 |
Summary of Security Items from April 6 through April 12, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
ActiveWeb Softwares
Active Auction House |
Multiple input validation vulnerabilities have been reported that could let a remote malicious user inject SQL commands and conduct Cross-Site Scripting attacks. Input validation errors exist in several scripts and the e-mail field in '/activeauctionsuperstore/sendpassword.asp' permits SQL injection.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Dcrab 's Security Advisory,
April 6, 2005 |
| AN HTTP Server 1.42n |
A buffer overflow vulnerability has been reported in 'cmdIS.DLL' that could let a local malicious user execute arbitrary code with the privileges of the web service and remote malicious users conduct Cross-Site Scripting attacks. The server also does not properly validate user-supplied URI input before writing the data to the log file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
AN HTTP Server 'cmdIS.DLL' Buffer Overflow Arbitrary Code Execution and Cross-Site Scripting Vulnerability
CAN-2005-1086
CAN-2005-1087
|
High |
SIG^2 Vulnerability Research Advisory,
April 7, 2005
|
Centrinity
FirstClass Bookmark 8.0 client |
A vulnerability has been reported that could let a remote malicious user execute arbitrary files. This is because a field in the FirstClass bookmark management window is not properly validated.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Centrinity FirstClass Bookmark Input File Execution Vulnerability
CAN-2005-1045
|
High |
Security Tracker
Alert,1013665,
April 8, 2005 |
Computer Associates
eTrust Intrusion Detection 3.0 |
A buffer overflow vulnerability has been reported that could let a remote malicious user cause a Denial of Service. This is because the software does not properly validate user-supplied input provided to the Microsoft Crypto API CPImportKey() function.
Update for eTrust Intrusion Detection 3.0: http://supportconnectw.ca.com/premium/etrust/
etrust_intrusion/downloads/
eid-solpatch_r30.asp#rel30
Update for eTrust Intrusion Detection 3.0 SP1:
http://supportconnectw.ca.com/premium/etrust/
etrust_intrusion/downloads/
eid-solpatch_r30.asp#rel30sp1
Currently we are not aware of any exploits for this vulnerability. |
Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability
CAN-2005-0968 |
Low |
iDEFENSE Security Advisory 04.05.05 |
DameWare Development
DameWare Mini Remote Control 3.x prior to 3.80; 4.x prior to 4.9 |
A vulnerability has been reported that could let a remote authenticated malicious user gain elevated privileges.
Fixed versions (3.80, 4.9) are available:
http://www.dameware.com/support
/security/bulletin.asp?ID=SB5
Currently we are not aware of any exploits for this vulnerability. |
DameWare Mini Remote Control Privilege Escalation Vulnerability
CAN-2005-1088
|
Medium |
DameWare Security Bulletin #: 5,
April 5, 2005 |
GNU
DC++ prior to 0.674 |
A vulnerability has been reported that could let malicious users append data to arbitrary files.
Update to version 0.674:
http://dcplusplus.sourceforge.net/
index.php?t=2&s=1
Currently we are not aware of any exploits for this vulnerability. |
GNU DC++ Arbitrary Files Modification Vulnerability
CAN-2005-1089
|
Medium |
DC++ News:
Security fix
April 11, 2005 |
GNU
Maxthon (MyIE2) 1.2.0 and 1.2.1 |
A vulnerability has been reported that could let a remote malicious user execute arbitrary code. This is because the security ID of a plug-in is not properly protected from being included and accessed on an external website via the script tag.
Update to version 1.2.2: http://www.maxthon.com/download.htm
A Proof of Concept exploit has been published. |
|
High |
Aviv Raff Security Advisory,
April 8, 2005 |
Lightspeed Technologies
DeluxeFTP 6.01 |
A security issue has been reported that could let a local malicious user view sensitive information. User credentials are stored in plain text in 'sites.xml.'
No workaround or patch available at time of publishing.
There is no exploit code required. |
Lightspeed Technologies DeluxeFTP Information Disclosure Vulnerability
CAN-2005-1092
|
Medium |
Security Focus,
Bugtraq ID 13105,
April 12, 2005 |
MailEnable
MailEnable Enterprise Edition 1.x
MailEnable Professional 1.54
|
A buffer overflow vulnerability has been reported that could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. This is due to a boundary error in the IMAP service when handling the 'LOGIN' command.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
|
MailEnable IMAP 'LOGIN' Command Buffer Overflow Vulnerability
CAN-2005-1015
|
Low/ High
(High if arbitrary code can be executed)
|
Secunia SA14870,
April 7, 2005 |
Microsoft
Exchange 2000 Server SP3, 2003, 2003 SP1 |
A vulnerability has been reported due to an unchecked buffer in the SMTP service that could let a remote malicious user execute arbitrary code.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-021.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Exchange Server Remote Code Execution Vulnerability
CAN-2005-0560
|
High |
Microsoft Security
Bulletin. MS05-021,
April 12, 2005
Technical Cyber Security Alert TA05-102A
US CERT VU#275193 |
Microsoft
Internet Explorer 5.01, 5.5, 6 |
Multiple vulnerabilities have been reported that include DHTML Object Memory Corruption, URL Parsing Memory Corruption, and Content Advisor Memory Corruption Vulnerability. These vulnerabilities could let remote malicious users execute arbitrary code.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-020.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin MS05-020, April 12, 2005
Technical Cyber Security Alert TA05-102A
US-CERT VU#774338,
VU#756122,
VU#222050
|
Microsoft Jet Database
msjet40.dll library version 4.00.8618.0 |
A vulnerability was reported that could let a remote malicious user cause arbitrary code to be executed. This is because the 'msjet40.dll' component does not properly validate user-supplied input when parsing database files.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Jet Database Remote Code Execution Vulnerability
CAN-2005-0944
(Updated CVE) |
High |
Hexview Advisory,
ID: HEXVIEW*2005
*03*31*1 |
Microsoft
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 |
Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-009.mspx
V1.1: Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger – CAN-2004-0597
V1.2: Bulletin updated with correct file version
information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to "Non-Affected Software" list.
V2.0: The update for Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) was failing to install when distributed via SMS or AutoUpdate. An updated package corrects this behavior.
An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability. |
|
High |
Microsoft Security Bulletin, MS05-009, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#259890
SecurityFocus, February 10, 2005
Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005
Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005
Microsoft Security Bulletin, MS05-009 V2.0, April 12, 2005 |
Microsoft
MSN Messenger 6.2 |
A vulnerability has been reported because MSN Messenger may not process a malformed GIF image with an improper height and width. This could let remote malicious users execute arbitrary code.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-022.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft MSN Messenger Remote Code Execution Vulnerability
CAN-2005-0562
|
High |
Microsoft Security Bulletin MS05-022, April 12, 2005
Technical Cyber Security Alert TA05-102A
US-CERT VU#633446 |
Microsoft
Outlook 2003, XP
Outlook Web Access 2003
|
A vulnerability has been reported that could let a remote malicious user can spoof 'From' addresses. A remote user can send e-mail with a specially crafted 'From' address header line that contains multiple e-mail addresses, the user's client will display only the first address.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Outlook and Outlook Web Access Email Spoofing Vulnerability
CAN-2005-1052
|
Low |
iDEFENSE Security Advisory 04.08.05 |
Microsoft
Windows (XP SP2 is not affected) |
A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example.
Updates available at:
http://www.microsoft.com/technet/security/bulletin/
ms05-002.mspx
Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
V1.2 Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.
V2.0 Customers deploying the Windows 98, 98SE and ME security update caused machines to unexpectedly restart. Microsoft has made available revised security updates for these platforms.
Another exploit script has been published. |
|
Low |
VENUSTECH Security Lab, December 23, 2004
Microsoft Security Bulletin MS05-002, January 11, 2005
US-CERT VU#177584 & VU#697136
Security Focus, January 12, 2005
Technical Cyber Security Alert, TA05-012A, January 12, 2005
Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005
PacketStorm, January 31, 2005
Microsoft Security Bulletin, MS05-002, V1.2, March 8, 2005
Microsoft Security Bulletin, MS05-002, V2.0, April 12, 2005 |
Microsoft
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, 98 SE, and ME |
Multiple vulnerabilities have been reported that include errors in the font, Kernel, Object Management Vulnerability and CSRSS. These are due to input validation and buffer overflow errors. A malicious user could deny service or obtain escalated privileges.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-018.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium
(Medium if elevated privileges can be obtained)
|
Microsoft Security Bulletin MS05-018, April 12, 2005 |
Microsoft
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server
Edition SP6a, Windows 2000 Server SP3 & SP4, Windows 2003, Windows 2003 for Itanium-based Systems
Avaya DefinityOne Media Servers; Avaya IP600 Media Servers; Avaya S3400 Message Application Server; Avaya S8100 Media Servers |
A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx
A Proof of Concept exploit has been published. |
Microsoft Windows License Logging Service Buffer Overflow
CAN-2005-0050
|
Low/ High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin, MS05-010, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#130433
Security Focus, Bugtraq ID 12481, April 12, 2005 |
Microsoft
Windows 2000 SP 3 and SP4
Windows XP SP1
Windows XP 64-Bit Edition SP1
Windows 98 and 98 SE |
A buffer overflow vulnerability has been reported that could let a remote malicious user execute arbitrary code.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-017.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Message Queuing Remote Code Execution Vulnerability
CAN-2005-0059
|
High |
Microsoft Security Bulletin MS05-017, April 12, 2005 |
Microsoft
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows XP 64-Bit Edition SP 1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, 98 SE, ME |
A vulnerability has been reported that could let a remote malicious user execute arbitrary code. This is because of an error in the process to validate which application should load a file. A remote user can convince the Windows Shell to start the HTML Application Host application when that application would not typically be used to process files.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-016.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Shell Remote Code Execution Vulnerability
CAN-2005-0063 |
High |
Microsoft Security Bulletin MS05-016, April 12, 2005
US-CERT VU#673051 |
Microsoft
Windows 2000 SP 3 and SP4
Windows XP SP 1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, Windows 98 SE, and Windows ME |
Multiple vulnerabilities have been reported that include IP Validation, ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset, and Spoofed Connection Request. These vulnerabilities could let remote malicious users execute arbitrary code or execute a Denial of Service.
Updates available: http://www.microsoft.com/technet/
security/bulletin/MS05-019.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin MS05-019, April 12, 2005
Technical Cyber Security Alert TA05-102A
US-CERT VU#233754 |
Microsoft
Word 2000, 2002
Works Suite 2001, 2002, 2003, and 2004
Office Word 2003 |
A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege.
Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities
CAN-2004-0963
CAN-2005-0558 |
High |
Microsoft Security Bulletin MS05-023, April 12, 2005
US-CERT
VU#442567,
VU#752591
|
Miranda IM
'PopUp Plus' 2.0.3.8 plugin for Miranda Instant Messenger |
A buffer overflow vulnerability has been reported that could let a remote malicious user execute arbitrary code on the target system. The vulnerability can be exploited if the 'Use SmileyAdd Setting' application menu option is enabled.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Miranda IM PopUp Plus Plugin Remote Code Execution Vulnerability
CAN-2005-1093
|
High |
sec.org.il Security Advisory, April 6, 2005 |
Netscape
Netscape Browser 7.2 and prior versions |
A vulnerability has been reported in the Javascript regex parsing that could let a remote malicious user can obtain portions of browser memory. This is because the browser's javascript does not properly parse lamba list regular expressions. The vulnerability is in 'js/src/jsstr.c' in the find_replen() function.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Netscape Browser Information Disclosure Vulnerability |
Medium |
Security Tracker Alert ID: 1013643, April 5, 2005
|
Network-Client.com
FTP Now 2.6.14 |
A vulnerability has been reported that could let a local malicious user obtain FTP passwords. This is because the application stores FTP username and password values on the system in plaintext form.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Network-Client.com FTP Now Local Information Disclosure Vulnerability
CAN-2005-1094
|
Medium |
Security Tracker Alert ID: 1013657, April 6, 2005
|
Ocean12 Technologies
Ocean12 Membership Manager Pro 1.x |
Two vulnerabilities have been reported that could let a remote user conduct Cross-Site Scripting and SQL injection attacks. This is due to input validation errors in the "page" parameter in "main.asp" and the "UserID" parameter in "main.asp."
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Secunia SA14864, April 7, 2005 |
Rebrand Software
P2P Share Spy 2.2 |
A vulnerability has been reported that could let a local malicious user obtain the password because it is stored in the Windows Registry in plaintext form.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Rebrand P2P Share Spy Information Disclosure Vulnerability
CAN-2005-1097
|
Medium |
Security Tracker Alert ID: 1013673, April 11 2005 |
Runtime Software
GetDataBack for NTFS 2.31 |
A vulnerability exists that could let a local malicious user obtain the license key. This is because the software stores the username and license key in the Windows Registry.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Runtime GetDataBack for NTFS Local Information Disclosure Vulnerability
CAN-2005-1098
|
Medium |
Security Tracker Alert ID: 1013644, April 5, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
FreeBSD
FreeBSD 4.0 .x, 4.0, -RELENG, alpha, 4.1, 4.1.1, -STABLE, -RELEASE, 4.2, -STABLEpre122300, -STABLEpre050201, -STABLE, -RELEASE, 4.3, -STABLE, -RELENG, -RELEASE-p38, -RELEASE, 4.4, -STABLE, -RELENG, -RELEASE-p42, 4.5, -STABLEpre2002-03-07, -STABLE, -RELENG, -RELEASE-p32, -RELEASE, 4.6, -STABLE, -RELENG, -RELEASE-p20, -RELEASE, 4.6.2, 4.7, -STABLE, -RELENG, -RELEASE-p17, -RELEASE, 4.8, -RELENG, -RELEASE-p7, -PRERELEASE, 4.9, -RELENG, -PRERELEASE, 4.10, -RELENG, -RELEASE, 4.11 -STABLE, 5.0, -RELENG, -RELEASE-p14, alpha, 5.1, -RELENG,
-RELEASE/Alpha, -RELEASE-p5, -RELEASE, 5.2, -RELENG, -RELEASE, 5.2.1, -RELEASE, -STABLE, -RELENG, 5.3, -RELEASE, 5.4, -RELEASE, -PRERELEASE |
A vulnerability has been reported in portupgrade due to a failure to securely handle temporary files, which could let a malicious user corrupt arbitrary files and potentially execute code.
Update to version 20041226_2.
There is no exploit code required. |
FreeBSD PortUpgrade l Insecure
Temporary File Handling
CAN-2005-0610
|
High |
Security Focus, 13106, April 12, 2005 |
FreeBSD
FreeBSD 5.0, -RELENG,, -RELEASE-p14,
alpha, 5.1, -RELENG, -RELEASE/Alpha,
-RELEASE-p5,
-RELEASE,
5.2, -RELENG, -RELEAS, 5.2.1-RELEASE, 5.3, -RELENG, -RELEASE, 5.4 -PRERELEASE |
A vulnerability has been reported due to insufficient hardware access restrictions, which could let a malicious user obtain unauthorized access.
Patches available at:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:03/amd64.patch
Currently we are not aware of any exploits for this vulnerability. |
FreeBSD Kernel AMD64 Unprivileged Hardware Access
CAN-2005-1036 |
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:03, April 6, 2005 |
GNU
Coreutils 5.2.1 |
A vulnerability has been reported in the 'mkdir,' 'mknod,' and 'mkfifo' utilities due to a race condition, which could let a malicious user obtain sensitive information, corrupt data, and potentially obtain elevated privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus, 13053, April 7, 2005 |
GNU
sharutils 4.2, 4.2.1 |
Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-01.xml
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
We are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Gentoo Linux
Security Advisory, GLSA 200410-01, October 1, 2004
Fedora Legacy
Update Advisory, FLSA:2155,
March 24, 2005
Ubuntu Security
Notice, USN-102-1 March 29, 2005
Fedora Update Notifications,
FEDORA-2005-
280 & 281, April 1, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005 |
GNU
sharutils 4.2, 4.2.1 |
A vulnerability has been reported in the 'unshar' utility due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-06.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
There is no exploit code required. |
GNU Sharutils 'Unshar' Insecure Temporary File Creation
CAN-2005-0990
|
Medium |
Ubuntu Security
Notice, USN-104-1, April 4, 2005
Gentoo Linux Security Advisory, GLSA 200504-06, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005 |
Grip
Grip 3.1.2, 3.2 .0 |
A buffer overflow vulnerability has been reported in the CDDB protocol due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-21.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-304.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-07.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
Low/
High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005-
202 & 203,
March 9, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-21,
March 17, 2005
RedHat Security Advisory, RHSA-2005:304-08,
March 28, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:066,
April 3, 2005
Gentoo Linux Security Advisory, GLSA 200504-07, April 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:010, April 8, 2005 |
Gwenview
Gwenview 1.2 |
Multiple vulnerabilities have been reported when allocating heap-based memory and the chunk size is derived from them image height, width, and plane values due to insufficient sanity checks, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code.
No workaround or patch available at time of publishing.
Currently, we are not aware of any exploits for these vulnerabilities. |
GwenView Multiple Image Handling Heap-Based Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 13098, April 11, 2005 |
IBM
AIX 5.3
|
A vulnerability has been reported in the NIS client which could let a remote malicious user execute arbitrary code with root privileges.
Hotfix available at:
ftp://aix.software.ibm.com/aix/
efixes/security/nis_2_efix.tar.Z
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory,
SA14856, April 6, 2005 |
ImageMagick
ImageMagick 6.x |
A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.imagemagick.org/
www/download.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-26.xml
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-37.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick Photoshop Document Buffer Overflow
CVE Name:
CAN-2005-0005
|
High |
iDEFENSE Security Advisory, January 17, 2005
Ubuntu Security Notice, USN-62-1, January 18, 2005
Debian Security Advisory, DSA 646-1, January 19, 2005
Gentoo Linux Security Advisory, GLSA 200501-26, January 20, 2005
Gentoo Linux Security Advisory, GLSA 200501-37, January 26, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:065, April 3, 2005 |
KDE
KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2 |
A Denial of Service vulnerability has been reported in the Desktop Communication Protocol (DCOP) daemon due to an error in the authentication process
Upgrade available at:
http://www.kde.org/download/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-22.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-325.html
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-307.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
KDE Security Advisory, March 16, 2005
Fedora Update Notifications,
FEDORA-2005-244 & 245, March 23, 2005
RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005
ALTLinux Security Advisory, March 29, 2005
RedHat Security Advisory, RHSA-2005:307-08, April 6,2005
SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005 |
KDE
kmail 1.7.1 |
A vulnerability has been reported due to insufficient sanitization of HTML email messages, which could let a remote malicious user conduct spoofing attacks.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
|
Medium |
Secunia Advisory, SA14925, April 11, 2005 |
Multiple Vendors
ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6.0-20030409, 5.5.6, 5.5.7, 6.0, 6.0.1-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2.0.4, 6.2 |
Multiple vulnerabilities have been reported when allocating heap-based memory and the chunk size is derived from them image height, width, and plane values due to insufficient sanity checks, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code.
No workaround or patch available at time of publishing.
Currently, we are not aware of any exploits for these vulnerabilities. |
ImageMagick Multiple Image Handling Heap-Based Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 13100, April 11, 2005 |
Multiple Vendors
KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE E. Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9 |
A buffer overflow vulnerability has been reported in the 'kimgio' image library due to insufficient validation of PCX image data, which could let a remote malicious user cause a Denial of Service or possibly execute arbitrary code.
Patches available at:
http://bugs.kde.org/attachment.cgi
?id=10325&action=view
http://bugs.kde.org/attachment.cgi
?id=10326&action=view
SuSE:
ftp://ftp.suse.com/pub/suse/
Denial of Service Proofs of Concept exploits have been published. |
|
Low/ High
(High if arbitrary code can be executed)
|
SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11 |
Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-source-2.6.8.1/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/l
inux/core/updates/
Currently we are not aware of any exploits for these vulnerabilities. |
Linux Kernel
Multiple ISO9660 Filesystem
Handling Vulnerabilities
CAN-2005-0815
|
High |
Security Focus,
12837,
March 18, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Ubuntu Security Notice, USN-103-1, April 1, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005 |
Multiple Vendors
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1 |
A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.
Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html
SuSE:
ftp://ftp.suse.com/pub/suse
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/
There is no exploit code required. |
|
Medium |
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005
Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005
Ubuntu Security Notice, USN-109-1 April 06, 2005 |
Multiple Vendors
GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2 |
A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-344.html
http://rhn.redhat.com/
errata/RHSA-2005-343.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdk-pixbuf/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service
CAN-2005-0891
|
Low |
Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268,
March 30, 2005
RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005
Ubuntu Security Notice, USN-108-1 April 05, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11 |
A vulnerability has been reported in the 'bluez_sock_create()' function when a negative integer value is submitted, which could let a malicious user execute arbitrary code with root privileges.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-
2.4.30-rc3.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker
Alert, 1013567,
March 27, 2005
SUSE Security Announcement, SUSE-SA:2005
:021, April 4, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
US-CERT
VU#685461
Fedora Update Notification
FEDORA-2005-313, April 11, 2005 |
Multiple Vendors
Linux kernel 2.5.0-2.5.69, 2.6-2.6.11 |
A Denial of Service vulnerability has been reported in 'kernel/futex.c.'
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Tracker
Alert, 1013616,
March 31, 2005
Ubuntu Security Notice, USN-110-1 April 11, 2005 |
Multiple Vendors
Linux kernel 2.6 .10,
Linux kernel 2.6 -test1-test11, 2.6-2.6.8 |
A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/
SuSE:
ftp://ftp.suse.com/pub/suse/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel
Netfilter Memory Leak
Denial of Service
CAN-2005-0210
|
Low |
Ubuntu Security
Notice, USN-95-1 March 15, 2005
SUSE Security Announcement,
SUSE-SA:2005:
018, March 24, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Conectiva Linux Security Announcement,
CLA-2005:945,
March 31, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005 |
Multiple Vendors
Linux kernel 2.6 .10, 2.6-2.6.11 |
Multiple vulnerabilities exist: a vulnerability exists in the 'radeon' driver due to a race condition, which could let a malicious user obtain elevated privileges; a buffer overflow vulnerability exists in the 'i2c-viapro' driver, which could let a malicious user execute arbitrary code; a buffer overflow vulnerability exists in the 'locks_read_proc()' function, which could let a malicious user execute arbitrary code; a vulnerability exists in 'drivers/char/n_tty.c' due to a signedness error, which could let a malicious user obtain sensitive information; and potential errors exist in the 'atm_get_addr()' function and the 'reiserfs_copy_from_user_to_file_region()' function.
Patches available at:
http://kernel.org/pub/linux/kernel/
v2.6/testing/patch-2.6.11-rc4.bz2
SuSE:
ftp://ftp.suse.com/pub/suse/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Exploit scripts have been published. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA14270, February 15, 2005
Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005
Ubuntu Security Notice, USN-95-1 March 15, 2005
SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005
Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
|
Multiple Vendors
Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11 |
A Denial of Service vulnerability has been reported in the 'load_elf_library' function.
Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1 rc1&rc2, 2.6.1-2.6.8 |
A remote Denial of Service vulnerability has been reported in the Point-to-Point Protocol (PPP) Driver.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Trustix:
http://http.trustix.org/pub/
trustix/updates
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-95-1 March 15, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005
SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005
Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
|
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 |
Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium
(Low if a DoS)
|
Ubuntu Security
Notice, USN-82-1, February 15, 2005
RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005
SUSE Security Announcement,
SUSE-SA:2005:018, March 24, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Conectiva Linux Security Announcement,
CLA-2005:945,
March 31, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11;
RedHat Fedora Core2 |
A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus,
12932,
March 29, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
|
Multiple Vendors
Linux kernel 2.6.8 rc1-rc3, 2.6.8, 2.6.11 -rc2-rc4, 2.6.11
|
A Denial of Service vulnerability has been reported due to an error in the AIO (Asynchronous I/O) support in the "is_hugepage_only_range()" function.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Linux Kernel Asynchronous Input/Output Local Denial of Service
CAN-2005-0916
|
Low |
Secunia Advisory, SA14718,
April 4, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.11 |
A vulnerability has been reported in 'SYS_EPoll_Wait' due to a failure to properly handle user-supplied size values, which could let a malicious user obtain elevated privileges.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
An exploit script has been published. |
|
Medium |
Security Focus, 12763, March 8, 2005
Ubuntu Security Notice, USN-95-1 March 15, 2005
Security Focus, 12763, March 22, 2005
Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.11 |
A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.
SuSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/
ubuntupool/main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel SYSFS_Write_File Local Integer Overflow
CAN-2005-0867
|
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 13091, April 11, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2 |
A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled.
Upgrade available at:
http://gaim.sourceforge.net/
downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
There is no exploit code required. |
|
Low |
Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32 |
Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the
'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code.
Update available at:
http://gaim.sourceforge.net
/downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
Currently we are not aware of any exploits for these vulnerabilities. |
Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of Service & IRC Protocol Plug-in Arbitrary Code Execution
CAN-2005-0965
CAN-2005-0966
|
Low/ High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005
Ubuntu Security
Notice,
USN-106-1
April 05, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005 |
Multiple Vendors
X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0 |
An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.
Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-331.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-044.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus,
12714,
March 2, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005
Ubuntu Security
Notice, USN-92-1 March 07, 2005
Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005
Ubuntu Security
Notice, USN-97-1
March 16, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005
RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005 |
Paul Vixie
Vixie Cron 4.1 |
A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Security Focus, 13024, April 6, 2005 |
Pavuk
Pavuk 0.9pl28i, 0.928r2, 0.928r1, 0.9pl30b, 0.9 pl28, 0.9.31 |
Multiple unspecified security vulnerabilities have been reported which may result in boundary condition errors. The impact was not specified.
Upgrades available at:
https://sourceforge.net/project/
showfiles.php?group_id=81012
&package_id=82863&
release_id=313436
Currently we are not aware of any exploits for this vulnerability. |
Pavuk Multiple Unspecified Security Vulnerabilities
CAN-2005-1035
|
Not Specified |
Secunia Advisory, SA14571, April 5, 2005 |
PHP Group
Debian
Slackware
Fedora
pp 4.3.7 and prior |
Updates to fix multiple vulnerabilities with php4 which could allow remote code execution.
Debian:
Update to Debian GNU/Linux 3.0 alias woody at
http://www.debian.org/
releases/stable/
Slackware:
http://www.slackware.com/
security/viewer.php?l=slackware- security&y=2004&m=
slackware-security.406480
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/ia32/Server/
Apple:
http://www.apple.com/
support/downloads/
Debian:
http://security.debian.org/pool/
updates/main/p/php3/
Slackware:
ftp://ftp.slackware.com/pub/
slackware/
An exploit script has been published. |
|
High |
Secunia, SA12113 and SA12116, July 21, 2004
Debian, Slackware, and Fedora Security Advisories
Turbolinux Security Advisory TLSA-2004-23, September 15, 2004
PacketStorm, December 11, 2004
Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005
Debian Security Advisory DSA, 669-1, February 7, 2005
Slackware Security Advisory, SSA:2005-095-01, April 6, 2005 |
phpMyAdmin
phpMyAdmin 2.0-2.0.5, 2.1- 2.1.2, 2.2, pre 1&pre2, rc1-rc3, 2.2.2-2.2.6, 2.3.1, 2.3.2, 2.4.0, 2.5.0-2.5.2, 2.5.4-2.5.7, 2.6.0pl1-2.6.0pl3, 2.6.1, pl1&pl3, 2.6.1 -rc1 |
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'convcharset' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://prdownloads.sourceforge.net
/phpmyadmin/phpMyAdmin-2.6.2-rc1.
tar.gz?download
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-08.xml
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
phpMyAdmin
Security
Announcement, PMASA-2005-3,
April 3, 2005
Gentoo Linux Security Advisory, GLSA 200504-08, April 11, 2005 |
rsnapshot filesystem
snapshot utility 1.0.10, 1.1-1.1.6, 1.2 |
A vulnerability has been reported in the 'copy_symlink()' function due to improper modification of ownership settings of symbolic link files, which could let a malicious user obtain elevated privileges.
Upgrades available at:
http://www.rsnapshot.org/
downloads/rsnapshot-1.1.7.tar.gz
There is no exploit code required. |
|
Medium |
Security Tracker Alert, 1013674, April 11, 2005 |
SCO
Open Server 5.0.6, 5.0.7 |
Several buffer overflow vulnerabilities have been reported in the 'auditsh,' 'atcronsh,' and 'termsh' programs when handling the 'HOME' variable, which could let a malicious user execute arbitrary code.
Upgrades available at:
ftp://ftp.sco.com/pub/updates/
OpenServer/SCOSA-2005.15
Currently we are not aware of any exploits for these vulnerabilities. |
SCO OpenServer Auditsh HOME Environment Variable Buffer Overflow
CAN-2005-0351
|
High |
SCO Security Advisory, SCOSA-2005.15, April 7, 2005 |
SGI
IRIX 6.5.22 m |
Two vulnerabilities have been reported in 'gr_osview' which could let a malicious user cause a Denial of Service, obtain sensitive information, or modify system/user information.
Patches available at:
ftp://patches.sgi.com/
support/free/security/
advisories/20050402-01-P.asc
There is no exploit code required; however, a Proof of Concept exploit has been publishe | |
| |
