 |
Summary of Security Items from June 22 through June 28, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name/
CVE Reference |
Risk |
Source |
Active Web Softwares
ActiveBuy
andSell V6.X |
A vulnerability has been reported in ActiveBuyandsell that could let a malicious remote user perform SQL injection or Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
ActiveBuy
andSell SQL Injection & Cross-Site Scripting
CAN-2005-2062
CAN-2005-2063 |
High |
Secunia Advisory, SA15837, June 27, 2005 |
Advanced Browser
Advanced Browser V8.0.2 |
A javascript spoofing vulnerability has been reported in Advanced Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Advanced Browser Javascript Spoofing |
Medium |
Security Tracker Alert ID: 1014270, June 23, 2005 |
ASP Nuke
ASP Nuke V0.8 |
Multiple vulnerabilities have been reported in ASP Nuke that could allow a remote malicious user to perform SQL injection or Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ASP Nuke SQL Injection & Cross Site Scripting
CAN-2005-2064
CAN-2005-2065
CAN-2005-2066
|
High |
Security Focus, Bugtraq ID: 14062, 13318, 14063,14064, June 27, 2005 |
ASP
Playground
ASP
Playground
.NET V3.2SP1 |
A vulnerability has been reported in ASPPlayground.NET that could allow a remote malicious user to upload arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ASPPlayground .NET Arbitrary Upload
|
High |
Security Tracker Alert ID: 1014309, June 27, 2005 |
Fast Browser
Fast Browser Pro V8.1 |
A javascript spoofing vulnerability has been reported in Fast Browser Pro that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Fast Browser Pro Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014296, June 27, 2005 |
Flashpeak
Slim Browser V4.05.007 |
A javascript spoofing vulnerability has been reported in Slim Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Slim Browser Javascript Spoofing |
Medium |
Security Tracker Alert ID: 1014266, June 22, 2005 |
Hewlett Packard
HP Version Control Repository Manager V2.x
|
A password disclosure vulnerability has been reported in HP Version Control Repository Manager that could disclose the proxy password to local users.
An update is available: http://h18023.www1.hp.com/
support/files/server/us/
download/22563.html
There is no exploit code required. |
HP VCRM Password Disclosure
CAN-2005-2076 |
Medium |
Secunia, Advisory: SA15790, June 23, 2005 |
Hosting Controller
Hosting Controller Error.ASP |
A vulnerability has been reported in Error.ASP that could allow a remote malicious user to perform Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Hosting Controller Error.ASP
Cross-Site Scripting
CAN-2005-2077
|
High |
Security Focus, Bugtraq ID: 14080, June 28, 2005 |
IPSwitch
WhatsUp Professional V2005SP1 |
An input validation vulnerability has been reported in Ipswitch WhatsUp Professional that could let malicious users perform SQL injection.
Update to Service Pack 1a: http://www.ipswitch.com/Support/
whatsup_professional/releases/
wup2005sp1a.html
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
Ipswitch WhatsUp Professional SQL Injection Vulnerability
CAN-2005-1250
|
High |
iDEFENSE, Security Advisory 06.22.05, June 22, 2005 |
Microsoft
Microsoft Internet Explorer 6.0, SP1&SP2 |
A vulnerability has been reported in Microsoft Internet Explorer, which could let malicious websites to spoof dialog boxes.
Advisory available at:
http://www.microsoft.com/
technet/security/advisory/
902333.mspx
Currently we are not aware of any exploit for this vulnerability. |
Microsoft Internet Explorer Dialog Origin Spoofing |
Medium |
Secunia, Advisory, SA15491, June 21, 2005
Microsoft Security Advisory (902333), June 21, 2005 |
Microsoft
Visio 2002, SP1, SharePoint Portal Server 2001, SP1, Office XP, SP1-SP3,
|
A vulnerability has been reported in Microsoft Log Sink Class ActiveX Control that could allow a remote malicious user to create arbitrary files.
Update available at:
http://www.microsoft.com/
downloads/details.aspx?
familyid=0dd4c99a-9196
-421b-83f0-3d2f93189028&
displaylang=en
An exploit has been published. |
Microsoft Log Sink Class ActiveX Control
CAN-2005-0360 |
High |
US-CERT VU#165022 |
Microsoft
Outlook Express 5.5, 6 |
A remote code execution vulnerability has been reported in Outlook Express when it is used as a newsgroup reader. A malicious user could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news.
Updates available: http://www.microsoft.com
/technet/security/Bulletin/
MS05-030.mspx
An exploit has been published. |
Microsoft Outlook Express Could Allow Remote Code Execution
CAN-2005-1213
|
High |
Microsoft, MS05-030, June 14, 2004
US-CERT VU#130614
Security Focus, Bugtraq ID: 13951, June 24, 2005 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/
technet/security/bulletin/
MS05-011.mspx
Microsoft Windows NT 4.0 has also been found vulnerable to the issue; however, this platform is no longer publicly supported by Microsoft. A patch is available for customers that have an active end-of-life support agreement including extended Windows NT 4.0 support. Information regarding the end-of-life support agreement can be found at the following location:
http://www.microsoft.com/
presspass/features/2004/
dec04/12-03NTSupport.asp
An exploit has been published. |
|
High |
Microsoft Security Bulletin, MS05-011, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#652537
Security Focus, 12484, March 9, 2005
Security Focus, Bugtraq ID: 12484, June 23, 2005 |
MyInternet
MyInternet Browser V10.0.0.0 |
A javascript spoofing vulnerability has been reported in MyInternet Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
MyInternet Browser Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014295, June 27, 2005 |
NetCaptor
NetCaptor Browse V7.5.4 |
A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
NetCaptor Browser Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014265, June 22, 2005 |
Omni
Omni Browser 2.0 |
A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Omni Browser Javascript Spoofing |
Medium |
Security Tracker Alert ID: 1014286, June 23, 2005 |
Optimal Access
Optimal Desktop V4.00 |
A javascript spoofing vulnerability has been reported in Optimal Desktop that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Optimal Desktop Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014298, June 27, 2005 |
Sofotex
BisonFTP Server V4R1 |
A vulnerability has been reported in BisonFTP Server that could allow remote malicious users to perform a Denial of Service.
No workaround or patch available at time of publishing.
An exploit has been published. |
BisonFTP Server Denial of Service
CAN-2005-2078 |
Low |
Security Focus, Bugtraq ID: 14079, June 28, 2005 |
Sukru Alatas
Sukru Alatas Guestbook V3.1 |
A vulnerability has been reported in Sukru Alatas Guestbook that could allow database disclosure to remote malicious users.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Sukru Alatas Guestbook Database Disclosure
|
Medium |
Secunia Advisory: SA15832, June 28, 2005 |
| TCP-IP Datalook 1.3 |
A vulnerability has been reported in TCP-IP Datalook that could let a local malicious user perform a Denial of Service.
No workaround or patch available at time of publishing.
An exploit has been published. |
TCP-IP Datalook Denial of Service
|
Low |
Security Tracker Alert ID: 1014291, June 26, 2005 |
Telligent Systems
Community Server Forums |
A vulnerability has been reported in Community Server Forums that could let a remote malicious user perform Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Community Server Forums Cross-Site Scripting |
High |
Security Focus, Bugtraq ID: 14078, June 28, 2005 |
True North Software Inc.
IA eMailServer V5.2.2 |
An IMAP list command validation vulnerability has been reported in IA eMailServer that could let remote malicious users perform a Denial of Service.
Upgrade to version 5.3.4 Build 2019.
An exploit script has been published. |
IA eMailServer Denial of Service
|
Low |
Secunia Advisory: SA15838, June 28, 2005 |
Veritas
Veritas Backup Exec 10.0 |
Multiple vulnerabilities have been reported in Veritas Backup Exec that could let remote malicious users perform arbitrary code execution, elevate privileges, perform a DoS, or even crash systems.
A patch is available from the vendor: http://seer.support.veritas.com/
docs/277429.htm
Currently we are not aware of any exploits for this vulnerability. |
Veritas Backup Exec Multiple Vulnerabilities
CAN-2005-0771
CAN-2005-0772
CAN-2005-0773
|
High |
Secunia, Advisory: SA15789, June 23, 2005
VERITAS Security Advisory VX05-006, VX05-007, VX05-008, June 23, 3005
US-CERT VU#584505, VU#352625, VU#492105 |
Wichio
Wichio 27Tools-in-1 Browser V4.2 |
A javascript spoofing vulnerability has been reported in Wichio 27Tools-in-1 Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Wichio 27Tools-in-1 Browser Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014297, June 27, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat Reader 7.0.1, 7.0, Acrobat 7.0.1, 7.0
|
Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a remote malicious user execute arbitrary programs via a specially crafted PDF document that contains JavaScript; and a vulnerability was reported in the updater because Safari Frameworks folder permissions can be elevated for all users when downloading updates. Only UNIX running on Mac OS is affected.
Upgrades available at:
http://www.adobe.com
/support/downloads/
There is no exploit code required. |
|
Medium |
Secunia
Advisory, SA15827,
June 28, 2005 |
Apache
Spam
Assassin 3.0.1, 3.0.2, 3.0.3 |
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.
A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-498.html
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required. |
|
Low |
Security Tracker Alert ID: 1014219,
June 16, 2005
Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005
Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200
SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005
RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005 |
Freedesk
top.org
D-BUS 0.23 & prior |
A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.
Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-102.html
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/d
/dbus/dbus
There is no exploit code required. |
|
Medium |
Security Tracker Alert ID,1013075, February 3, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:105,
June 24, 2005
Ubuntu Security Notice,
USN-144-1,
June 27, 2005
|
FreeRADIUS Server
Project
FreeRADIUS 1.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html
There is no exploit code required. |
|
High |
Security Tracker Alert ID: 1013909, May 6, 2005
Gentoo Linux Security
Advisory, GLSA 200505-13,
May 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Security Focus, 13541, June 10, 2005
RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005
|
GD Graphics Library
gdlib 2.0.23, 2.0.26-2.0.28; Avaya Converged Communi-cations Server 2.0, Intuity LX
Avaya MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing
Avaya S8300 R2.0.1,R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
OpenPKG:
ftp://ftp.openpkg.org/release/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
libg/libgd2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-08.xml
Debian:
http://security.debian.org/
pool/updates/main/libg
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool
/updates/main/libg/libgd/
Red Hat:
http://rhn.redhat.com/
errata/RHSA-2004-638.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-017_
RHSA-2004-638.pdf
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/
updates/
An exploit script has been published. |
|
High |
Secunia Advisory,
SA12996, October 28, 2004
Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004
Ubuntu Security Notice, USN-21-1, November 9, 2004
Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004
Fedora Update Notifications,
FEDORA-2004-411 & 412, November 11, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Ubuntu Security Notice, USN-25-1, November 16, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004
Red Hat Advisory, RHSA-2004:638-09, December 17, 2004
Avaya Security Advisory, ASA-2005-017, January 18, 2005
SGI Security Advisory, 20050602-
01-U, June 23, 2005 |
gFTP
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 |
A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://www.gftp.org/
gftp-2.0.18.tar.gz
Debian:
http://security.debian.org/
pool/updates/main/g/gftp/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-410.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
There is no exploit code required. |
|
Medium |
Security Focus, February 14, 2005
Debian Security Advisory, DSA 686-1, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005
RedHat Security Advisory, RHSA-2005:410-07, June 13, 2005
Conectiva Security Advisory, CLSA-2005:957, May 31, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNOME
gEdit 2.0.2, 2.2 .0, 2.10.2 |
A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
An exploit has been published. |
|
High |
Securiteam, May 22, 2005
Ubuntu Security Notice, USN-138-1, June 09, 2005
Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005
RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:102, June 16, 2005
Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
There is no exploit code required. |
|
Medium |
Bugtraq, 395703, April 13, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
GNU
cpio 2.6 |
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396429, April 20, 2005
Gentoo Linux Security Advisory, GLSA 200506-16, June 20, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
IPCop:
http://ipcop.org/modules.php?
op=modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=dateD
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch
OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.009-openpkg.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396397, April 20, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Security Focus,13290, May 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNU
shtool 2.0.1 & prior |
A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml
OpenPKG:
ftp://ftp.openpkg.org/
release/2.3
There is no exploit code required. |
|
Medium |
Secunia Advisory, SA15496, May 25, 2005
Gentoo Linux Security Advisory, GLSA 200506-08, June 11, 200
OpenPKG Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005 |
GNU
gzip 1.2.4, 1.3.3 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
There is no exploit code required. |
|
Medium |
Security Focus,
12996,
April 5, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/w/wget/
A Proof of Concept exploit script has been published. |
|
Medium |
Security Tracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005
Ubuntu Security Notice, USN-145-1, June 28, 2005
|
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928, May 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005
RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
Fedora Update Notification,
FEDORA-2005-471, June 27, 2005
|
LibTIFF
LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1 |
A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/
SuSE:
ftp://ftp.suse.com/pub/suse/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005
Ubuntu Security Notice, USN-130-1, May 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Turbolinux Security Advisory, TLSA-2005-72, June 28, 2005 |
Linux Support Services, Inc.
Asterisk 1.0.7, Asterisk CVS HEAD |
A buffer overflow vulnerability has been reported in the manager interface due to insufficient bounds checks, which could let a remote malicious user execute arbitrary code. Note: The manager interface is not enabled by default.
Updates available at:
http://www.asterisk.org/
index.php?menu=download
Currently we are not aware of any exploits for this vulnerability. |
Linux Support Services Asterisk Manager Interface Remote Buffer Overflow |
High |
Security Tracker Alert, 1014268, June 22, 2005 |
Multiple Vendors
FreeBSD 5.4 & prior |
A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.
Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-05:09.htt.asc
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101739-1
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure
CAN-2005-0109
|
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005
SCO Security Advisory, SCOSA-2005.24, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
US-CERT VU#911878
RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005
Sun(sm) Alert Notification, 101739, June 1, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005 |
Multiple Vendors
Gentoo Linux;
Samba Samba 3.0-3.0.7
|
A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation.
Patch available at:
http://us4.samba.org/samba/
ftp/patches/security/samba-
3.0.7-CAN-2004-0930.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-21.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
i386/update/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/samba/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2004-632.html
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SGI:
http://www.sgi.com/
support/security/
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux
/TurboLinux/ia32/
Server/10/updates/
OpenPKG:
http://www.openpkg.org/
security.html
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101783-1
There is no exploit code required. |
Multiple Vendors Samba Remote Wild Card Denial of Service
CAN-2004-0930
|
Low |
Security Focus, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004
Conectiva Linux Security Announce-
ment, CLA-2004:899, November 25, 2004
Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004
Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004
SGI Security Advisory, 20041201-01-P, December 13, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004
SCO Security Advisory, SCOSA-2005.17, March 7, 2005
Sun(sm) Alert Notification, 101783, June 23, 2005 |
Multiple Vendors
Linux kernel 2.6.1-2.6.11, 2.6 test1-test11 |
A vulnerability has been reported because commands sent to a SCSI device can change the driver parameters, which could let a malicious user obtain unauthorized access.
Updates available at:
http://kernel.org/pub/linux/|
kernel/v2.6/testing/
ChangeLog-2.6.12-rc1
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel Unauthorized SCSI Command |
Medium |
Security Focus, 14040, June 23, 2005 |
Multiple Vendors
RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6 |
A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.
Update available at:
http://cvs.tcpdump.org/cgi-bin/
cvsweb/tcpdump/print-bgp.c
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/
A Proof of Concept exploit script has been published. |
|
Low |
Security Tracker Alert, 1014133, June 8, 2005
Fedora Update Notification,
FEDORA-2005-406, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:101, June 15, 2005
Fedora Update Notification,
FEDORA-2005-407, June 16, 2005
Ubuntu Security Notice, USN-141-1, June 21, 2005
Turbolinux Security Advisory, TLSA-2005-69, June 22, 2005 |
Multiple Vendors
Squid Web
Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7 |
A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.
Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
setcookie.patch
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required.
|
Squid Proxy Set-Cookie Headers Information Disclosure
CAN-2005-0626
|
Medium |
Secunia Advisory, SA14451,
March 3, 2005
Ubuntu Security
Notice,
USN-93-1
March 08, 2005
Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005
Conectiva Linux Security Announce-
ment, CLA-2005:948, April 27, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005
RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005
Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 |
Multiple Vendors
Gentoo Linux;
GNU GDB 6.3 |
Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdb/
http://security.ubuntu.com/
ubuntu/pool/main/b/binutils/
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
http://http.trustix.org/pub/
trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005
Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 |
Multiple Vendors
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8 |
Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.
Debian:
http://security.debian.org/pool/
updates/main/g/gdk-pixbuf/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-28.xml
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedoralegacy.org/
redhat/
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101776-1
We are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
Security Tracker Alert ID, 1011285, September 17, 2004
Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004
US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004
Conectiva Linux Security Announce-
ment, CLA-2004:875, October 18, 2004
Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005
Sun(sm) Alert Notification, 101776, June 23, 2005 |
Multiple Vendors
Graphics
Magick Graphics
Magick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2 |
A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick & GraphicsMagick XWD Decoder Remote Denial of Service
CAN-2005-1739
|
Low |
Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005
Ubuntu Security Notice, USN-132-1, May 23, 2005
Fedora Update Notification,
FEDORA-2005-395, May 26, 2005
RedHat Security Advisory, RHSA-2005:480-03, June 2, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:107, June 28, 2005
|
Multiple Vendors
Linux kernel 2.2.x, 2.4.x, 2.6.x |
A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.
Update available at:
http://kernel.org/
Trustix:
http://www.trustix.org/
errata/2005/0022/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/T
urboLinux/
An exploit script has been published. |
|
High |
Secunia Advisory, SA15341, May 12, 2005
Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005 |
Multiple Vendors
Linux kernel 2.6 prior to 2.6.12.1
|
A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.
Updates available at:
http://www.kernel.org/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Tracker Alert ID: 1014275, June 23, 2005 |
Multiple Vendors
Linux kernel 2.6 prior to 2.6.12.1 |
A Denial of Service vulnerability has been reported in the subthread exec signal processing that has a timer pending.
Updates available at:
http://www.kernel.org/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Tracker Alert ID: 1014274, June 23, 2005 |
Multiple Vendors
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 |
A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE7-
fakeauth_auth.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-25.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/
errata/2005/0003/
Astaro:
http://www.astaro.org/
showflat.php?Cat=&Number=
56136&page=0&view=collapsed
&sb=5&o=&fpart=1#56136
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
Squid NTLM fakeauth_auth Helper Remote Denial of Service
CAN-2005-0096
|
Low |
Secunia Advisory,
SA13789, January 11, 2005
Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Conectiva Linux Security Announce-
ment, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:006, February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005
Security Focus, 12324, March 7, 2005
Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1 |
A vulnerability has been reported when handling upstream HTTP agents, which could let a remote malicious user poison the web proxy cache.
Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required. |
|
Medium |
Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23, 2005
Fedora Update Notification,
FEDORA-2005-373, May 17, 2005
Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 |
OpenSSL Project
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssl/
Debian:
http://www.debian.org/
security/2004/dsa-603
Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:147
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
There is no exploit code required. |
OpenSSL
Insecure Temporary File Creation
CAN-2004-0975 |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004
Ubuntu Security Notice, USN-24-1, November 11, 2004
Debian Security Advisory
DSA-603-1, December 1, 2004
Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004
Turbolinux Security Announce-
ment, 20050131, January 31, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005 |
Postgre
SQL
PostgreSQL 7.3 through 8.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.'
Fix available at:
http://www.postgresql.org/
about/news.315
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-12.xml
Trustix:
http://www.trustix.org/
errata/2005/0023/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-433.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Security Tracker Alert, 1013868, May 3, 2005
Ubuntu Security Notice, USN-118-1, May 04, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005
Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005
Turbolinux Security Advisory , TLSA-2005-62, June 1, 2005
RedHat Security Advisory, RHSA-2005:433-17, June 1, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005 |
Raxnet
Cacti 0.x |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.cacti.net/
download_cacti.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-20.xml
An exploit script has been published. |
|
High |
Secunia Advisory: SA15490, June 23, 2005
Gentoo Linux Security Advisory, GLSA 200506-20, June 22, 2005 |
RedHat
sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64 |
A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.
Updates available at:
http://rhn.redhat.com/
errata/RHSA-2005-502.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
There is no exploit code required. |
RedHat Linux SysReport Proxy Information Disclosure
CAN-2005-1760
|
Medium |
RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
Sendmail Consortium
Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11 |
A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Low |
Security Focus, 14047, June 23 |
Sun Micro-systems, Inc.
Solaris 10.0 |
Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Proofs of Concept exploit scripts have been published. |
|
High |
Security Focus, 14049, June 24, 2005 |
Sun Micro-systems, Inc.
Solaris 10.0, 9.0 _x86, 9.0
|
A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges
CAN-2005-2072
|
High |
Security Focus, 14074, June 28, 2005 |
Todd Miller
Sudo 1.6-1.6.8, 1.5.6-1.5.9 |
A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz
OpenBSD:
http://www.openbsd.org/
errata.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Mandriva:
http://www.mandriva.com/
security/advisories
OpenPKG:
ftp://ftp.openpkg.org/release/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required. |
|
High |
Security Focus, 13993, June 20, 2005
Ubuntu Security Notice, USN-142-1, June 21, 2005
Fedora Update Notifications,
FEDORA-2005-472 & 473, June 21, 2005
Slackware Security Advisory, SSA:2005-172-01, June 22, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:103, June 22, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.012, June 23, 2005
Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:036, June 24, 2005
Turbolinux Security Advisory, TLSA-2005-73, June 28, 2005 |
Vipul
Razor-agents prior to 2.72 |
Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.
Updates available at:
http://prdownloads.sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Security Focus, Bugtraq ID 13984, June 17, 2005
Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
xmlsoft.org
Libxml2 2.6.12-2.6.14 |
Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the 'xmlNanoFTPScanProxy()' function in 'nanoftp.c,' w | |
| |
