ALWIL Software

avast! antivirus 4.6.623 and prior

A fixed version (4.6.652) is available via the application's user interface or at: http://www.avast.com/eng/updates.html

Currently we are not aware of any exploits for this vulnerability.

Black Cactus

Warrior Kings: Battles 1.23
& prior, Warrior Kings 1.3 & prior

Two vulnerabilities have been reported that could let remote malicious users cause a Denial of Service and potentially compromise a vulnerable system. This is due to a format string error in the text visualization and an error in the handling of partial join packets.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ezdwc

NewsletterEz 3.0

An input validation vulnerability has been reported that could let a remote malicious user inject SQL commands. The 'news/admin/login.asp' script does not properly validate user-supplied input in the 'password' parameter.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Multiple vulnerabilities have been reported that could let local malicious users view sensitive information or could let remote malicious users conduct script insertion attacks, bypass certain security restrictions, and trick users into executing malicious files. This is because files in the installation directory have improper permissions; input passed to the picture column and drop-down list of a SharePoint list is not properly validated; there is an error in the access restrictions on COM objects; and, the file extension for files attached to or embedded in a document with Microsoft Windows OLE is not properly displayed.

Groove Virtual Office: Update to version 3.1a build 2364 or 3.1 build 2338: http://www.groove.net/index.cfm/
pagename/UpdateGroove/

Groove Workspace: Update to version 2.5n build 1871:
http://www.groove.net/index.cfm?
pagename=DownloadsArchive

There is no exploit code required.

US-CERT VU#443370

US-CERT VU#372618

US-CERT VU#155610

US-CERT VU#514386

US-CERT VU#232232

Ipswitch

IMail Server 8.x

Multiple vulnerabilities have been reported in IMail Server, which could let a remote malicious user gain sensitive information or cause a Denial of Service. These are due to unspecified errors in the IMAP4d32 service and Web Calendaring.

Apply IMail Server 8.2 Hotfix 2: ftp://ftp.ipswitch.com/Ipswitch/
Product_Support/IMail/imail82hf2.exe

Currently we are not aware of any exploits for these vulnerabilities.

LS Games

War Times 1.03 and prior versions

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2

Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-009.mspx

V1.1: Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger.

V1.2: Bulletin updated with correct file version information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to "Non-Affected Software" list.

V2.0: The update for Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) was failing to install when distributed via SMS or AutoUpdate. An updated package corrects this behavior.

V2.1: Bulletin updated to update the "Security Update Information" section for the Microsoft Windows Messenger 4.7.0.2009 (when running on Windows XP Service Pack 1) security update.

V2.2: Updated the "deployment" section of Microsoft Windows Messenger version 4.7.0.2009 for the correct command.

An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability.

Microsoft Media Player & Windows/MSN Messenger PNG Processing

CAN-2004-1244
CAN-2004-0597

Microsoft Security Bulletin, MS05-009, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#259890

Security Focus, February 10, 2005

Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005

Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005

Microsoft Security Bulletin, MS05-009 V2.0, April 12, 2005

Microsoft Security Bulletin, MS05-009 V2.1, May 11, 2005

Microsoft Security Bulletin, MS05-009 V2.2, May 11, 2005

Microsoft

Word

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Word 2000, 2002

Works Suite 2001, 2002, 2003, and 2004

Office Word 2003

A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege.

Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx

V1.1 Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information."

V1.2: Bulletin updated to add msiexec in the administrative installation in "Administrative Deployment" section for all versions.

V1.3: Bulletin updated to reflect a corrected Winword.exe file version for Word 2000.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Word Remote Code Execution & Escalation of Privilege Vulnerabilities

CAN-2004-0963
CAN-2005-0558

Microsoft Security Bulletin MS05-023, April 12, 2005

US-CERT VU#442567

US-CERT VU#752591

Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005

Microsoft Security Bulletin MS05-023 V1.2, May 11, 2005

Microsoft Security Bulletin MS05-023 V1.3, May 18, 2005

Miranda IM

'PopUp Plus' 2.0.3.8 plugin for Miranda Instant Messenger

A buffer overflow vulnerability has been reported that could let a remote malicious user execute arbitrary code on the target system. The vulnerability can be exploited if the 'Use SmileyAdd Setting' application menu option is enabled.

Update available at:
http://files.miranda-
im.org/testing/popupplus.zip

A Proof of Concept exploit has been published.

sec.org.il Security Advisory, April 6, 2005

Security Focus, 13048, May 19, 2005

Zone Labs

ZoneAlarm Antivirus 5.x
ZoneAlarm Security Suite 5.x

A integer overflow vulnerability has been reported that could let remote malicious users execute arbitrary code or gain escalated privilege.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple

Macintosh OS X

Multiple vulnerabilities have been reported:a Denial of Service vulnerability was reported in the 'nfs_mount()' function due to insufficient input value checks; a Directory Traversal vulnerability was reported in bluetooth-enabled systems due to an input validation error, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in two system calls used to search filesystem objects due to insufficient checks on directory permissions, which could let a malicious user obtain sensitive information; a vulnerability was reported in the SecurityAgent because a malicious user can bypass a locked screensaver to start background applications; and a vulnerability was reported because a remote malicious user can bypass a download warning dialog to install potentially malicious Dashboard widgets.

Updates available at:
http://www.apple.com/support/downloads/

Currently we are not aware of any exploits for these vulnerabilities.

Blue Coat Systems

Blue Coat Reporter 7.x

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a remote malicious user obtain administrative privileges; a vulnerability was reported due to an unspecified error which could let an unprivileged remote malicious user add a license; a vulnerability was reported in the 'Add User' window due to insufficient sanitization of input passed as a username, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in the 'Licensing' page due to insufficient sanitization of input passed as a license key, which could let a remote malicious user execute arbitrary code.

Update available at:
http://www.bluecoat.com/support/
knowledge/advisory_reporter_
711_vulnerabilities.html

Currently we are not aware of any exploits for these vulnerabilities.

bzip2

bzip2 1.0.2

A remote Denial of Service vulnerability has been reported when the application processes malformed archives.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Security Focus,
12954,
March 31, 2005

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005

Cheetah

Cheetah 0.9.16 a1

Upgrades available at:
http://prdownloads.
sourceforge.net/
cheetahtemplate/Cheetah-
0.9.17rc1.tar.gz?download

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-14.xml

There is no exploit code required.

Secunia Advisory, SA15386,
May 17, 2005

Gentoo Linux Security Advisory, GLSA 200505-14, May 19, 2005

eSYS Information systems

Gibraltar Firewall 2.2

Update available at:
ww.gibraltar.at/

There is no exploit code required.

Ferry Boender

PROMS 0.7-0.10

Multiple vulnerabilities have been reported: A vulnerability was reported due to insufficient validation of several user-supplied parameters before used in SQL queries, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient validation of HTML entries in some fields, which could let a remote malicious user execute arbitrary HTML and script code and a vulnerability was reported because an unauthorized malicious user can view/modify the project member's list.

Upgrades available at:
http://projects.electricmonk.nl//
files/PROMS/proms-0.11.tar.gz

There is no exploit code required.

FreeBSD

FreeBSD 5.4 & prior

Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/FreeBSD-SA-05:09.htt.asc

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

Currently we are not aware of any exploits for this vulnerability.

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

Gentoo

Linux 1.x

The vendor has released a fixed version of net-www/webapp-config (1.10-r14).

A Proof of Concept exploit has been published.

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit has been published.

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD

Mandriva:
http://www.mandriva.com/
security/advisories

Proof of Concept exploit has been published.

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Security Tracker Alert, 1013928, May 10, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Igor Khasilev

Oops Proxy Server 1.4.22, 1.5.53

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-02.xml

Debian:
http://security.debian.org
/pool/updates/main/o/oops/

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13172, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200505-02, May 6, 2005

Debian Security Advisory, DSA 726-1, May 20, 2005

Iron Bars SHell

Iron Bars SHell 0.3a- 0.3c

A vulnerability has been reported due to a format string error, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://freshmeat.net/redir/ibsh/
57192/url_tgz/ibsh-0.3d.tar.gz

Currently, we are not aware of any exploits for this vulnerability.

Julian Field

MailScanner 4.41.3 & prior

Update available at:
http://www.sng.ecs.soton.ac.uk/
mailscanner/downloads.shtml

Currently we are not aware of any exploits for this vulnerability.

KDE

KDE 3.2-3.2.3, 3.3-3.3.2, 3.4,
KDE Quanta 3.1

A vulnerability has been reported due to a design error in Kommander, which could let a remote malicious user execute arbitrary code.

Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/f

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-23.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
Subunit/pool/universe
/k/kdewebdev/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Currently we are not aware of any exploits for this vulnerability.

KDE Security Advisory, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 200

Fedora Update Notification
FEDORA-2005-345, April 28, 2005

Ubuntu Security Notice, USN-115-1, May 03, 2005

Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005

Gentoo Linux Security Advisory [UPDATE] GLSA 200504-23:02, May 20, 2005

LibTIFF

LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1

A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005

Ubuntu Security Notice, USN-130-1, May 19, 2005

A Denial of Service vulnerability has been reported due to the creation of an insecure file by the kernel it87 and via686a drivers.

Patch available at:
http://kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.8.bz2

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

There is no exploit code required.

Secunia Advisory,
SA15204, May 2, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

Marc Lehmann

Convert-UUlib 1.50

Update available at:
http://search.cpan.org/
dist/Convert-UUlib/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-26.xml

Debian:
http://security.debian.org/pool/
updates/main/libc/libconvert-uulib-perl/

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005

Secunia Advisory, SA15130, April 27, 2005

Debian Security Advisory, DSA 727-1, May 20, 2005

Mozilla.org

Firefox 1.0

Update available at:
http://www.mozilla.org/products/
firefox/all.html

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org/
glsa/glsa-200503-32.xml

FedoraLegacy:
http://download.fedoralegacy.org/\
redhat/

An exploit has been published.

Mozilla Foundation Security Advisory, 2005-28, February 25, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-247
2005-03-23

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

Upgrades available at:
http://www.imagemagick.org/
script/binary-releases.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/imagemagick/

A Proof of Concept exploit has been published.

Security Focus, 13351, April 25, 2005

Fedora Update Notification
FEDORA-2005-344, April 28, 2005

Ubuntu Security Notice, USN-132-1 May 23, 2005, May 23, 2005

Multiple Vendors

KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9

Patches available at:
http://bugs.kde.org/attachment.cgi
?id=10325&action=view

http://bugs.kde.org/attachment.cgi
?id=10326&action=view

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-22.xml

Debian:
http://security.debian.org/
pool/updates/main/k/kdelibs/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/k/kdelibs/

Mandriva:
http://www.mandriva.com/
security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-393.html

Denial of Service Proofs of Concept exploits have been published.

SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005

Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005

Debian Security Advisory, DSA 714-1, April 26, 2005

Fedora Update Notification,
FEDORA-2005-350, May 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:085, May 12, 2005

Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005

RedHat Security Advisory, RHSA-2005:393-05, May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:013, May 18, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/pool/
updates/main/e/evolution/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-238.html

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 673-1, February 10, 2005

Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005

ALTLinux Security Advisory, March 29, 2005

RedHat Security Advisory, RHSA-2005:238-18, May 19, 2005

Multiple Vendors

Qpopper 4.x; Gentoo Linux

Upgrades available at:
ftp://ftp.qualcomm.com/eudora/
servers/unix/popper/old/qpopper4.0.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-17.xml

There is no exploit code required.

Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005

Secunia Advisory, SA15475, May 24, 2005

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-15.xml

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors

GraphicsMagick GraphicsMagick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Linux kernel 2.2.x, 2.4.x, 2.6.x

Update available at:
http://kernel.org/

Trustix:
http://www.trustix.org/
errata/2005/0022/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

An exploit script has been published.

Secunia Advisory, SA15341, May 12, 2005

Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

Multiple Vendors

Linux Kernel 2.6 up to & including 2.6.12-rc4

Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong function is called before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler
(pktcdvd.c) because the wrong function is called before passing an ioctl to the block device, which could let a malicious user execute arbitrary code.

Update available at:
http://kernel.org/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

A Proof of Concept Denial of Service exploit script has been published.

Secunia Advisory, SA15392, May 17, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test1-test11, 2.6.1-2.6.12; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-294.html

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test9-CVS, -test1-test11, 2.6.1-2.6.9;
RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

A Denial of Service vulnerability has been reported in the 'fib_seq_start' function in 'fib_hash.c.'

RedHat;
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

Currently we are not aware of any exploits for this vulnerability.

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6.11.5-2.6.11 .8, 2.6.11, -rc2-rc4

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

There is no exploit code required.

Squid Proxy Cache Security Update Advisory, SQUID-2005:5, April 23, 2005

Fedora Update Notification,
FEDORA-2005-373, May 17, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

There is no exploit code required.

Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23, 2005

Fedora Update Notification,
FEDORA-2005-373, May 17, 2005

Net-snmp

Net-snmp 5.x

A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-18.xml

There is no exploit code required.

Petr Vandrovec

ncpfs prior to 2.2.6

Two vulnerabilities exist: a vulnerability exists in 'ncpfs-2.2.0.18/lib/ncplib.c' due to improper access control in the 'ncp_fopen_nwc()' function, which could let a malicious user obtain unauthorized access; and a buffer overflow vulnerability exists in 'ncpfs-2.2.5/sutil/ncplogin.c' due to insufficient validation of the 'opt_set_volume_after_parsing_all_options()' function, which could let a malicious user execute arbitrary code.

Update available at:
ftp://platan.vc.cvut.cz/pub/linux/ncpfs/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-44.xml

Debian:
http://www.debian.org/
security/2005/dsa-665

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-371.html

An exploit script has been published.

Security Tracker Alert ID: 1013019, January 28, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005

Debian Security Advisory, DSA-665-1, February 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

RedHat Security Advisory, RHSA-2005:371-06, May 17, 2005

Picasm

Picasm 1.10, 1.12 b

A buffer overflow vulnerability has been reported due to a boundary error in the error handling, which could let a remote malicious user execute arbitrary code.

Upgrade available at:
http://www.co.jyu.fi/~trossi/
pic/picasm112c.tar.gz

An exploit script has been published.

ppxp

ppxp 0.2 001080415

A vulnerability has been reported because a shell can be opened with superuser privileges, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/p/ppxp

There is no exploit code required.

Sun Microsystems, Inc.

Solaris 7.0, _x86, 8.0, _x86, 9.0, _x86; Avaya Interactive Response, 1.2.1, 1.3

A Denial of Service vulnerability has been reported in the automountd daemon.

Patches available at:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57786-1

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-116_SUN-5-13-2005.pdf

Currently we are not aware of any exploits for this vulnerability.

Sun(sm) Alert Notification, 57786, May 10, 2005

ASA-2005-116, May 18, 2005

xine

gxine 0.4.0-0.4.4

A format string vulnerability has been reported due to insecure implementation of a formatted printing function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Andrea Bugada

PHP Advanced Transfer Manager 1.21

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

BEA Systems

WebLogic Express 6.x, 7.x, 8.x, WebLogic Portal 8.x, WebLogic Server 6.x, 7.x, 8.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error that can be exploited by a remote malicious user granted the Monitor security role to shrink or reset JDBC connection pools; a vulnerability was reported due to an error when handing security provider exceptions, which could let a remote malicious user manipulate the identity of threads and cause failure in the auditing of security exceptions; a vulnerability was reported because users do not need to re-authenticate after new security constraints have been deployed in web applications; a vulnerability was reported in the 'UserLogin' control after a failed login because passwords are echoed back in standard output, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in sites running in clusters due to an error in the cookie parsing; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain unspecified input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported because it is possible to make anonymous binds to the embedded LDAP server, which could let a remote malicious user cause a Denial of Service; and a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user cause a Denial of Service.

Updates available at: http://dev2dev.bea.com/pub/advisory/

There is no exploit code required.

Secunia Advisory, SA15486, May 24, 2005

Security Advisories, BEA05-75.00-BEA05-082, May 24, 2005

D-Link

DSL-502T, DSL-504T, DSL-562T, DSL-G604T

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Emilio Jose Jimenez

TOPo 2.2

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Extreme Networks

BlackDiamond 10808, 8800, ExtremeWare XOS 11.1, 11.0, 10.0

Upgrade information available at:
http://www.extremenetworks.com/
services/documentation/FieldNotices_
FN0215-Security_Alert_EXOS.asp

Currently we are not aware of any exploits for this vulnerability.

Extreme Networks Field Notice, FN0215, May 19, 2005

US-CERT VU#937838

Fusionphp

Fusion SBX 1.2 & prior

No workaround or patch available at time of publishing.

An exploit script has been published.

Secunia Advisory, SA15257, May 10, 2005

Security Focus, 13661, May 17, 2005

Gearbox Software

Halo Combat Evolved 1.6

A remote Denial of Service vulnerability has been reported when processing malformed data.

No workaround or patch available at time of publishing.

An exploit script has been published.

Help Center Live

Help Center Live 1.0, 1.2-1.2.7

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'find' parameter, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to the name and message fields when requesting a chat and in the message body when opening a trouble ticket, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of certain input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported because it is possible to trick an administrator into performing certain actions when a specially crafted URL is accessed.

The vulnerabilities have reportedly been fixed by the vendor.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Metro Marketing

Cookie Cart 4.x

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Mozilla.org

Mozilla Browser 1.0-1.0.2, 1.1-1.7.6, Firefox 0.8-0.10.1, 1.0.1, 1.0.2; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2

Upgrades available at:
http://www.mozilla.org/
products/firefox/

http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/

An exploit script has been published.

Mozilla Foundation Security Advisories, 2005-35 -
2005-41,
April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005

Turbolinux Security Advisory,
TLSA-2005-49, April 21, 2005

US-CERT VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

PacketStorm, May 23, 2005

Mozilla.org

Mozilla Browser Suite prior to 1.7.6 ; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2

Mozilla Browser Suite;
http://www.mozilla.org/products/
mozilla1.x/

Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2&
os=win〈=en-US

Firefox:
http://www.mozilla.org/products/
firefox/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Gentoo:
http://security.gentoo.org/glsa/

Slackware:
http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-security.
000123

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

Mozilla Foundation Security Advisory 2005-30, March 23, 2005

US-CERT VU#557948

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla.org

Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2

Mozilla Browser:
http://www.mozilla.org/products
/mozilla1.x/

Firefox:
http://www.mozilla.org/products
/firefox/

Fedora:
http://download.fedora.red hat.
com/pub/fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.org/glsa
/glsa-200503-30.xml

http://security.gentoo.org
/glsa/glsa-200503-31.xml

Slackware:
http://slackware.com/security/
viewer.php?El=slackware-
security&ay=2005&m=
slackware-security.000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit has been published.

Mozilla Foundation Security Advisory 2005-32, March 23, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla

Firefox 1.0

A fixed version (1.0.1) is available at: http://www.mozilla.org/products/
firefox/all.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit has been published.

Security Tracker Alert ID: 1013301, February 25, 2005

Gentoo Linux Security Advisory GLSA 200503-30. March 25, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla

Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1, 1.0-1.0.3

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of 'IFRAME' JavaScript URLS from being executed in the context of another history list URL, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'InstallTrigger .install()' due to insufficient verification of the 'Icon URL' parameter, which could let a remote malicious user execute arbitrary JavaScript code.

Workaround:
Disable "tools/options/web-Features/>Allow web sites to install software"

Slackware:
ftp://ftp.slackware.com/
pub/slac ware/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-11.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-434.html

http://rhn.redhat.com/
errata/RHSA-2005-435.html

Proofs of Concept exploit scripts have been published.

Secunia Advisory,
SA15292,
May 9, 2005

US-CERT VU#534710

US-CERT VU#648758

Slackware Security Advisory, SSA:2005-135-01, May 15, 2005

Gentoo Linux Security Advisory, GLSA 200505-11, May 16, 2005

Turbolinux Security Advisory, TLSA-2005
-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005

Mozilla

Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x

Mozilla Firefox 0.x

Mozilla Thunderbird 0.x

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that can permit users to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.

Mozilla: Update to version 1.7.5:
http://www.mozilla.org/
products/mozilla1.x/

Firefox: Update to version 1.0:
http://www.mozilla.org/
products/firefox/

Thunderbird: Update to version 1.0:
http://www.mozilla.org/
products/thunderbird/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
http://slackware.com/security/
viewer.php?El=slackware-security
&y=2005&m=slackware-security.
000123

RedHat: