Adobe

Photoshop CS, Creative Suite 1.0, Premiere Pro 1.5

Updates available:
http://www.adobe.com/support/
techdocs/331688.html

Currently we are not aware of any exploits for this vulnerability.

Adobe License Management Service Elevated Privilege Vulnerability

CAN-2005-0151

Adobe Advisory Document 331688, June 9, 2005

America OnLine

Instant Messenger 5.9.3797, 5.5.3595, 5.5.3415 Beta, 5.5, 5.2.3292, 5.1.3036, 5.0.2938

A remote Denial of Service vulnerability has been reported when a malicious user crafts a malformed GIF file that is used as a Buddy Icon and followed by sending an instant message.

No workaround or patch available at time of publishing.

There is no exploit code required.

Categorized incorrectly in SB05-159 as Multiple Operating System vulnerability.

AOL Instant Messenger Buddy Icon Remote Denial of Service

CAN-2005-1891

Avaya

Avaya Call Management System (CMS)

A vulnerability has been reported that could let a remote malicious user cause a Denial of Service.

The vendor recommends disabling the FTP daemon.

Currently we are not aware of any exploits for this vulnerability.

Early Impact

ProductCart 2.7 and prior

An input validation vulnerability has been reported that could let a remote malicious user inject SQL commands and conduct cross-site scripting attacks. Input is not properly verified in 'viewPrd.asp' and various 'pcadmin' scripts.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

GoodTech Systems

GoodTech SMTP Server 5.14 for Windows NT/2000/XP 5.x

A vulnerability has been reported that could let a remote malicious user cause a Denial of Service. The vulnerability is caused due to an error in the handling of recipients.

Update to version 5.15: http://www.goodtechsys.com/
smtpdnt2000.asp

A Proof of Concept exploit script has been published.

Ipswitch

IMail Server 8.x

Multiple vulnerabilities have been reported in IMail Server, which could let a remote malicious user gain sensitive information or cause a Denial of Service. These are due to unspecified errors in the IMAP4d32 service and Web Calendaring.

Apply IMail Server 8.2 Hotfix 2: ftp://ftp.ipswitch.com/Ipswitch/
Product_Support/IMail/imail82hf2.exe

An exploit script has been published.

Ipswitch Support Advisory, IMail Server 8.2 Hotfix 2, May 23, 2005

Security Focus, 13727, June 8, 2005

Loki

Loki Download Manager Category Version 2.0

An SQL injection vulnerability has been reported in the 'Default.asp' and 'catinfo.asp' scripts due to insufficient validation before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Macromedia

All Macromedia MX 2004 products (Studio, Studio with Flash Professional, Flash Professional, Flash, FreeHand, Dreamweaver, Fireworks, and Director)

Captivate, Contribute 2, and Contribute 3

A fix is available at: http://download.macromedia.com/pub/
security/licensing_installer_updater.exe

Currently we are not aware of any exploits for this vulnerability.

Microsoft

Internet Explorer 6 SP2

A vulnerability has been reported that could let a malicious remote user hide scripting code. The IE browser does not properly process certain javascript scripting code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Security Tracker Alert, 1014174, June 12, 2005

Microsoft

Outlook Web Access for Exchange Server 5.5

A Cross-Site Scripting vulnerability has been reported that could allow a malicious user to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. This could allow an attacker access to any data on the Outlook Web Access server that was accessible to the individual user.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-029.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft, MS05-029, June 14, 2004

US-CERT VU#300373

Microsoft

Windows 2000, XP, Server 2003

A remote code execution vulnerability has been reported in Server Message Block (SMB) that could allow a malicious user to take complete control of the affected system.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-027.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft, MS05-027, June 14, 2004

US-CERT VU#489397

Technical Cyber Security Alert TA05-165A

Microsoft

Windows 2000, XP, Server 2003, 98, 98 (SE), (ME)

A spoofing vulnerability has been reported that could enable a malicious user to spoof trusted Internet content.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-032.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Agent Could Allow Spoofing

CAN-2005-1214

Microsoft, MS05-032, June 14, 2004

US-CERT VU#718542

Microsoft

Windows XP, Server 2003

Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000

An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-033.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Telnet Client Could Allow Information Disclosure

CAN-2005-1205

Microsoft, MS05-033, June 14, 2004

US-CERT VU#800829

Microsoft

Windows XP, Server 2003

A remote code execution vulnerability has been reported in the way that Windows processes Web Client requests that could allow a malicious user who successfully exploited this vulnerable to take complete control of the affected system.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-028.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft

Internet Explorer 5.01, 5.5, 6

Remote code execution and information disclosure vulnerabilities have been reported due to the way that IE handles PNG images and the way that it handles certain requests to display XML content.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-025.mspx

Currently we are not aware of any exploits for these vulnerabilities.

Microsoft, MS05-025, June 14, 2004

US-CERT VU#189754

Technical Cyber Security Alert TA05-165A

Microsoft

Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2

A vulnerability has been reported in ISA Server 2000 because of the way that it handles malformed HTTP requests that could allow a remote malicious user to either bypass content restrictions and access content that they would normally not have access to or they could cause users to be directed to unexpected content. An elevation of privilege vulnerability also exists in ISA Server 2000 that could allow an attacker who successfully exploited this vulnerability to create a NetBIOS connection with an ISA Server by utilizing the NetBIOS (all) predefined packet filter.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-034.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft ISA Access and Elevation of Privilege Vulnerabilities

CAN-2005-1215
CAN-2005-1216

Microsoft, MS05-034, June 14, 2004

US-CERT VU#367077

Microsoft

Outlook Express 5.5, 6

A remote code execution vulnerability has been reported in Outlook Express when it is used as a newsgroup reader. A malicious user could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-030.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft, MS05-030, June 14, 2004

US-CERT VU#130614

Microsoft

Step-by-Step Interactive Training

A remote code execution vulnerability has been reported in Step-by-Step Interactive Training due to the way Interactive Training handles bookmark link files.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-031.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Step-by-Step Interactive Training Could Allow Remote Code Execution

CAN-2005-1212

Microsoft

Windows 2000, XP, Server 2003 98, 98 (SE), and ME

A remote code execution vulnerability has been reported in HTML Help that could allow a malicious user to take complete control of the affected system.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-026.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft, MS05-026, June 14, 2004

US-CERT VU#851869

Technical Cyber Security Alert TA05-165A

Novell

eDirectory 8.7.3

A vulnerability has been reported that could let a remote malicious user cause a denial of service. A remote user can supply a specially crafted HTTP request for an MS-DOS device name to cause the target service to crash.

A fixed version (8.7.3 IR6) is available.

A Proof of Concept exploit has been published.

Novell eDirectory Can Be Crashed With Requests Containing MS-DOS Device Names

CAN-2005-1729

Security Tracker Alert ID: 1014177, June 13, 2005

CIRT.DK Advisory NOVL102201

Pragma Systems

Pragma TelnetServer 6.0

A vulnerability has been reported that could let a remote malicious user hide certain log entries. With a certain command line sequence, the user can hide arbitrary commands from the administrator in the HTML log files.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Medium

Symantec

pcAnywhere 9.x, 10.x, 11.x

A vulnerability has been reported that could let malicious, local users gain escalated privileges by manipulating the "Caller Properties" feature to run arbitrary commands when the system is restarted. "Launch with Windows" setting enabled must be enabled to exploit.

Update to version 11.5 or apply patch.

Patch for consumer versions: http://www.symantec.com/techsupp/
files/pca/index.html

Patch for enterprise versions: http://www.symantec.com/techsupp/enterprise/
products/spca/files.html

Currently we are not aware of any exploits for this vulnerability.

Alexis Sukrieh

Backup Manager 0.5.6, 0.5.7

A vulnerability has been reported because archives are created with insecure permissions, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.sukria.net/packages/
backup-manager/sources/
backup-manager-0 .5.8.tar.gz

There is no exploit code required.

Apple

Mac OS X 10.3-10.3.9, Mac OS X Server 10.3- 10.3.9

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'htdigest' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the AppKit component when processing TIFF files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the AppKit component when parsing certain TIFF images because an invalid call is made to the 'NXSeek()' function; a vulnerability was reported due to an error when handling AppleScript because code is displayed that is different than the code that is actually run, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error in the Bluetooth support because files are shared without notifying the user properly, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability was reported in the Bluetooth file, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'chfn,' 'chpass,' and 'chsh' utilities because certain external helper programs are invoked insecurely, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Help Viewer because a remote malicious user can run JavaScript without imposed security restrictions; a vulnerability was reported in the LDAP functionality because passwords are stored in plaintext, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to errors when parsing XPM files, which could let a remote malicious user compromise the system; a vulnerability was reported in 'lukemftpd' because chroot restrictions can be bypassed, which could let a remote malicious user bypass restrictions; a vulnerability was reported in the Netinfo Setup Tool (NeST) when processing input passed to the ' -target' command line parameter due to a boundary error, which could let a malicious user execute arbitrary code; a vulnerability was reported when the HTTP proxy service in Server Admin is enabled because by default it is possible for everyone to use the proxy service; a vulnerability was reported in the HTTP proxy service in Server Admin for Mac OS X due to insufficient access restrictions, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported in sudo in the environment clearing, which could let a malicious user obtain elevated privileges; a vulnerability was reported in the Terminal utility, which could let a remote malicious user inject arbitrary data; a vulnerability was reported due to an error in the Terminal utility, which could let a remote malicious user inject commands in x-man-path URIs; and a vulnerability was reported in vpnd due to a boundary error, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.apple.com/support/downloads/
securityupdate2005005client.html

http://www.apple.com/support/downloads/
securityupdate2005005server.html

Apple:
http://www.apple.com/
support/downloads/

Proofs of Concept exploits have been published.

Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005

US-CERT
VU#140470

US-CERT
VU#145486

US-CERT
VU#258390

US-CERT
VU#356070

US-CERT
VU#582934

US-CERT
VU#331694

US-CERT
VU#706838

Technical Cyber Security Alert TA05-136A

Apple Security Update, APPLE-SA-2005-06-08, June 8, 2005

Apple

Mac OS X Server 10.4.1, 10.4, 10.3.9, OS X 10.4.1, 10.4, 10.3.9

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the AFP Server when copying POSIX-only permissions files; a buffer overflow vulnerability was reported in the Apple File Protocol Server legacy client support, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in CoreGraphics and PDFKit when processing PDF documents; a vulnerability was reported in LaunchServices when an file extension and mime type is marked as unsafe but not mapped to an Apple Uniform Type Identifier (UTI), which could let a remote malicious user bypass download safety checks; a vulnerability was reported in NFS because certain export restrictions are not honored, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'launchd_server_init()' function due to the creation of temporary files in an unsafe manner, which could let a malicious user obtain elevated privileges; a vulnerability was reported in the CoreGraphics component, which could let a malicious user obtain root access; a race condition vulnerability was reported due to insecure folder permissions on the system's cache folder and Dashboard system widgets; and a vulnerability was reported in the MCX Client, which could let a malicious user obtain access to Portable Home Directory credentials.

Updates available at:
http://www.apple.com/
support/downloads/

Currently we are not aware of any exploits for these vulnerabilities.

Apple

Macintosh OS X

Multiple vulnerabilities have been reported:a Denial of Service vulnerability was reported in the 'nfs_mount()' function due to insufficient input value checks; a Directory Traversal vulnerability was reported in bluetooth-enabled systems due to an input validation error, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in two system calls used to search filesystem objects due to insufficient checks on directory permissions, which could let a malicious user obtain sensitive information; a vulnerability was reported in the SecurityAgent because a malicious user can bypass a locked screensaver to start background applications; and a vulnerability was reported because a remote malicious user can bypass a download warning dialog to install potentially malicious Dashboard widgets.

Updates available at:
http://www.apple.com/
support/downloads/

Currently we are not aware of any exploits for these vulnerabilities.

Apple Security Advisory, APPLE-SA-2005-05-19, May 19, 2005

US-CERT VU#775661

APSIS

Pound 1.8.2

Upgrade available at:
http://www.apsis.ch/
pound/Pound-1.8.3.tgz

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Security Focus, 13436, April 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:015, June 7, 2005

bzip2

bzip2 1.0.2

A remote Denial of Service vulnerability has been reported when the application processes malformed archives.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-SA-2005.008
-openpkg.html

Currently we are not aware of any exploits for this vulnerability.

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-60, June 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:015, June 7, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.008, June 10, 2005

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

OpenPKG:
http://www.openpkg.org/security/
OpenPKG-SA-2005.008-openpkg.html

There is no exploit code required.

Security Focus,
12954,
March 31, 2005

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005

Debian Security Advisory, DSA 730-1, May 27, 2005

Turbolinux Security Advisory , TLSA-2005-60, June 1, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.008, June 10, 2005

Darryl Burgdo

Webhints 1.3

A vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Ethereal Group

Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9

Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.

Upgrades available at:
http://www.ethereal.com/
distribution/ethereal-0.10.11.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-03.xml

Mandriva:
http://www.mandriva.com/
security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-427.html

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000963

SuSE:
ftp://ftp.suse.com/pub/suse/

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

An exploit script has been published.

Ethereal Security Advisory, enpa-sa-00019, May 4, 2005

Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005

RedHat Security Advisory, RHSA-2005:427-05, May 24, 2005

Conectiva Security Advisory, CLSA-2005:963, June 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Ettercap

Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2

A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.sourceforge.net/
ettercap/ettercap-
NG-0.7.3.tar.gz?download

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-07.xml

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory, SA15535, May 31, 2005

Gentoo Linux Security Advisory, GLSA 200506-07, June 11, 2005

Freedesktop.org

D-BUS 0.23 & prior

A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.

Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-102.html

There is no exploit code required.

Security Tracker Alert ID,1013075, February 3, 2005

RedHat Security Advisory, RHSA-2005:102-09, June 8, 2005

FreeRADIUS Server Project

FreeRADIUS 1.0.2

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz

There is no exploit code required.

Security Tracker Alert ID: 1013909, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-13, May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Security Focus, 13541, June 10, 2005

gFTP

gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17

A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz

Debian:
http://security.debian.org/pool/
updates/main/g/gftp/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-410.html

There is no exploit code required.

Security Focus, February 14, 2005

Debian Security Advisory, DSA 686-1, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005

RedHat Security Advisory, RHSA-2005:410-07, June 13, 2005

Conectiva Security Advisory, CLSA-2005:957, May 31, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

An exploit has been published.

Securiteam, May 22, 2005

Ubuntu Security Notice, USN-138-1, June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005

RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005

GNU

a2ps 4.13b

Two vulnerabilities exist in GNU a2ps, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerabilities are caused due to the fixps.in and psmandup.in scripts creating temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running a vulnerable script.

Debian:
http://security.debian.org/
pool/updates/main/a/a2ps/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-02.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for these vulnerabilities.

Secunia SA13641, December 27, 2004

Gentoo Linux Security Advisory, GLSA 200501-02, January 4, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:097, June 7, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-SA-2005.009-
openpkg.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

Proof of Concept exploit has been published.

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005

GNU

Mailutils 0.5, 0.6

Multiple vulnerabilities have been reported that could let a remote malicious user execute arbitrary code or cause a Denial of Service. These vulnerabilities are due to a buffer overflow in the 'header_get_field_name()' function in 'mailbox/header.c'; an integer overflow in the 'fetch_io()' function; an input validation error in the imap4d server in the FETCH command; and a format string flaw in the imap4d server.

A fixed version (0.6.90) is available at:
ftp://alpha.gnu.org/gnu/mailutils/
mailutils-0.6.90.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-20.xml

Debian:
http://security.debian.org/pool/
updates/main/m/mailutils/

A Proof of Concept exploit script has been published.

GNU Mailutils Buffer Overflow and Format String Bugs Let Remote Users Execute Arbitrary Code

CAN-2005-1520
CAN-2005-1521
CAN-2005-1522
CAN-2005-1523

iDEFENSE Security Advisory 05.25.05

Gentoo Linux Security Advisory, GLSA 200505-20, May 27, 2005

Debian Security Advisory, DSA 732-1, June 3, 2005

Security Focus, 13764, June 13, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml

There is no exploit code required.

Secunia Advisory, SA15496, May 25, 2005

Gentoo Linux Security Advisory, GLSA 200506-08, June 11, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

There is no exploit code required.

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005

GNU

wget 1.9.1

A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
http://http.trustix.org/
pub/trustix/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

A Proof of Concept exploit script has been published.

Security Tracker Alert ID: 1012472, December 10, 2004

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

There is no exploit code required.

Security Tracker Alert, 1013928, May 10, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory , TLSA-2005-59, June 1, 2005

RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005

IBM

AIX 5.3

Buffer overflow vulnerabilities have been reported in the 'invscout,' 'paginit,' 'diagTasksWebSM,' 'getlvname,' and 'swcons' commands and multiple 'p' commands, which could let a malicious user execute arbitrary code, potentially with root privileges.

IBM has released an advisory (IBM-06-10-2005) to address this and other issues. Fixes are not yet available.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Security Tracker Alert, 1014132, June 8, 2005

IBM Security Advisory, IBM-06-10-2005, June 10, 2005

Iron Bars

Shell ibsh 0.3 a-0.3 d, 0.2 a, 0.1 b, 0.1 a

Upgrades available at:
http://prdownloads.sourceforge.net/
ibsh/ibsh-0.3e.tar.gz?download

Currently we are not aware of any exploits for these vulnerabilities.

jamchen

JamMail 1.8

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-06.xml

Mandriva:
http://www.mandriva.com/
security/advisories

IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:10/tcpdump.patch

Exploit scripts have been published.

Bugtraq, 396932, April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Ubuntu Security Notice, USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:10, June 9, 2005

Leafnode

Leafnode 1.11.2, 1.11.1, 1.9.47-1.9.29-1.9.31, 1.9.19-1.9.27

A remote Denial of Service vulnerability has been reported in the fetchnews program (the NNTP client) due to a failure to handle network delays.

Upgrades available at:
http://sourceforge.net
/project/showfiles.php?group_id=57767

There is no exploit code required.

Libextractor

libextractor 0.4-0.4.2, 0.3.6 -0.3.11

The vendor has released libextractor 0.5.0 to address these issues.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-06.xml

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors

FreeBSD 5.4 & prior

Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-05:09.htt.asc

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101739-1

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/

Currently we are not aware of any exploits for this vulnerability.

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

Upgrades available at:
http://www.imagemagick.org/
script/binary-releases.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/imagemagick/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-413.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

A Proof of Concept exploit has been published.

Security Focus, 13351, April 25, 2005

Fedora Update Notification
FEDORA-2005-344, April 28, 2005

Ubuntu Security Notice, USN-132-1 May 23, 2005, May 23, 2005

RedHat Security Advisory, RHSA-2005:413-04, May 25, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Multiple Vendors

ISC BIND 9.3;
MandrakeSoft Linux Mandrake 10.1 X86_64, 10.1

A remote Denial of Service vulnerability exists in the 'authvalidated()' function due to an error in the validator.

Upgrade available at:
http://www.isc.org/index.pl

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Trustix:
http://www.trustix.org/
errata/2005/0003/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:12/bind9.patch

Currently we are not aware of any exploits for this vulnerability.

US-CERT Vulnerability Note. VU#938617, January 25, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:12, June 9, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/pool/
updates/main/e/evolution/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-238.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 673-1, February 10, 2005

Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005

ALTLinux Security Advisory, March 29, 2005

RedHat Security Advisory, RHSA-2005:238-18, May 19, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
Linux kernel 2.6.9, 2.6-2.6.8

A Denial of Service vulnerability has been reported in the auditing code.

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11

A Denial of Service vulnerability has been reported in the 'load_elf_library' function.

Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005

SUSE Security Announcement, SUSE-SA:2005:29, June 9, 2005

Multiple Vendors

RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6

A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.

Update available at:
http://cvs.tcpdump.org/cgi-bin/
cvsweb/tcpdump/print-bgp.c

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/

A Proof of Concept exploit script has been published.

Security Tracker Alert, 1014133, June 8, 2005

Fedora Update Notification,
FEDORA-2005-406, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Multiple Vendors

SilverCity SilverCity 0.9.4;
Gentoo Linux

A vulnerability has been reported because three of the SilverCity executables are installed with insecure permissions, which could let a malicious user modify the executables and replace them with trojaned versions.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-05.xml

There is no exploit code required.

Multiple Vendors

SuSE Linux Enterprise Server 9, Linux 9.3 x86_64;
Linux kernel 2.6.11, 2.6.8, l 2.6.5

A vulnerability has been reported in 'ptrace' 64-bit platforms which could let a malicious user access kernel memory pages.

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11

A vulnerability has been reported in the 'bluez_sock_create()' function when a negative integer value is submitted, which could let a malicious user execute arbitrary code with root privileges.

Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-
2.4.30-rc3.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit script has been published.

Security Tracker
Alert, 1013567,
March 27, 2005

SUSE Security Announcement, SUSE-SA:2005
:021, April 4, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005

US-CERT
VU#685461

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11, April 28, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005

SUSE Security Announcement, SUSE-SA:2005:29, June 9, 2005

Multiple Vendors

Ubuntu Linux 5.0 4 amd64, 4.1 ia64;
SuSE Linux 9.3 x86_64, 9.1 x86_64, 9.0 x86_64;
Linux kernel 2.6.10, 2.6.8

A Denial of Service has been reported in 'ptrace()' due to insufficient validation of memory addresses.

Updates available at:
http://kernel.org/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/