 |
Summary of Security Items from June 15 through June 21, 2005
Information
in the US-CERT Cyber Security Bulletin is a compilation and includes information
published by outside sources, so the information should not be considered the
result of US-CERT analysis. Software vulnerabilities are categorized in the
appropriate section reflecting the operating system on which the vulnerability
was reported; however, this does not mean that the vulnerability only affects
the operating system reported since this information is obtained from
open-source information.
This bulletin
provides a summary of new or updated vulnerabilities, exploits, trends, viruses,
and trojans. Updates to vulnerabilities that
appeared in previous bulletins are listed in bold
text. The text in the Risk column appears in red for vulnerabilities
ranking High. The risks levels applied to
vulnerabilities in the Cyber Security Bulletin are based on how the "system" may
be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch
Available" column that indicates whether a workaround or patch has been
published for the vulnerability which the script exploits.
VulnerabilitiesThe table below
summarizes vulnerabilities that have been identified, even if they are not being
exploited. Complete details about patches or workarounds are available from the
source of the information or from the URL provided in the section. CVE numbers
are listed where applicable. Vulnerabilities that affect both
Windows and Unix Operating Systems are included in the Multiple
Operating Systems section.
Note: All the information included in the following tables
has been discussed in newsgroups and on web sites.
The Risk levels
defined below are based on how the system may be impacted:
Note: Even though
a vulnerability may allow several malicious acts to be performed, only the
highest level risk will be defined in the Risk column.
- High - A
high-risk vulnerability is defined as one that will allow an intruder to
immediately gain privileged access (e.g., sysadmin or root) to the system or
allow an intruder to execute code or alter arbitrary system files. An example
of a high-risk vulnerability is one that allows an unauthorized user to send a
sequence of instructions to a machine and the machine responds with a command
prompt with administrator privileges.
- Medium - A
medium-risk vulnerability is defined as one that will allow an intruder
immediate access to a system with less than privileged access. Such
vulnerability will allow the intruder the opportunity to continue the attempt
to gain privileged access. An example of medium-risk vulnerability is a server
configuration error that allows an intruder to capture the password
file.
- Low - A
low-risk vulnerability is defined as one that will provide information to an
intruder that could lead to further compromise attempts or a Denial of Service
(DoS) attack. It should be noted that while the DoS attack is deemed low from
a threat potential, the frequency of this type of attack is very high. DoS
attacks against mission-critical nodes are not included in this rating and any
attack of this nature should instead be considered to be a "High"
threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
| Avant Browser
Avant Browser 10.0 Build 029, 9.0, 8.0.2 |
A vulnerability has been reported because JavaScript dialog boxes don't display/include their origin, which could let a remote malicious user spoof dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Avant Browser Dialog Box Origin Spoofing |
Medium |
Security Focus, 14012, June 21, 2005 |
BlueCollar Productions
iGallery 3.3 |
A vulnerability has been reported in i-Gallery, which could let a remote user to conduct Cross-Site Scripting and directory traversal.
No workaround or patch available at time of publishing.
A exploit has been published. |
BlueCollar Productions
i-Gallery Cross-Site Scripting & Directory Traversal
CAN-2005-2033
CAN-2005-2034 |
Low |
Security Focus, 14000, June 20, 2005 |
Coolcafe
Cool Cafe Chat 1.2.1 |
Several vulnerabilities have been reported: a vulnerability was reported in the 'login.asp' script due tp insufficient validation of user-supplied input, which could let a remote malicious user inject SQL commands; and a vulnerability was reported in 'modifyUser.asp,' which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A exploit has been published.
|
|
|
Exploit Labs, EXPL-A-2005-009 |
Fortibus
Fortibus CMS 4.0.0 |
Several vulnerabilities have been reported: multiple SQL injection vulnerabilities were reported in Fortibus CMS, which could let a remote malicious user to execute SQL commands; and a vulnerability was reported because a remote malicious user can modify information via the 'My info' page.
The vendor has released a patch.
No exploit is required. |
Fortibus CMS SQL Injection & Information Modification
CAN-2005-2037
CAN-2005-2038 |
High |
Security Tracker Alert, 1014242, June 20 2005 |
Microsoft
ASP.NET 1.x |
A vulnerability exists which can be exploited a malicious user to bypass security restrictions. The vulnerability is caused by a canonicalization error within the .NET authentication schema.
Apply ASP.NET ValidatePath module: http://www.microsoft.com/downloads/
details.aspx?FamilyId=DA77B852-
DFA0-4631-AAF9-8BCC6C743026
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/MS05-004.mspx
Availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system Versions: Windows XP Tablet PC Edition and Windows XP Media Center Edition.
A Proof of Concept exploit has been published. |
|
Medium |
Microsoft, October 7, 2004
Microsoft Security Bulletin, MS05-004, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Vulnerability Note VU#283646
Microsoft Security Bulletin, MS05-004 V2.0, June 14, 2005 |
Microsoft
Microsoft Internet Explorer 6.0, SP1&SP2 |
A vulnerability has been reported in Microsoft Internet Explorer, which could let malicious websites to spoof dialog boxes.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploit for this vulnerability. |
Microsoft Internet Explorer Dialog Origin Spoofing |
Low |
Secunia, Advisory, SA15491, June 21, 2005 |
Microsoft
Windows 2000 SP 3 and SP4
Windows XP SP 1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, Windows 98 SE, and Windows ME |
Multiple vulnerabilities have been reported that include IP Validation, ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset, and Spoofed Connection Request. These vulnerabilities could let remote malicious users execute arbitrary code or execute a Denial of Service.
Updates available: http://www.microsoft.com/technet/
security/bulletin/MS05-019.mspx
A revised version of the security update is available. Microsoft recommends installing this revised security update even if you have installed the previous version. The revised security update will be available through Windows.
Currently we are not aware of any exploits for these vulnerabilities. |
|
|
Microsoft Security Bulletin MS05-019, April 12, 2005
Technical Cyber Security Alert TA05-102A
US-CERT VU#233754
Microsoft Security Bulletin MS05-019 V 2.0, June 14, 2005 |
Novell
Novell GroupWise 5.5, 6.0, 6.5.2 |
A vulnerability has been reported in Novell GroupWise, which could let a local user to obtain a target user's email password.
No workaround or patch available at time of publishing.
No exploit is required. |
Novell GroupWise Client Local Password Disclosure
|
Medium |
Security Tracker, Alert, 1014247, June 20 2005 |
UApplication
UBlog Reload 1.0.5 |
Multiple vulnerabilities were reported in UBlog Reload, which which could let a remote user to execute SQL commands or perform cross site scripting.
There is no solution available at the time of publishing.
No exploit is required. |
Ublog Reload SQL Injection & Cross-SIte Scripting
CAN-2005-2009
CAN-2005-2010
|
Medium |
Security Focus, 13994, June 20 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apache
SpamAssassin 3.0.1, 3.0.2, 3.0.3 |
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.
A fixed version (3.0.4) is available at: http://spamassassin.apache.org
/downloads.cgi
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
There is no exploit code required. |
|
Low |
Security Tracker Alert ID: 1014219, June 16, 2005
Fedora Update Notifications,
FEDORA-2005-427 & 428, June 16 & 17, 2005
Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005 |
Apple
Safari 1.x
|
A vulnerability has been reported because JavaScript dialog boxes don't display/include their origin, which could let a remote malicious user spoof dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Apple Safari Dialog Box Origin Spoofing |
Medium |
Secunia Advisory, SA15474, June 21, 2005 |
bzip2
bzip2 1.0.2 |
A remote Denial of Service vulnerability has been reported when the application processes malformed archives.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
OpenPKG:
http://www.openpkg.org/
security/OpenPKG-SA-2005.008
-openpkg.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-474.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-127-1, May 17, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-60, June 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:015, June 7, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.008, June 10, 2005
RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005 |
bzip2
bzip2 1.0.2 & prior |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
OpenPKG:
http://www.openpkg.org/security/
OpenPKG-SA-2005.008-
openpkg.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html
There is no exploit code required. |
|
Medium |
Security Focus,
12954,
March 31, 2005
Ubuntu Security Notice, USN-127-1, May 17, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005
Debian Security Advisory, DSA 730-1, May 27, 2005
Turbolinux Security Advisory , TLSA-2005-60, June 1, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.008, June 10, 2005
RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005 |
cPanel Inc.
cPanel 9.1, 9.0, 8.0, 7.0, 6.4-6.4.2, 6.2, 6.0, 5.3, 5.0 |
A Cross-Site Scripting vulnerability has been reported in the 'login' page due to insufficient sanitization of the 'user' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 13996, June 20, 2005 |
Edgewall Software
Trac 0.8.3, 0.7.1 |
A vulnerability has been reported in the 'id' parameter when processing an attachment upload and download request, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://ftp.edgewall.com/pub/
trac/trac-0.8.4.tar.gz
There is no exploit code required. |
Edgewall Software Trac Arbitrary File Upload/Download
CAN-2005-2007
|
Medium |
Secunia Advisory, SA15752, June 20, 2005 |
Gentoo
Linux 1.x |
A vulnerability was reported in the webapp-config utility because the 'fn_show_postinst()' function creates a temporary file in an unsafe manner, which could let a malicious user obtain root privileges.
The vendor has released a fixed version of net-www/webapp-config (1.10-r14).
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-13.xml
A Proof of Concept exploit has been published. |
|
High |
Security Tracker Alert, 1014027, May 22, 2005
Gentoo Linux Security Advisory, GLSA 200506-13, June 17, 2005 |
GNOME
gEdit 2.0.2, 2.2 .0, 2.10.2 |
A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html
Mandriva:
http://www.mandriva.com/
security/advisories
An exploit has been published. |
|
High |
Securiteam, May 22, 2005
Ubuntu Security Notice, USN-138-1, June 09, 2005
Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005
RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:102, June 16, 2005 |
GNU
a2ps 4.13b |
Two vulnerabilities exist in GNU a2ps, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerabilities are caused due to the fixps.in and psmandup.in scripts creating temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running a vulnerable script.
Debian:
http://security.debian.org/
pool/updates/main/a/a2ps/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-02.xml
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLlinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for these vulnerabilities. |
GNU a2ps
Two Scripts Insecure Temporary File
Creation
CAN-2004-1377
|
Medium |
Secunia SA13641, December 27, 2004
Gentoo Linux Security Advisory, GLSA 200501-02, January 4, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:097, June 7, 2005
Turbolinux Security Advisory, TLSA-2005-64, June 15, 2005 |
GNU
cpio 2.6 |
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396429, April 20, 2005
Gentoo Linux Security Advisory, GLSA 200506-16, June 20, 2005 |
GNU
sharutils 4.2, 4.2.1; Avaya S8710 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8500 R2.0.1, S8500 R2.0.0, S8300 R2.0.1, R2.0.0, Modular Messaging (MSS) 2.0, 1.1,
Avaya MN100, Intuity LX,
Avaya Converged Communications Server 2.0 |
Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-01.xml
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
OpenPKG:
ftp://ftp.openpkg.org/release
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-377.html
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/TurboLinux/ia32/
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-135_
RHSA-2005-377.pdf
We are not aware of any exploits for these vulnerabilities. |
|
|
Gentoo Linux
Security Advisory, GLSA 200410-01, October 1, 2004
Fedora Legacy
Update Advisory, FLSA:2155,
March 24, 2005
Ubuntu Security
Notice, USN-102-1 March 29, 2005
Fedora Update Notifications,
FEDORA-2005-
280 & 281, April 1, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005
RedHat Security Advisory, RHSA-2005:377-07, April 26, 2005
Turbolinux Security Advisory, TLSA-2005-54, April 28, 2005
SGI Security Advisory, 20050501-01-U, May 5, 2005
Avaya Security Advisory, ASA-2005-135, June 14, 2005 |
GNU
sharutils 4.2, 4.2.1; Avaya S8710 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8500 R2.0.1, S8500 R2.0.0, S8300 R2.0.1, R2.0.0, Modular Messaging (MSS) 2.0, 1.1,
Avaya MN100, Intuity LX,
Avaya Converged Communications Server 2.0 |
A vulnerability has been reported in the 'unshar' utility due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-06.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-377.html
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/TurboLinux/ia32/
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-135_
RHSA-2005-377.pdf
There is no exploit code required. |
GNU Sharutils 'Unshar' Insecure Temporary File Creation
CAN-2005-0990
|
Medium |
Ubuntu Security
Notice, USN-104-1, April 4, 2005
Gentoo Linux Security Advisory, GLSA 200504-06, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005
Fedora Update Notification,
FEDORA-2005-319, April 14, 2005
RedHat Security Advisory, RHSA-2005:377-07, April 26, 2005
Turbolinux Security Advisory, TLSA-2005-54, April 28, 200
SGI Security Advisory, 20050501-01-U, May 5, 2005
Avaya Security Advisory, ASA-2005-135, June 14, 2005 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
A Proof of Concept exploit script has been published. |
|
Medium |
Security Tracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005 |
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928, May 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005
RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005 |
iCab
iCab 2.9.8
|
A vulnerability has been reported because JavaScript dialog boxes don't display/include their origin, which could let a remote malicious user spoof dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
iCab Web Browser Dialog Box Origin Spoofing |
Medium |
Secunia Advisory, SA15477, June 21, 2005 |
LBL
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5 |
Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-06.xml
Mandriva:
http://www.mandriva.com/
security/advisories
IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:10/tcpdump.patch
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Exploit scripts have been published. |
|
Low |
Bugtraq, 396932, April 26, 2005
Fedora Update Notification,
FEDORA-2005-351, May 3, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Ubuntu Security Notice, USN-119-1 May 06, 2005
Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:087, May 12, 2005
Security Focus, 13392, May 12, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:10, June 9, 2005
Avaya Security Advisory, ASA-2005-137, June 13, 2005
Turbolinux Security Advisory,TLSA-2005-63, June 15, 2005 |
Multiple Vendors
Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6 |
A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.
A fixed version (5.8.4 or later) is available at: http://www.perl.com/CPAN/src/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-38.xml
Debian:
http://security.debian.org/pool
/updates/main/p/perl/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
HP:
http://software.hp.com/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Ubuntu Security Notice, USN-94-1 March 09, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005
Debian Security Advisory, DSA 696-1 , March 22, 2005
Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005
HP Security Bulletin, HPSBUX01208, June 16, 2005 |
Multiple Vendors
RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6 |
A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.
Update available at:
http://cvs.tcpdump.org/cgi-bin/
cvsweb/tcpdump/print-bgp.c
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/4/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/
A Proof of Concept exploit script has been published. |
|
Low |
Security Tracker Alert, 1014133, June 8, 2005
Fedora Update Notification,
FEDORA-2005-406, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:101, June 15, 2005
Fedora Update Notification,
FEDORA-2005-407, June 16, 2005
Ubuntu Security Notice, USN-141-1, June 21, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7 |
A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.
Patches available at:
http://www.squid-cache.org/Versions
/v2/2.5/bugs/squid-2.5.STABLE9-setcookie.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html
There is no exploit code required.
|
Squid Proxy Set-Cookie Headers Information Disclosure
CAN-2005-0626
|
Medium |
Secunia Advisory, SA14451,
March 3, 2005
Ubuntu Security
Notice,
USN-93-1
March 08, 2005
Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005
Conectiva Linux Security Announcement, CLA-2005:948, April 27, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005
RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005 |
Multiple Vendors
xli 1.14-1.17; xloadimage 3.0, 4.0, 4.1; Avaya Modular Messaging (MSS) 2.0, 1.1
Avaya MN100,
Avaya Intuity LX
ALT Linux ALT Linux Junior 2.3,
ALT Linux ALT Linux Compact 2.3 |
A vulnerability exists due to a failure to parse compressed images safely, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml
Debian:
http://security.debian.org/
pool/updates/main/x/xli/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-332.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-134_
RHSA-2005-332.pdf
Currently we are not aware of any exploits for this vulnerability. |
XLoadImage Compressed Image Remote Command Execution
CAN-2005-0638
|
High |
Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005
Fedora Update Notifications,
FEDORA-2005-236 & 237, March 18, 2005
Debian Security Advisory, DSA 695-1, March 21, 2005
Turbolinux Security Advisory, TLSA-2005-43, April 19, 2005
RedHat Security Advisory, RHSA-2005:332-10, April 19, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:076, April 21, 2005
SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005
SGI Security Advisory, 20050501-01-U, May 5, 2005
Avaya Security Advisory, ASA-2005-134, June 14, 2005 |
NanoBlogger
NanoBlogger 3.2.1, 3.2 |
A vulnerability has been reported in some plugins because certain input files are invoked insecurely, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://nanoblogger.sourceforge.net/
downloads/nanoblogger-3.2.3.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory, SA15754, June 21, 2005 |
Novell
NetMail 3.52 A-C |
A vulnerability has been reported in the Owner and Group ID files in the NetMail patches because they are incorrectly set to 500, which could let malicious user user delete/replace NetMail binaries.
Patches available at:
http://support.novell.com/servlet/
filedownload/sec/pub/
netmail352c1_li n.tgz
There is no exploit code required. |
|
Medium |
Novell TID, 10098022, June 17, 2005 |
| OpenBSD 3.6, 3.7 |
A vulnerability has been reported that could let a local user cause a Denial of Service. A local user can invoke getsockopt(2) to get ipsec(4) credentials for a socket to trigger a kernel panic. The flaw resides in 'sys/netinet/ip_output.c' in the ip_ctloutput() function.
The vendor has issued the following fixes:
ftp://ftp.openbsd.org/pub/OpenBSD/
patches/3.7/common/002_
getsockopt.patch
ftp://ftp.openbsd.org/pub/OpenBSD/
patches/3.6/common/017_
getsockopt.patch
Currently we are not aware of any exploits for this vulnerability. |
OpenBSD IPSec getsockopt() Denial of Service |
Low |
OpenBSD 3.6 and 3.7 Release Errata, June 15, 2005 |
php Arena
paFileDB 3.1 and prior |
Several input validation vulnerabilities were reported in paFileDB that could let a remote malicious user inject SQL commands, conduct Cross-Site Scripting attacks, and view or execute files on the target system.
The vendor has issued a fixed version which has the same version number as the vulnerable version.
Proofs of Concept exploits have been published. |
|
High |
Security Tracker Alert, 1014209, June 15, 2005
US-CERT VU#459565 |
PHP Group
PHP 4.3-4.3.10; Peachtree Linux release 1 |
A remote Denial of Service vulnerability has been reported when processing deeply nested EXIF IFD (Image File Directory) data.
Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Peachtree:
http://peachtree.burdell.org/
updates/
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000955
Apple:
http://www.apple.com/
support/downloads/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-136_
RHSA-2005-405_
RHSA-2005-406.pdf
Currently, we are not aware of any exploits for this vulnerability. |
PHP Group Exif Module IFD Nesting Remote Denial of Service
CAN-2005-1043
|
Low |
Security Focus, 13164, April 14, 2005
Ubuntu Security Notice, USN-112-1, April 14, 2005
Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005
Fedora Update Notification,
FEDORA-2005-315, April 18, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005
Peachtree Linux Security Notice, PLSN-0001, April 21, 2005
SGI Security Advisory, 20050501-01-U, May 5, 2005
Conectiva Security Advisory, CLSA-2005:955, May 31, 2005
Apple Security Update, APPLE-SA-2005-06-08, June 8, 2005
Avaya Security Advisory, ASA-2005-136, June 14, 2005 |
PHP Group
PHP 4.3-4.3.10; Peachtree Linux release 1 |
A vulnerability has been reported in the 'exif_process_IFD_TAG()' function when processing malformed IFD (Image File Directory) tags, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Peachtree:
http://peachtree.burdell.org/
updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-405.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000955
Apple:
http://www.apple.com/
support/downloads/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-136_
RHSA-2005-405_
RHSA-2005-406.pdf
Currently, we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, 13163, April 14, 2005
Ubuntu Security Notice, USN-112-1, April 14, 2005
Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005
Fedora Update Notification,
FEDORA-2005-315, April 18, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005
Peachtree Linux Security Notice, PLSN-0001, April 21, 2005
Turbolinux Security Advisory, TLSA-2005-50, April 28, 2005
RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005
SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005
SGI Security Advisory, 20050501-01-U, May 5, 2005
Conectiva Security Advisory, CLSA-2005:955, May 31, 2005
Apple Security Update, APPLE-SA-2005-06-08, June 8, 2005
Avaya Security Advisory, ASA-2005-136, June 14, 2005 |
Rob Flynn
Gaim prior to 1.3.1 |
Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message.
Updates available at:
http://gaim.sourceforge.net
/downloads.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-11.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-518.html
There is no exploit code required. |
|
Low |
Secunia Advisory, SA15648, June 10, 2005
Ubuntu Security Notice USN-139-1, June 10, 2005
Gentoo Linux Security Advisory, GLSA 200506-11, June 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:099, June 14, 2005
Fedora Update Notifications,
FEDORA-2005-410, & 411, June 17, 2005
RedHat Security Advisory, RHSA-2005:518-03, June 16, 2005 |
Royal Institute of Technology
Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f |
Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
ftp://ftp.pdc.kth.se/pub/heimdal/
src/heimdal-0.6.5.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory, SA15718, June 20, 2005 |
Sun Microsystems, Inc.
Messaging Server 6.2, iPlanet Messaging Server 5.2 |
A vulnerability has bee reported in in Sun ONE Messaging Server (iPlanet Messaging Server), which could let a remote malicious user execute arbitrary code. Note: Only target users running Internet Explorer are affected.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Sun ONE/iPlanet Messaging Server Arbitrary Code Execution
CAN-2005-2022
|
High |
Sun(sm) Alert Notification, 101770. June 17, 2005 |
SuSE
SuSE Linux 9.3, x86_64 |
An unspecified vulnerability was reported when using gpg2 for S/MIME signing. The impact was not specified.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
Not Specified |
SUSE Security Summary Report, SUSE-SR:2005:016, June 17, 2005 |
Todd Miller
Sudo 1.6-1.6.8, 1.5.6-1.5.9 |
A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz
OpenBSD:
http://www.openbsd.org/
errata.html
There is no exploit code required. |
|
High |
Security Focus, 13993, June 20, 2005 |
Vipul
Razor-agents prior to 2.72 |
Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.
Updates available at:
http://prdownloads.sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Security Focus, Bugtraq ID 13984, June 17, 2005
Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005 |
ViRobot
ViRobot Linux Server 2.0 |
A buffer overflow vulnerability has been reported in the web based management interface due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
|
High |
Securiteam, June 15, 2005 |
winace.com
UnAce 1.0, 1.1, 1.2 b |
Several vulnerabilities exist: a buffer overflow vulnerability exists in the ACE archive due to an incorrect 'strncpy()' call, which could let a remote malicious user execute arbitrary code; two other buffer overflow vulnerabilities exist when archive name command line arguments are longer than 15,600 characters and when printing strings are processed, which could let a remote malicious user execute code; and a Directory Traversal vulnerability exists due to improper filename character processing, which could let a remote malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.org
/glsa/glsa-200502-32.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
There is not exploit code required; however, Proofs of Concept exploits have been published. |
|
|
Security Tracker Alert, 1013265, February 23, 2005
SUSE Security Summary Report, SUSE-SR:2005:016, June 17, 2005 |
Yaws
Yaws 1.55 and prior |
A vulnerability has been reported that could let remote malicious users gain knowledge of sensitive information. This is due to an input validation error when handling a request containing a NULL byte appended to the filename.
Update to version 1.56:
http://yaws.hyber.org/
yaws-1.55_to_1.56.patch
There is no exploit code required; however; a Proof of Concept exploit has been published. |
|
Medium |
SEC-CONSULT Security Advisory, 20050616-0 |
Yukihiro Matsumoto
Ruby 1.8.2 |
A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution
CAN-2005-1992
|
High |
Fedora Update Notifications,
FEDORA-2005-474 & 475, June 21, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat and Reader 7.0 and 7.0.1 for Mac OS and Windows. |
A vulnerability has been reported that could let remote malicious users access system information. This is because there is an error in the Adobe Reader control that makes it possible to determine whether or not a particular file exists
on a user's system via XML scripts embedded in JavaScript.
Update to version 7.0.2 for Windows: http://www.adobe.com/support/downloads/
Update for Mac OS currently not available.
Currently we are not aware of any exploits for this vulnerability. |
Adobe Reader / Adobe Acrobat Local File Detection
CAN-2005-1306 |
Medium |
Adobe Advisory Document 331710, June 15, 2005 |
ajax-spell
ajax-spell 1.1-1.7 |
A vulnerability has been reported that could let remote malicious users conduct Cross-Site Scripting attacks. Input passed in HTML tag entities is not properly verified before
being returned to users.
Upgrade available at:
http://sourceforge.net/project/
showfiles.php?group_id=141511&
package_i d=155305
There is no exploit code required. |
|
High |
Secunia SA15737, June 17, 2005 |
Apache Friends
XAMPP 1.4.13 |
A vulnerability has been reported that could let remote malicious users view potentially sensitive information and
conduct script insertion attacks. Input passed to the query string in 'lang.php' isn't properly verified.
Update to version 1.4.14: http://sourceforge.net/project/
showfiles.php?group_id=61776
There is no exploit code required. |
Apache Friends XAMPP 'lang.php' Script Insertion & Information Disclosure
CAN-2005-2043
|
High |
Secunia SA15735, June 17, 2005 |
ATRC
ATutor 1.4.3, 1.5 RC 1 |
A vulnerability has been reported that could let a remote user conduct Cross-Site Scripting attacks. Several scripts do not properly validate user-supplied input.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus Bugtraq ID 13972, June 16, 2005 |
Bitrix
Bitrix Site Manager 4.0.5 |
Several vulnerabilities have been reported: a vulnerability was reported in 'admin/index.php' due to insufficient validation of the '_SERVER[DOCUMENT_ROOT]' parameter, which could let a remote malicious user include arbitrary files from
external and local resources; and a vulnerability was reported because a remote malicious user can obtain sensitive information by accessing certain scripts directly.
The vendor has released Bitrix Site Manager 4.0.9 to address this issue. Please contact the vendor to obtain fixes.
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia SA15726, June 16, 2005 |
C1 Financial Services
Contelligent 9.0.15 |
A vulnerability has been reported because a remote authenticated malicious user can invoke the preview mechanism and set a role for which the user is not authorized, which could lead to elevated privileges.
Update available at:
http://www.contelligent.com/contell/
cms/c1web/contelligent/site/
contelligent/downloads/index.html
Currently we are not aware of any exploits for this vulnerability. |
Contelligent Preview Elevated Privileges |
Medium |
Security Tracker Alert, 1014240, June 19, 2005 |
Cisco Systems
VPN Concentrator 3000 series products running groupname authentication |
A vulnerability has been reported due to a design error when responding to valid and invalid groupnames, which could let a malicious user carry out bruteforce attacks against the password hash.
Upgrade information available at:
http://www.cisco.com/univercd/cc/td/
doc/product/vpn/vpn3000/4_
7/471con3k.htm#wp560292
There is no exploit code required.
|
|
Medium |
Security Focus, 13992, June 20, 2005 |
Claroline
Claroline 1.5.3, 1.6 rc1, 1.6 beta; Dokeos Open Source Learning & Knowledge Management Tool 1.5.5 |
Multiple input validation vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported in the '/exercise_result.php,' 'exercice_submit.php,' 'myagenda.php,' 'agenda.php,' 'user_access_details.php,' 'toolaccess_details.php,' 'learningPathList.php,' 'learningPathAdmin.php,' 'learningPath.php,' and 'userLog.php' pages due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code; SQL injection vulnerabilities were reported in 'learningPath.php (3),' 'exercises_details.php,' 'learningPathAdmin.php,' 'learnPath_details.php,' 'userInfo.php (2),' 'modules_pool.php,' and 'module.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary SQL code; multiple Directory Traversal vulnerabilities were reported in 'claroline/document/document.php' and 'claroline/learnPath/insertMyDoc.php' due to insufficient input validation, which could let remote malicious project administrators (teachers) upload files in arbitrary folders or copy/move/delete (then view) files of arbitrary folders; and remote file inclusion vulnerabilities were reported due to insufficient verification, which could let a remote malicious user include arbitrary files from external and local resources.
Upgrades available at:
http://www.claroline.net/dlarea/
Dokeos:
http://www.dokeos.com/
download/dokeos-1.6.rc2.zip
There is no exploit code required; however, Proofs of Concept exploits have been published. |
|
|
Zone-H Research Center Security Advisory, 200501, April 27, 2005
Security Focus, 13407, June 16, 2005 |
Dirk Krause
fig2vect 1.0.1 |
A vulnerability has been reported that could let remote malicious users execute arbitrary code. This is due to a boundary error in the 'pdf_encode_str()' function.
Update to version 1.0.2: http://sourceforge.net/project/
showfiles.php?group_id=112082
Currently we are not aware of any exploits for this vulnerability. |
Dirk Krause fig2vect 'pdf_encode_str()' Buffer Overflow |
High |
Secunia SA13637, June 17, 2005 |
Dokeos
Dokeos 1.5.5 |
Multiple vulnerabilities have been reported which could let remote malicious users conduct Cross-Site Scripting and SQL
injection attacks, manipulate, and disclose sensitive information.
The vulnerabilities have been fixed in version 1.6 RC2.
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia, SA15725, June 16, 2005 |
e107.org
e107 website system 0.617, 0.616, 0.6 15a, 0.6 15 |
Multiple vulnerabilities have been reported: a vulnerability was reported because different error messages are returned regarding valid or invalid usernames, which could let a remote malicious user obtain sensitive information; and several Cross-Site Scripting vulnerabilities have been reported due to insufficient input validation before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
e107 Website System Information Disclosure & Cross-Site Scripting |
High |
Security Focus, 13974, June 16, 2005 |
Enterasys Networks
Vertical Horizon VH-2402S 02.05.09.07, VH-2402S 02.05.00 |
Several vulnerabilities have been reported: a vulnerability was reported due to an undocumented default account that contains a default password used for debugging purposes, which could let a remote malicious user obtain administrative access; and a vulnerability was reported because certain debug commands are available for non-administrative users (e.g. guest users).
Patches available at:
http://www.enterasys.com/
download/download.cgi?lib=vh
There is no exploit code required. |
|
High |
Secunia Advisory, SA15757, June 21, 2005 |
Ethereal Group
Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9
Avaya Converged Communications Server (CCS) 2.x, Avaya S8XXX Media Servers |
Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.
Upgrades available at:
http://www.ethereal.com/
distribution/ethereal-0.10.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-03.xml
Mandriva:
http://www.mandriva.com/
security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-427.html
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000963
SuSE:
ftp://ftp.suse.com/pub/suse/
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-131_RHSA-2005-306_
RHSA-2005-427.pdf
An exploit script has been published. |
Ethereal Multiple Remote Protocol Dissector Vulnerabilities
CAN-2005-1456
CAN-2005-1457
CAN-2005-1458
CAN-2005-1459
CAN-2005-1460
CAN-2005-1461
CAN-2005-1462
CAN-2005-1463
CAN-2005-1464
CAN-2005-1465
CAN-2005-1466
CAN-2005-1467
CAN-2005-1468
CAN-2005-1469
CAN-2005-1470 |
|
Ethereal Security Advisory, enpa-sa-00019, May 4, 2005
Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005
RedHat Security Advisory, RHSA-2005:427-05, May 24, 2005
Conectiva Security Advisory, CLSA-2005:963, June 6, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
SGI Security Advisory, 20050503-01-U, June 8, 2005
Avaya Security Advisory, ASA-2005-131, June 13, 2005 |
Ethereal Group
Ethereal 0.10-0.10.8 |
A buffer overflow vulnerability exists due to a failure to copy network derived data securely into sensitive process buffers, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.ethereal.com/
download.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-16.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-306.html
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-131_RHSA-2005-306_
RHSA-2005-427.pdf
Exploit scripts have been published. |
Ethereal
Buffer Overflow
CAN-2005-0699 |
High |
Security Focus, 12759, March 8, 2005
Security Focus, 12759, March 14, 2005
Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005
Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005
RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005
Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Avaya Security Advisory, ASA-2005-131, June 13, 2005 |
Ethereal Group
Ethereal 0.9-0.9.16, 0.10-0.10.9 |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported in the Etheric dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability has been reported in the GPRS-LLC dissector if the 'ignore cipher bit' option is enabled; a buffer overflow vulnerability has been reported in the 3GPP2 A11 dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and remote Denial of Service vulnerabilities have been reported in the JXTA and sFLow dissectors.
Upgrades available at:
http://www.ethereal.com/
download.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-16.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-306.html
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Debian:
http://security.debian.org/
pool/updates/main/e/ethereal/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-131_RHSA-2005-306_
RHSA-2005-427.pdf
A Denial of Service Proof of Concept exploit script has been published. |
|
|
Ethereal Advisory, enpa-sa-00018, March 12, 2005
Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005
Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005
RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005
Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Debian Security Advisory, DSA 718-1, April 28, 2005
Avaya Security Advisory, ASA-2005-131, June 13, 2005 |
GNU Midnight Commander Project
Midnight Commander 4.x |
Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/m/mc/
SUSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-24.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-217.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-512.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
|
Security Tracker Alert, 1012903, January 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005
RedHat Security Advisory, RHSA-2005:217-10, March 4, 2005
RedHat Security Advisory, RHSA-2005:512-08, June 16, 2005 |
GNU
mcGallery 1.1 |
A vulnerability has been reported that could let remote malicious users access sensitive information. Input passed to the 'lang' parameter in 'admin.php' isn't properly verified.
No workaround or patch available at time of publishing.
Vulnerability may be exploited via a web browser. |
|
Medium |
Secunia SA15727, June 16, 2005 |
Horde Project
Horde 3.0.4 -RC 2 |
A Cross-Site Scripting vulnerability has been reported due to insufficient validation of the page title in a parent frame window, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at:
http://ftp.horde.org/pub/horde/
horde-latest.tar.gz
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
There is no exploit code required. |
|
High |
Secunia Advisory: SA14730, March 29, 2005
SUSE Security Summary Report, SUSE-SR:2005:016, June 17, 2005
|
JBoss Group
JBoss 4.0.2, 3.2.7, 3.2.2, 3.2.1, 3.0.8 |
A vulnera | |
| |
