 |
Summary of Security Items from April 20 through April 26, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat Reader 6.0 and prior |
A vulnerability has been reported that could let a remote malicious user execute arbitrary code. If a specially crafted PDF file is loaded by Acrobat Reader it will trigger an Invalid-ID-Handle-Error in 'AcroRd32.exe'.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Acrobat Reader Invalid-ID-Handle-Error Remote Code Execution Vulnerability
|
High |
Security Tracker Alert ID: 1013774, April 21, 2005 |
Argosoft.com
ArGoSoft Mail Server 1.8.7.6 |
Two vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting and script insertion attacks. This is due to input validation errors in parameters passed to mails and user settings.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Argosoft Mail Server Cross-Site Scripting and Script Insertion Vulnerabilities
CAN-2005-1282
|
High |
Secunia SA15100, April 26, 2005 |
Asp Press
ACS Blog 1.1.3 and prior |
An authentication vulnerability was reported that could let a remote malicious user gain administrative privileges on the application. The 'inc_login_check.asp' script grants administrative privileges to the remote user if a certain cookie is set.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
Security Tracker Alert ID, 1013795, April 25, 2005 |
Black Knight Development
BK Forum 4 |
An input validation vulnerability has been reported that could let a remote malicious user inject SQL commands. Several scripts do not properly validate user-supplied input. A remote user can create parameter values to execute SQL commands on the underlying database.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Security Tracker Alert ID, 1013793, April 25, 2005 |
Citrix
Program Neighborhood Agent for Win32
Citrix MetaFrame Presentation Server client for WinCE (versions
including Program Neighborhood Agent)
|
Buffer overflow and unspecified vulnerabilities have been reported that could let remote malicious users execute arbitrary code or create arbitrary shortcuts.
Update to:
* Program Neighborhood Agent for Win32 versions 9.0 and later.
* Citrix MetaFrame Presentation Server client for WinCE versions 8.33
and later.
Available at:
http://www.citrix.com/English/SS/
downloads/downloads.asp?dID=2755
A Proof of Concept exploit has been published. |
Citrix Program Neighborhood Agent Two Vulnerabilities
CAN-2004-1077
CAN-2004-1078
|
High |
Citrix Document ID: CTX105650, April 25, 2005 |
Ecommerce-Carts.com
Ecomm Professional Shopping Cart 3 |
A vulnerability has been reported which can be exploited by remote malicious users to conduct SQL injection attacks. Input passed to the 'AdminPWD' parameter in 'verify.asp' isn't properly verified before used in an SQL query.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Ecomm Professional Shopping Cart SQL Injection Vulnerability |
High |
IHS Iran Hackers Sabotage Public advisory, April 19, 2005 |
Elemental Software
CartWIZ |
Several vulnerabilities have been reported that could let a remote malicious user inject SQL commands and conduct Cross-Site Scripting attacks. Several scripts do not properly validate user-supplied input. A remote user can create parameter values that will execute SQL commands on the underlying database.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Security Tracker Alert ID, 1013792, April 25, 2005 |
Fastream Technologies
NETFile Server prior to 7.5.0 Beta 7; Tested on 7.4.6 on English Win2K SP4 |
A vulnerability has been reported that could let a remote authenticated malicious user upload or delete files or directories located outside of the FTP directory.
A fixed version (7.5.0 Beta 7) is available:
http://ww.fastream.com/products.htm
A Proof of Concept exploit has been published. |
Fastream NETFile Server File Creation Vulnerability |
Medium |
SIG^2 Vulnerability Research, April 25, 2005 |
Iatek
PortalApp 3.3 |
Input validation vulnerabilities have been reported that could let a remote user conduct Cross-Site Scripting attacks. The 'ContentId,' 'CatId,' 'ContentTypeId,' and 'ForumId' parameters are not properly filtered to remove HTML code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Iatek PortalApp Cross-Site Scripting Vulnerabilities |
High |
Security Tracker Alert ID, 1013755, April 19, 2005 |
Magnus Lundvall
Yawcam 0.2.5 |
A vulnerability has been reported that could let a remote malicious user obtain files on the target system that are located outside of the web document directory. This is because the web service does not properly validate user-supplied HTTP GET requests.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Magnus Lundvall Yawcam Information Disclosure Vulnerability
CAN-2005-1230
|
Medium |
Security Tracker Alert ID, 1013781, April 21, 2005 |
MailEnable
MailEnable |
A potential "security exploit" vulnerability with an unknown impact has been reported by the vendor.
The vendor has issued a fix: http://www.mailenable.com/hotfix/MEHTTPS.zip
Currently we are not aware of any exploits for this vulnerability. |
MailEnable HTTPMail Vulnerability |
Not Specified |
Security Tracker Alert ID, 1013786, April 22, 2005 |
Media Online Italia
Store Portal 2.63 |
A vulnerability has been reported that could let a remote malicious user inject SQL commands. Several scripts do not properly validate user-supplied input in various parameters when processed as a Referrer URL.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Media Online Store Portal SQL Injection Vulnerability
CAN-2005-1293
|
High |
Dcrab 's Security Advisory, April 24, 2005 |
MetaLinks
MetaCart and MetaCart2 |
Multiple input validation vulnerabilities have been reported that could let malicious users inject SQL commands. These vulnerabilities may lead to theft of sensitive information, potentially including authentication credentials, and data corruption.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
Metalinks MetaCart Multiple SQL Injection Vulnerabilities |
High |
Security Focus, Bugtraq ID 13377, 13382, 13383, 13384, 13385, 13376, 13393, April 26, 2005 |
Microsoft
Windows XP Home Edition and Professional Edition |
A vulnerability has been reported that could let a user cause a Denial of Service. This is due to an error in the image rendering for overly large images.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Image Rendering Denial of Service Vulnerability |
Low |
Secunia SA15064, April 22, 2005 |
Microsoft
Exchange 2000 Server SP3, 2003, 2003 SP1 |
A vulnerability has been reported due to an unchecked buffer in the SMTP service that could let a remote malicious user execute arbitrary code.
V1.1: Bulletin updated to reflect a revised "Security Update Information" section for the Word 2003 security update.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-021.mspx
A Proof of Concept exploit script has been published.
|
Microsoft Exchange Server Remote Code Execution Vulnerability
CAN-2005-0560 |
|
Microsoft Security
Bulletin. MS05-021,
April 12, 2005
Technical Cyber Security Alert TA05-102A
US CERT VU#275193
Microsoft Security
Bulletin. MS05-021 V1.1, April 14, 2005
Security Focus, 13118, April 20, 2005 |
| Neslo Desktop Rover 3.0 |
A vulnerability has been reported which could let a local malicious user cause a Denial of Service. This is due to an error in the communication handling on port 61427/tcp.
Update to upcoming 3.1 version.
A Proof of Concept exploit has been published. |
Neslo Desktop Rover Denial of Service Vulnerability
CAN-2005-1204
|
Low |
Evil Packet Advisory EP-000-0003, April 19, 2005 |
Novell
Novell Nsure Audit 1.01 |
A vulnerability has been reported in the processing of ASN.1 messages that could let a remote malicious user cause Denial of Service conditions. A brute force attack against 'webadmin.exe' will cause a Denial of Service.
Update to version 1.0.3.
A Proof of Concept exploit has been published. |
|
Low |
Novell Technical Information Document, TID10097379, April 19, 2005 |
Ocean12
Ocean 12 Calendar 1.01 |
A vulnerability has been reported that could let a remote malicious user inject SQL commands. This is due to input validation errors in the 'Admin_password' field.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Ocean12 Calendar Manager SQL Injection Vulnerability
CAN-2005-1223
|
High |
Hackers Center Security Group, Zinho's Security Advisory, April 19, 2005
|
OneWorldStore
OneWorldStore |
A vulnerability has been reported that could let a remote malicious user cause a Denial of Service condition. A remote user can directly access the '/owConnections/chksettings.asp' file to cause the application to crash.
Fix available at: http://www.oneworldstore.com/support_security_
issue_updates.asp#April_20_2005_Lostmon
A Proof of Concept exploit has been published. |
|
Low |
Security Tracker Alert ID,: 1013782, April 22, 2005 |
OneWorldStore
OneWorldStore |
An information disclosure vulnerability has been reported that could let a remote malicious user view order information. A remote user can execute the 'PaymentMethods/owOfflineCC.asp' script with a unique 'idOrder' value to obtain information about another user's order.
A fix is available at: http://oneworldstore.com/support_updates.asp
A Proof of Concept exploit has been published. |
|
Medium |
Security Tracker Alert ID, 1013796, April 25, 2005 |
Orvado Technologies
ASP Nuke 0.80 |
Several vulnerabilities have been reported that could let a remote malicious user inject SQL commands or conduct Cross-Site Scripting attacks. The 'profile.asp' and 'select.asp' scripts do not filter HTML code from user-supplied input before displaying the information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Orvado ASP Nuke SQL Injection and Cross-Site Scripting Vulnerabilities |
High |
Dcrab Security Advisory, April 22, 2005 |
| PMSoftware Simple Web Server 1.0.15 |
A buffer overflow vulnerability has been reported that could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
PMSoftware Simple Web Server Remote Code Execution Vulnerability
CAN-2005-1173 |
Low/ High
(High if arbitrary code can be executed) |
Secunia SA15000, April 19, 2005
Security Focus, 13227, April 20, 2005 |
PPP Infotech
netMailshar Professional 4.0 build 15 |
Multiple vulnerabilities have been reported that could disclose sensitive information and valid user accounts. These is because of an input validation error in the Webmail service (port 8003) and because the Webmail service returns different error messages if a certain username is valid or not.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities. |
PPP Infotech netMailshar Professional Two Vulnerabilities |
Medium |
Secunia
SA15038, April 21, 2005 |
RealNetworks
RealPlayer Enterprise 1.1, 1.2, 1.5, 1.6, and 1.7 |
A vulnerability has been reported that could let a remote malicious user execute arbitrary code. This is due to a boundary error in 'pnen3260.dll' when processing RAM files that can be exploited to cause a buffer overflow.
An updated versions of pnen3260.dll is available:
http://docs.real.com/docs/pnen3260.dll
Currently we are not aware of any exploits for this vulnerability. |
RealNetworks Realplayer Enterprise Buffer Overflow
Vulnerability
CAN-2005-0755
|
High |
Security Patch Update For Realplayer Enterprise, April 19, 2005 |
Softwin
BitDefender Antivirus Standard 8.x, BitDefender Antivirus Professional Plus 8.x |
A vulnerability has been reported that could let local malicious users disable the virus protection or gain escalated privileges.This is because the installation process can create entries insecurely in the 'Run' registry key to automatically run some programs when a user logs in.
The vendor recommends quoting the command line of the created entries in the registry.
A Proof of Concept exploit has been published. |
Softwin BitDefender Insecure Program Execution Vulnerability
CAN-2005-1286
|
High |
Secunia SA15076, April 26, 2005 |
Team JohnLong
RaidenFTPD 2.x |
A vulnerability has been reported which can be exploited by remote malicious users to gain knowledge of sensitive information. It is possible to access arbitrary files outside the FTP root.
Update to version 2.4 build 2241: http://www.raidenftpd.com/en/download.html
Currently we are not aware of any exploits for this vulnerability. |
Team JohnLong RaidenFTPD Information Disclosure Vulnerability |
Medium |
Raiden Professional bulletin board advisory, April 20, 2005 |
Where's James Software
WheresJames Webcam Publisher Beta 2.0.0014 |
A buffer overflow vulnerability exists that could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
WheresJames Webcam Publisher Remote Code Execution Vulnerability |
High |
Security Tracker Alert ID,: 1013757, April 19, 2005 |
back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apple
Mac OS X 10.3.7 with iSync |
A buffer overflow vulnerability exists in 'mRouter' when specially crafted options to the '-v' and '-a' command line switches are submitted, which could let a malicious user obtain root privileges.
Upgrade available at:
http://www.apple.com/support/
downloads/securityupdate2005004.html
An exploit script has been published. |
|
High |
Securiteam, January 23, 2005
Apple Security Update, APPLE-SA-2005-04-19, April 19, 2005 |
David M. Gay
f2c Fortran 77 Translator 1.3.1 |
Several vulnerabilities exist due to the insecure creation of temporary files, which could let a malicious user modify information or obtain elevated privileges.
Debian:
http://security.debian.org/
pool/updates/main/f/f2c/
Gentoo:
http://security.gentoo.org/glsa
/glsa-200501-43.xml
There is no exploit required.
|
|
Medium |
Debian Security Advisory, DSA 661-1, January 27, 2005
Gentoo Linux Security Advisory GLSA 200501-43, January 30, 2005
Debian Security Advisory, DSA 661-2, April 20,2005 |
FreeBSD
FreeBSD 5.4 & prior |
A vulnerability has been reported in the 'sendfile()' system call due to a failure to secure sensitive memory before distributing it over the network, which could let a malicious user obtain sensitive information.
Patches available at:
ftp://ftp.FreeBSD.org/pub/FreeBSD/
CERT/patches/SA-05:02/
There is no exploit code required. |
|
Medium |
FreeBSD Security Advisory,
FreeBSD-SA-05:02, April 5, 2005
US-CERT VU#604846 |
GNU
cpio 2.6 |
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396429, April 20, 2005 |
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396397, April 20, 2005 |
Grip
Grip 3.1.2, 3.2 .0 |
A buffer overflow vulnerability has been reported in the CDDB protocol due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-21.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-304.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-07.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Peachtree:
http://peachtree.burdell.org/
updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low/
High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005-
202 & 203,
March 9, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-21,
March 17, 2005
RedHat Security Advisory, RHSA-2005:304-08,
March 28, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:066,
April 3, 2005
Gentoo Linux Security Advisory, GLSA 200504-07, April 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:010, April 8, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:074 & 075, April 21, 2005
Peachtree Linux Security Notice, PLSN-0007, April 22, 2005 |
Hewlett Packard Company
HP-UX B.11.23, B.11.22, B.11.11, B.11.04, B.11.00 |
A remote Denial of Service vulnerability has been reported in the Path MTU Discovery (PMTUD) functionality that is supported in the ICMP protocol.
Patches available at:
http://www1.itrc.hp.com/service/
cki/docDisplay.do?docId= HPSBUX01137
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Hewlett Packard Company Security Advisory, HPSBUX01137, April 24, 2005 |
INRIA
GeneWeb 4.0 5-4.0 9 |
A vulnerability has been reported in the maintainer scripts because files believed to be old '.gwb' datafile files are converted automatically without checking file permissions and content, which could let a malicious user modify arbitrary files.
Debian:
http://security.debian.org/pool/
updates/main/g/geneweb/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Debian Security Advisory, DSA 712-1 , April 19, 2005 |
Inter7
SqWebMail 3.4.1, 3.5 .0-3.5.3, 3.6.0-3.6.1, 4.0.4.20040524, 4.0.5.
|
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'redirect' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 13374, April 26, 2005 |
J. Schilling
CDRTools 2.0 |
A vulnerability has been reported in cdrecord due to insecure creation of various files, which could let a malicious user corrupt arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cdrtools/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
There is no exploit code required. |
|
Medium |
Ubuntu Security Notice USN-100-1, March 24, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:077, April 21, 2005 |
JAWS
JAWS 0.3-0.5 beta2 |
A Cross-Site Scripting vulnerability has been reported in the Glossary module due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
High |
Securiteam, April 21, 2005 |
John Bradley
XV 3.10 a |
Multiple vulnerabilities have been reported:a buffer overflow vulnerability was reported in the PDS image decoder when processing comments, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the TIFF and PDS image decoders due to format string errors, which could let a remote malicious execute arbitrary code; a vulnerability was reported due to an input validation error when handling filenames, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-17.xml
There is no exploit code required. |
John Bradley XV Multiple
Vulnerabilities |
High |
Secunia Advisory,
SA14977, April 19, 2005
Gentoo Linux Security Advisory, GLSA 200504-17, April 19, 2005 |
Junkbuster
Internet Junkbuster 2.0.1, 2.0.2 |
Two vulnerabilities have been reported: a vulnerability has been reported in the 'ij_untrusted_url()' function, which could let a remote malicious user modify the configuration; and a vulnerability has been reported due to errors when filtering URLs, which could let a malicious user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-11.xml
Debian:
http://security.debian.org/pool/
updates/main/j/junkbuster/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Gentoo Linux Security Advisory GLSA 200504-11, April 13, 2005
Debian Security Advisory, DSA 713-1, April 21, 2005 |
KDE
KDE 3.2-3.2.3, 3.3-3.3.2, 3.4,
KDE Quanta 3.1 |
A vulnerability has been reported due to a design error in Kommander, which could let a remote malicious user execute arbitrary code.
Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/f
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-23.xml
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
KDE Security Advisory, April 20, 2005
Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 2005 |
LBL
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3 |
Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
|
Low |
Bugtraq, 396932, April 26, 2005 |
libexif
libexif 0.6.9, 0.6.11 |
A vulnerability exists in the 'EXIF' library due to insufficient validation of 'EXIF' tag structure, which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libe/libexif/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-17.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-300.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Debian:
http://security.debian.org/pool/
updates/main/libe/libexif/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Peachtree:
http://peachtree.burdell.org/
updates/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Ubuntu Security
Notice USN-91-1, March 7, 2005
Fedora Update Notifications,
FEDORA-2005-
199 & 200,
March 8, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-17, March 12, 2005
RedHat Security Advisory,
RHSA-2005:300-08, March 21, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:064, March 31, 2005
Debian Security Advisory, DSA 709-1, April 15, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
Peachtree Linux Security Notice, PLSN-0006, April 22, 2005 |
libtiff.org
LibTIFF 3.6.1
Avaya MN100 (All versions), Avaya Intuity LX (version 1.1-5.x), Avaya Modular Messaging MSS (All versions)
|
Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-11.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/
slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
KDE: Update to version 3.3.2:
http://kde.org/download/
Apple Mac OS X:
http://www.apple.com/swupdates/
Gentoo: KDE kfax:
http://www.gentoo.org/security
/en/glsa/glsa-200412-17.xml
Avaya: No solution but workarounds available at:
http://support.avaya.com/
elmodocs2/security/ASA-
2005-002_RHSA-2004-577.pdf
TurboLinux:
http://www.turbolinux.com/update/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-354.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.19
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-021.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57769-1
Proofs of Concept exploits have been published.
|
|
Low/ High
(High if arbitrary code can be execute)
|
Gentoo Linux
Security Advisory,
GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory,
OpenPKG-SA-2004.043,
October 14, 2004
Debian Security Advisory,
DSA 567-1,
October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux
Security Update Advisory, MDKSA-2004:109 &
MDKSA-2004:111, October 20 & 21,
2004
SuSE Security Announcement,
SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory,
RHSA-2004:577-16,
October 22, 2004
Slackware Security Advisory,
SSA:2004-305-02, November 1, 2004
Conectiva Linux Security
Announcement,
CLA-2004:888, November 8, 2004
US-CERT
Vulnerability Notes VU#687568 & VU#948752,
December 1, 2004
Gentoo Linux Security Advisory, GLSA 200412-02,
December 6, 2004
KDE Security
Advisory,
December 9, 2004
Apple Security
Update
SA-2004-12-02
Gentoo Security Advisory, GLSA 200412-17 / kfax, December 19, 2004
Avaya Advisory
ASA-2005-002,
January 5, 2005
Conectiva Linux Security
Announcement,
CLA-2005:914,
January 6, 2005
Turbolinux Security Announcement,
January 20, 2005
Mandrakelinux
Security Update Advisory,
MDKSA-2005:052, March 4, 2005
RedHat Security Advisory,
RHSA-2005:354-03,
April 1, 2005
RedHat Security Advisory, RHSA-2005:021-09,
SGI Security Advisory, 20050404-01-U, April 20, 2005
Sun(sm) Alert Notification, 57769, April 25, 2005 |
LogWatch
LogWatch 2.1.1, 2.5, 2.6 |
A remote Denial of Service vulnerability has been reported in the logwatch secure script due to a parsing error.
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-364.html
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Red Hat logwatch secure Script
Remote Denial of Service
CAN-2005-1061
|
Low |
GulfTech Security Research, April 19, 2005 |
Multiple Vendors
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 |
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SuSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://security.debian.org/pool/
updates/main/h/htdig/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-16.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Proof of Concept exploit has been published. |
|
High |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory ,DSA 680-1, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005
Fedora Update Notification,
FEDORA-2005-367, April 19, 2005 |
Multiple Vendors
ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1 |
A buffer overflow vulnerability has been reported due to a failure to properly validate user-supplied string lengths before copying into static process buffers, which could let a remote malicious user cause a Denial of Service.
Upgrades available at:
http://www.imagemagick.org/
script/binary-releases.php
A Proof of Concept exploit has been published. |
|
|
Security Focus, 13351, April 25, 2005 |
Multiple Vendors
KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE E. Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9 |
A buffer overflow vulnerability has been reported in the 'kimgio' image library due to insufficient validation of PCX image data, which could let a remote malicious user cause a Denial of Service or possibly execute arbitrary code.
Patches available at:
http://bugs.kde.org/attachment.cgi
?id=10325&action=view
http://bugs.kde.org/attachment.cgi
?id=10326&action=view
SuSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-22.xml
Debian:
http://security.debian.org/
pool/updates/main/k/kdelibs/
Denial of Service Proofs of Concept exploits have been published. |
|
Low/ High
(High if arbitrary code can be executed)
|
SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005
Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005
Debian Security Advisory, DSA 714-1, April 26, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11 |
Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-source-2.6.8.1/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/l
inux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for these vulnerabilities. |
Linux Kernel
Multiple ISO9660 Filesystem
Handling
Vulnerabilities
CAN-2005-0815
|
High |
Security Focus,
12837,
March 18, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Ubuntu Security Notice, USN-103-1, April 1, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1 |
A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.
Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html
SuSE:
ftp://ftp.suse.com/pub/suse
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/
Debian:
http://security.debian.org/
pool/updates/main/m/mysql/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.com.br/
There is no exploit code required. |
|
Medium |
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005
Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005
Ubuntu Security Notice, USN-109-1 April 06, 2005
Debian Security Advisory, DSA 707-1, April 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:070, April 13, 2005
Conectiva Linux Security Announcement, CLA-2005:947, April 20, 2005 |
Multiple Vendors
Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0 |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code.
Update available at:
https://ccvs.cvshome.org/
servlets/ProjectDocumentList
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-16.xml
SuSE:
ftp://ftp.suse.com/pub/suse/i
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
Peachtree:
http://peachtree.burdell.org/
updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-387.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005
SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005
Secunia Advisory, SA14976, April 19, 2005
Fedora Update Notification,
FEDORA-2005-330, April 20, 2006
Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005
Peachtree Linux Security Notice, PLSN-0005, April 22, 2005
RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.28, 2.4.29rc1&rc2, 2.5 .0-2.5.69, 2.6 -test1-test11, 2.6-2.6.10; SuSE . Linux 8.1, 8.2, 9.0 |
A Denial of Service vulnerability exists with Direct I/O access to NFS file systems.
SuSE:
ftp://ftp.suse.com/pub/suse/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005
Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11 |
A vulnerability has been reported in the 'bluez_sock_create()' function when a negative integer value is submitted, which could let a malicious user execute arbitrary code with root privileges.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-
2.4.30-rc3.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker
Alert, 1013567,
March 27, 2005
SUSE Security Announcement, SUSE-SA:2005
:021, April 4, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
US-CERT
VU#685461
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.30, 2.6-2.6.11 |
A vulnerability has been reported due to insufficient access control of the 'N_MOUSE' line discipline, which could let a malicious user inject mouse and keyboard events into an alternate X session or console.
Patches available at:
http://www.securityfocus.com/data
/vulnerabilities/patches/serport.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel Serial Driver Mouse And Keyboard Event Injection
CAN-2005-0839
|
Medium |
Security Focus,
12971,
April 1, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.30, 2.6-2.6.11; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A Denial of Service vulnerability has been reported in the 'TmpFS' driver due to insufficient sanitization of the 'shm_nopage()' argument.
Patch available at:
http://www.securityfocus.com/data/
vulnerabilities/patches/shmem.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Focus,
12970
April 1, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11 |
A Denial of Service vulnerability has been reported in the 'load_elf_library' function.
Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1 rc1&rc2, 2.6.1-2.6.8 |
A remote Denial of Service vulnerability has been reported in the Point-to-Point Protocol (PPP) Driver.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Trustix:
http://http.trustix.org/pub/
trustix/updates
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-95-1 March 15, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005
SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005
Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
|
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 |
Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium
(Low if a DoS)
|
Ubuntu Security
Notice, USN-82-1, February 15, 2005
RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005
SUSE Security Announcement,
SUSE-SA:2005:018, March 24, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Conectiva Linux Security Announcement,
CLA-2005:945,
March 31, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11;
RedHat Fedora Core2 |
A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus,
12932,
March 29, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
|
Multiple Vendors
Linux kernel 2.6.10, 2.6, -test9-CVS, -test1-test11, 2.6.1-2.6.9;
RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 |
A Denial of Service vulnerability has been reported in the 'Unw_Unwind_To_User' function.
RedHat;
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6, -test9-CVS, -test1-test11, 2.6.1-2.6.9;
RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 |
A Denial of Service vulnerability has been reported in the 'fib_seq_start' function in 'fib_hash.c.'
RedHat;
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.11 |
A vulnerability has been reported in 'SYS_EPoll_Wait' due to a failure to properly handle user-supplied size values, which could let a malicious user obtain elevated privileges.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
An exploit script has been published. |
|
Medium |
Security Focus, 12763, March 8, 2005
Ubuntu Security Notice, USN-95-1 March 15, 2005
Security Focus, 12763, March 22, 2005
Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.11 |
A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.
SuSE:
ftp://ftp.suse.com/pub/suse/
Ubuntu:
http://security.ubuntu.com/
ubuntupool/main/l/linux-source-2.6.8.1/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel SYSFS_Write_File Local Integer Overflow
CAN-2005-0867
|
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 13091, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Peachtree Linux release 1 |
A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled.
Upgrade available at:
http://gaim.sourceforge.net/
downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/
security/
Peachtree:
http://peachtree.burdell.org/
updates/
There is no exploit code required. |
|
Low |
Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005
RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005
SGI Security Advisory, 20050404-01-U, April 20, 2005
Peachtree Linux Security Notice, PLSN-0001, April 21, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32; Peachtree Linux release 1 |
Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the
'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code.
Update available at:
http://gaim.sourceforge.net
/downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/
security/
Peachtree:
http://peachtree.burdell.org/
updates/
Currently we are not aware of any exploits for these vulnerabilities. |
Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of Service & IRC Protocol Plug-in Arbitrary Code Execution
CAN-2005-0965
CAN-2005-0966
|
Low/ High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005
Ubuntu Security
Notice,
USN-106-1
April 05, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005
RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005
SGI Security Advisory, 20050404-01-U, April 20, 2005
Peachtree Linux Security Notice, PLSN-0001, April 21, 2005 |
Multiple Vendors
Samba 2.2.9, 3.0.8 and prior |
An integer overflow vulnerability in all versions of Samba's smbd 0.8 could allow a remote malicious user to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
Patches available at:
http://www.samba.org/samba/ftp/
patches/security/samba-3.0.9-
CAN-2004-1154.patch
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-670.html
Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200412-13.xml
Trustix:
http://www.trustix.net/errata/
2004/0066/
Red Hat (Updated):
http://rhn.redhat.com/errata/
RHSA-2004-670.html
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_45_samba.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:158
Conectiva:
ftp://atualizacoes.conectiva.com.br/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-020.html
HP:
http://software.hp.com
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SCO:
| |
| |
