Aaron Outpost

ASP Inline Corporate Calendar

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Zinho's Security Advisory, May 3, 2005

Adobe

Adobe SVG Viewer 3.x; prior to 3.0.3

A fixed version (3.0.3) is available at: http://www.adobe.com/svg/viewer/
install/mainframed.html

A Proof of Concept exploit has been published.

Security Tracker Alert, 1013890, May 5 2005

Advanced Communications

Hosting Controller 6.1 Hotfix 1.9

The vendor has reportedly issued a fixed version but the fix was not listed on the vendor's web site at time of publication.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AOL

Instant Messenger

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

atrium software

Mercur Messaging 2005 SP2 (file
version 5.0.10.0)

Multiple vulnerabilities have been reported that could let a remote malicious user manipulate files and disclose sensitive information. Remote users can view the source of '.ctml' files by appending a white space ('%20') in the request. Input validation errors exist in the 'Folder.Id' parameter in 'deletefolder.ctml,' 'deletemessage.ctml,' 'origmessage.ctm,' and 'readmessage.ctml,' the 'Message.Id' parameter in 'editmessage.ctml' and the 'Message.Command' parameter in 'messages.ctml.'

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Dead Pirate Software

SimpleCam 1.2

A vulnerability exists that could let a remote malicious user view files on the target system. The web service does not properly validate user-supplied HTTP requests.

A fixed version (1.3) is available at: http://www.deadpirate.com/
index.php?page=download

There is no exploit code required; however, a Proof of Concept exploit has been published.

GNU

MyServer 0.8 for Windows

A vulnerability has been report that could let remote malicious users gain knowledge of certain system information or conduct Cross-Site Scripting attacks. This is due to an input validation error.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

HTMLJunction

EZGuestbook

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Jeuce.com

Jeuce Personal Webserver 2.13

A remote Denial of Service vulnerability has been reported when a malicious user submits a specially crafted URL.

The vulnerability has reportedly been fixed by the vendor.

A Proof of Concept exploit has been published.

Microsoft

ASP.NET 1.x

Two vulnerabilities have been reported that could let remote users cause a Denial of Service and bypass certain security restrictions. An error exists in the parsing of the base64 encoded '__VIEWSTATE' attribute used by the ViewState functionality and the ViewState functionality does not correctly protect against certain replay attacks.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft

Microsoft SQL Server 2000

Microsoft SQL Server 2000 contains multiple vulnerabilities that could allow remote malicious users to cause Denial of Service conditions, bypass database policy, disclose sensitive information, and potentially execute arbitrary code.

Upgrade to the latest version of MS SQL Server: http://www.microsoft.com/downloads

Currently we are not aware of any exploits for this vulnerability.

Security Focus, Bugtraq ID 13564, May 9, 2005

Microsoft

Microsoft Windows 2000

Avaya DefinityOne Media Servers, IP600 Media Servers, S3400 Message Application Server, S8100 Media Servers

Windows 98, 98SE, ME

Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane is enabled on Windows 2000 computers. If a file with malicious attributes is selected using Explorer, script code contained in the attribute fields may be executed with the privilege level of the user that invoked Explorer. This could be exploited to gain unauthorized access to the vulnerable computer.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-024.mspx

A Proof of Concept exploit has been published.

Security Focus Bugtraq ID 13248, April 19, 2005

Microsoft Security Bulletin MS05-024, May 10, 2005

US-CERT VU#668916

NetWin

DMail 3.1a NT

A vulnerability has been reported that could let a remote malicious user view log files, shutdown the mailing list service, and potentially execute arbitrary code. A remote user can bypass the authentication process to access the mailing list server (dlist.exe), can view log files or shutdown the service, or can send specially crafted administration commands to 'dsmtp.exe' to trigger a format string flaw.

No workaround or patch available at time of publishing.

There is no exploit code required; however an exploit script has been published for the format string vulnerability.

Orenosv

Orenosv HTTP/FTP Server 0.8.1

Patches available at:
http://www.orenosv.com/pub/
orenosv081a-patch.zip

http://www.orenosv.com/pub/
orenosv081ai6-patch.zip

Proofs of Concept exploits have been published.

Randy Wable

datatrac 1.1

A vulnerability has been reported that could let remote users cause a Denial of Service. This is due to an error in the communication handling. This can be exploited to crash a vulnerable service by sending an overly long text string.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

RSA

RSA Authentication Agent for Web for IIS 5, 5.2, 5.3

A vulnerability has been reported that could let remote malicious users execute arbitrary code. The is due to a boundary error and can cause a heap-based buffer overflow by sending an overly long piece of data via the chunked-encoding mechanism.

A patch is available: https://knowledge.rsasecurity.com/

Currently we are not aware of any exploits for this vulnerability.

YusASP.com

YusASP Web Asset Manager 1.0

No workaround or patch available at time of publishing.

There is no exploit code required.

4D Inc.

WebSTAR 5.3.3, 5.4

A buffer overflow vulnerability has been reported in the Tomcat plugin due to a boundary error when processing URLs, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Apple

Mac OS X 10.3-10.3.9, Mac OS X Server 10.3- 10.3.9

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'htdigest' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the AppKit component when processing TIFF files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the AppKit component when parsing certain TIFF images because an invalid call is made to the 'NXSeek()' function; a vulnerability was reported due to an error when handling AppleScript because code is displayed that is different than the code that is actually run, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error in the Bluetooth support because files are shared without notifying the user properly, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability was reported in the Bluetooth file, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'chfn,' 'chpass,' and 'chsh' utilities because certain external helper programs are invoked insecurely, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Help Viewer because a remote malicious user can run JavaScript without imposed security restrictions; a vulnerability was reported in the LDAP functionality because passwords are stored in plaintext, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to errors when parsing XPM files, which could let a remote malicious user compromise the system; a vulnerability was reported in 'lukemftpd' because chroot restrictions can be bypassed, which could let a remote malicious user bypass restrictions; a vulnerability was reported in the Netinfo Setup Tool (NeST) when processing input passed to the ' -target' command line parameter due to a boundary error, which could let a malicious user execute arbitrary code; a vulnerability was reported when the HTTP proxy service in Server Admin is enabled because by default it is possible for everyone to use the proxy service; a vulnerability was reported in the HTTP proxy service in Server Admin for Mac OS X due to insufficient access restrictions, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported in sudo in the environment clearing, which could let a malicious user obtain elevated privileges; a vulnerability was reported in the Terminal utility, which could let a remote malicious user inject arbitrary data; a vulnerability was reported due to an error in the Terminal utility, which could let a remote malicious user inject commands in x-man-path URIs; and a vulnerability was reported in vpnd due to a boundary error, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.apple.com/support/downloads/
securityupdate2005005client.html

http://www.apple.com/support/downloads/
securityupdate2005005server.html

Proofs of Concept exploits have been published.

Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005

US-CERT VU#140470

US-CERT VU#145486

US-CERT VU#258390

US-CERT VU#356070

Apple

Mac OS X Server 10.3- 10.3.9

A buffer overflow vulnerability has been reported in the NetInfo Setup Tool (NeST) when excessive string values are processed through a command line parameter, which could let a malicious user execute arbitrary code with root privileges.

Updates available at: http://www.apple.com/support/downloads/

Currently we are not aware of any exploits for this vulnerability.

D. J. Bernstein

QMail 1.0 2, 1.0 3

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Debian

CVS 1.11.1 p1

Debian:
http://security.debian.org/
pool/updates/main/c/cvs/

Currently we are not aware of any exploits for these vulnerabilities.

Debian Security Advisory, DSA 715-1, April 27, 2005

US-CERT VU#327037

Ethereal Group

Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9

Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.

Upgrades available at:
http://www.ethereal.com/
distribution/ethereal-0.10.11.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-03.xml

An exploit script has been published.

Ethereal Security Advisory, enpa-sa-00019, May 4, 2005

Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005

FreeBSD

FreeBSD 4.x, 5.x

A vulnerability has been reported in the 'i386_get_ldt()' system call due to insufficient input validation, which could let a malicious user obtain sensitive information.

Patches available at:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/SA-05:07/

There is no exploit code required.

FreeBSD

FreeBSD 4.x, 5.x

Patches available at:
ftp://ftp.FreeBSD.org/pub
/FreeBSD/CERT/patches/
SA-05:06/iir.patch

There is no exploit code required.

FreeRADIUS Server Project

FreeRADIUS 1.0.2

No workaround or patch available at time of publishing.

There is no exploit code required.

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

A Proof of Concept exploit has been published.

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

There is no exploit code required.

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

GNU

sharutils 4.2, 4.2.1

Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-01.xml

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

OpenPKG:
ftp://ftp.openpkg.org/release

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-377.html

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/TurboLinux/ia32/

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

We are not aware of any exploits for these vulnerabilities.

Gentoo Linux
Security Advisory, GLSA 200410-01, October 1, 2004

Fedora Legacy
Update Advisory, FLSA:2155,
March 24, 2005

Ubuntu Security
Notice, USN-102-1 March 29, 2005

Fedora Update Notifications,
FEDORA-2005-
280 & 281, April 1, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005

RedHat Security Advisory, RHSA-2005:377-07, April 26, 2005

Turbolinux Security Advisory, TLSA-2005-54, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

GNU

sharutils 4.2, 4.2.1

A vulnerability has been reported in the 'unshar' utility due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-06.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-377.html

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/TurboLinux/ia32/

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

There is no exploit code required.

Ubuntu Security
Notice, USN-104-1, April 4, 2005

Gentoo Linux Security Advisory, GLSA 200504-06, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005

Fedora Update Notification,
FEDORA-2005-319, April 14, 2005

RedHat Security Advisory, RHSA-2005:377-07, April 26, 2005

Turbolinux Security Advisory, TLSA-2005-54, April 28, 200

SGI Security Advisory, 20050501-01-U, May 5, 2005

GnuTLS

GnuTLS 1.2 prior to 1.2.3; 1.0 prior to 1.0.25

Updates available at:
http://www.gnu.org/software/
gnutls/download.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org
/glsa/glsa-200505-04.xml

Currently we are not aware of any exploits for this vulnerability.

Security Tracker Alert, 1013861, May 2, 2005

Fedora Update Notification,
FEDORA-2005-362, May 5, 2005

Gentoo Linux Security Advisory, GLSA 200505-04, May 9, 2005

Greg A. Woods

Smail-3 3.2.0.120

Debian:
http://security.debian.org/
pool/updates/main/s/smail/

Currently we are not aware of any exploits for these vulnerabilities.

Security Tracker Alert, 1013564, March 27, 2005

Debian Security Advisory, DSA 722-1, May 9, 2005

Igor Khasilev

Oops Proxy Server 1.4.22, 1.5.53

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-02.xml

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13172, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200505-02, May 6, 2005

KDE

KDE 3.2-3.2.3, 3.3-3.3.2, 3.4,
KDE Quanta 3.1

A vulnerability has been reported due to a design error in Kommander, which could let a remote malicious user execute arbitrary code.

Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/f

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-23.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
Subunit/pool/universe
/k/kdewebdev/

Currently we are not aware of any exploits for this vulnerability.

KDE Security Advisory, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 200

Fedora Update Notification
FEDORA-2005-345, April 28, 2005

Ubuntu Security Notice, USN-115-1, May 03, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-06.xml

Exploit scripts have been published.

Bugtraq, 396932, April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Ubuntu Security Notice, USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Leafnode

Leafnode 1.9.48- 1.9.50, 1.11.1

A remote Denial of Service vulnerability has been reported in the fetchnews program when reading an article header or an article body.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=57767
&package_id=53446&
release_id=325112

There is no exploit code required.

LGPL

NASM 0.98.38

A vulnerability was reported in NASM. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted asm file that, when processed by the target user with NASM, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the error() function in 'preproc.c.'

Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200412-20.xml

Debian:
http://www.debian.org/security/
2005/dsa-623

Mandrake:
http://www.mandrakesoft.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-381.html

A Proof of Concept exploit script has been published.

Secunia Advisory ID, SA13523, December 17, 2004

Debian Security Advisory
DSA-623-1 nasm, January 4, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:004, January 6, 2005

Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005

Fedora Update Notification,
FEDORA-2005-322, April 18, 2005

RedHat Security Advisory, RHSA-2005:381-06, May 4, 2005

Multiple Vendors

Apache Software Foundation Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.27; Subunit Linux 4.1 pc, ia64, ia32, 5.0 4 power pc, i386, amd64

A buffer overflow vulnerability has been reported in the 'htdigest' utility due to insufficient bounds checking, which could let a remote malicious user potentially execute arbitrary code.

Ubuntu: :
http://security.ubuntu.com/
Subunit/pool/main/a/apache2/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code.

Update available at:
https://ccvs.cvshome.org/
servlets/ProjectDocumentList

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-16.xml

SuSE:
ftp://ftp.suse.com/pub/suse/i

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Trustix:
http://http.trustix.org/pub/
trustix/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/

Peachtree:
http://peachtree.burdell.org/
updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-387.html

OpenBSD:
http://www.openbsd.org/
errata.html#cvs

TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/TurboLinux/ia32/

OpenBSD:
http://www.openbsd.org/
errata35.html#

Ubuntu:
http://security.ubuntu.com/
Subunit/pool/main/c/cvs/

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Currently we are not aware of any exploits for these vulnerabilities.

Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005

SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005

Secunia Advisory, SA14976, April 19, 2005

Fedora Update Notification,
FEDORA-2005-330, April 20, 2006

Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005

Peachtree Linux Security Notice, PLSN-0005, April 22, 2005

RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005

Turbolinux Security Advisory, TLSA-2005-51, April 28, 2005

Ubuntu Security Notice, USN-117-1 May 04, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Multiple Vendors

NASM NASM 0.98.35, 0.98.38; RedHat Advanced Workstation for the Itanium Processor 2.1 IA64, r 2.1, Desktop 3.0, 4.0
RedHat Enterprise Linux WS 4, 3, 2.1 IA64, 2.1, ES 4, 3, 2.1 IA64, 2.1, AS 4, 3, 2.1 IA64, 2.1

A buffer overflow vulnerability has been reported in the 'ieee_putascii()' function, which could let a remote malicious user execute arbitrary code.

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-381.html

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909

Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-331.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-044.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/x/xfree86/

Currently we are not aware of any exploits for this vulnerability.

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

Multiple Vendors

xli 1.14-1.17; xloadimage 3.0, 4.0, 4.1

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml

Debian:
http://security.debian.org/
pool/updates/main/x/xli/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-332.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005

Fedora Update Notifications,
FEDORA-2005-236 & 237, March 18, 2005

Debian Security Advisory, DSA 695-1, March 21, 2005

Turbolinux Security Advisory, TLSA-2005-43, April 19, 2005

RedHat Security Advisory, RHSA-2005:332-10, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:076, April 21, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Open Group

Open Motif 2.x, Motif 1.x; Avaya CMS Server 8.0, 9.0, 11.0, CVLAN, Integrated Management, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing

Multiple vulnerabilities have been reported in Motif and Open Motif, which potentially can be exploited by malicious people to compromise a vulnerable system.

Updated versions of Open Motif and a patch are available. A commercial update will also be available for Motif 1.2.6 for users, who have a commercial version of Motif.
http://www.ics.com/developers/
index.php?cont=xpm_security_alert

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html

Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-09.xml

Debian:
http://security.debian.org/pool/
updates/main/i/imlib/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SuSE:
ftp://ftp.suse.com/pub/suse/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/universe/x/xfree86/

TurboLinux:
http://www.turbolinux.com/update/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-023_
RHSA-2004-537.pdf

http://support.avaya.com/elmodocs2/
security/ASA-2005-025_
RHSA-2005-004.pdf

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-07.xml

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?
id=a&anuncio=000924

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

Open Group Motif / Open Motif libXpm Vulnerabilities

CAN-2004-0687
CAN-2004-0688

Integrated Computer Solutions

Secunia Advisory ID: SA13353, December 2, 2004

RedHat Security Advisory: RHSA-2004:537-17, December 2, 2004

Turbolinux Security Announcement, January 20, 2005

Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Gentoo Linux Security Advisory, GLSA 200502-07, February 7, 2005

Conectiva Security Advisory, CLSA-2005:924, February 14, 2005

Fedora Legacy Update Advisory, FLSA:2314, March 2, 2005

Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005

PHP Group

PHP 4.3-4.3.10; Peachtree Linux release 1

Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Peachtree:
http://peachtree.burdell.org/
updates/

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13164, April 14, 2005

Ubuntu Security Notice, USN-112-1, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Fedora Update Notification,
FEDORA-2005-315, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

PHP Group

PHP 4.3-4.3.10; Peachtree Linux release 1

Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Peachtree:
http://peachtree.burdell.org/
updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-405.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13163, April 14, 2005

Ubuntu Security Notice, USN-112-1, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Fedora Update Notification,
FEDORA-2005-315, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Turbolinux Security Advisory, TLSA-2005-50, April 28, 2005

RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

PostgreSQL

PostgreSQL 7.3 through 8.0.2

Fix available at:
http://www.postgresql.org/
about/news.315

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Currently we are not aware of any exploits for these vulnerabilities.

Security Tracker Alert, 1013868, May 3, 2005

Ubuntu Security Notice, USN-118-1, May 04, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Remote Sensing

LibTIFF 3.5.7, 3.6.1, 3.7.0; Avaya CVLAN, Integrated Management, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0

Two vulnerabilities exist which can be exploited by malicious people to compromise a vulnerable system by executing arbitrary code. The vulnerabilities are caused due to an integer overflow in the "TIFFFetchStripThing()" function in "tif_dirread.c" when parsing TIFF files and"CheckMalloc()" function in "tif_dirread.c" and "tif_fax3.c" when handling data from a certain directory entry in the file header.

Update to version 3.7.1:
ftp://ftp.remotesensing.org/pub/libtiff/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Debian:
http://www.debian.org/security/
2004/dsa-617

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-06.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-019.html

SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os

TurboLinux:
http://www.turbolinux.com/update/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-021_
RHSA-2005-019.pdf

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=
1-26-57769-1

Apple:
http://www.apple.com/
support/downloads/security
update2005005client.html

http://www.apple.com/support/
downloads/securityupdate
2005005server.htm

Currently we are not aware of any exploits for these vulnerabilities.

iDEFENSE Security Advisory 12.21.04

Secunia SA13629, December 23, 2004

SUSE Security Announcement, SUSE-SA:2005:001, January 10, 2005

RedHat Security Advisory, RHSA-2005:019-11, January 13, 2005

US-Cert Vulnerability Note, VU#125598, January 14, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

Turbolinux Security Announcement, January 20, 2005

Conectiva Linux Security Announcement, CLA-2005:920, January 20, 2005

Avaya Security Advisory, ASA-2005-021, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:052, March 4, 2005

Sun(sm) Alert Notification, 57769, April 25, 2005

Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005

Smartlist

Smartlist 3.15

Debian:
http://security.debian.org/
pool/updates/main/s/smartlist/

Currently we are not aware of any exploits for this vulnerability.

Sun Microsystems, Inc.

Solaris 7.0, _x86, 8.0, _x86, 9.0, _x86 Update 2, _x86

Patches available at:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57780-1

Currently we are not aware of any exploits for this vulnerability.

VIM Development Group

VIM 6.0-6.2, 6.3.011, 6.3.025, 6.3 .030, 6.3.044, 6.3 .045

Multiple vulnerabilities exist in 'tcltags' and 'vimspell.sh' due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/v/vim/

Mandrake:
http://www.mandrakesecure.net
/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-122.html

Fedora:
http://download.fedoralegacy.org/
redhat/

SGI:
ftp://oss.sgi.com/projects/sgi_
propack/download/3/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/postgresql/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit required.

Secunia Advisory,
SA13841, January 13, 2005

Ubuntu Security Notice, USN-61-1, January 18, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 200

Fedora Legacy Update Advisory, FLSA:2343, February 24, 2005

SGI Security Advisory, 20050204-01-U, March 7, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Advanced Guestbook

Advanced Guestbook 2.3.1

A vulnerability has been reported in the 'index.php' entry parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Apple

iTunes 4.2 .72, 4.5-4.7.1

A buffer overflow vulnerability has been reported in MPEG-4 file parsing due to a boundary error, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Updates available at:
http://www.apple.com/
itunes/download/

Currently we are not aware of any exploits for this vulnerability.

BirdBlog

BirdBlog 1.0 .0, 1.1 .0, 1.2 .0, 1.2.1, 1.3 .0

Upgrades available at:
http://sourceforge.net/
project/showfiles.php?
group_id=130283&
package_id=142828&
release_id=324788

Currently we are not aware of any exploits for this vulnerability.

CJ Ultra Plus

CJ Ultra Plus 1.0.3, 1.0.4

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Secunia Advisory,
SA15281, May 9, 2005

CodeThat.com

CodeThatShoppingCart 1.3.1

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Colored Scripts

Easy Message Board

A vulnerability was reported in the 'easymsgb.pl' script due to insufficient validation of the 'print' parameter, which could let a remote malicious user obtain sensitive information and execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

e107.org

e107 website system 0.617

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

FishNet Inc.

FishCart 3.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'nlst' parameter in 'display.php,' the 'trackingnum,' 'eqagree,' and 'm' parameters in 'upstracking.php,' which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported due to insufficient sanitization of the 'psku' parameter in 'display.php,' and the 'cartid' parameter in 'upstnt.php,' which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Francisco Burzi

PHP-Nuke 0.75 -RC3, 0.726 -3, 1.0, 2.5, 3.0, 4.0, 4.3, 4.4, 4.4.1 a, 5.0, 5.0.1, 5.2 a, 5.2, 5.3.1, 5.4-5.6, 6.0, 6.5 RC1-RC3, 6.5 FINAL, 6.5 BETA 1, 6.5-6.7, 6.9, 7.0 FINAL, 7.0-7.3, 7.6, 7.7

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Fusionphp

Fusion SBX 1.2 & prior

No workaround or patch available at time of publishing.

There is no exploit code required.

Gossamer Threads

Gossamer Threads Links 2.x, 2.2 .x, Links-SQL 3.0

A Cross-Site Scripting vulnerability has been reported in the 'user.cgi' script due to insufficient of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://www.gossamer-
threads.com/scripts/
links-sql/download.htm

There is no exploit code required; however, a Proof of Concept exploit has been published.

Interspire

ArticleLive 2005

Multiple vulnerabilities have been reported which could let a remote malicious user obtain administrative access and execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Invision Power Services

Invision Power Board 1.x, 2.x

Several vulnerabilities have been reported: a Cross-Site vulnerability was reported due to insufficient sanitization of the 'highlite' parameter in 'search.php' and 'topics.php,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'login.php' due to insufficient sanitization of input passed to a certain cookie ID parameter, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://www.invisionboard