 |
Summary of Security Items from May 11 through May 17, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
1Two.org
1Two Livre d'Or 1.0 |
An input validation vulnerability has been reported that could let a remote malicious user conduct Cross-Site Scripting attacks. The 'guestbook.php' script does not properly validate user-supplied input in the nom, email, and message fields.
The vendor has reportedly issued a fix.
Currently we are not aware of any exploits for this vulnerability. |
1Two Livre d'Or Input Validation Errors Permit Cross-Site Scripting
CAN-2005-1644
|
High |
Security Tracker Alert ID: 1013971, May 13, 2005 |
APG Technology
ClassMaster |
A vulnerability has been reported that could let remote malicious users gain unauthorized access to users' folders.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
APG Technology ClassMaster Folder Access Vulnerability
CAN-2005-1577
|
High |
Security Focus, Bugtraq ID 13604, May 12, 2005 |
Battleaxe Software
bttlxeForum 2.0 |
A vulnerability has been reported that could let a remote malicious user determine the installation path and other system information by supplying a URL containing a scripting code in hex format.
No workaround or patch available at time of publishing.
An exploit has been published. |
bttlxeForum Discloses Installation Path to Remote Users
CAN-2005-1570
|
Medium |
Security Tracker Alert ID: 1013934, May 11, 2005 |
Darrel O'Neil
ASP Virtual News Manager |
A vulnerability has been reported that could let a remote malicious user inject SQL commands. This is due to an input validation error in the 'aspvirtualnews/admin_login.asp' script with the 'password' parameter.
No workaround or patch available at time of publishing.
An exploit has been published. |
Darrel O'Neil ASP Virtual News Remote SQL Injection Vulnerability
CAN-2005-1573
|
High |
Security Tracker Alert ID: 1013933, May 11, 2005 |
DotNetNuke
DotNetNuke 3.0.12 |
Multiple vulnerabilities exist that could let remote malicious users conduct script insertion attacks. Input passed to the 'User-Agent' HTTP header, the username, and certain registration data is not properly validated.
Update to version 3.0.12.
There is no exploit code required. |
|
High |
Secunia SA15397, May 17, 2005 |
Fastream Technologies
Fastream NETFile FTP/Web Server 7.4.6 |
A vulnerability has been reported that could let remote malicious users bypass certain security restrictions or cause a Denial of Service. This is caused due to missing validation of the IP address specified as argument to the PORT command and can be exploited via so-called 'FTP Bounce' attacks to open connections to arbitrary systems via the FTP server.
Update to version 7.6 and disable FXP support.
Currently we are not aware of any exploits for this vulnerability. |
Fastream NETFile FTP/Web Server FTP Bounce Vulnerability
CAN-2005-1646
|
Medium |
SIG^2 Vulnerability Research Advisory, May 17, 2005 |
GASoft
Gurgens Guest Book 2.1 |
A vulnerability has been reported in Gurgens Guest Book that could let a remote malicious user access the 'Genid.dat' file in the 'db' directory and then decrypt the passwords in the file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
GASoft Gurgens Guest Book Discloses Database & Passwords to Remote Users
CAN-2005-1647
|
Medium |
Security Tracker Alert ID: 1013976, May 16, 2005 |
GASoft
Ultimate Forum 1.0 |
A vulnerability has been reported that could let a remote malicious user access the 'Genid.dat' file in the 'db' directory and then decrypt the passwords in the file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
GASoft Ultimate Forum Discloses Database and Passwords to Remote Users
CAN-2005-1648
|
Medium |
Security Tracker Alert ID: 1013974, May 16, 2005 |
| GeoVision Digital Video Surveillance System 6.04, 6.1, and 7.0 |
A vulnerability has been reported that could let a remote malicious user view sensitive information. This is because images can be accessed directly via the JPEG Image Viewer.
Enable the "Enhanced Network Security" feature introduced in version 7.0.
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Esqo Security Advisory , May 10, 2005 |
Guidance Software
EnCase Forensic Edition 4.18a |
A vulnerability has been reported that could let a remote malicious user hide information on a disk. Support is missing for Device Configuration Overlays (DCO) and the program fails to read parts of a disk using this feature.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Guidance Software EnCase Device Configuration Overlay Data Acquisition Vulnerability
CAN-2005-1578
|
Medium |
Secunia SA15340, May 13, 2005 |
Keyvan1
ImageGallery |
A vulnerability have been reported that could let a remote malicious user download the database and access the administrative password.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Keyvan1
ImageGallery Information Disclosure Vulnerability
CAN-2005-1645
|
High |
Security Tracker Alert ID: 1013970, May 13, 2005 |
| MaxWebPortal 1.x |
Multiple vulnerabilities have been reported that could let a remote malicious user conduct Cross-Site Scripting and SQL injection attacks. These are due to input validation errors in the 'mod,' 'M,' and 'type' parameters in 'post.asp' and 'Forum_Title' parameter in 'post.asp,' the 'txtAddress,' 'message' and 'subject' parameters in 'post_info.asp,' the 'andor' parameter in 'search.asp,' the 'verkey' parameter in 'pop_profile.asp,' a certain password parameter in 'pop_profile.asp,' and the 'Remove' and 'Delete' parameters in 'pm_delete2.asp.'
No workaround or patch available at time of publishing.
Exploits have been published.
|
|
High |
Zinho's Security Advisory, May 11, 2005 |
Microsoft
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 |
Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-009.mspx
V1.1: Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger.
V1.2: Bulletin updated with correct file version information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to "Non-Affected Software" list.
V2.0: The update for Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) was failing to install when distributed via SMS or AutoUpdate. An updated package corrects this behavior.
V2.1: Bulletin updated to update the "Security Update Information" section for the Microsoft Windows Messenger 4.7.0.2009 (when running on Windows XP Service Pack 1) security update.
An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability. |
Microsoft Media Player & Windows/MSN Messenger PNG Processing
CAN-2004-1244
CAN-2004-0597 |
|
Microsoft Security Bulletin, MS05-009, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#259890
Security Focus, February 10, 2005
Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005
Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005
Microsoft Security Bulletin, MS05-009 V2.0, April 12, 2005
Microsoft Security Bulletin, MS05-009 V2.1, May 11, 2005 |
Microsoft
Windows XP Service Pack 2, Windows 2003 Server Service Pack 1 |
A remote Denial of Service vulnerability has been reported. The IPV6 TCP/IP stack is prone to a 'loopback' condition initiated by sending a TCP packet with the 'SYN' flag set and the source address and port spoofed to equal the destination source and port.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft IPV6 TCPIP Loopback LAND Denial of Service Vulnerability
CAN-2005-1649
|
Low |
Security Focus Bugtraq ID 13658, May 17, 2005 |
Microsoft
MSN Messenger 6.2 |
A vulnerability has been reported because MSN Messenger may not process a malformed GIF image with an improper height and width. This could let remote malicious users execute arbitrary code.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-022.mspx
V1.1: Bulletin updated with correct file version information for MSN Messenger 6.2.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft MSN Messenger Remote Code Execution Vulnerability
CAN-2005-0562 |
|
Microsoft Security Bulletin MS05-022, April 12, 2005
Technical Cyber Security Alert TA05-102A
US-CERT VU#633446
Microsoft Security Bulletin MS05-022, May 11, 2005 |
Microsoft
Windows 2000 SP 3 and SP4
Windows XP SP 1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, Windows 98 SE, and Windows ME |
Multiple vulnerabilities have been reported that include IP Validation, ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset, and Spoofed Connection Request. These vulnerabilities could let remote malicious users execute arbitrary code or execute a Denial of Service.
Updates available:
http://www.microsoft.com/technet/
security/bulletin/MS05-019.mspx
V1.1: Bulletin updated to advise customers that Microsoft plans to re-release the MS05-019 security update in June, 2005. Until the re-release of this security update is available, customers experiencing the symptoms described in Microsoft Knowledge Base Article 898060 should follow the documented instructions to address this issue. If you are not experiencing this network connectivity issue Microsoft recommends that you install the currently available security update
A Proof of Concept exploit has been published. |
Microsoft Windows TCP/IP Remote Code Execution and Denial of Service Vulnerabilities
CAN-2005-0048
CAN-2004-0790
CAN-2004-1060
CAN-2004-0230
CAN-2005-0688 |
Low/ High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin MS05-019, April 12, 2005
Technical Cyber Security Alert TA05-102A
US-CERT VU#233754
US-CERT VU#396645
Microsoft Security Bulletin MS05-019, May 11, 2005 |
Microsoft
Windows Media Player 9 prior to 9.0.0.3263 and 10 prior to 10.0.0.3901 |
A vulnerability has been reported that could let a remote malicious user redirect the target user's player to an arbitrary web site. Certain types of Windows Media Digital Rights Management (WMDRM)-protected content can cause the target user's Windows Media Player to redirect to a specified web page. This may occur even if the target user's player has the 'Acquire licenses automatically for protected content' checkbox de-selected under the privacy options.
The following updates are available:
Windows Media Player 10:
http://download.microsoft.com/
download/9/9/c/99c6e0be-19ec-
4ffd-b44a-c9b8f2886200/windows
media10-k b892313-x86-intl.exe
Windows Media Player 9 Series for Windows 2000, Windows XP, and Windows Server 2003:
http://download.microsoft.com/
download/8/c/b/8cb07a83-3b1c
- 4a95-a1c7-4e788c113829/
windowsmedia9-kb892313-x86-intl.exe
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Media Player May Allow Redirection
CAN-2005-1574
|
High |
Microsoft Security Advisory (892313), May 10, 2005 |
Microsoft
Word 2000, 2002
Works Suite 2001, 2002, 2003, and 2004
Office Word 2003 |
A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege.
Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx
V1.1 Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information."
V1.2: Bulletin updated to add msiexec in the administrative installation in "Administrative Deployment" section for all versions.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Word Remote Code Execution & Escalation of Privilege Vulnerabilities
CAN-2004-0963
CAN-2005-0558 |
|
Microsoft Security Bulletin MS05-023, April 12, 2005
US-CERT VU#442567
US-CERT VU#752591
Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005
Microsoft Security Bulletin MS05-023 V1.2, May 11, 2005 |
Mozilla
Firefox 0.10.1 and 1.0 for
Windows |
Two vulnerabilities have been reported that could let remote malicious users to spoof file types in the file download dialog. Input validation errors occur in the filename and the 'Content-Type' header before being displayed in the file download dialog. The 'Content-Type' header is used for associating a file to a file type in the file download dialog, but the file extension is left intact when saving the file to disk with 'Save to Disk.' This can be exploited to spoof file types in the file download dialog.
The vulnerabilities have been partially fixed in version 1.0.1.
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium |
Secunia SA12979, May 12, 2005 |
RSA
RSA Authentication Agent for Web for IIS 5, 5.2, 5.3 |
A vulnerability has been reported that could let remote malicious users execute arbitrary code. The is due to a boundary error and can cause a heap-based buffer overflow by sending an overly long piece of data via the chunked-encoding mechanism.
A patch is available:
https://knowledge.rsasecurity.com/
Currently we are not aware of any exploits for this vulnerability.
|
RSA Authentication Agent for Web Buffer Overflow Vulnerability
CAN-2005-1471
|
High |
Secunia, SA15222 , May 9, 2005
US-CERT VU#790533
|
Sigma ISP Manager 6.6 and prior |
Multiple vulnerabilities have been reported that could let remote malicious users conduct SQL injection attacks. This is due to input validation errors in input passed to the 'username,' 'password,' and 'domain' fields in
'sigmaweb.dll.'
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
|
High |
Secunia SA15379, May 17, 2005 |
Software602
602LAN SUITE 2004.0.05.0413 |
A vulnerability has been reported that could let remote users detect the presence of local files and cause a Denial of Service. No redirection occurs when accessing the "mail" script with the "A" parameter referencing a valid local file via directory traversal attacks.
Upgrade available at:
http://www.software602.com/download/
A Proof of Concept exploit has been published. |
Software602 602LAN SUITE Local File Detection and Denial of Service
CAN-2005-1423
|
Low |
Secunia Advisory, SA15231, May 3, 2005
Security Focus, 13519, May 11, 2005 |
Woppoware
PostMaster version 4.2.2 (build 3.2.5) |
Multiple vulnerabilities have been reported that could let a remote malicious user detect the presence of local files, enumerate usernames, conduct Cross-Site Scripting attacks, and bypass certain security restrictions. These are due to errors in the web mail service, in the handling of the 'wmm' parameter in 'message.htm,' in the authentication process, and in validating the 'email' parameter in 'message.htm.'
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia SA15268, May 11, 2005 |
WSW
ShowOff! Digital Media Software 1.5.4 |
Two vulnerabilities have been reported that could let a remote malicious user cause a Denial of Service and view sensitive information. These are due to an input validation error in the request handling and an error in the communication handling.
No workaround or patch available at time of publishing.
An exploit has been published.
|
|
Medium |
Secunia SA15300, May 11, 2005 |
Yahoo!
Yahoo! Messenger 5.x to 6.0 Windows |
A vulnerability has been reported that could let a remote malicious user cause a Denial of Service. This is because the application fails to properly handle exceptional conditions.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
CAN-2005-1618
|
Low |
Security Focus Bugtraq ID 13626, May 13, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apple
Mac OS X 10.3-10.3.9, Mac OS X Server 10.3- 10.3.9 |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'htdigest' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the AppKit component when processing TIFF files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the AppKit component when parsing certain TIFF images because an invalid call is made to the 'NXSeek()' function; a vulnerability was reported due to an error when handling AppleScript because code is displayed that is different than the code that is actually run, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error in the Bluetooth support because files are shared without notifying the user properly, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability was reported in the Bluetooth file, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'chfn,' 'chpass,' and 'chsh' utilities because certain external helper programs are invoked insecurely, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Help Viewer because a remote malicious user can run JavaScript without imposed security restrictions; a vulnerability was reported in the LDAP functionality because passwords are stored in plaintext, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to errors when parsing XPM files, which could let a remote malicious user compromise the system; a vulnerability was reported in 'lukemftpd' because chroot restrictions can be bypassed, which could let a remote malicious user bypass restrictions; a vulnerability was reported in the Netinfo Setup Tool (NeST) when processing input passed to the ' -target' command line parameter due to a boundary error, which could let a malicious user execute arbitrary code; a vulnerability was reported when the HTTP proxy service in Server Admin is enabled because by default it is possible for everyone to use the proxy service; a vulnerability was reported in the HTTP proxy service in Server Admin for Mac OS X due to insufficient access restrictions, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported in sudo in the environment clearing, which could let a malicious user obtain elevated privileges; a vulnerability was reported in the Terminal utility, which could let a remote malicious user inject arbitrary data; a vulnerability was reported due to an error in the Terminal utility, which could let a remote malicious user inject commands in x-man-path URIs; and a vulnerability was reported in vpnd due to a boundary error, which could let a malicious user execute arbitrary code.
Upgrades available at:
http://www.apple.com/support/downloads/
securityupdate2005005client.html
http://www.apple.com/support/downloads/
securityupdate2005005server.html
Proofs of Concept exploits have been published. |
|
Low/ Medium/ High
(Low if a DoS; Medium is sensitive information or elevated privileges can be obtained; and High if arbitrary code can be executed)
|
Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005
US-CERT VU#140470
US-CERT VU#145486
US-CERT VU#258390
US-CERT VU#356070
US-CERT VU#582934
US-CERT VU#331694
US-CERT VU#706838
Technical Cyber Security Alert TA05-136A
|
Apple
Mac OS X Server 10.3- 10.3.9 |
A buffer overflow vulnerability has been reported in the NetInfo Setup Tool (NeST) when excessive string values are processed through a command line parameter, which could let a malicious user execute arbitrary code with root privileges.
Updates available at: http://www.apple.com/support/downloads/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005
US-CERT VU#354486 |
Apple
QuickTime Player 7.0 |
A vulnerability has been reported in the QuickTime Web plugin because Quartz Composer compositions that are embedded in '.mov' files can access system information, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Apple QuickTime Quartz Composer File Information Disclosure
CAN-2005-1579
|
Medium |
Security Tracker Alert, 1013961, May 12, 2005 |
bzip2
bzip2 1.0.2 |
A remote Denial of Service vulnerability has been reported when the application processes malformed archives.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-127-1, May 17, 2005 |
bzip2
bzip2 1.0.2 & prior |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
There is no exploit code required. |
|
Medium |
Security Focus,
12954,
March 31, 2005
Ubuntu Security Notice, USN-127-1, May 17, 2005 |
Carnegie Mellon University
Cyrus IMAP Server 2.x
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.
Update available at:
http://ftp.andrew.cmu.edu/pub/
cyrus/cyrus-imapd-2.2.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
OpenPKG:
ftp://ftp.openpkg.org/release/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-408.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory,
SA14383,
February 24, 2005
Gentoo Linux Security Advisory, GLSA 200502-29,
February 23, 2005
SUSE Security Announcement,
SUSE-SA:2005:009, February 24, 2005
Ubuntu Security
Notice USN-87-1,
February 28, 2005
Mandrakelinux
Security Update Advisory,
MDKSA-2005:051, March 4, 2005
Conectiva Linux Security
Announcement,
CLA-2005:937,
March 17, 2005
ALTLinux Security Advisory,
March 29, 2005
OpenPKG Security Advisory,
OpenPKG-SA-2005.005,
April 5, 2005
Fedora Update Notification,
FEDORA-2005-339, April 27, 2005
RedHat Security Advisory, RHSA-2005:408-04, May 17, 2005 |
Cheetah
Cheetah 0.9.16 a1 |
A vulnerability has been reported because modules are imported from the '/tmp' directory before searching for the path from the 'PYTHONPATH' variable, which could let a malicious user obtain elevated privileges.
Upgrades available at:
http://prdownloads.
sourceforge.net/
cheetahtemplate/Cheetah-
0.9.17rc1.tar.gz?download
There is no exploit code required. |
|
Medium |
Secunia Advisory, SA15386,
May 17, 2005 |
Ethereal Group
Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9 |
Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.
Upgrades available at:
http://www.ethereal.com/
distribution/ethereal-0.10.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-03.xml
Mandriva:
http://www.mandriva.com/
security/advisories
An exploit script has been published. |
|
Low/ High
(High if arbitrary code can be executed)
|
Ethereal Security Advisory, enpa-sa-00019, May 4, 2005
Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005 |
FreeBSD
FreeBSD 5.4 & prior |
A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.
Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/FreeBSD-SA-05:09.htt.asc
Currently we are not aware of any exploits for this vulnerability. |
FreeBSD Hyper-Threading Technology Support Information Disclosure
CAN-2005-0109
|
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005 |
FreeRADIUS Server Project
FreeRADIUS 1.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml
There is no exploit code required. |
|
High |
Security Tracker Alert ID: 1013909, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-13, May 17, 2005 |
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396397, April 20, 2005
Ubuntu Security Notice, USN-116-1, May 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Security Focus,13290, May 11, 2005
|
GnuTLS
GnuTLS 1.2 prior to 1.2.3; 1.0 prior to 1.0.25 |
A remote Denial of Service vulnerability has been reported due to insufficient validation of padding bytes in 'lib/gnutils_cipher.c.'
Updates available at:
http://www.gnu.org/software/
gnutls/download.html
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Gentoo:
http://security.gentoo.org
/glsa/glsa-200505-04.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gnutls10/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Tracker Alert, 1013861, May 2, 2005
Fedora Update Notification,
FEDORA-2005-362, May 5, 2005
Gentoo Linux Security Advisory, GLSA 200505-04, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:084, May 12, 2005
Ubuntu Security Notice, USN-126-1, May 13, 2005 |
GNU
Vim 6.x, GVim 6.x |
Multiple vulnerabilities exist which can be exploited by local malicious users to gain escalated privileges. The vulnerabilities are caused due to some errors in the modelines options. This can be exploited to execute shell commands when a malicious file is opened. Successful exploitation can lead to escalated privileges but requires that modelines is enabled.
Apply patch for vim 6.3: ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200412-10.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-010.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-020_RHSA-2005-019.pdf
OpenPKG:
ftp.openpkg.org
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/v/vim/
SGI: http://support.sgi.com/
Fedora:
http://download.fedoralegacy.org/
redhat/
IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD
Currently we are not aware of any exploits for these vulnerabilities.
|
GNU Vim / Gvim Modelines Command Execution Vulnerabilities
CAN-2004-1138
|
Medium |
Gentoo Linux Security Advisory, GLSA 200412-10 / vim, December 15, 2004
Fedora Legacy Update Advisory, FLSA:2343, February 24, 2005
Security Focus, 11941, May 11, 2005 |
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928, May 10, 2005 |
HT Editor
HT Editor 0.8 |
Several vulnerabilities have been reported: a vulnerability was reported in the Executable and Linking Format (ELF) parser due to a heap overflow, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the Portable Executable (PE) parser due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-08.xml
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-08, May 10, 2005 |
KDE
KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2 |
A Denial of Service vulnerability has been reported in the Desktop Communication Protocol (DCOP) daemon due to an error in the authentication process
Upgrade available at:
http://www.kde.org/download/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-22.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-325.html
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-307.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
KDE Security Advisory, March 16, 2005
Fedora Update Notifications,
FEDORA-2005-244 & 245, March 23, 2005
RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005
ALTLinux Security Advisory, March 29, 2005
RedHat Security Advisory, RHSA-2005:307-08, April 6,2005
SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 |
KDE
kdelibs 3.3.2 |
A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.
Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-14.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-325.html
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200503-14, March 7, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:058, March 16, 2005
Fedora Update Notifications,
FEDORA-2005-244 & 245, March 23, 2005
RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005
ALTLinux Security Advisory, March 29, 2005
Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 |
KDE
KDE 3.2-3.2.3, 3.3-3.3.2, 3.4,
KDE Quanta 3.1 |
A vulnerability has been reported due to a design error in Kommander, which could let a remote malicious user execute arbitrary code.
Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/f
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-23.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Ubuntu:
http://security.ubuntu.com/
Subunit/pool/universe
/k/kdewebdev/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
KDE Security Advisory, April 20, 2005
Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 200
Fedora Update Notification
FEDORA-2005-345, April 28, 2005
Ubuntu Security Notice, USN-115-1, May 03, 2005
Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 |
LBL
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5 |
Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-06.xml
Mandriva:
http://www.mandriva.com/
security/advisories
IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD
Exploit scripts have been published. |
|
Low |
Bugtraq, 396932, April 26, 2005
Fedora Update Notification,
FEDORA-2005-351, May 3, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Ubuntu Security Notice, USN-119-1 May 06, 2005
Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:087, May 12, 2005
Security Focus, 13392, May 12, 2005 |
Mozilla
Bugzilla 2.17.1, 2.17.3-2.17.7,
2.18 rc1-rc3, 2.19.1, 2.19.2 |
Several vulnerabilities have been reported: a vulnerability was reported because users can determine if a given invisible product exits when an access denied error is returned, which could let a remote malicious user obtain sensitive information; a vulnerability was reported because bugs can be entered into products that are closed for bug entry when a remote malicious user modifies the URL to specify the name of the product; and a vulnerability was reported because a user's password may be embedded as part of a report URL, which could let a remote malicious user obtain sensitive information.
Update available at: http://www.bugzilla.org/download/
There is no exploit code required. |
|
Medium |
Secunia Advisory, SA15338, May 12, 2005 |
Multiple Vendors
Apache Software Foundation Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.27; Subunit Linux 4.1 pc, ia64, ia32, 5.0 4 power pc, i386, amd64 |
A buffer overflow vulnerability has been reported in the 'htdigest' utility due to insufficient bounds checking, which could let a remote malicious user potentially execute arbitrary code.
Ubuntu: :
http://security.ubuntu.com/
Subunit/pool/main/a/apache2/
Proof of Concept exploit scripts have been published. |
|
High |
Ubuntu Security Notice, USN-120-1 , May 6, 2005
Security Focus, 13537, May 14, 2005 |
Multiple Vendors
KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE E. Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9 |
A buffer overflow vulnerability has been reported in the 'kimgio' image library due to insufficient validation of PCX image data, which could let a remote malicious user cause a Denial of Service or possibly execute arbitrary code.
Patches available at:
http://bugs.kde.org/attachment.cgi
?id=10325&action=view
http://bugs.kde.org/attachment.cgi
?id=10326&action=view
SuSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-22.xml
Debian:
http://security.debian.org/
pool/updates/main/k/kdelibs/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/k/kdelibs/
Mandriva:
http://www.mandriva.com/
security/advisories
Conectiva:
ftp://atualizacoes.conectiva.com.br/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-393.html
Denial of Service Proofs of Concept exploits have been published. |
|
Low/ High
(High if arbitrary code can be executed)
|
SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005
Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005
Debian Security Advisory, DSA 714-1, April 26, 2005
Fedora Update Notification,
FEDORA-2005-350, May 2, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:085, May 12, 2005
Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005
RedHat Security Advisory, RHSA-2005:393-05, May 17, 2005
|
Multiple Vendors
GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2 |
A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-344.html
http://rhn.redhat.com/
errata/RHSA-2005-343.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdk-pixbuf/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service
CAN-2005-0891
|
Low |
Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268,
March 30, 2005
RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005
Ubuntu Security Notice, USN-108-1 April 05, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005 |
Multiple Vendors
Linux kernel 2.2.x, 2.4.x, 2.6.x |
A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.
Update available at:
http://kernel.org/
Trustix:
http://www.trustix.org/
errata/2005/0022/
An exploit script has been published. |
|
High |
Secunia Advisory, SA15341, May 12, 2005
Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005 |
Multiple Vendors
Linux Kernel 2.6 up to & including 2.6.12-rc4 |
Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong
function is called before passing an ioctl to the block device, which crosses
security boundaries by making kernel address space accessible from
user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler
(pktcdvd.c) because the wrong function is called before passing an ioctl to the block device, which could let a malicious user execute arbitrary code.
Update available at:
http://kernel.org/
A Proof of Concept Denial of Service exploit script has been published. |
|
High |
Secunia Advisory, SA15392, May 17, 2005 |
Multiple Vendors
NASM NASM 0.98.35, 0.98.38; RedHat Advanced Workstation for the Itanium Processor 2.1 IA64, r 2.1, Desktop 3.0, 4.0
RedHat Enterprise Linux WS 4, 3, 2.1 IA64, 2.1, ES 4, 3, 2.1 IA64, 2.1, AS 4, 3, 2.1 IA64, 2.1
|
A buffer overflow vulnerability has been reported in the 'ieee_putascii()' function, which could let a remote malicious user execute arbitrary code.
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-381.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/n/nasm/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
RedHat Security Advisory, RHSA-2005:381-06, May 4, 2005
Ubuntu Security Notice, USN-128-1, May 17, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Peachtree Linux release 1 |
A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled.
Upgrade available at:
http://gaim.sourceforge.net/
downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/
security/
Peachtree:
http://peachtree.burdell.org/
updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
There is no exploit code required. |
|
Low |
Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005
RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005
SGI Security Advisory, 20050404-01-U, April 20, 2005
Peachtree Linux Security Notice, PLSN-0001, April 21, 2005
Conectiva Linux Security Announcement, CLA-2005:949, April 27, 2005
Ubuntu Security Notice, USN-125-1, May 12, 2005
Slackware Security Advisory, SSA:2005-133-01, May 13, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32; Peachtree Linux release 1 |
Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the
'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code.
Update available at:
http://gaim.sourceforge.net
/downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
http://www.sgi.com/support/
security/
Peachtree:
http://peachtree.burdell.org/
updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Currently we are not aware of any exploits for these vulnerabilities. |
Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of Service & IRC Protocol Plug-in Arbitrary Code Execution
CAN-2005-0965
CAN-2005-0966
|
Low/ High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005
Ubuntu Security
Notice,
USN-106-1
April 05, 2005
Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005
RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005
SGI Security Advisory, 20050404-01-U, April 20, 2005
Peachtree Linux Security Notice, PLSN-0001, April 21, 2005
Conectiva Linux Security Announcement, CLA-2005:949, April 27, 2005
Slackware Security Advisory, SSA:2005-133-01, May 13, 2005 |
Multiple Vendors
X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0 |
An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.
Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-331.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-044.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.org/
pool/updates/main/x/xfree86/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-412.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus,
12714,
March 2, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005
Ubuntu Security
Notice, USN-92-1 March 07, 2005
Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005
Ubuntu Security
Notice, USN-97-1
March 16, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005
RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005
Debian Security Advisory, DSA 723-1, May 9, 2005
RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005 |
PixySoft
Guestbook Pro 3.2.1 & prior |
A Cross-Site Scripting vulnerability has been reported due to insufficient validation of user-supplied input in the message content and title fields, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013940, May 11, 2005 |
PostgreSQL
PostgreSQL 7.3 through 8.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.'
Fix available at:
http://www.postgresql.org/
about/news.315
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-12.xml
Trustix:
http://www.trustix.org/
errata/2005/0023/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Security Tracker Alert, 1013868, May 3, 2005
Ubuntu Security Notice, USN-118-1, May 04, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005
Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005 |
Pserv
Pserv 3.2 |
A buffer overflow vulnerability has been reported in 'completedPath' due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code.
Upgrade available at:
http://prdownloads.sourceforge.net/
pserv/pserv-3.3.tar.gz?download
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, 13648, May 16, 2005 |
Pserv
Pserv 3.2 |
Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient filtering of URIs, which could let a remote malicious user obtain sensitive information; a vulnerability has been reported when a specially crafted URI request is handled, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported because the web server does not differentiate between files and symbolic links, which could let a malicious user obtain sensitive information.
Upgrade available at:
http://prdownloads.sourceforge.net/
pserv/pserv-3.3.tar.gz?download
There is no exploit code required; however, Proofs of Concept exploits have been published.
|
| |
| |
