
http://download.fedora.redhat.
com/pub/fedora
/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-562.html
SuSE: In the process of releasing packages.
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-600.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-010_RHSA-2004-600.pdf
VMware:
http://www.vmware.com
/download/esx/
HP:
http://itrc.hp.com/service/cki/
docDisplay.do?docId=
HPSBUX01123
There is no exploit code required.
|
|
Medium |
OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004
Gentoo Linux Security Advisory, GLSA 200410-21, October 22, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:122, November 2, 2004
Conectiva Linux Security Announcement, CLA-2004:885, November 4, 2004
Fedora Update Notification,
FEDORA-2004-420, November 12, 2004
RedHat Security Advisory, RHSA-2004:562-11, November 12, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
RedHat Security Advisory, RHSA-2004:600-12, December 13, 2004
Avaya Security Advisory, ASA-2005-010, January 14, 2005
WMware Advisory, January 14, 2005
HP Security Advisory, HPSBUX01123 , March 22, 2005 |
Apple
Mac OS X 10.3-10.3.8, Mac OS X Server 10.3-10.3.8 |
Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a memory access error on the AFP server; a vulnerability has been reported in the permission settings in the directories used by the installer's receipt cache and system-level ColorSync profiles because they are configured with world-writable permissions, which could let a malicious user obtain elevated privileges; a vulnerability has been reported in the Bluetooth Setup Assistant application which could let a remote malicious user bypass security restrictions; a vulnerability has been reported due to insufficient validation of file permissions when accessing Drop Boxes, which could let a remote malicious user obtain sensitive information; and a buffer overflow vulnerability has been reported when handling 'CF_CHARSET_PATH' environment variables in the Core Foundation library, which could let a malicious user execute arbitrary code.
Updates available at:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
An exploit script has been published. |
|
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005 |
Carnegie Mellon University
Cyrus IMAP Server 2.2.9 and prior versions |
A vulnerability exists in the mysasl_canon_user() function that could allow a remote user to execute arbitrary code on the target system. An off-by-one error exists in the mysasl_canon_user() function that may result in an unterminated user name string. A remote user may be able to trigger the buffer overflow to execute arbitrary code on the target system with the privileges of the target IMAP process.
The vendor has issued a fixed version (2.2.10), available at: ftp://ftp.andrew.cmu.edu/pub/
cyrus-mail/
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
Currently we are not aware of any exploits for this vulnerability. |
Carnegie Mellon Cyrus IMAP Server Off-by-one Overflow
CAN-2004-1067 |
High |
SecurityTracker Alert ID: 1012474, December 10, 2004
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005
|
Carnegie Mellon University
Cyrus IMAP Server 2.x
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.
Update available at:
http://ftp.andrew.cmu.edu/pub/
cyrus/cyrus-imapd-2.2.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory,
SA14383, February 24, 2005
Gentoo Linux Security Advisory, GLSA 200502-29, February 23, 2005
SUSE Security Announcement, SUSE-SA:2005:009, February 24, 2005
Ubuntu Security Notice USN-87-1, February 28, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:051, March 4, 2005
Conectiva Linux Security Announcement, CLA-2005:937, March 17, 2005 |
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-05.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-546.html
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Debian:
http://security.debian.org/pool/
updates/main/c/cyrus-sasl/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
OpenPGK:
ftp ftp.openpkg.org
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
Currently we are not aware of any exploits for these vulnerabilities.
|
|
|
Security Tracker Alert ID: 1011568, October 7, 2004
Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12, 14, & 16, 2004
Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004
OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Announcement, SUSE-SA:2005:013, March 3, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:054, March 16, 2005
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005
|
Glyph and Cog
XPDF prior to 3.00pl3 |
A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.foolabs.com/xpdf/
download.html
Patch available at:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl3.patch
Debian:
http://security.debian.org/pool/
updates/main/c/cupsys/
http://security.debian.org/pool/
updates/main/x/xpdf/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates
Gentoo:
http://security.gentoo.org/glsa/
KDE:
ftp://ftp.kde.org/pub/kde/
security_patches
Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Mandrake:
http://www.mandrakesecure.net
/en/ftp.php
SUSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/1/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-10.xml
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-026.html
Currently we are not aware of any exploits for this vulnerability. |
Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow
CAN-2005-0064
|
High |
iDEFENSE Security Advisory, January 18, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
Gentoo Linux Security Advisory, GLSA 200502-10, February 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005
SUSE Security Announcement, SUSE-SA:2005:015, March 14, 2005
RedHat Security Advisory, RHSA-2005:026-15, March 16, 2005
SuSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005
|
GNU
Lysator LSH 1.5-1.5.5, 2.0 |
A remote Denial of Service vulnerability has been reported due to an unspecified error.
Upgrades available at:
http://www.lysator.liu.se/~nisse/
archive/
Patch available at:
ftp://ftp.lysator.liu.se/pub/security/
lsh/lsh-2.0-2.0.1.diff.gz
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia Advisory,
SA14609, March 17, 2005 |
GNU
Xpdf prior to 3.00pl2 |
A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.
A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/
download.html
A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch
KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt
Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core
/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/
Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:165
Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:163
Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:162
Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:161
Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:166
Debian:
http://www.debian.org/
security/2004/dsa-619
Fedora (update for tetex):
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-13.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SuSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/1/updates/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-026.html
Currently we are not aware of any exploits for this vulnerability. |
GNU Xpdf Buffer Overflow in doImage()
CAN-2004-1125 |
High |
iDEFENSE Security Advisory 12.21.04
KDE Security Advisory, December 23, 2004
Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004
Fedora Update Notification,
FEDORA-2004-585, January 6, 2005
Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Avaya Security Advisory, ASA-2005-027, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005
SUSE Security Announcement, SUSE-SA:2005:015, March 14, 2005
RedHat Security Advisory, RHSA-2005:026-15, March 16, 2005
SuSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005
|
Grip
Grip 3.1.2, 3.2 .0 |
A buffer overflow vulnerability has been reported in the CDDB protocol due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-21.xml
Currently we are not aware of any exploits for this vulnerability. |
|
Low/
High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005-202 & 203, March 9, 2005
Gentoo Linux Security Advisory, GLSA 200503-21, March 17, 2005 |
Hiroyuki Yamamoto
Sylpheed 0.8.11, 0.9.4-0.9.12, 0.9.99, 1.0 .0-1.0.2 |
A buffer overflow vulnerability exists in certain headers that contain non-ASCII characters, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sylpheed.good-day.net/
sylpheed/v1.0/sylpheed-
1.0.3.tar.gz
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-303.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-26.xml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Tracker Alert, 1013376, March 4, 2005
Fedora Update Notification,
FEDORA-2005-211, March 15, 2005
RedHat Security Advisory, RHSA-2005:303-05, March 18, 2005
Gentoo Linux Security Advisory, GLSA 200503-26, March 20, 2005 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=24099
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-11.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
SUSE:
ftp://ftp.SUSE.com/pub/
SUSE/i386/update/
Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:143
(Red Hat has re-issued it's update.)
http://rhn.redhat.com/errata/
RHSA-2004-480.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Tracker Alert ID, 1011946, October 26, 2004
Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004
Debian Security Advisory DSA 593-1, November 16, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004
Mandrakesoft Security Advisory, MDKSA-2004:143, December 6, 2004
Red Hat Security Advisory, RHSA-2004:636-03, December 8, 2004
Turbolinux Security Advisory, TLSA-2005-7, January 26, 2005
Fedora Update Notification,
FEDORA-2005-221, March 15, 2005 |
Initial Redirect
Squid Proxy Plug-In 0.1, 0.2 |
A buffer overflow vulnerability has been reported due to a failure to copy user-supplied data securely, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Upgrades available at:
http://www.vanheusden.com/
ir/ir-0.3.tgz
Currently we are not aware of any exploits for this vulnerability. |
|
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 12827, March 17, 2005 |
John Bradley
XV 3.10 a |
A format string vulnerability exists in a formatted printing function due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-09.xml
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
|
Low/ High
(High if arbitrary code can be executed)
|
Gentoo Linux Security Advisory, GLSA 200503-09, March 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005 |
KDE
KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2 |
A Denial of Service vulnerability has been reported in the Desktop Communication Protocol (DCOP) daemon due to an error in the authentication process
Upgrade available at:
http://www.kde.org/download/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-22.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
KDE Security Advisory, March 16, 2005 |
KDE
kdelibs 3.3.2 |
A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.
Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-14.xml
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200503-14, March 7, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:058, March 16, 2005
|
Marc Lehmann
rxvt-unicode prior to 5.3
|
A buffer overflow vulnerability has been reported in 'command.c,' which could let a remote malicious user execute arbitrary code.
Update available at:
http://dist.schmorp.de/rxvt-unicode/
rxvt-unicode-5.3.tar.bz2
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-23.xml
Currently we are not aware of any exploits for this vulnerability. |
Marc Lehmann rxvt-unicode 'command.c' Remote Buffer Overflow
CAN-2005-0764
|
High |
Secunia Advisory: SA14562, March 15, 2005
Gentoo Linux Security Advisory, GLSA 200503-23, March 20, 2005 |
MIT
Kerberos 5 krb5-1.3.5 & prior; Avaya S8700/S8500/S8300 (CM2.0 and later), MN100, Intuity LX 1.1- 5.x, Modular Messaging MSS |
A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code.
A patch is available at:
http://web.mit.edu/kerberos/
advisories/2004-004-patch
_1.3.5.txt
Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200501-05.xml
Debian:
http://security.debian.org/pool/
updates/main/k/krb5/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu
/pool/main/k/krb5/
Avaya:
http://support.avaya.com
/elmodocs2/security/
ASA-2005-036_
RHSA-2005-012.pdf
Sun:
http://sunsolve.sun.com
/search/document.do?
assetkey=1-26-57712-1
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1012640, December 20, 2004
Gentoo GLSA 200501-05, January 5, 2005
Ubuntu Security Notice, USN-58-1, January 10, 2005
Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005
Avaya Security Advisory, ASA-2005-036, February 7, 2005
Sun(sm) Alert Notification, 57712, February 25, 2005
Turbolinux Security Advisory, TLSA-2005-34, March 17, 2005
|
Mozilla.org
Firefox 1.0 |
A vulnerability exists because a predictable name issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.
Update available at:
http://www.mozilla.org/products/
firefox/all.html
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
An exploit has been published.
|
Mozilla Firefox Predictable Plugin Temporary Directory
CAN-2005-0578
|
Low/Medium
(Medium if user/system information can be modified)
|
Mozilla Foundation Security Advisory, 2005-28, February 25, 2005
SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005 |
Multiple BSD Vendors
FreeBSD 4.10-PRERELEASE, 1.1.5 .1, 2.0, 2.0.5, 2.1 x, 2.1, 2.1.5-2.1.7 .1, 2.2 x, 2.2, 2.2.2- 2.2.6, 2.2.8, 3.0 -RELENG, 3.0, 3.1 x, 3.1, 3.2 x, 3.2, 3.3 x, 3.3, 3.4 x, 3.4, 3.5 x, 3.5 -STABLEpre122300, 3.5 -STABLEpre050201, 3.5 -STABLE, 3.5, 3.5.1 -STABLEpre2001-07-20, 3.5.1 -STABLE, 3.5.1 -RELEASE, 3.5.1, 4..x,
4.0 -RELENG, 4.0 alpha, 4.0, 4.1, 4.1.1 -STABLE, 4.1.1 -RELEASE, 4.1.1, 4.2 -STABLEpre122300, 4.2 -STABLEpre050201, 4.2 -STABLE, 4.2 -RELEASE, 4.2, 4.3 -STABLE, 4.3 -RELENG, 4.3 -RELEASE-p38, 4.3 -RELEASE, 4.3, 4.4 -STABLE, 4.4 -RELENG, 4.4 -RELEASE-p42, 4.4, 4.5 -STABLEpre2002-03-07, 4.5 -STABLE, 4.5 -RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, 4.6 -RELENG, 4.6 -RELEASE-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7 -RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG, 4.8 -RELEASE-p7, 4.8 -PRERELEASE, 4.8, 4.9 -RELENG, 4.9 -PRERELEASE, 4.9, 4.10 -RELENG, 4.10 -RELEASE, 4.10, 5.0 -RELENG, 5.0 -RELEASE-p14, 5.0 alpha, 5.0, 5.1 -RELENG, 5.1 -RELEASE/Alpha, 5.1 -RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2, 5.2.1 -RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3;
NetBSD 1.0, 1.1, 1.2, 1.2.1, 1.3-1.3.3, 1.4 , x86, SPARC, arm32, Alpha, 1.4.1, x86,
SPARC, sh3, arm32, Alpha, 1.4.2, x86, SPARC, arm32, Alpha, 1.4.3, 1.5, x86, sh3, 1.5.1-1.5.3, 1.6, beta, 1.6.1, 1.6.2, 2.0;
OpenBSD 2.0-2.9, 3.0-3.6 |
A vulnerability has been reported in the 'copyout()' function due to insufficient sanitization of the destination argument, which could let a remote malicious user corrupt kernel memory.
OpenBSD:
ftp://ftp.openbsd.org/pub/
OpenBSD/patches/3.5/
i386/028_locore.patch
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Security Focus, 12825, March 16, 2005 |
Multiple Vendors
Bernd Johanness Wueb kppp 1.1.3;
KDE KDE 1.1-1.1.2, 1.2, 2.0 BETA, 2.0-2.2.2, 3.0-3.0.5, 3.1-3.1.5, KDE KPPP 2.1.2 |
A vulnerability exists due to a file descriptor leak, which could let a malicious user obtain sensitive information.
Patch available at:
ftp://ftp.kde.org/pub/kde/security
_patches
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-175.html
Debian:
http://security.debian.org/pool/
updates/main/k/kdenetwork/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
There is no exploit code required.
|
KPPP Privileged File Descriptor Information Disclosure
CAN-2005-0205
|
Medium |
iDEFENSE Security Advisory, February 28, 2005
RedHat Security Advisory, RHSA-2005:175-06, March 3, 2005
Debian Security Advisory, DSA 692-1, March 8, 2005
Conectiva Linux Security Announcement, CLSA-2005:934, March 16, 2005 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.1.7, 2.1.9, 2.1.10, 2.1.16, 2.2 .0 ALPHA, 2.2.1 BETA, 2.2.2 BETA, 2.2.3-2.2.8; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0-2.2;
Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PROXY' and 'LOGIN' commands if the 'IMAPMAGICPLUS' option is enabled, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument parser for the 'PARTIAL' command, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument handler for the 'FETCH' command, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handler for the 'APPEND' command, which could let a remote malicious user execute arbitrary code.
Carnegie Mellon University:
ftp://ftp.andrew.cmu.edu/
pub/cyrus/
Debian:
http://security.debian.org/
pool/updates
/main/c/cyrus-imapd/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-34.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main
/c/cyrus21-imapd/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedora.redhat.
com/pub
/fedora/linux/core/updates/
OpenPKG:
ftp://ftp.openpkg.org/release/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Securiteam, November 23, 2004
Debian Security Advisory, DSA 597-1, November 25, 2004
Gentoo Linux Security Advisory, GLSA 200411-34, November 25, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:139, November 26, 2004
Trustix Secure Linux Advisory, TSL-2004-0063. November 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.051, November 29, 2004
Conectiva Linux Security Announcement, CLA-2004:904, December 1, 2004
Fedora Update Notifications,
FEDORA-2004-487 & 489, December 1, 2004
SUSE Security Announcement, SUSE-SA:2004:043, December 3, 2004
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.2.9 & prior |
A buffer overflow vulnerability exists in the 'imap magic plus' support code, which could let a remote malicious user execute arbitrary code.
Update available at:
http://asg.web.cmu.edu/
cyrus/download/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-34.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Fedora:
http://download.fedora.
redhat.com/
pub/fedora/linux/core/updates/
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=a
&anuncio=000904
SUSE:
ftp.SUSE.com/pub/SUSE
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors Cyrus IMAP 'imap magic plus' Buffer Overflow
CAN-2004-1015 |
High |
Gentoo Linux Security Advisory, GLSA 200411-34, November 25, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:139, November 26, 2004
Secunia SA13349, December 2, 2004
Secunia Advisory ID: SA13346, December 2, 2004
Secunia Advisory ID: 13366, December 6, 2004
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005
|
Multiple Vendors
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
|
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mailman/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-29.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool/
updates/main/m/mailman/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-235.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
SecurityTracker, January 12, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005
SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005
Debian Security Advisory, DSA 674-3, February 21, 2005
RedHat Security Advisory, RHSA-2005:235-05, March 21, 2005 |
Multiple Vendors
Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6 |
A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-38.xml
Debian:
http://security.debian.org/pool
/updates/main/p/perl/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Ubuntu Security Notice, USN-94-1 March 09, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005
Debian Security Advisory, DSA 696-1 , March 22, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11 |
Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities. |
Linux Kernel Multiple ISO9660 Filesystem Handling Vulnerabilities
CAN-2005-0815
|
High |
Security Focus, 12837, March 18, 2005 |
Multiple Vendors
nfs-utils 1.0.6 |
A vulnerability exists due to an error in the NFS statd server in 'statd.c' where the 'SIGPIPE' signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely.
Upgrade to 1.0.7-pre1:
http://sourceforge.net/project/
showfiles.php?group_id=14&
package_id=174
Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:146
Debian:
http://www.debian.org/security/
2004/dsa-606
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-583.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors nfs-utils 'SIGPIPE' TCP Connection Termination Denial of Service
CAN-2004-0946
CAN-2004-1014
|
Low |
Secunia Advisory ID, SA13384, December 7, 2004
Debian Security Advisory
DSA-606-1 nfs-utils, December 8, 2004
Red Hat Security Advisory, RHSA-2004:583-09, December 20, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:005, January 12, 2005
US-CERT
VU#698302
Turbolinux Security Advisory, TLSA-2005-33, March 17, 2005 |
Multiple Vendors
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 |
A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/curl/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Updates available at:
http://curl.haxx.se/download/
curl-7.13.1.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-20.xml
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows
CAN-2005-0490
|
High |
iDEFENSE Security Advisory , February 21, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:048, March 4, 2005
Gentoo Linux Security Advisory, GLSA 200503-20, March 16, 2005
Conectiva Linux Security Announcement, CLA-2005:940, March 21, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml
KDE:
ftp://ftp.kde.org/pub/kde/
security_patches/
post-3.3.1-kdegraphics.diff
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/
SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-132.html
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-213.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
SUSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for these vulnerabilities.
|
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CAN-2004-0888
CAN-2004-0889 |
High |
Security Tracker Alert ID, 1011865, October 21, 2004
Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004
Debian Security Advisory, DSA 599-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005
Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136, February 8 & 9, 2005
Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
Mandrakelinux Security Update Advisories, MDKSA-2005:041-044, February 18, 2005
RedHat Security Advisory, RHSA-2005:132-09, February, 18. 2005
Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:052, March 4, 2005
RedHat Security Advisory, RHSA-2005:213-04, March 4, 2005
SGI Security Advisory, 20050204-01-U, March 7, 2005
SUSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005 |
Multiple Vendors
Gentoo Linux;
GNU Mailman 2.1-2.1.5; RedHat Fedora Core3 & Core2; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A Directory Traversal vulnerability exists in 'private.py' due to an input validation error, which could let a remote malicious user obtain sensitive information.
Debian:
http://security.debian.org/pool/
updates/main/m/mailman/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-11.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-136.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 674-1, February 10, 2005
Ubuntu Security Notice USN-78-1, February 10, 2005
Fedora Update Notifications
FEDORA-2005-131 & 132, February 10, 2005
Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005
RedHat Security Advisory, RHSA-2005:136-08, February 10, 2005
Fedora Update Notifications,
FEDORA-2005-131 & 132, February 10, 2005
Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005
Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005
SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:037, February 14, 2005
Ubuntu Security Notice, USN-78-2 , February 17, 2005
Debian Security Advisory, DSA 674-3, February 21, 2005
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005 |
Multiple Vendors
Gentoo Linux;
Lgames LTris 1.0.1 |
A buffer overflow vulnerability has been in reported in 'chart.c' due to a boundary error when handling the highscore lists, which could let a remote malicious user execute arbitrary code.
Upgrade available at:
http://lgames.sourceforge.net/
download.php?project=LTris&
url=SOURCEFORGE/
lgames/ltris-1.0.10.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-24.xml
Currently we are not aware of any exploits for this vulnerability. |
Lgames LTris Local Global High Score File Buffer Overflow
CAN-2005-0825
|
High |
Secunia Advisory, SA14635, March 21, 2005
Gentoo Linux Security Advisory, GLSA 200503-24, March 20, 2005 |
Multiple Vendors
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing |
A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are not properly processed, which could let a remote malicious user execute arbitrary code with root privileges.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Trustix:
http://http.trustix.org/pub/trustix/
updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005
-016RHSA-2006-017RHSA-
2005-043.pdf
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Another exploit script has been published. |
|
High |
iSEC Security Research Advisory, January 7, 2005
Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
PacketStorm, January 27, 2005
Avaya Security Advisory, ASA-2005-034, February 8, 2005
Ubuntu Security Notice, USN-57-1,
February 9, 2005
RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005
Fedora Legacy
Update Advisory, FLSA:2336,
February 24, 2005
SUSE Security Announcement,
SUSE-SA:2005:010, February 25, 2005
Turbolinux Security Announcement , February 28, 2005
Conectiva Linux Security Announcement,
CLA-2005:930,
March 7, 2005 |
Multiple Vendors
Linux kernel 2.6 .10,
Linux kernel 2.6 -test1-test11, 2.6-2.6.8 |
A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel Netfilter Memory Leak Denial of Service
CAN-2005-0210
|
Low |
Ubuntu Security Notice, USN-95-1 March 15, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1 rc1&rc2, 2.6.1-2.6.8 |
A remote Denial of Service vulnerability has been reported in the Point-to-Point Protocol (PPP) Driver.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Trustix:
http://http.trustix.org/pub/
trustix/updates
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-95-1 March 15, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.11 |
A vulnerability has been reported in 'SYS_EPoll_Wait' due to a failure to properly handle user-supplied size values, which could let a malicious user obtain elevated privileges.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1
An exploit script has been published. |
|
Medium |
Security Focus, 12763, March 8, 2005
Ubuntu Security Notice, USN-95-1 March 15, 2005
Security Focus, 12763, March 22, 2005 |
Multiple Vendors
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0 x86_64, 9.0-9.2; Wietse Venema Postfix 2.1.3 |
A vulnerability exists because arbitrary mail with an IPv6 address can be sent to any MX host, which could let a remote malicious user bypass security.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/postfix/
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-152.html
There is no exploit code required. |
|
Medium |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Ubuntu Security Notice, USN-74-2, February 4, 2005
RedHat Security Advisory, RHSA-2005:152-04, March 16, 2005 |
Multiple Vendors
X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, | |
| |
