 |
Summary of Security Items from June 1 through June 7, 2005
Information
in the US-CERT Cyber Security Bulletin is a compilation and includes information
published by outside sources, so the information should not be considered the
result of US-CERT analysis. Software vulnerabilities are categorized in the
appropriate section reflecting the operating system on which the vulnerability
was reported; however, this does not mean that the vulnerability only affects
the operating system reported since this information is obtained from
open-source information.
This bulletin
provides a summary of new or updated vulnerabilities, exploits, trends, viruses,
and trojans. Updates to vulnerabilities that
appeared in previous bulletins are listed in bold
text. The text in the Risk column appears in red for vulnerabilities
ranking High. The risks levels applied to
vulnerabilities in the Cyber Security Bulletin are based on how the "system" may
be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch
Available" column that indicates whether a workaround or patch has been
published for the vulnerability which the script exploits.
VulnerabilitiesThe table below
summarizes vulnerabilities that have been identified, even if they are not being
exploited. Complete details about patches or workarounds are available from the
source of the information or from the URL provided in the section. CVE numbers
are listed where applicable. Vulnerabilities that affect both
Windows and Unix Operating Systems are included in the Multiple
Operating Systems section.
Note: All the information included in the following tables
has been discussed in newsgroups and on web sites.
The Risk levels
defined below are based on how the system may be impacted:
Note: Even though
a vulnerability may allow several malicious acts to be performed, only the
highest level risk will be defined in the Risk column.
- High - A
high-risk vulnerability is defined as one that will allow an intruder to
immediately gain privileged access (e.g., sysadmin or root) to the system or
allow an intruder to execute code or alter arbitrary system files. An example
of a high-risk vulnerability is one that allows an unauthorized user to send a
sequence of instructions to a machine and the machine responds with a command
prompt with administrator privileges.
- Medium - A
medium-risk vulnerability is defined as one that will allow an intruder
immediate access to a system with less than privileged access. Such
vulnerability will allow the intruder the opportunity to continue the attempt
to gain privileged access. An example of medium-risk vulnerability is a server
configuration error that allows an intruder to capture the password
file.
- Low - A
low-risk vulnerability is defined as one that will provide information to an
intruder that could lead to further compromise attempts or a Denial of Service
(DoS) attack. It should be noted that while the DoS attack is deemed low from
a threat potential, the frequency of this type of attack is very high. DoS
attacks against mission-critical nodes are not included in this rating and any
attack of this nature should instead be considered to be a "High"
threat.
|
Windows Operating Systems Only |
|
|
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts |
Common Name
/
CVE Reference |
Risk |
Source |
|
Adobe
Adobe Reader 7.0 and earlier
Adobe Acrobat 7.0 and earlier |
The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and
earlier, when used with Internet Explorer, allows remote malicious users
to determine the existence of arbitrary files via the LoadFile ActiveX
method.
This is a separate issue from CAN-2005-1347.
Updates available: http://www.adobe.com/support/
techdocs/331465.html
Currently we are not aware of any exploits for this
vulnerability.
|
|
Low |
Adobe Advisory, Document 331465, April 1, 2005
US-CERT
VU#250037 |
|
Crob Software Studio
Crob FTP Server 3.6.1 |
Multiple vulnerabilities have been reported that could let remote
malicious users execute arbitrary code. This is due to a boundary error in
the argument handling in the 'STOR' and 'RMD' commands and a boundary
error in the 'LIST' or 'NLST' commands.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
LSS Security Advisory #LSS-2005-06-06, June 6, 2005 |
|
Doug Luxem
Liberum Help Desk 0.97.3 |
A vulnerability has been reported that could let remote malicious users
conduct SQL injection attacks. Input passed to the 'id' parameter isn't
properly validated.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Doug Luxem Liberum Help Desk "id" SQL Injection
Vulnerability
CAN-2005-1839
|
High |
Secunia SA15593, June 3, 2005 |
|
E-POST Corporation
SPA-PRO Mail @Solomon 4.x
|
Two vulnerabilities have been reported that could let remote malicious
users access sensitive information or execute arbitrary code. This is due
to missing input validation in the IMAP service and a boundary error in
the IMAP service.
Update the SPA-IMAP4S component to version 4.05.
A Proof of Concept exploit has been published. |
|
High |
SIG^2 Vulnerability Research Advisory, June 2, 2005 |
|
GlobalSCAPE
Secure FTP Server 3.0.2 |
A buffer overflow vulnerability has been reported that could let a
remote malicious user execute arbitrary code on the target system. The
remote user can overwrite the EIP (and SEH) registers with an arbitrary
address.
The vendor has reportedly issued a fix: http://www.cuteftp.com/gsftps/
Another Proof of Concept exploit script has been published.
|
GlobalSCAPE Secure FTP Server Buffer Overflow Lets Remote Users Execute
Arbitrary Code
CAN-2005-1415 |
High |
Security Focus Bugtraq ID 13454, May 2, 2005
Security Focus, 13454, June 2, 2005 |
|
JiRo's
JiRo's Upload System v1 |
A vulnerability has been reported that could let a remote malicious
user inject SQL commands. The 'login.asp' script does not properly
validate user-supplied input in the 'password' parameter.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
JiRo's Upload System Input Validation Vulnerability Lets
Remote Users Inject SQL Commands
CAN-2005-1904
|
High |
Security Tracker Alert,1014086, June 1, 2005 |
|
Kaspersky Labs
Kaspersky Anti-Virus for Microsoft Windows 2000, versions 5.0.227,
5.0.228, and 5.0.335 |
A privilege escalation vulnerability has been reported due to a problem
in the Kaspersky kernel driver 'klif.sys.' This issue may ultimately
result in the execution of attacker-supplied code in the context of the
system kernel (ring-0).
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Kaspersky Anti-Virus Klif.Sys
Privilege Escalation Vulnerability
CAN-2005-1905
|
High |
Security Focus, Bugtraq ID: 13878, June 6, 2005 |
|
livingcolor
livingmailing 1.3 |
A vulnerability has been reported that could let a remote malicious
user can inject SQL commands. The 'login.asp' script does not properly
validate user-supplied input in the 'password' parameter.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
livingmailing Input Validation Hole Lets Remote Users
Inject SQL Commands
CAN-2005-1906
|
High |
Security Tracker Alert, 1014087, June 1, 2005 |
|
Microsoft
Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows
2000 Server, Windows Server 2003 Datacenter Edition, Windows Server 2003
Enterprise Edition, Windows Server 2003 Standard Edition,
Microsoft
Windows Server 2003 Web Edition, Windows XP Home Edition, Windows XP
Professional |
A security issue has been reported that could let a remote malicious
user conduct Man-in-the-Middle attacks. The problem is that the private
key used for signing a terminal server's public key is hard-coded into the
mstlsapi.dll library. This can be exploited to calculate a valid
signature.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Microsoft Windows Remote Desktop Protocol Private Key
Disclosure
CAN-2005-1794
|
Medium |
Secunia SA15605, June 6, 2005 |
|
Microsoft
Microsoft Internet Security and Acceleration (ISA) Server prior than
3.0.1200.411 |
A vulnerability has been reported in the firewall service that could
let a remote malicious user cause a Denial of Service. If client computers
are configured as SecureNAT clients and generate heavy network traffic via
the firewall, the 'Wspsrv.exe' service may crash.
An update is available at: http://support.microsoft.com/kb/894864/EN-US/
Currently we are not aware of any exploits for this
vulnerability. |
Microsoft ISA Server in SecureNAT Configuration Denial
of Service
CAN-2005-1907
|
Low |
Microsoft Knowledge base Article ID : 894864, May 31, 2005 |
|
NEXTWEB
(i)site
|
Multiple vulnerabilities have been reported that could let a remote
malicious user inject SQL commands or download the application database
and obtain the administrative password. The 'admin/login.asp' script does
not properly validate user-supplied input in the 'password' parameter.
Also, the application database ('users.mdb') is stored by default in the
web document directory.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Zone-H Security Labs, ZH2005-13SA, June1, 2005 |
|
Nortel
Nortel Contivity VPN Client 5.01 |
A vulnerability has been reported that could let a local malicious user
obtain the password. This is because of the way the VPN client software
stores the VPN password in process memory. A local user with access to the
'Extranet.exe' process memory can recover the user or group password.
Update information available at:
http://www116.nortelnetworks.com/
pub/repository/CLARIFY/DOCUMENT/
2005/21/019126-02.pdf
A Proof of Concept exploit has been published. |
Nortel Contivity VPN Client Password Disclosure Vulnerability
CAN-2005-0844 |
High |
Security Tracker Alert, 1013512, March 22, 2005
Nortel Security Bulletin, May 27, 2005 |
|
Perception
LiteWeb 2.5 |
A vulnerability has been reported that could let remote malicious users
bypass certain security restrictions. The vulnerability is caused due to
an access control error allowing unauthorized access to password-protected
files.
The vulnerability will reportedly be fixed in the next version.
A Proof of Concept exploit has been published. |
Perception LiteWeb Protected File Access Vulnerability
CAN-2005-1908
|
Medium |
Secunia SA15592, June 3, 2005 |
|
RSA Security
RSA Authentication Agent for Web for IIS 5.2 |
A vulnerability has been reported that could let remote malicious users
conduct Cross-Site Scripting attacks. This is due to input validation
errors in the "postdata" parameter in "/WebID/IISWebAgentIF.dll."
Update to version 5.3:
http://www.rsasecurity.com/
node.asp?id=2807&node_id=
A Proof of Concept exploit has been published. |
RSA Authentication Agent for Web for IIS Cross-Site Scripting
Vulnerability
CAN-2005-1118 |
High |
Secunia SA14954, April 15, 2005
US-CERT Note
VU#366372 |
|
software602
602LAN SUITE 2004 |
A vulnerability has been reported that could let a remote malicious
user alter the administrator's view of the log files.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
software602 602LAN SUITE HTML Log File Processing Flaw
Lets Remote Users Hide Log Entries
CAN-2005-1909
|
Medium |
Security Tracker Alert, 1014105, June 6, 2005 |
| WWWeb Concepts Events System 1.0 |
A vulnerability has been reported that could let a remote malicious
user inject SQL commands. The 'login.asp' script does not properly
validate user-supplied input in the 'password' parameter.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
WWWeb Concepts Events System Input Validation
Vulnerability
CAN-2005-1910
|
High |
Security Tracker Alert, 1014104, June 5, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
|
Vendor &
Software Name |
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts |
Common Name
/
CVE Reference |
Risk |
Source |
|
Adrian Pascalau
GIPTables Firewall 1.0, 1.1 |
A vulnerability has been reported due to the insecure creation of
temporary files, which could let a remote malicious user overwrite
arbitrary files or cause a Denial of Service by manipulating the IP
addresses inside the temporary file.
No workaround or patch available at time of publishing.
There is no exploit code required. |
GIPTables Firewall Insecure Temporary File Creation
CAN-2005-1878 |
Medium |
Securiteam, June 6, 2005 |
|
Apple
QuickTime Player 7.0 |
A vulnerability has been reported in the QuickTime Web plugin because
Quartz Composer compositions that are embedded in '.mov' files can access
system information, which could let a remote malicious user obtain
sensitive information.
Upgrade available at:
http://www.apple.com/quicktime/
download/mac.html
A Proof of Concept exploit has been published. |
Apple QuickTime Quartz Composer File Information Disclosure
CAN-2005-1579 |
Medium |
Security Tracker Alert, 1013961, May 12, 2005
Apple Security Advisory, APPLE-SA-2005-05-31, May 31, 2005
|
|
bzip2
bzip2 1.0.2 |
A remote Denial of Service vulnerability has been reported when the
application processes malformed archives.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this
vulnerability. |
|
Low |
Ubuntu Security Notice, USN-127-1, May 17, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19,
2005
Turbolinux Security Advisory , TLSA-2005-60, June 1, 2005
|
|
bzip2
bzip2 1.0.2 & prior |
A vulnerability has been reported when an archive is extracted into a
world or group writeable directory, which could let a malicious user
modify file permissions of target files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit code required. |
|
Medium |
Security Focus,
12954,
March 31, 2005
Ubuntu Security Notice, USN-127-1, May 17, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19,
2005
Debian Security Advisory, DSA 730-1, May 27, 2005
Turbolinux Security Advisory , TLSA-2005-60, June 1, 2005
|
|
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Several vulnerabilities exist: a buffer overflow vulnerability exists
in 'digestmda5.c,' which could let a remote malicious user execute
arbitrary code; and an input validation vulnerability exists in the
'SASL_PATH' environment variable, which could let a malicious user execute
arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-05.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-546.html
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Debian:
http://security.debian.org/pool/
updates/main/c/cyrus-sasl/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
OpenPGK:
ftp
ftp.openpkg.org
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000959
Currently we are not aware of any exploits for these vulnerabilities.
|
|
|
Security Tracker Alert ID: 1011568, October 7, 2004
Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12,
14, & 16, 2004
Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004
OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Announcement, SUSE-SA:2005:013, March 3, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:054, March 16, 2005
Apple Security Update, APPLE-SA-2005-03-21, March 21, 2005
Conectiva Security Advisory, CLSA-2005:959, June 2, 2005
|
|
Ethereal Group
Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9 |
Multiple vulnerabilities were reported that affects more 50 different
dissectors, which could let a remote malicious user cause a Denial of
Service, enter an endless loop, or execute arbitrary code. The following
dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP,
CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre
Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP,
LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified,
PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB
Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and
X.509.
Upgrades available at:
http://www.ethereal.com/
distribution/ethereal-0.10.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-03.xml
Mandriva:
http://www.mandriva.com/
security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-427.html
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000963
SuSE:
ftp://ftp.suse.com/pub/suse/
An exploit script has been published. |
|
|
Ethereal Security Advisory, enpa-sa-00019, May 4, 2005
Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005
RedHat Security Advisory, RHSA-2005:427-05, May 24, 2005
Conectiva Security Advisory, CLSA-2005:963, June 6, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
|
|
Everybuddy
Everybuddy 0.4.3 & prior |
A vulnerability has been reported because the
'modules/utility/autotrans.c' file creates temporary files insecurely,
which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Security Tracker Alert, 1014110, June 6, 2005 |
|
FreeRADIUS Server Project
FreeRADIUS 1.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported
in the 'radius_xlat()' function call due to insufficient validation, which
could let a remote malicious user execute arbitrary SQL code; and a buffer
overflow vulnerability was reported in the 'sql_escape_func()' function,
which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
There is no exploit code required. |
|
High |
Security Tracker Alert ID: 1013909, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-13, May 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
|
|
FUSE
FUSE 2.x |
A vulnerability has been reported because certain memory is not
correctly cleared before returned to users, which could let a malicious
user obtain sensitive information.
Update available at:
http://sourceforge.net/project/
showfiles.php?group_id=121684
A Proof of Concept exploit script has been published. |
|
Medium |
Secunia Advisory, SA15561, June 3, 2005 |
|
gFTP
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 |
A Directory Traversal vulnerability exists due to insufficient
sanitization of input, which could let a remote malicious user obtain
sensitive information.
Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz
Debian:
http://security.debian.org/pool/
updates/main/g/gftp/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957
There is no exploit code required. |
|
Medium |
Security Focus, February 14, 2005
Debian Security Advisory, DSA 686-1, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005
Conectiva Security Advisory, CLSA-2005:957, May 31, 2005
|
|
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input
validation error when using 'gunzip' to extract a file with the '-N' flag,
which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396397, April 20, 2005
Ubuntu Security Notice, USN-116-1, May 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6,
2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Security Focus,13290, May 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory , TLSA-2005-59, June 1,
2005 |
|
GNU
Mailutils 0.5, 0.6 |
Multiple vulnerabilities have been reported that could let a remote
malicious user execute arbitrary code or cause a Denial of Service. These
vulnerabilities are due to a buffer overflow in the
'header_get_field_name()' function in 'mailbox/header.c'; an integer
overflow in the 'fetch_io()' function; an input validation error in the
imap4d server in the FETCH command; and a format string flaw in the imap4d
server.
A fixed version (0.6.90) is available at:
ftp://alpha.gnu.org/gnu/mailutils/
mailutils-0.6.90.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-20.xml
Debian:
http://security.debian.org/pool/
updates/main/m/mailutils/
Proofs of Concept exploits have been published. |
GNU Mailutils Buffer Overflow and Format String Bugs Let
Remote Users Execute Arbitrary Code
CAN-2005-1520
CAN-2005-1521
CAN-2005-1522
CAN-2005-1523 |
High |
iDEFENSE Security Advisory 05.25.05
Gentoo Linux Security Advisory, GLSA 200505-20, May 27, 2005
Debian Security Advisory, DSA 732-1, June 3, 2005
|
|
GNU
gzip 1.2.4, 1.3.3 |
A vulnerability has been reported when an archive is extracted into a
world or group writeable directory, which could let a malicious user
modify file permissions.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit code required. |
|
Medium |
Security Focus,
12996,
April 5, 2005
Ubuntu Security Notice, USN-116-1, May 4, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6,
2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory , TLSA-2005-59, June 1, 2005
|
|
GnuTLS
GnuTLS 1.2 prior to 1.2.3; 1.0 prior to 1.0.25 |
A remote Denial of Service vulnerability has been reported due to
insufficient validation of padding bytes in 'lib/gnutils_cipher.c.'
Updates available at:
http://www.gnu.org/software/
gnutls/download.html
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Gentoo:
http://security.gentoo.org
/glsa/glsa-200505-04.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gnutls10/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-430.html
Currently we are not aware of any exploits for this
vulnerability. |
|
Low |
Security Tracker Alert, 1013861, May 2, 2005
Fedora Update Notification,
FEDORA-2005-362, May 5, 2005
Gentoo Linux Security Advisory, GLSA 200505-04, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:084, May 12, 2005
Ubuntu Security Notice, USN-126-1, May 13, 2005
RedHat Security Advisory, RHSA-2005:430-05, June 1, 2005
|
|
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient
validation of user-supplied arguments, which could let a remote malicious
user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928, May 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory , TLSA-2005-59, June 1, 2005
|
|
Hewlett Packard Company
HP-UX B.11.23, B.11.22, B.11.11, B.11.04, B.11.00 |
A remote Denial of Service vulnerability has been reported in the Path
MTU Discovery (PMTUD) functionality that is supported in the ICMP
protocol.
Patches available at:
http://www1.itrc.hp.com/service/
cki/docDisplay.do?docId=
HPSBUX01137
Revision 2: The binary files of HPSBUX01164 will resolve the
issue for the core TCP/IP in B.11.11, B.11.22, and B.11.23.
The binary
files of HPSBUX01164 will resolve NOT resolve the issue for IPSec. B.11.00
and B.11.04 are NOT vulnerable.
The recommended workaround is to modify
/etc/rc.config.d/nddconf and reboot.
Currently we are not aware of any exploits for this
vulnerability. |
|
Low |
Hewlett Packard Company Security Advisory, HPSBUX01137, April 24, 2005
Hewlett Packard Company Security Advisory, HPSBUX01137: SSRT5954 rev.1,
May 25, 2005
Hewlett Packard Company Security Advisory, HPSBUX01137:
SSRT5954 rev.2, June 1, 2005 |
|
libexif
libexif 0.6.9, 0.6.11 |
A vulnerability exists in the 'EXIF' library due to
insufficient validation of 'EXIF' tag structure, which could let a remote
malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libe/libexif/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-17.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-300.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Debian:
http://security.debian.org/pool/
updates/main/libe/libexif/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Peachtree:
http://peachtree.burdell.org/
updates/
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000960
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Ubuntu Security
Notice USN-91-1, March 7, 2005
Fedora Update Notifications,
FEDORA-2005-
199 & 200,
March 8, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-17, March 12, 2005
RedHat Security Advisory,
RHSA-2005:300-08, March 21, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:064, March 31,
2005
Debian Security Advisory, DSA 709-1, April 15, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
Peachtree Linux Security Notice, PLSN-0006, April 22, 2005
Conectiva Security Advisory, CLSA-2005:960, June 2, 2005
|
|
LibTIFF
LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1 |
A buffer overflow vulnerability has been reported in the 'TIFFOpen()'
function when opening malformed TIFF files, which could let a remote
malicious user execute arbitrary code.
Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this
vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005
Ubuntu Security Notice, USN-130-1, May 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
|
|
Marc Lehmann
Convert-UUlib 1.50 |
A buffer overflow vulnerability has been reported in the
Convert::UUlib module for Perl due to a boundary error, which could let a
remote malicious user execute arbitrary code.
Update available at:
http://search.cpan.org/
dist/Convert-UUlib/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-26.xml
Debian:
http://security.debian.org/pool/
updates/main/libc/libconvert-uulib-perl/
SuSE:
ftp://ftp.suse.com/pub/suse/
Currently we are not aware of any exploits for this
vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005
Secunia Advisory, SA15130, April 27, 2005
Debian Security Advisory, DSA 727-1, May 20, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
|
|
Mortiforo
Mortiforo prior to 0.9.1 |
A vulnerability has been reported because a remote malicious user can
access private forums without permission.
Update available at:
http://mortiforo.sourceforge.net/
download.html
There is no exploit code required. |
|
Medium |
Security Tracker Alert, 1014120, June 7, 2005 |
|
Multiple Vendors
FreeBSD 5.4 & prior |
A vulnerability was reported in FreeBSD when using Hyper-Threading
Technology due to a design error, which could let a malicious user obtain
sensitive information and possibly elevated privileges.
Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/FreeBSD-SA-05:09.htt.asc
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101739-1
Mandriva:
http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for this
vulnerability. |
Multiple Vendor FreeBSD Hyper-Threading Technology
Support Information Disclosure
CAN-2005-0109
|
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005
SCO Security Advisory, SCOSA-2005.24, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
US-CERT
VU#911878
RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005
Sun(sm) Alert Notification, 101739, June 1, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:096, June
7, 2005 |
|
Multiple Vendors
GNU Binutils 2.14, 2.15 ; Gentoo Linux |
A vulnerability was reported in the GNU Binutils Binary File Descriptor
Library due to an integer overflow, which could let a remote malicious
user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-01.xml
Currently we are not aware of any exploits for this
vulnerability. |
GNU Binutils Binary File Descriptor Library Integer Overflow
CAN-2005-1704 |
High |
Gentoo Linux Security Advisory, GLSA 200506-01, June 1, 2005 |
|
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11,
2.6.1-2.6.11 |
Multiple vulnerabilities have been reported in the ISO9660 handling
routines, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-source-2.6.8.1/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/l
inux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for these
vulnerabilities. |
Linux Kernel
Multiple ISO9660 Filesystem
Handling
Vulnerabilities
CAN-2005-0815 |
High |
Security Focus,
12837,
March 18, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28,
2005
Ubuntu Security Notice, USN-103-1, April 1, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4,
1005 |
|
Multiple Vendors
GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora
Core3
RedHat Fedora Core2 |
A remote Denial of Service vulnerability has been reported due to a
double free error in the BMP loader.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-344.html
http://rhn.redhat.com/
errata/RHSA-2005-343.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdk-pixbuf/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000958
Currently we are not aware of any exploits for this
vulnerability. |
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service
CAN-2005-0891 |
Low |
Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 &
268,
March 30, 2005
RedHat Security Advisories,
RHSA-2005:344-03 &
RHSA-2005:343-03, April 1 & 4, 2005
Ubuntu Security Notice, USN-108-1 April 05, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April
8, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005
Conectiva Security Advisory, CLSA-2005:958, June 1, 2005
|
|
Multiple Vendors
GNU Mailutils 0.6.90, 0.6, 0.5 |
An SQL injection vulnerability has been reported due to insufficient
sanitization of user-supplied input before using in an SQL query, which
could let a remote malicious user execute arbitrary SQL code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-02.xml
There is no exploit code required. |
|
High |
Gentoo Linux Security Advisory, GLSA 200506-02, June 6, 2005 |
|
Multiple Vendors
GraphicsMagick GraphicsMagick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick
ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0,
5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2
.0.4, 6.2-6.2.2 |
A remote Denial of Service vulnerability has been reported due to a
failure to handle malformed XWD image files.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/imagemagick/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html
Currently we are not aware of any exploits for this
vulnerability. |
ImageMagick & GraphicsMagick XWD Decoder Remote Denial of
Service
CAN-2005-1739 |
Low |
Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005
Ubuntu Security Notice, USN-132-1, May 23, 2005
Fedora Update Notification,
FEDORA-2005-395, May 26, 2005
RedHat Security Advisory, RHSA-2005:480-03, June 2, 2005
|
|
Multiple Vendors
Linux Kernel 2.2, 2.4, 2.6 |
Several buffer overflow vulnerabilities exist in 'drivers/char/moxa.c'
due to insufficient validation of user-supplied inputs to the
'MoxaDriverloctl(),' ' moxaloadbios(),' moxaloadcode(),' and
'moxaload320b()' functions, which could let a malicious user execute
arbitrary code with root privileges.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/l
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for these
vulnerabilities. |
|
High |
Security Tracker Alert, 1013273, February 23, 2005
SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005
|
|
Multiple Vendors
Linux kernel 2.2.x, 2.4.x, 2.6.x |
A buffer overflow vulnerability has been reported in the
'elf_core_dump()' function due to a signedness error, which could let a
malicious user execute arbitrary code with ROOT privileges.
Update available at:
http://kernel.org/
Trustix:
http://www.trustix.org/
errata/2005/0022/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html
Avaya:
http://support.avaya.com/
elmodocs2/security/ASA-2005-120_RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
An exploit script has been published. |
|
High |
Secunia Advisory, SA15341, May 12, 2005
Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
|
|
Multiple Vendors
Linux Kernel 2.4.x, 2.6 prior to 2.6.11.11 |
A vulnerability has been reported in the Linux kernel in the Radionet
Open Source Environment (ROSE) implementation in the 'rose_rt_ioctl()'
function due to insufficient validation of a new routes' ndigis argument.
The impact was not specified.
Updates available at:
http://linux.bkbits.net:8080/
linux-2.4/cset@41e2cf515Tpixc
VQ8q8HvQvCv9E6zA
Currently we are not aware of any exploits for this
vulnerability. |
Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input
Validation
|
Not Specified |
Security Tracker Alert, 1014115, June 7,2005 |
|
Multiple Vendors
Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11 |
A vulnerability has been reported in the 'bluez_sock_create()' function
when a negative integer value is submitted, which could let a malicious
user execute arbitrary code with root privileges.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-
2.4.30-rc3.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html
http://rhn.redhat.com/
errata/RHSA-2005-284.html
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker
Alert, 1013567,
March 27, 2005
SUSE Security Announcement, SUSE-SA:2005
:021, April 4, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April
5, 2005
US-CERT
VU#685461
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11,
April 28, 2005
Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005
|
|
Multiple Vendors
Linux Kernel 2.6 - 2.6.10 rc2 |
The Linux kernel /proc filesystem is susceptible to an information
disclosure vulnerability. This issue is due to a race-condition allowing
unauthorized access to potentially sensitive process information. This
vulnerability may allow malicious local users to gain access to
potentially sensitive environment variables in other users processes.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-293.html
Avaya:
http://support.avaya.com/
elmodocs2/security/ASA-2005-120_RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for this
vulnerability. |
Multiple Vendors Linux Kernel PROC Filesystem Local
Information Disclosure
CAN-2004-1058 |
Medium |
Ubuntu Security Notice USN-38-1 December 14, 2004
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Turbolinux Security Announcement, February 28, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005
|
|
Multiple Vendors
Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11 |
A Denial of Service vulnerability has been reported in the
'load_elf_library' function.
Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for this
vulnerability. |
|
Low |
Fedora Security
Update Notification,
FEDORA-2005-262, March 28,
2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April
5, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005
|
|
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1
rc1&rc2, 2.6.1-2.6.8 |
A remote Denial of Service vulnerability has been reported in the
Point-to-Point Protocol (PPP) Driver.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Trustix:
http://http.trustix.org/pub/
trustix/updates
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html
http://rhn.redhat.com/
errata/RHSA-2005-284.html
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Avaya:
http://support.avaya.com/
elmodocs2/security/ASA-2005-120_RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
Ubuntu Security Notice, USN-95-1 March 15, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005
SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005
Fedora Security Update Notification,
FEDORA-2005-262, March 28,
2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11,
April 28, 2005
Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4, 2005
|
|
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6,
2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4
|
Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl'
function, which could let a malicious user obtain sensitive information; a
Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of
incorrect table sizes; a race condition vulnerability exists in the
'setsid()' function; and a vulnerability exists in the OUTS instruction on
the AMD64 and Intel EM64T architecture, which could let a malicious user
obtain elevated privileges.
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html
http://rhn.redhat.com/
errata/RHSA-2005-284.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html
Avaya:
http://support.avaya.com/
elmodocs2/security/ASA-2005-120_
RHSA-2005-283_RHSA-2005-284_
RHSA-2005-293_RHSA-2005-472.pdf
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for these
vulnerabilities. |
|
|
Ubuntu Security
Notice, USN-82-1, February 15, 2005
RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005
SUSE Security Announcement,
SUSE-SA:2005:018, March 24, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28,
2005
Conectiva Linux Security Announcement,
CLA-2005:945,
March 31,
2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11,
April 28, 2005
RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
FedoraLegacy: FLSA:152532, June 4, 2005 |
|
Multiple Vendors
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11;
RedHat
Fedora Core2 |
A vulnerability has been reported in the EXT2 filesystem
handling code, which could let malicious user obtain sensitive
information.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
FedoraLegacy:
http://download.fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for this
vulnerability. |
|
Medium |
Security Focus,
12932,
March 29, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April
5, 2005
Fedora Update Notification
FEDORA-2005-313, April 11, 2005
RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005
Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005
Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005
|
|
Multiple Vendors
Linux Kernel versions except 2.6.9 |
A race condition vulnerability exists in the Linux Kernel terminal
subsystem. This issue is related to terminal locking and is exposed when a
remote malicious user connects to the computer through a PPP dialup port.
When the remote user issues the switch from console to PPP, there is a
small window of opportunity to send data that will trigger the
vulnerability. This may cause a Denial of Service.
This issue has been addressed in version 2.6.9 of
the Linux Kernel. Patches are also available for 2.4.x releases:
http://www.kernel.org/pub/linux/kernel/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Avaya:
http://support.avaya.com/
elmodocs2/security/ASA-2005-120_RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
Currently we are not aware of any exploits for this
vulnerability. |
Multiple Vendors Linux Kernel
Terminal Locking Race
Condition
CAN-2004-0814 |
Low |
Security Focus, December 14, 2004
Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005
Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
Turbolinux Security Announcement , February 28, 2005
SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
|
|
Multiple Vendors
NASM NASM 0.98.35, 0.98.38; RedHat Advanced Workstation for the Itanium
Processor 2.1 IA64, r 2.1, Desktop 3.0, 4.0
RedHat Enterprise Linux WS
4, 3, 2.1 IA64, 2.1, ES 4, 3, 2.1 IA64, 2.1, AS 4, 3, 2.1 IA64, 2.1
|
A buffer overflow vulnerability has been reported in the
'ieee_putascii()' function, which could let a remote malicious user
execute arbitrary code.
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-381.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/n/nasm/
SGI:
ftp://patches.sgi.com/
support/free/security/advisories/
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this
vulnerability. |
|
High |
RedHat Security Advisory, RHSA-2005:381-06, May 4, 2005
Ubuntu Security Notice, USN-128-1, May 17, 2005
Turbolinux Security Advisory , TLSA-2005-61, June 1, 2005
|
|
Multiple Vendors
Qpopper 4.x; Gentoo Linux |
Several vulnerabilities have been reported: a vulnerability was
reported because user supplied config and trace files are processed with
elevated privileges, which could let a malicious user create/overwrite
arbitrary files; and a vulnerability was reported due to an unspecified
error which could let a malicious user create group or world-writable
files.
Upgrades available at:
ftp://ftp.qualcomm.com/eudora/
servers/unix/popper/old/qpopper4.0.5.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-17.xml
Debian:
http://security.debian.org/
pool/updates/main/q/qpopper/
SuSE:
ftp://ftp.suse.com/pub/suse/
There is no exploit code required. |
|
Medium |
Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005
Secunia Advisory, SA15475, May 24, 2005
Debian Security Advisories, DSA 728-1 & 728-2, May 25 & 26,
2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
|
|
PostgreSQL
PostgreSQL 7.3 through 8.0.2 |
Two vulnerabilities have been reported: a vulnerability was
reported because a remote authenticated malicious user can invoke some
client-to-server character set conversion functions and supply specially
crafted argument values to potentially execute arbitrary commands; and a
remote Denial of Service vulnerability was reported because the
'contrib/tsearch2' module incorrectly declares several functions as
returning type 'internal.'
Fix available at:
http://www.postgresql.org/
about/news.315
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-12.xml
Trustix:
http://www.trustix.org/
errata/2005/0023/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-433.html
Currently we are not aware of any exploits for these
vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed) |
Security Tracker Alert, 1013868, May 3, 2005
Ubuntu Security Notice, USN-118-1, May 04, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005
Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005
Turbolinux Security Advisory , TLSA-2005-62, June 1, 2005
RedHat Security Advisory, RHSA-2005:433-17, June 1, 2005
|
|
Sun Microsystems, Inc.
Solaris 10.0 |
A vulnerability has been reported in the C Library ('libc' and
'libproject') due to an unspecified error, which could let a malicious
user obtain elevated privileges.
Patch available at:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-
101740-1&searchclause=i
Currently we are not aware of any exploits for this
vulnerability. |
|
Medium |
Sun(sm) Alert Notification, 101740, June 3, 2005 |
|
Tomasz Lutelmowski
LutelWall 0.97 & prior |
A vulnerability has been reported in the 'new_version_check()' function
due to the insecure creation of temporary files when updating to a new
version, which could let a malicious user obtain root privileges.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
High |
Security Tracker Alert, 1014112, June 6, 2005 |
|
Yapig
Yapig 0.92b, 0.93u, 0.94u |
Several vulnerabilities have been reported: a vulnerability was
reported because it is possible to upload arbitrary files to a directory
inside the web root, which could let a remote malicious user execute
arbitrary PHP code; a Cross-Site Scripting vulnerability was ported in
'view.php' due to insufficient sanitization of the 'phid' parameter, which
could let a remote malicious user execute arbitrary HTML and script code;
a vulnerability was reported due to insufficient verification of the
'BASE_DIR' and 'YAPIG_PATH' parameters, which could let a remote malicious
user include arbitrary files from external and local resources; and a
Directory Traversal vulnerability was reported in 'upload.php' due to
insufficient verification of the 'dir' parameter, which could let a remote
malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
|
High |
SecWatch Advisory, June 4, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX /
Linux / Other |
|
Vendor &
Software Name |
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts |
Common Name
/
CVE Reference |
Risk |
Source |
|
America OnLine
Instant Messenger 5.9.3797, 5.5.3595, 5.5.3415 Beta, 5.5, 5.2.3292,
5.1.3036, 5.0.2938 |
A remote Denial of Service vulnerability has been reported when a
malicious user crafts a malformed GIF file that is used as a Buddy Icon
and followed by sending an instant message.
No workaround or patch av | |
| |
