 |
Summary of Security Items from April 13 through April 19, 2005
Information
in the US-CERT Cyber Security Bulletin is a compilation and includes information
published by outside sources, so the information should not be considered the
result of US-CERT analysis. Software vulnerabilities are categorized in the
appropriate section reflecting the operating system on which the vulnerability
was reported; however, this does not mean that the vulnerability only affects
the operating system reported since this information is obtained from
open-source information.
This bulletin
provides a summary of new or updated vulnerabilities, exploits, trends, viruses,
and trojans. Updates to vulnerabilities that
appeared in previous bulletins are listed in bold
text. The text in the Risk column appears in red for vulnerabilities
ranking High. The risks levels applied to
vulnerabilities in the Cyber Security Bulletin are based on how the "system" may
be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch
Available" column that indicates whether a workaround or patch has been
published for the vulnerability which the script exploits.
VulnerabilitiesThe table below
summarizes vulnerabilities that have been identified, even if they are not being
exploited. Complete details about patches or workarounds are available from the
source of the information or from the URL provided in the section. CVE numbers
are listed where applicable. Vulnerabilities that affect both
Windows and Unix Operating Systems are included in the Multiple
Operating Systems section.
Note: All the information included in the following tables
has been discussed in newsgroups and on web sites.
The Risk levels
defined below are based on how the system may be impacted:
- High - A
high-risk vulnerability is defined as one that will allow an intruder to
immediately gain privileged access (e.g., sysadmin or root) to the system or
allow an intruder to execute code or alter arbitrary system files. An example
of a high-risk vulnerability is one that allows an unauthorized user to send a
sequence of instructions to a machine and the machine responds with a command
prompt with administrator privileges.
- Medium - A
medium-risk vulnerability is defined as one that will allow an intruder
immediate access to a system with less than privileged access. Such
vulnerability will allow the intruder the opportunity to continue the attempt
to gain privileged access. An example of medium-risk vulnerability is a server
configuration error that allows an intruder to capture the password
file.
- Low - A
low-risk vulnerability is defined as one that will provide information to an
intruder that could lead to further compromise attempts or a Denial of Service
(DoS) attack. It should be noted that while the DoS attack is deemed low from
a threat potential, the frequency of this type of attack is very high. DoS
attacks against mission-critical nodes are not included in this rating and any
attack of this nature should instead be considered to be a "High"
threat.
|
Windows Operating Systems Only |
|
Vendor &
Software Name |
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts |
Common Name
/
CVE Reference |
Risk |
Source |
|
Apple
QuickTime for Windows 6.5.2 |
A buffer overflow vulnerability has been reported that could let remote
malicious users cause a Denial of Service. This is due to problems
handling a malformed GIF image with the maximum depth start value in
PictureViewer.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Apple QuickTime for Windows Denial of Service Vulnerability
CAN-2005-1106 |
Low |
BUGTRAQ:20050413, April 13, 2005 |
|
aspclick.it
ACNews 1.0 |
An input validation vulnerability has been reported that could let a
remote malicious user execute SQL commands to gain administrative access.
This is due to improper input validation in the 'admin/login.asp' script.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
aspclick.it ACNews Administrative Access Vulnerability
CAN-2005-1149 |
High |
Security Tracker Alert ID: 1013681, April 12, 2005 |
|
Centra
Centra 7 |
A vulnerability has been reported that could let a remote malicious
user conduct script insertion attacks. This is because of input validation
errors in username, first name, and last name fields.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this
vulnerability. |
|
High |
Secunia SA14930, April 13, 2005 |
|
Comersus Open Technologies
Comersus 4.x |
An input validation vulnerability has been reported in the 'curPage'
parameter that could let a remote malicious user conduct Cross-Site
Scripting attacks. The 'comersus_searchItem.asp' script does not properly
validate user-supplied input in the 'curPage' variable.
Version 6 is reportedly not affected.
A Proof of Concept exploit has been published. |
|
High |
OSVDB Reference: 15539, April 12, 2005 |
|
DameWare Development
DameWare 4.9 and prior - NT Utilities and MiniRemote Control |
A vulnerability has been reported that could let a local malicious user
obtain passwords. A local user with access to NT Utilities 'DNTUS26'
process memory can obtain the username and password. A local user with
access to the DameWare MiniRemote Control 'DWRCS' process memory can
obtain the applicable username and configuration settings. The 'DWRCC'
process is also affected, but can be used to also obtain passwords.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
Security Tracker Alert ID: 1013725, April 15, 2005 |
|
exploitlabs
WebcamXP 2.16.468 and prior |
Multiple vulnerabilities have been reported in which a remote malicious
user could redirect chat users to arbitrary locations and cause a Denial
of Service. These vulnerabilities are due to input validation errors in
the username field.
A fixed version (2.16.478) is available at: http://webcamxp.com
A Proof of Concept exploit has been published. |
|
Low |
Security Tracker Alert ID: 1013753, April 18, 2005 |
|
McAfee
Internet Security Suite 2005 |
A file permission vulnerability has been reported that could let a
local malicious user can gain elevated privileges or disable the security
functions. A local user could modify application files, modify or replace
some of the code components with arbitrary code, or move or delete the
executable files to cause the security services to fail to startup at
reboot.
Updates are available through Automatic Update feature.
A Proof of Concept exploit has been published. |
McAfee Internet Security Suite Elevated Privilege
Vulnerability
CAN-2005-1107 |
Medium |
iDEFENSE Security Advisory 04.18.05 |
|
Microsoft
Exchange 2000 Server SP3, 2003, 2003 SP1 |
A vulnerability has been reported due to an unchecked buffer in the
SMTP service that could let a remote malicious user execute arbitrary
code.
V1.1: Bulletin updated to reflect a revised "Security Update
Information" section for the Word 2003 security update.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-021.mspx
Currently we are not aware of any exploits for this
vulnerability. |
Microsoft Exchange Server Remote Code Execution Vulnerability
CAN-2005-0560 |
High |
Microsoft Security
Bulletin. MS05-021,
April 12, 2005
Technical
Cyber Security Alert TA05-102A
US CERT
VU#275193
Microsoft Security
Bulletin. MS05-021 V1.1, April 14, 2005
|
|
Microsoft
Internet Explorer 5.01, 5.5, 6 |
Multiple vulnerabilities have been reported that include DHTML Object
Memory Corruption, URL Parsing Memory Corruption, and Content Advisor
Memory Corruption Vulnerability. These vulnerabilities could let remote
malicious users execute arbitrary code.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-020.mspx
An exploit script has been published. |
|
High |
Microsoft Security Bulletin MS05-020, April 12, 2005
Technical
Cyber Security Alert TA05-102A
US-CERT
VU#774338
US-CERT
VU#756122
US-CERT VU#222050
Security Focus, 13120, April 12, 2005
|
|
Microsoft
Microsoft Windows 2000
Avaya DefinityOne Media Servers, IP600 Media Servers, S3400 Message
Application Server, S8100 Media Servers |
Microsoft Windows Explorer is prone to a script injection
vulnerability. This occurs when the Windows Explorer preview pane is
enabled on Windows 2000 computers. If a file with malicious attributes is
selected using Explorer, script code contained in the attribute fields may
be executed with the privilege level of the user that invoked Explorer.
This could be exploited to gain unauthorized access to the vulnerable
computer.
No vendor workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Windows Explorer Preview Pane Script Injection
Vulnerability
CAN-2005-1191
|
High |
Security Focus Bugtraq ID 13248, April 19, 2005 |
|
Microsoft
Windows 2000 SP 3 and SP4
Windows XP SP 1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, Windows 98 SE, and Windows ME |
Multiple vulnerabilities have been reported that include IP Validation,
ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset, and Spoofed
Connection Request. These vulnerabilities could let remote malicious users
execute arbitrary code or execute a Denial of Service.
Updates available:
http://www.microsoft.com/technet/
security/bulletin/MS05-019.mspx
A Proof of Concept exploit has been published. |
|
Low/ High
(High if arbitrary code can be
executed) |
Microsoft Security Bulletin MS05-019, April 12, 2005
Technical
Cyber Security Alert TA05-102A
US-CERT
VU#233754
US-CERT
VU#396645 |
|
Microsoft
Windows 2000 SP 3 and SP4
Windows XP SP1
Windows XP 64-Bit Edition SP1
Windows 98 and 98 SE |
A buffer overflow vulnerability has been reported that could let a
remote malicious user execute arbitrary code.
V1.1: Bulletin updated to reflect an updated
"Registry Key
Verification" section for the Windows XP Service Pack 1 security update.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-017.mspx
Currently we are not aware of any exploits for this
vulnerability. |
Microsoft Windows Message Queuing Remote Code Execution
Vulnerability
CAN-2005-0059 |
High |
Microsoft Security Bulletin MS05-017, April 12, 2005
Microsoft Security Bulletin MS05-017 V1.1, April 14, 2005
|
|
Microsoft
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows XP 64-Bit Edition SP 1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, 98 SE, ME |
A vulnerability has been reported that could let a remote malicious
user execute arbitrary code. This is because of an error in the process to
validate which application should load a file. A remote user can convince
the Windows Shell to start the HTML Application Host application when that
application would not typically be used to process files.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-016.mspx
Exploit scripts have been published. |
Microsoft Windows Shell Remote Code Execution
Vulnerability
CAN-2005-0063 |
High |
Microsoft Security Bulletin MS05-016, April 12, 2005
US-CERT
VU#673051
Security Focus, 13132, April 13, 2005 |
|
Microsoft
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, 98 SE, and ME |
Multiple vulnerabilities have been reported that include errors in the
font, Kernel, Object Management Vulnerability and CSRSS. These are due to
input validation and buffer overflow errors. A malicious user could deny
service or obtain escalated privileges.
Updates available: h
ttp://www.microsoft.com/technet/
security/Bulletin/MS05-018.mspx
Currently we are not aware of any exploits for these
vulnerabilities. |
|
Low/ Medium
(Medium if elevated privileges can be obtained) |
Microsoft Security Bulletin MS05-018, April 12, 2005
US-CERT
VU#259197
US-CERT
VU#775933
US-CERT
VU#943749
US-CERT
VU#650181 |
|
Microsoft
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal
Server
Edition SP6a, Windows 2000 Server SP3 & SP4, Windows 2003,
Windows 2003 for Itanium-based Systems
Avaya DefinityOne Media Servers; Avaya IP600 Media Servers; Avaya S3400
Message Application Server; Avaya S8100 Media Servers |
A buffer overflow vulnerability exists in the License Logging service
due to a boundary error, which could let a remote malicious user cause a
Denial of Service and possibly execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-010.mspx
A Proof of Concept exploit has been published.
V 1.2: Bulletin updated to reflect a revised
"Mitigating
Factors" section for Windows 2000 Server Service Pack 4. |
Microsoft Windows License Logging Service Buffer Overflow
CAN-2005-0050
|
Low/ High
(High if arbitrary code can be
executed) |
Microsoft Security Bulletin, MS05-010, February 8, 2005
US-CERT
Technical Cyber Security Alert TA05-039A
US-CERT
Cyber Security Alert SA05-039A
US-CERT
VU#130433
Security Focus, Bugtraq ID 12481, April 12, 2005
Microsoft Security Bulletin, MS05-010 V1.2, February 8,
2005 |
|
Microsoft
Word 2000, 2002
Works Suite 2001, 2002, 2003, and 2004
Office Word 2003 |
A buffer overflow vulnerability has been reported that could lead to
remote execution of arbitrary code or escalation of privilege.
V1.1 Bulletin updated to point to the correct Exchange 2000
Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope
and caveats of workaround "Unregister xlsasink.dll and fallback to Active
Directory for distribution of route information."
Updates
available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx
Currently we are not aware of any exploits for this
vulnerability. |
Microsoft Word Remote Code Execution and Escalation of
Privilege Vulnerabilities
CAN-2004-0963
CAN-2005-0558 |
High |
Microsoft Security Bulletin MS05-023, April 12, 2005
US-CERT
VU#442567
US-CERT VU#752591
Microsoft Security Bulletin MS05-023 V1.1, April 14,
2005 |
|
Musicmatch
Jukebox 10.00.2047 and prior |
Multiple vulnerabilities have been reported that could let a local
malicious user gain elevated privileges and let a remote user conduct
Cross-Site Scripting attacks. This is because 'MMFWLaunch.exe' does not
properly quote path data before calling the CreateProcess() function.
Also, the software does not properly filter HTML code from user-supplied
input before displaying the input.
The vendor has released a fixed version at: http://www.musicmatch.com
/download/free/security.htm
Currently we are not aware of any exploits for these
vulnerabilities. |
|
High |
Hyperdose Security Advisories H2005-04 and H2005-05 |
|
NetManage
RUMBA 7.3, 7.4 |
Multiple buffer overflow vulnerabilities have been reported when RTO
and WPA profiles are loaded, which could let a remote malicious user cause
a Denial of Service and possibly execute arbitrary code.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published.
|
NetManage RUMBA Profile Handling Multiple Buffer Overflow
CAN-2005-0979 |
Low/ High
(High if arbitrary code can be executed) |
Security Focus,
12965, April 1, 2005
Bugtraq, 395705, April 13, 2005 |
|
OneWorldStore
OneWorldStore |
Multiple vulnerabilities have been reported that could let a remote
user conduct cross-site scripting, script insertion and SQL injection
attacks. This is due to input validation errors in the "sEmail" parameter
in "owContactUs.asp," "bSub" parameter in "owListProduct.asp,"
"idProduct," and "idCategory" used in a SQL query and the "Name", "Email"
and "Comment" parameters in the review form.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Dcrab 's Security Advisory, April 14, 2005
|
| PMSoftware Simple Web Server 1.0.15 |
A buffer overflow vulnerability has been reported that could let a
remote malicious user cause a Denial of Service or execute arbitrary
code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
PMSoftware Simple Web Server Buffer Overflow Permits Remote Code
Execution
CAN-2005-1173 |
Low/ High
(High if arbitrary code can be executed) |
Secunia SA15000, April 19, 2005 |
|
RSA Security
RSA Authentication Agent for Web for IIS 5.2 |
A vulnerability has been reported that could let remote malicious users
conduct Cross-Site Scripting attacks. This is due to input validation
errors in the "postdata" parameter in "/WebID/IISWebAgentIF.dll."
Update to version 5.3:
http://www.rsasecurity.com/
node.asp?id=2807&node_id=
A Proof of Concept exploit has been published. |
RSA Authentication Agent for Web for IIS Cross-Site Scripting
Vulnerability
CAN-2005-1118 |
High |
Secunia SA14954, April 15, 2005 |
|
Sun Microsystems
Sun Java System Web Server (Sun ONE/iPlanet) 6.0 SP7 |
A vulnerability has been reported that could let remote users cause a
Denial of Service.
Update to Sun Java System Web Server 6.0 Service Pack 8 or later:
http://wwws.sun.com/software/
download/products/40968fe6.html
Currently we are not aware of any exploits for this
vulnerability. |
Sun Java System Web Server Denial of Service Vulnerability
CAN-2005-1150 |
Low |
Sun Alert ID: 57760, April 13, 2005 |
|
X-Ways Software Technology
WinHex 12.05 SR-14 |
A vulnerability has been reported that could let a malicious user cause
a Denial of Service with a special filename. The DS, ECX, and ESI register
can be overwritten with arbitrary data.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this
vulnerability. |
|
Low |
Security Tracker Alert ID: 1013727, April 15, 2005 |
|
Yager Development
Yager 5.24 and prior |
Multiple vulnerabilities have been reported that could let a remote
malicious user cause a Denial of Service or execute arbitrary code. These
vulnerabilities are due to errors in the handling of the nickname field
and in the communication handling.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Low/ High
(High if arbitrary code can be executed) |
Luigi Auriemma, April 14, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
|
Vendor &
Software Name |
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts |
Common Name
/
CVE Reference |
Risk |
Source |
|
Apple
Mac OS X 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8, Mac OS X
Server 10.0, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8
|
Multiple vulnerabilities have been reported: a Denial of Service
vulnerability has been reported in the kernel syscall emulation
functionality when handling input parameter lists; a vulnerability has
been reported due to an error that allows installation or creation of
SUID/SGID scripts, which could let a malicious user obtain elevated
privileges; a buffer overflow vulnerability has been reported in the
'semop()' system call, which could let a malicious user obtain elevated
privileges; a vulnerability has been reported in the 'searchfs()' system
call due to an integer overflow, which could let a malicious user obtain
elevated privileges; a vulnerability has been reported in the
'setsockopt()' function, which could let a malicious user exhaust
available memory resources; a Denial of Service vulnerability has been
reported in the 'nfs_mount()' function due to insufficient validation of
input values; and a vulnerability has been reported due to an error when
parsing certain executable files, which could let a malicious user
temporary suspend operations.
Upgrades available at:
http://wsidecar.apple.com/
cgi-bin/nph-reg3rdpty1.pl/
Currently, we are not aware of any exploits for these
vulnerabilities. |
|
Low/ Medium
(Medium if elevated privileges can be obtained) |
Apple Security Advisory, APPLE-SA-2005-04-15, April 16, 2005 |
|
Avaya Labs
Libsafe 2.0-16 |
A race condition vulnerability has been reported when used in
multi-threaded applications, which could let a local/remote malicious user
bypass security mechanisms.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Libsafe Multi-threaded Process Race Condition Security Bypass
CAN-2005-1125 |
Medium |
Security Focus,13190, April 15, 2005 |
|
FreeBSD
FreeBSD 4.x, 5.x releases prior to 5.4-RELEASE
|
A vulnerability has been reported in the 'ifconf()' function due to an
error when generating a list of network interfaces, which could let a
malicious user obtain sensitive information.
Patches available at:
ftp://ftp.FreeBSD.org/pub/FreeBSD/
CERT/patches/SA-05:04/ifconf4.patch
There is no exploit code required. |
|
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:04, April 15, 2005 |
|
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 |
A vulnerability has been reported when an archive is extracted into a
world or group writeable directory because non-atomic procedures are used,
which could let a malicious user modify file permissions.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Bugtraq, 395703, April 13, 2005 |
|
GNU
sharutils 4.2, 4.2.1 |
A vulnerability has been reported in the 'unshar' utility due to the
insecure creation of temporary files, which could let a malicious user
create/overwrite arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-06.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
There is no exploit code required. |
GNU Sharutils 'Unshar' Insecure Temporary File Creation
CAN-2005-0990 |
Medium |
Ubuntu Security
Notice, USN-104-1, April 4, 2005
Gentoo Linux Security Advisory, GLSA 200504-06, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005
Fedora Update Notification,
FEDORA-2005-319, April 14, 2005
|
|
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to
create or overwrite files on the target user's system. wget does not
properly validate user-supplied input. A remote user can bypass the
filtering mechanism if DNS can be modified so that '..' resolves to an IP
address. A specially crafted HTTP response can include control characters
to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
A Proof of Concept exploit script has been published. |
|
Medium |
Security Tracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
|
|
Hiroyuki Yamamoto
Sylpheed 0.8.11, 0.9.4-0.9.12, 0.9.99, 1.0 .0-1.0.2 |
A buffer overflow vulnerability exists in certain headers that contain
non-ASCII characters, which could let a remote malicious user execute
arbitrary code.
Upgrades available at:
http://sylpheed.good-day.net/
sylpheed/v1.0/sylpheed-
1.0.3.tar.gz
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-303.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-26.xml
ALTLinux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March/
000287.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Security Tracker Alert, 1013376, March 4, 2005
Fedora Update Notification,
FEDORA-2005-211, March 15, 2005
RedHat Security Advisory, RHSA-2005:303-05, March 18, 2005
Gentoo Linux Security Advisory, GLSA 200503-26, March 20, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15,
2005
Turbolinux Security Advisory, TLSA-2005-44, April 19, 2005
|
|
IBM
AIX 5.3 |
A vulnerability has been reported due to a serialization error, which
could let a malicious user obtain sensitive information.
Fix information available at:
http://www-1.ibm.com/support/
docview.wss?uid=isg1IY70032
Currently, we are not aware of any exploits for this
vulnerability. |
|
Medium |
IBM Advisory, IY70032, April 14, 2005 |
|
Igor Khasilev
Oops Proxy Server 1.4.22, 1.5.53 |
A format string vulnerability has been reported due to insufficient
sanitization of user-supplied input before passing to a formatted printing
function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently, we are not aware of any exploits for this
vulnerability. |
|
High |
Security Focus, 13172, April 14, 2005 |
|
IlohaMail
IlohaMail 0.7 .0-0.7.9, 0.8.6-0.8.14 |
Cross-Site Scripting vulnerabilities have been reported when processing
emails due to an input validation error, which could let a remote
malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
IlohaMail Email Message Remote Cross-Site Scripting
CAN-2005-1120 |
High |
Secunia Advisory, April 14, 2005 |
|
ImageMagick
ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0 ,
5.4.8, 5.5.3 .2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0,
6.0.1 |
Several vulnerabilities have been reported: a remote Denial of Service
vulnerability has been reported in the decoder due to a failure to handle
malformed TIFF tags; a remote Denial of Service vulnerability has been
reported due to a failure to handle malformed TIFF images; a remote Denial
of Service vulnerability has been reported due to a failure to handle
malformed PSD files; and a buffer overflow vulnerability has been reported
in the SGI parser, which could let a remote malicious user execute
arbitrary code.
Upgrades available at:
http://www.imagemagick.org/
script/download.php?
SuSE:
ftp://ftp.suse.com/pub/suse
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-070.html
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for these
vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed) |
Security Tracker
Alert, 1013550,
March 24, 2005
Debian Security Advisory,
DSA 702-1,
April 1, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:065, April 3,
2005
Turbolinux Security Advisory, TLSA-2005-47, April 19, 2005
|
|
ImageMagick
ImageMagick 6.x |
A buffer overflow vulnerability exists in 'coders/psd.c' when a
specially crafted Photoshop document file is submitted, which could let a
remote malicious user execute arbitrary code.
Update available at:
http://www.imagemagick.org/
www/download.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-26.xml
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-37.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this
vulnerability. |
ImageMagick Photoshop Document Buffer Overflow
CVE Name:
CAN-2005-0005
|
High |
iDEFENSE Security Advisory, January 17, 2005
Ubuntu Security Notice, USN-62-1, January 18, 2005
Debian Security Advisory, DSA 646-1, January 19, 2005
Gentoo Linux Security Advisory, GLSA 200501-26, January 20, 2005
Gentoo Linux Security Advisory, GLSA 200501-37, January 26, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:065, April 3, 2005
Turbolinux Security Advisory, TLSA-2005-47, April 19, 2005
|
|
ISC
DHCPD 2.0.pl5 |
A format string vulnerability has been reported because user-supplied
data is logged in an unsafe fashion, which could let a remote malicious
user execute arbitrary code.
Upgrades available at:
http://security.debian.org/pool/
updates/main/d/dhcp/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-212.html
We are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 584-1, November 4, 2004
US-CERT
VU#448384
RedHat Security Advisory, RHSA-2005:212-06, April 12, 2005
|
|
Jamie Cameron
Usermin prior to 1.130 |
A vulnerability has been reported in certain configuration files due to
a design error because insecure permissions are assigned, which could let
a remote malicious user obtain control of configuration files.
Updates available at:
http://prdownloads.sourceforge.net
/webadmin/usermin-1.130.tar.gz
There is no exploit code required. |
|
Medium |
Security Tracker Alert, 1013723, April 15, 2005 |
|
Jamie Cameron
Webmin prior to 1.200 |
A vulnerability has been reported in certain configuration files due to
a design error because insecure permissions are assigned, which could let
a remote malicious user obtain control of configuration files.
Updates available at:
http://prdownloads.sourceforge.net
/webadmin/usermin-1.130.tar.gz
There is no exploit code required. |
|
Medium |
Security Tracker Alert, 1013723, April 15, 2005 |
|
Junkbuster
Internet Junkbuster 2.0.1, 2.0.2 |
Two vulnerabilities have been reported: a vulnerability has been
reported in the 'ij_untrusted_url()' function, which could let a remote
malicious user modify the configuration; and a vulnerability has been
reported due to errors when filtering URLs, which could let a malicious
user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-11.xml
Currently we are not aware of any exploits for these
vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed) |
Gentoo Linux Security Advisory GLSA 200504-11, April 13, 2005 |
|
KDE
KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5,
3.2-3.2.3, 3.3-3.3.2 |
A Denial of Service vulnerability has been reported in the Desktop
Communication Protocol (DCOP) daemon due to an error in the authentication
process
Upgrade available at:
http://www.kde.org/download/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-22.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-325.html
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-307.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
KDE Security Advisory, March 16, 2005
Fedora Update Notifications,
FEDORA-2005-244 & 245, March 23,
2005
RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005
ALTLinux Security Advisory, March 29, 2005
RedHat Security Advisory, RHSA-2005:307-08, April 6,2005
SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
|
|
LGPL
NASM 0.98.38 |
A vulnerability was reported in NASM. A remote malicious user can cause
arbitrary code to be executed by the target user. A remote user can create
a specially crafted asm file that, when processed by the target user with
NASM, will execute arbitrary code on the target user's system. The code
will run with the privileges of the target user. The buffer overflow
resides in the error() function in 'preproc.c.'
Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200412-20.xml
Debian:
http://www.debian.org/security/
2005/dsa-623
Mandrake:
http://www.mandrakesoft.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
A Proof of Concept exploit script has been published. |
|
High |
Secunia Advisory ID, SA13523, December 17, 2004
Debian Security Advisory
DSA-623-1 nasm, January 4, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:004,
January 6, 2005
Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005
Fedora Update Notification,
FEDORA-2005-322, April 18, 2005
|
|
libexif
libexif 0.6.9, 0.6.11 |
A vulnerability exists in the 'EXIF' library due to
insufficient validation of 'EXIF' tag structure, which could let a remote
malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libe/libexif/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-17.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-300.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Debian:
http://security.debian.org/pool/
updates/main/libe/libexif/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Ubuntu Security
Notice USN-91-1, March 7, 2005
Fedora Update Notifications,
FEDORA-2005-
199 & 200,
March 8, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-17, March 12, 2005
RedHat Security Advisory,
RHSA-2005:300-08, March 21, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:064, March 31,
2005
Debian Security Advisory, DSA 709-1, April 15, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15,
2005 |
|
libtiff.org
LibTIFF 3.6.1
Avaya MN100 (All versions), Avaya Intuity LX (version 1.1-5.x), Avaya
Modular Messaging MSS (All versions)
|
Several buffer overflow vulnerabilities exist: a
vulnerability exists because a specially crafted image file can be
created, which could let a remote malicious user cause a Denial of Service
or execute arbitrary code; a remote Denial of Service vulnerability exists
in 'libtiff/tif_dirread.c' due to a division by zero error; and a
vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c'
RLE decoding routines, which could let a remote malicious user execute
arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-11.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/
slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
KDE: Update to version 3.3.2:
http://kde.org/download/
Apple Mac OS X:
http://www.apple.com/swupdates/
Gentoo: KDE kfax:
http://www.gentoo.org/security
/en/glsa/glsa-200412-17.xml
Avaya: No solution but workarounds available at:
http://support.avaya.com/
elmodocs2/security/ASA-
2005-002_RHSA-2004-577.pdf
TurboLinux:
http://www.turbolinux.com/update/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-354.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.19
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-021.html
Proofs of Concept exploits have been published.
|
|
Low/ High
(High if arbitrary code can be execute) |
Gentoo Linux
Security Advisory,
GLSA 200410-11, October 13,
2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory,
OpenPKG-SA-2004.043,
October 14,
2004
Debian Security Advisory,
DSA 567-1,
October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15,
2004
Mandrakelinux
Security Update Advisory, MDKSA-2004:109 &
MDKSA-2004:111, October 20 & 21,
2004
SuSE Security Announcement,
SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory,
RHSA-2004:577-16,
October 22,
2004
Slackware Security Advisory,
SSA:2004-305-02, November 1, 2004
Conectiva Linux Security
Announcement,
CLA-2004:888, November
8, 2004
US-CERT
Vulnerability Notes VU#687568 & VU#948752,
December
1, 2004
Gentoo Linux Security Advisory, GLSA 200412-02,
December 6, 2004
KDE Security
Advisory,
December 9, 2004
Apple Security
Update
SA-2004-12-02
Gentoo Security Advisory, GLSA 200412-17 / kfax, December 19, 2004
Avaya Advisory
ASA-2005-002,
January 5, 2005
Conectiva Linux Security
Announcement,
CLA-2005:914,
January
6, 2005
Turbolinux Security Announcement,
January 20, 2005
Mandrakelinux
Security Update Advisory,
MDKSA-2005:052, March
4, 2005
RedHat Security Advisory,
RHSA-2005:354-03,
April 1, 2005
RedHat Security Advisory, RHSA-2005:021-09, April 12, 2005
|
|
Midnight Commander
Midnight Commander 4.5.40-4.5.5.52, 4.5.54, 4.5.55 |
A buffer overflow vulnerability has been reported in the
'insert_text()' function due to insufficient bounds checking, which could
let a malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/m/mc/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Debian Security Advisory, DSA 698-1 , March 29, 2005
Turbolinux Security Advisory, TLSA-2005-46, April 19, 2005
|
|
moleSoftware GmbH
VHCS 2.4 & possibly earlier versions |
An input validation vulnerability has been reported due to insufficient
validation of user-supplied data in HTTP POST requests, which could let a
remote malicious user execute arbitrary SQL commands.
Upgrades available at:
http://isg.ee.ethz.ch/tools/
postgrey/pub/postgrey-1.21.tar.gz
Currently, we are not aware of any exploits for this
vulnerability. |
|
High |
Security Tracker Alert, 1013703, April 14, 2005 |
|
Monkey
Monkey HTTP Daemon 0.1.4, 0.4-0.4.2, 0.5, 0.5.1, 0.6-0.6.3, 0.7.0-
0.7.2, 0.8-0.8.2, 0.9 .0 |
Two vulnerabilities have been reported: a Denial of Service
vulnerability has been reported when handling certain requests due to an
unspecified error; and a vulnerability has been reported in 'cgi.c' due to
an unspecified error, which could let a malicious user execute arbitrary
code.
Upgrades available at:
http://monkeyd.sourceforge.net
/get_monkey.php?ver=17
Currently, we are not aware of any exploits for these
vulnerabilities.
|
|
Low/ High
(High if arbitrary code can be executed) |
Secunia Advisory, SA14953, April 15, 2005 |
|
Multiple Vendors
Apple Safari 1.2-1.2.3, RSS 2.0 pre-release;
Omni Group OmniWeb
5.1 |
A vulnerability has been reported due to a failure to handle scripts
securely, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.apple.com/
safari/download/
A Proof of Concept exploit has been published. |
Multiple Vendors Apple Safari Remote Code Execution
CAN-2005-0976 |
High |
Apple Security Advisory, APPLE-SA-2005-04-15, April 16, 2005 |
|
Multiple Vendors
Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0
03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4
-2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6 |
A vulnerability has been reported in the 'rmtree()' function in the
'File::Path.pm' module when handling directory permissions while cleaning
up directories, which could let a malicious user obtain elevated
privileges.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-38.xml
Debian:
http://security.debian.org/pool
/updates/main/p/perl/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this
vulnerability. |
|
Medium |
Ubuntu Security Notice, USN-94-1 March 09, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15,
2005
Debian Security Advisory, DSA 696-1 , March 22, 2005
Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005
|
|
Multiple Vendors
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30,
3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34,
3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18,
4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0,
2.1 |
A vulnerability exists in the 'GRANT' command due to a failure to
ensure sufficient privileges, which could let a malicious user obtain
unauthorized access.
Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html
SuSE:
ftp://ftp.suse.com/pub/suse
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/
Debian:
http://security.debian.org/
pool/updates/main/m/mysql/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
There is no exploit code required. |
|
Medium |
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15,
2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005
Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005
Ubuntu Security Notice, USN-109-1 April 06, 2005
Debian Security Advisory, DSA 707-1, April 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:070, April
13, 2005 |
|
Multiple Vendors
Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0,
9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8,
Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86,
UnitedLinux 1.0 |
Multiple vulnerabilities have been reported: a buffer overflow
vulnerability was reported due to an unspecified boundary error, which
could let a remote malicious user potentially execute arbitrary code; a
remote Denial of Service vulnerability was reported due to memory leaks
and NULL pointer dereferences; an unspecified error was reported due to an
arbitrary free (the impact was not specified), and several errors were
reported in the contributed Perl scripts, which could let a remote
malicious user execute arbitrary code.
Update available at:
https://ccvs.cvshome.org/
servlets/ProjectDocumentList
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-16.xml
SuSE:
ftp://ftp.suse.com/pub/suse/i
Currently we are not aware of any exploits for these
vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed) |
Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005
SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005
Secunia Advisory, SA14976, April 19, 2005 |
|
Multiple Vendors
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3,
7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 |
A buffer overflow vulnerability exists in the Kerberos authentication
code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT
Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function,
which could let a remote malicious user execute arbitrary code.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/curl/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Updates available at:
http://curl.haxx.se/download/
curl-7.13.1.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-20.xml
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-340.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Currently we are not aware of any exploits for these
vulnerabilities. |
Multiple Vendors cURL / libcURL Kerberos Authentication &
'Curl_input_ntlm()' Remote Buffer Overflows
CAN-2005-0490
|
High |
iDEFENSE
Security Advisory ,
February 21, 2005
Mandrakelinux
Security Update Advisory, MDKSA-2005:048, March 4,
2005
Gentoo Linux
Security Advisory, GLSA 200503-20,
March 16, 2005
Conectiva Linux Security
Announcement,
CLA-2005:940,
March
21, 2005
ALTLinux Security Advisory, March 29, 2005
RedHat Security Advisory,
RHSA-2005:340-09,
April 5, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
|
|
Multiple Vendors
Gentoo Linux;
rsnapshot filesystem snapshot utility 1.0.10,
1.1-1.1.6, 1.2 |
A vulnerability has been reported in the 'copy_symlink()' subroutine
because file ownership is incorrectly changed on files pointed to by
symlinks, which could let a malicious user manipulate file permissions.
Upgrades available at:
http://www.rsnapshot.org/
downloads/rsnapshot-1.1.7.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-12.xml
There is no exploit code required. |
|
Medium |
rsnapshot Security Advisory 001, April 10, 2005 |
|
Multiple Vendors
GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora
Core3
RedHat Fedora Core2 |
A remote Denial of Service vulnerability has been reported due to a
double free error in the BMP loader.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-344.html
http://rhn.redhat.com/
errata/RHSA-2005-343.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdk-pixbuf/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Currently we are not aware of any exploits for this
vulnerability. |
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service
CAN-2005-0891 |
Low |
Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 &
268,
March 30, 2005
RedHat Security Advisories,
RHSA-2005:344-03 &
RHSA-2005:343-03, April 1 & 4, 2005
Ubuntu Security Notice, USN-108-1 April 05, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April
8, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
|
|
Multiple Vendors
RedHat Fedora Core3 & Core 2;
Sylpheed Sylpheed 0.8, 0.8.11,
0.9.4-0.9.12, 0.9.99, 1.0 .0-1.0.3, 1.9-1.9.4 |
A buffer overflow vulnerability has been reported when handling email
messages that contain attachments with MIME-encoded file names, which
could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Sylpheed:
http://sylpheed.good-day.net/
sylpheed/v1.0/sylpheed-1.0.4.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-02.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this
vulnerability. |
Sylpheed MIME-Encoded
Attachment Name Buffer Overflow
CAN-2005-0926 |
High |
Fedora Update Notifications,
FEDORA-2005-
263 & 264,
March 29, 2005
Gentoo Linux Security Advisory, GLSA 200504-02,
April 2, 2005
Turbolinux Security Advisory, TLSA-2005-44, April 19, 2005
|
|
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2 |
A remote Denial of Service vulnerability has been reported when an
unspecified Jabber file transfer request is handled.
Upgrade available at:
http://gaim.sourceforge.net/
downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
There is no exploit code required. |
|
Low |
Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005
RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:071, April
14, 2005 |
|
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1
ppc, ia64, ia32 |
Two vulnerabilities have been reported: a remote Denial of Service
vulnerability has been reported due to a buffer overflow in
the
'gaim_markup_strip_html()' function; and a vulnerability has been
reported in the IRC protocol plug-in due to insufficient sanitization of
the 'irc_msg' data, which could let a remote malicious user execute
arbitrary code.
Update available at:
http://gaim.sourceforge.net
/downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for these
vulnerabilities. |
Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of
Service & IRC Protocol Plug-in Arbitrary Code Execution
CAN-2005-0965
CAN-2005-0966
|
Low/ High
(High if arbitrary code can be executed) |
Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005
Ubuntu Security
Notice,
USN-106-1
April 05, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005
RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:071, April
14, 2005 |
|
Multiple Vendors
Todd Miller Sudo 1.5.6-1.5.9, 1.6-1.6.8 |
A vulnerability has been reported in VISudo due to the insecure
creation of temporary files, which could let a malicious user corrupt
arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Security Focus, 13171, April 14,2005 |
|
Multiple Vendors
xli 1.14-1.17; xloadimage 3.0, 4.0, 4.1 |
A vulnerability exists due to a failure to parse compressed images
safely, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml
Debian:
http://security.debian.org/
pool/updates/main/x/xli/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this
vulnerability. |
XLoadImage Compressed Image Remote Command Execution
CAN-2005-0638 |
High |
Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005
Fedora Update Notifications,
FEDORA-2005-236 & 237, March 18,
2005
Debian Security Advisory, DSA 695-1, March 21, 2005
Turbolinux Security Advisory, TLSA-2005-43, April 19, 2005
|
|
Paul Vixie
Vixie Cron 4.1 |
A vulnerability has been reported due to insecure creation of
temporary files when crontab is executed with the '-e' option, which could
let a malicious user obtain sensitive information.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
There is no exploit code required; however, a Proof of Concept exploit
script has been published. |
|
Medium |
Security Focus, 13024, April 6, 2005
Fedora Update Notification,
FEDORA-2005-320, April 15, 2005
|
|
PHP Group
PHP 4.3-4.3.10 |
A remote Denial of Service vulnerability has been reported when
processing deeply nested EXIF IFD (Image File Directory) data.
Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently, we are not aware of any exploits for this
vulnerability. |
PHP Group Exif Module IFD Nesting Remote Denial of Service
CAN-2005-1043 |
Low |
Security Focus, 13164, April 14, 2005
Ubuntu Security Notice, USN-112-1, April 14, 2005
Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005
Fedora Update Notification,
FEDORA-2005-315, April 18, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005
|
|
PHP Group
PHP 4.3-4.3.10 |
A vulnerability has been reported in the 'exif_process_IFD_TAG()'
function when processing malformed IFD (Image File Directory) tags, which
could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently, we are not aware of any exploits for this
vulnerability. |
|
High |
Security Focus, 13163, April 14, 2005
Ubuntu Security Notice, USN-112-1, April 14, 2005
Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005
Fedora Update Notification,
FEDORA-2005-315, April 18, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005
|
|
phpMyAdmin
phpMyAdmin 2.0-2.0.5, 2.1- 2.1.2, 2.2, pre 1&pre2, rc1-rc3,
2.2.2-2.2.6, 2.3.1, 2.3.2, 2.4.0, 2.5.0-2.5.2, 2.5.4-2.5.7,
2.6.0pl1-2.6.0pl3, 2.6.1, pl1&pl3, 2.6.1 -rc1 |
A Cross-Site Scripting vulnerability has been reported in 'index.php'
due to insufficient sanitization of the 'convcharset' parameter, which
could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://prdownloads.sourceforge.net
/phpmyadmin/phpMyAdmin-2.6.2-rc1.
tar.gz?download
Gentoo: | |
| |
