Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB05-089archive

Summary of Security Items from March 23 through March 29, 2005

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Vulnerabilities

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adventia

Adventia Chat 3.1, Adventia Chat Server Pro 3.0

A vulnerability has been reported that could let a remote user conduct Cross-Site Scripting attacks. This is because the server permits users to submit HTML code into chat sessions by default.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Adventia Chat Cross-Site Scripting Vulnerabilities

CAN-2005-0919

 
High
 Security Focus, Bugtraq ID 12927, March 29, 2005

Bugtracker.NET

Bugtracker.NET 2.0.1

 A vulnerability was reported that could let a remote malicious user conduct SQL Injection attacks.

A fixed version (2.0.2) is available:
http://prdownloads.sourceforge.net
/btnet/btnet_2_0_2.zip?download

No exploit is required.

Bugtracker.NET Unspecified SQL Injection Vulnerabilities

CAN-2005-0920
High
 Security Focus, Bugtraq ID 12925, March 29, 2005

Cerulean Studios

Trillian 2.0, 3.0 and 3.1

A buffer overflow vulnerability was reported in processing HTTP 1.1 response headers that could let a remote server execute arbitrary code. The AIM, Yahoo, MSN, and RSS plugins are affected.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Cerulean Studios Trillian Remote Code Execution Vulnerability

CAN-2005-0874
CAN-2005-0875
High
 LogicLibrary BugScan Vulnerability Summary Report
Trillian 2.0, 3.0 and 3.1, March 23, 2005

M.Dev Software

ZipGenius 5.5

A directory traversal vulnerability was reported that could let a remote malicious user create a zip file that, when uncompressed, will create files in arbitrary directories on the target system. This is because of filenames in zip archives are not properly validated.

A fixed version (6 Beta) is available: http://www.zipgenius.it

A Proof of Concept exploit has been published.

M. Dev Software ZipGenius Remote File Creation Vulnerability

CAN-2005-0329
Medium
 Security Tracker Alert ID: 1013542, March 24, 2005

Microsoft

Outlook 2002 Connector For IBM Lotus Domino

A vulnerability has been reported that could let a malicious user bypass policy. This is because the application saves login credentials locally even when a Group policy is in place to prevent this.

A hotfix is available: http://support.microsoft.com/kb/888991

No exploit is required.

Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability

CAN-2005-0921
Medium
 Security Focus, Bugtraq ID 12913, March 28, 2005

Microsoft

Windows XP SP1

A vulnerability was reported that could let a remote authenticated malicious user cause a Denial of Service. This is because of improper validation during the 'Force shutdown from a remote system' process.

A solution is available: http://support.microsoft.com/kb/889323/

A Proof of Concept exploit has been published.

Microsoft Windows Remote Desktop 'TSShutdn.exe' Denial of Service Vulnerability

CAN-2005-0904
Low
 Security Tracker Alert ID: 1013552, March 24, 2005

Mysoft Technology

Maxthon (MyIE2) 1.2.0

A vulnerability was reported that could let malicious users access potentially sensitive information. This is due to an error in the API for plug-ins where search bar data is not properly protected.

Update to version 1.2.1: http://www.maxthon.com/download.htm

A Proof of Concept exploit has been published.

Mysoft Technology Maxthon "m2_search_text" Information Disclosure Vulnerability

CAN-2005-0905
Medium
 Secunia SA14712, March 28, 2005

Nortel

Nortel Contivity VPN Client 5.01

A vulnerability has been reported that could let a local malicious user obtain the password. This is because of the way the VPN client software stores the VPN password in process memory. A local user with access to the 'Extranet.exe' process memory can recover the user or group password.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Nortel Contivity VPN Client Password Disclosure Vulnerability

CAN-2005-0844
High
 Security Tracker Alert ID: 1013512, March 22, 2005

Symantec

Norton System Works 2004 and 2005,

Norton Internet Security 2004 and 2005,

Norton AntiVirus 2004 and 2005

Two vulnerabilities were reported in the AutoProtect feature that could let a malicious user create a file or modify a filename to cause a Denial of Service. A user can create a special file of a specific file type that when scanned by the AutoProtect feature will cause a Denial of Service. Also, if a certain type of shared file has its filename modified, the SmartScan analysis of the filename modification may cause a Denial of Service.

A fix is available via LiveUpdate.

Currently we are not aware of any exploits for these vulnerabilities.

Symantec Multiple Products AutoProtect Errors Denial of Service Vulnerability

CAN-2005-0922
CAN-2005-0923

Low
 Symantec Advisory, SYM05-006
March 28, 2005

Uapplication

Ublog 1.0, 1.0.3, 1.0.4

A vulnerability has been reported that could let a remote malicious user conduct Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Uapplication Ublog Cross-Site Scripting Vulnerability

CAN-2005-0925
High
 Security Focus, Bugtraq ID 12931, March 29, 2005

Ubisoft

The Settlers: Heritage of Kings 1.02 and prior

A buffer overflow vulnerability was reported that could let a remote malicious user compromise a vulnerable system.

Upgrade to Version 1.03.

A Proof of Concept exploit has been published.

Ubisoft The Settlers: Heritage of Kings Player Logging Buffer Overflow Vulnerability

CAN-2005-0906
Not Specified
 Secunia SA14762, March 29, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Apple

Safari 1.2.5

A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.

Update available at:
http://docs.info.apple.com/
article.html?artnum=301061

A Proof of Concept exploit has been published.

Apple Safari IDN Implementation
URL Spoof

CAN-2005-0234

 
Medium

Secunia Advisory,
SA14164, February 7, 2005

US-CERT VU#273262

Carnegie Mellon University

Cyrus IMAP Server 2.x

 

 Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.

Update available at:
http://ftp.andrew.cmu.edu/pub/
cyrus/cyrus-imapd-2.2.11.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

Currently we are not aware of any exploits for these vulnerabilities.

Cyrus IMAP Server Multiple Remote Buffer Overflows

CAN-2005-0546
High

Secunia Advisory,
SA14383, February 24, 2005

Gentoo Linux Security Advisory, GLSA 200502-29, February 23, 2005

SUSE Security Announcement, SUSE-SA:2005:009, February 24, 2005

Ubuntu Security Notice USN-87-1, February 28, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:051, March 4, 2005

Conectiva Linux Security Announcement, CLA-2005:937, March 17, 2005

ALTLinux Security Advisory, March 29, 2005

Dnsmasq

Dnsmasq 2.0-2.20

 Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported due to an off-by-one error when reading the DHCP lease file, which could let a remote malicious user cause a Denial of Service; and a vulnerability has been reported when receiving DNS replies due to insufficient validation, which could let a remote malicious user poison the DNS cache.

Upgrades available at:
http://www.thekelleys.org.uk/dnsmasq/
dnsmasq-2.21.tar.gz

Currently we are not aware of any exploits for these vulnerabilities.

Dnsmasq Multiple Remote Vulnerabilities

CAN-2005-0876
CAN-2005-0877

Low/ Medium

(Medium if the DNS cache can be poisoned)

Security Focus, 12897, March 25, 2005

Esmistudio.com

PayPal Storefront 1.7

 Multiple vulnerabilities have been reported: a vulnerability has been reported in the 'pages.php' and 'products1.php' scripts due to insufficient validation of user-supplied data, which could let a remote malicious user execute arbitrary SQL commands; and a Cross-Site Scripting vulnerability has been reported in the 'products1h.php' script due to insufficient validation of the 'id' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

ESMI PayPal Storefront SQL Injection &
Cross-Site
Scripting

CAN-2005-0935
CAN-2005-0936

High
 Dcrab 's Security Advisory, March 25, 2005

Ethereal Group

Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8

 Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.

Ethereal:
http://www.ethereal.com/download.html

Debian:
http://security.debian.org/pool/
updates/main/e/ethereal/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-27.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

SGI:
ftp://oss.sgi.com/projects/sgi_
propack/download/3/updates/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Currently we are not aware of any exploits for these vulnerabilities.

Low/High

(High if arbitrary code can be executed)

Security Tracker Alert, 1012962, January 21, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

GNU

sharutils 4.2, 4.2.1

Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-01.xml

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/

We are not aware of any exploits for this vulnerability.

GNU Sharutils Multiple Buffer Overflow

CAN-2004-1773

Low/High

(High if arbitrary code can be executed)

Gentoo Linux Security Advisory, GLSA 200410-01, October 1, 2004

Fedora Legacy Update Advisory, FLSA:2155, March 24, 2005

Ubuntu Security Notice, USN-102-1 March 29, 2005

Greg A. Woods

Smail-3 3.2.0.120

 Multiple vulnerabilities have been reported: a vulnerability has been reported in 'addr.c' due to a heap overflow, which could let a remote malicious user execute arbitrary code with root privileges; and a vulnerability has been reported in 'modes.c' due to insecure handling of heap memory by signal handlers, which could let a malicious user execute arbitrary code with root privileges.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Smail-3 Multiple Remote and Local Vulnerabilities

CAN-2005-0892
CAN-2005-0893

High
 Security Tracker Alert, 1013564, March 27, 2005

Grip

Grip 3.1.2, 3.2 .0

 A buffer overflow vulnerability has been reported in the CDDB protocol due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-21.xml

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-304.html

Currently we are not aware of any exploits for this vulnerability.

Grip CDDB Query Buffer Overflow

CAN-2005-0706

Low/
High

(High if arbitrary code can be executed)

Fedora Update Notifications,
FEDORA-2005-202 & 203, March 9, 2005

Gentoo Linux Security Advisory, GLSA 200503-21, March 17, 2005

RedHat Security Advisory, RHSA-2005:304-08, March 28, 2005

ImageMagick

ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0 , 5.4.8, 5.5.3 .2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0, 6.0.1

 Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported in the decoder due to a failure to handle malformed TIFF tags; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed TIFF images; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed PSD files; and a buffer overflow vulnerability has been reported in the SGI parser, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.imagemagick.org/
script/download.php?

SuSE:
ftp://ftp.suse.com/pub/suse

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-070.html

Currently we are not aware of any exploits for these vulnerabilities.

ImageMagick
Multiple Remote Vulnerabilities

CAN-2005-0759
CAN-2005-0760
CAN-2005-0761
CAN-2005-0762

Low/ High

(High if arbitrary code can be executed)

Security Tracker Alert, 1013550, March 24, 2005

J. Schilling

CDRTools 2.0

 A vulnerability has been reported in cdrecord due to insecure creation of various files, which could let a malicious user corrupt arbitrary files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cdrtools/

There is no exploit code required.

CDRTools
CDRecord
Insecure File
Creation

CAN-2005-0866
Medium
 Ubuntu Security Notice USN-100-1, March 24, 2005

KDE

KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2

A Denial of Service vulnerability has been reported in the Desktop Communication Protocol (DCOP) daemon due to an error in the authentication process

Upgrade available at:
http://www.kde.org/download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-22.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-325.html

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

KDE DCOPServer Local Denial of Service

CAN-2005-0396
Low

KDE Security Advisory, March 16, 2005

Fedora Update Notifications,
FEDORA-2005-244 & 245, March 23, 2005

RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005

ALTLinux Security Advisory, March 29, 2005

KDE

kdelibs 3.3.2

A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.

Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-14.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-325.html

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

KDE
'DCOPIDLING' Library

CAN-2005-0365

Medium

Security Focus, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005

Gentoo Linux Security Advisory, GLSA 200503-14, March 7, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:058, March 16, 2005

Fedora Update Notifications,
FEDORA-2005-244 & 245, March 23, 2005

RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005

ALTLinux Security Advisory, March 29, 2005

 

libexif

libexif 0.6.9, 0.6.11

 A vulnerability exists in the 'EXIF' library due to insufficient validation of 'EXIF' tag structure, which could let a remote malicious user execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libe/libexif/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-17.xml

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-300.html

Currently we are not aware of any exploits for this vulnerability.

LibEXIF Library
EXIF Tag
Structure
Validation

CAN-2005-0664
High

Ubuntu Security Notice USN-91-1, March 7, 2005

Fedora Update Notifications,
FEDORA-2005-199 & 200, March 8, 2005

Gentoo Linux Security Advisory, GLSA 200503-17, March 12, 2005

RedHat Security Advisory, RHSA-2005:300-08, March 21, 2005

Mathopd

Mathopd Web Server 1.5 p4, 1.6 b5

A vulnerability has been reported in the 'internal_dump()' function due to the insecure creation of dump files when a SIGWINCH signal is caught, which could let a malicious user corrupt arbitrary files.

Upgrades available at:
http://www.mathopd.org/
dist/mathopd-1.5p5.tar.gz

There is no exploit code required.

Mathopd
Dump Files
Insecure File
Creation

CAN-2005-0824
Medium
 Secunia Advisory,
SA14524, March 23, 2005

Midnight Commander

Midnight Commander 4.5.40-4.5.5.52, 4.5.54, 4.5.55

A buffer overflow vulnerability has been reported in the 'insert_text()' function due to insufficient bounds checking, which could let a malicious user execute arbitrary code.

Debian:
http://security.debian.org/pool/
updates/main/m/mc/

Currently we are not aware of any exploits for this vulnerability.

Midnight
Commander 'Insert_Text'
Buffer Overflow

CAN-2005-0763
High
 Debian Security Advisory, DSA 698-1 , March 29, 2005

Mozilla.org

Firefox 1.0

A vulnerability exists because a predictable name issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.

Update available at:
http://www.mozilla.org/products/
firefox/all.html

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org/
glsa/glsa-200503-32.xml

An exploit has been published.

Mozilla Firefox Predictable Plugin Temporary
Directory

CAN-2005-0578

Low/ Medium

(Medium if user/system information can be modified)

Mozilla Foundation Security Advisory, 2005-28, February 25, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-247
2005-03-23

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005

Multiple Vendors

ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80;
MandrakeSoft Corporate Server 3.0 x86_64, 3.0. Linux Mandrake 10.1 X86_64, 10.1

A remote Denial of Service vulnerability exists due to an error in the handling of file information in corrupted ZIP files.

Upgrade available at:
http://sourceforge.net/project/
showfiles.php?group_id=
86638&release_id=300116

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-46.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Trustix:
http://www.trustix.org/errata/2005/0003/

Conectiva:
ftp://atualizacoes.conectiva.com.br/
10/RPMS/libclamav-devel-static-0.83
-70136U10_7cl.i386.rpm

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

Currently we are not aware of any exploits for this vulnerability.

Clam Anti-Virus ClamAV Remote Denial of Service

CAN-2005-0133

Low

Security Focus, January 31, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005

Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

Conectiva Linux Security Announcement, CLA-2005:928, March 3, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

Exim 4.43 & prior

Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process.

The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software
/email/exim/ Testing/exim-snapshot
.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/
email/exim/Testing/exim-snapshot.
tar.gz.sig

Also, patches for 4.43 are available at:
http://www.exim.org/mail-archives/
exim-announce/2005/msg00000.html

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/exim4/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-23.xml

Debian:
http://security.debian.org/pool/
updates/main/e/exim/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

An exploit script has been published.

GNU Exim
Buffer Overflows

CAN-2005-0021
CAN-2005-0022
High

Security Tracker Alert ID: 1012771, January 5, 2005

Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005

Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

US-CERT Vulnerability Note, VU#132992, January 28, 2005

Security Focus, February 12, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2

A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available at:
http://www.imagemagick.org/script/
downloads.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-11.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-320.html

Currently we are not aware of any exploits for this vulnerability.

ImageMagick File Name Handling Remote Format String

CAN-2005-0397

Low/ High

(High if arbitrary code can be executed)

Secunia Advisory,
SA14466, March 4, 2005

Ubuntu Security Notice, USN-90-1, March 3, 2004

SUSE Security Announcement, SUSE-SA:2005:017, March 23, 2005

RedHat Security Advisory, RHSA-2005:320-10, March 23, 2005

Multiple Vendors

Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11

Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel
Multiple ISO9660 Filesystem
Handling Vulnerabilities

CAN-2005-0815
High

Security Focus, 12837, March 18, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

Multiple Vendors

Linux Kernel versions except 2.6.9

A race condition vulnerability exists in the Linux Kernel terminal subsystem. This issue is related to terminal locking and is exposed when a remote malicious user connects to the computer through a PPP dialup port. When the remote user issues the switch from console to PPP, there is a small window of opportunity to send data that will trigger the vulnerability. This may cause a Denial of Service.

This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases:
http://www.kernel.org/pub/linux/kernel/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Linux Kernel
Terminal Locking Race Condition

CAN-2004-0814
Low

Security Focus, December 14, 2004

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005

Turbolinux Security Announcement , February 28, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Multiple Vendors

Linux Kernel versions except 2.6.9

The Linux Kernel is prone to a local vulnerability in the terminal subsystem. Reportedly, this issue can be triggered by issuing a TIOCSETD ioctl to a terminal interface at the moment a read or write operation is being performed by another thread. This could result in a Denial of Service or allow kernel memory to be read.

This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases:
http://www.kernel.org/pub/linux/
kernel/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Linux Kernel TIOCSETD
Terminal
Subsystem Race Condition

CAN-2004-0814

 
Low

Security Focus, December 14, 2004

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/pool/
updates/main/e/evolution/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

Currently we are not aware of any exploits for this vulnerability.

Evolution Camel-Lock-Helper Application Remote Buffer Overflow

CAN-2005-0102

High

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 673-1, February 10, 2005

Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1

 A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.

Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html

OpenPKG:
ftp.openpkg.org

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html

SuSE:
ftp://ftp.suse.com/pub/suse

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

There is no exploit code required.

MySQL Database Unauthorized
GRANT Privilege

CAN-2004-0957

Medium

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

Multiple Vendors

RedHat Fedora Core3 & Core 2;
Sylpheed Sylpheed 0.8, 0.8.11, 0.9.4-0.9.12, 0.9.99, 1.0 .0-1.0.3, 1.9-1.9.4

 A buffer overflow vulnerability has been reported when handling email messages that contain attachments with MIME-encoded file names, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Sylpheed:
http://sylpheed.good-day.net/
sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Currently we are not aware of any exploits for this vulnerability.

Sylpheed MIME-Encoded
Attachment Name Buffer Overflow

CAN-2005-0926
High
 Fedora Update Notifications,
FEDORA-2005-263 & 264, March 29, 2005

Multiple Vendors

Apache Software Foundation Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.49; SuSE Secure Linux 2.1, 8.2, 9.0 x86_64m 9.0, 9.1 x86_64, 9.1, Linux Enterprise Server 9

A remote Denial of Service vulnerability has been reported in the 'ssl_io_filter_cleanup' function.

Upgrades available at:
http://httpd.apache.org/
download.cgi

SuSE:
ftp://ftp.suse.com/pub/suse

There is no exploit code required.

Apache mod_ssl 'ssl_io_filter_
cleanup'
Remote
Denial of Service
Low
 Security Focus, 12877, March 23, 2005

Multiple Vendors

Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1

A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/curl/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Updates available at:
http://curl.haxx.se/download/
curl-7.13.1.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-20.xml

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows

CAN-2005-0490

High

iDEFENSE Security Advisory , February 21, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:048, March 4, 2005

Gentoo Linux Security Advisory, GLSA 200503-20, March 16, 2005

Conectiva Linux Security Announcement, CLA-2005:940, March 21, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

IPsec-Tools IPsec-Tools 0.5; KAME Racoon prior to 20050307

A remote Denial of Service vulnerability has been reported when parsing ISAKMP headers.

Upgrades available at:
http://www.kame.net/snap-users/

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-232.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

KAME Racoon Malformed ISAKMP Packet Headers Remote Denial of Service

CAN-2005-0398
Low

Fedora Update Notifications,
FEDORA-2005-216 & 217, March 14, 2005

RedHat Security Advisory, RHSA-2005:232-10, March 23, 2005

Gentoo Linux Security Advisory, GLSA 200503-33, March 25, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

Linux Kernel 2.2, 2.4, 2.6

Several buffer overflow vulnerabilities exist in 'drivers/char/moxa.c' due to insufficient validation of user-supplied inputs to the 'MoxaDriverloctl(),' ' moxaloadbios(),' moxaloadcode(),' and 'moxaload320b()' functions, which could let a malicious user execute arbitrary code with root privileges.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/l

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Moxa Char Driver Buffer Overflows

CAN-2005-0504

High

Security Tracker Alert, 1013273, February 23, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Multiple Vendors

Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2

 A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.

Patch available at:
http://linux.bkbits.net:8080/linux-2.6/cset@
41a6721cce-LoPqkzKXudYby_3TUmg

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-043.html

http://rhn.redhat.com/errata/
RHSA-2005-017.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Overlapping VMAs

CAN-2005-0003

Low/High

(High if root access can be obtained)

Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005

RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m January 18 & 21, 2005

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

Turbolinux Security Announcement , February 28, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Multiple Vendors

Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11

A vulnerability has been reported in the 'bluez_sock_create()' function when a negative integer value is submitted, which could let a malicious user execute arbitrary code with root privileges.

Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-2.4.30-rc3.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

A Proof of Concept exploit script has been published.

Linux Kernel Bluetooth Signed Buffer Index

CAN-2005-0750
High
 Security Tracker Alert, 1013567, March 27, 2005

Multiple Vendors

Linux kernel 2.6 .10,
Linux kernel 2.6 -test1-test11, 2.6-2.6.8

A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel
Netfilter Memory Leak
Denial of Service

CAN-2005-0210
Low

Ubuntu Security Notice, USN-95-1 March 15, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

Multiple Vendors

Linux kernel 2.6 .10, 2.6-2.6.11

Multiple vulnerabilities exist: a vulnerability exists in the 'radeon' driver due to a race condition, which could let a malicious user obtain elevated privileges; a buffer overflow vulnerability exists in the 'i2c-viapro' driver, which could let a malicious user execute arbitrary code; a buffer overflow vulnerability exists in the 'locks_read_proc()' function, which could let a malicious user execute arbitrary code; a vulnerability exists in 'drivers/char/n_tty.c' due to a signedness error, which could let a malicious user obtain sensitive information; and potential errors exist in the 'atm_get_addr()' function and the 'reiserfs_copy_from_user_to_file_region()' function.

Patches available at:
http://kernel.org/pub/linux/kernel/
v2.6/testing/patch-2.6.11-rc4.bz2

SuSE:
ftp://ftp.suse.com/pub/suse/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Exploit scripts have been published.

Linux Kernel
Multiple Local
Buffer Overflows & Information Disclosure

CAN-2005-0529
CAN-2005-0530
CAN-2005-0531
CAN-2005-0532

Medium/ High

(High if arbitrary code can be executed)

Secunia Advisory, SA14270, February 15, 2005

Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005

Ubuntu Security Notice, USN-95-1 March 15, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

 

Multiple Vendors

Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11

A Denial of Service vulnerability has been reported in the 'load_elf_library' function.

Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Local Denial of Service

CAN-2005-0749
Low
 Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1 rc1&rc2, 2.6.1-2.6.8

A remote Denial of Service vulnerability has been reported in the Point-to-Point Protocol (PPP) Driver.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

Trustix:
http://http.trustix.org/pub/
trustix/updates

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PPP Driver Remote Denial of Service

CAN-2005-0384
Low

Ubuntu Security Notice, USN-95-1 March 15, 2005

Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

 

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel
Multiple Vulnerabilities

CAN-2005-0176
CAN-2005-0177
CAN-2005-0178 CAN-2005-0204

Low/Medium

(Low if a DoS)

Ubuntu Security Notice, USN-82-1, February 15, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11;
RedHat Fedora Core2

 A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information.

Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.6.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel
EXT2 File
System
Information Leak

CAN-2005-0400
Medium
 Security Focus, 12932, March 29, 2005

Multiple Vendors

Linux kernel 2.6.8 rc1-rc3

A Denial of Service vulnerability exists in the 'ReiserFS' file system functionality due to a failure to properly handle files under certain conditions.

Upgrades available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/linux-2.6.9.tar.bz2

Ubuntu:
http://security.ubuntu.com/ubuntu/pool/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit code required.

Multiple Vendors Linux Kernel ReiserFS File System Local Denial of Service

CAN-2004-0814

Low

Security Focus, October 26, 2004

Ubuntu Linux Security Advisory USN-38-1, December 14, 2004

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Multiple Vendors

Linux kernel 2.6-2.6.11

A vulnerability has been reported in 'SYS_EPoll_Wait' due to a failure to properly handle user-supplied size values, which could let a malicious user obtain elevated privileges.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

An exploit script has been published.

Linux Kernel SYS_EPoll_Wait Elevated
Privileges

CAN-2005-0736
Medium

Security Focus, 12763, March 8, 2005

Ubuntu Security Notice, USN-95-1 March 15, 2005

Security Focus, 12763, March 22, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909

Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

LibXPM Bitmap_unit
Integer Overflow

CAN-2005-0605

 

 
High

Security Focus, 12714, March 2, 2005

Gentoo Linux Security Advisory, GLSA 200503-08, March 4, 2005

Ubuntu Security Notice, USN-92-1 March 07, 2005

Gentoo Linux Security Advisory, GLSA 200503-15, March 12, 2005

Ubuntu Security Notice, USN-97-1 March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

xli 1.14-1.17

A vulnerability exists due to a failure to manage internal buffers securely, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml

Debian:
http://security.debian.org/
pool/updates/main/x/xli/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

XLI Internal
Buffer
Management

CAN-2005-0639
High

Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005

Debian Security Advisory, DSA 695-1, March 21, 2005

ALTLinux Security Advisory, March 29, 2005

Multiple Vendors

xli 1.14-1.17; xloadimage 3.0, 4.0, 4.1

 A vulnerability exists due to a failure to parse compressed images safely, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml

Debian:
http://security.debian.org/
pool/updates/main/x/xli/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Currently we are not aware of any exploits for this vulnerability.

XLoadImage Compressed
Image Remote
Command Execution

CAN-2005-0638
High

Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005

Fedora Update Notifications,
FEDORA-2005-236 & 237, March 18, 2005

Debian Security Advisory, DSA 695-1, March 21, 2005

ALTLinux Security Advisory, March 29, 2005

 

MySQL AB
Conectiva
Debian
Engarde
FreeBSD
Gentoo
HP
IBM
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
Trustix
Sun
SuSE

MySQL AB MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, 3.23.8- 3.23.10, 3.23.22- 3.23.34, 3.23.36- 3.23.56, 3.23.58, 4.0 .0- 4.0.15, 4.0.18, 4.1.0-0, 4.1 .0-alpha

 A vulnerability exists in the MySQL 'mysqld_multi' script due to insecure temporary file handling, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/m/mysql/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

OpenPKG:
ftp://ftp.openpkg.org/release/
2.0/UPD/mysql-4.0.18-2.0.1.src.rpm

Gentoo:
http://security.gentoo.org/glsa/
glsa-200405-20.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

There is not exploit code required.
MySQL 'mysqld_multi' Insecure
Temporary File Handling

CAN-2004-0388
Medium

Debian Security Advisory, DSA 483-1, April 14, 2004

Gentoo Linux Security Advisory, GLSA 200405-20, May 25, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:034, April 20, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.014, April 14, 2004

Turbolinux Security Announcement, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

MySQL AB

MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0

 A buffer overflow vulnerability exists in the 'mysql_real_connect' function due to insufficient boundary checking, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Note: Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue.

Debian:
http://security.debian.org/pool/
updates/main/m/mysql/

Trustix:
http://http.trustix.org/pub/trustix/
updates/

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SUSE:
ftp://ftp.suse.com/pub/suse

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

We are not aware of any exploits for this vulnerability.

MySQL
Mysql_real_
connect Function Remote Buffer Overflow

CAN-2004-0836

Low/High

(High if arbitrary code can be executed)

Secunia Advisory,
SA12305, August 20, 2004

Debian Security Advisory, DSA 562-1, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

MySQL AB

MySQL 3.23.49, 4.0.20

A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/m/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-02.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata
/RHSA-2004-569.html

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

There is no exploit code required.

MySQL
'Mysqlhotcopy' Script Elevated Privileges

CAN-2004-0457
Medium

Debian Security Advisory, DSA 540-1, August 18, 2004

Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004

SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004

RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

MySQL AB

MySQL 3.x, 4.x

 

Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'

Updates available at:
http://dev.mysql.com/downloads/
mysql/

Debian:
http://security.debian.org/pool/
updates/main/m/mysql

Trustix:
http://http.trustix.org/pub/trustix/
updates/

Mandrake:
http://www.mandrakesoft.com
/security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/

SuSE: