 |
Summary of Security Items from August 10 through August 16, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
DVBBS 7.1, 7.1SP2
|
Multiple input validation vulnerabilities have been reported in DVBBS that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published. |
DVBBS Cross Site Scripting
CAN-2005-2588 |
Medium |
Security Tracker, Alert ID: 1014632, August 8, 2005 |
McAfee
ePolicy Orchestrator 3.5 |
An vulnerability has been reported in ePolicy Orchestrator that could let local malicious users disclose information and obtain elevated privileges.
No workaround or patch available at time of publishing.
An exploit script has been published. |
ePolicy Information Disclosure and Privilege Elevation
CAN-2005-2554 |
Medium |
Security Focus, ID: 14549, August 11, 2005 |
Microsoft
Plug and Play |
A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-039.mspx
Exploit scripts have been published and worm, "Worm:Win32/Zotob.A", is circulating. |
Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges
CAN-2005-1983 |
High |
Microsoft Security Bulletin MS05-039, August 9, 2005
US-CERT VU#998653
Microsoft Security Advisory, 899588, August 15, 2005 |
Parlando
MindAlign 5.0 |
Multiple vulnerabilities have been reported in MindAlign that could let local or remote malicious users perform a Denial of Service, bypass security, conduct Cross-Site Scripting, or disclose information.
Fix available through vendor: support@parlano.com
Currently we are not aware of any exploits for these vulnerabilities. |
MindAlign Multiple Vulnerabilities
CAN-2005-2590
CAN-2005-2591
CAN-2005-2592
CAN-2005-2593
|
Medium |
NISCC Vulnerability Advisory 356752, August 12, 2005 |
Novell
eDirectory 8.7.3 iMonitor
|
A buffer overflow vulnerability has been reported in eDirectory iMonitor that could let remote malicious users to cause a Denial of Service or execute arbitrary code.
Vendor fix available:
http://support.novell.com/
cgi-bin/search/searchtid.cgi?
/10098568.htm
An exploit script has been published. |
Novell eDirectory Denial of Service or Arbitrary Code Execution
CAN-2005-2551 |
High |
Novell, TID10098568, August 12, 2005
US-CERT VU#213165 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apache
Spam
Assassin 3.0.1, 3.0.2, 3.0.3 |
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.
A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-498.html
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.org/
pool/updates/main/
There is no exploit code required. |
|
Low |
Security Tracker Alert ID: 1014219,
June 16, 2005
Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005
Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200
SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005
RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Apple
Mac OS X Server 10.4-10.4.2, 10.3.9, Mac OS X 1-.4-10.4.2, 10.3.9
|
Multiple security vulnerabilities have been reported: five vulnerabilities were reported ranging from buffer overflows to access validation in Apache; three vulnerabilities were reported in Appkit which could lead to the execution of arbitrary code or local account creation; an authentication bypass vulnerability was reported in Bluetooth; two vulnerabilities were reported in CoreFoundation which could result in a buffer overflow and a Denial of Service; two vulnerabilities were reported in CUPS, which could lead to a remote Denial of Service; three vulnerabilities were reported in Directory Services ranging from a buffer overflow, unauthorized account creation/deletion and and elevated privileges; a vulnerability was reported in Htoolbox that lead to information disclosure; five vulnerabilities were reported in Kerberos that could lead to a buffer overflow, arbitrary code execution and root compromise; a vulnerability was reported in 'loginwindow' which could let a malicious user obtain access to other logged in accounts; a vulnerability has been reported regarding the loss of privacy when remote images are loaded into HTML email; three security vulnerabilities have been reported in MySQL which could lead to remote arbitrary code execution; two vulnerabilities have been reported in OpenSSL which could lead to a Denial of Service; a vulnerability has been reported in ping that could lead to local privilege escalation and arbitrary code execution; a vulnerability has been reported in QuartzComposerScreen
Saver, which could let remote malicious users open pages while the RSS Visualizer screen is locked; two vulnerabilities have been reported in Safari which could lead to remote command execution or have information submitted to an incorrect site; a vulnerability has been reported in SecurityInterface which could lead to sensitive information disclosure; a buffer overflow vulnerability has been reported in 'servermgrd' which ultimately lead to the execution of arbitrary code; a vulnerability has been reported in 'servermgr_ipfilter' regarding firewall settings not always being written to the Active Rules; two vulnerabilities have been reported in SquirrelMail which could lead to Cross-Site Scripting; a vulnerability was reported in 'traceroute' which could lead to remote arbitrary code execution and privilege escalation; a vulnerability was reported in 'WebKit' that could lead to arbitrary code execution regarding a malformed PDF file; multiple Cross-Site Scripting vulnerabilities have been reported in Weblog Server; a vulnerability has been reported in 'X11' that could lead to remote arbitrary code execution; and two Denial of Service vulnerabilities were reported in zlib that potentially could lead to arbitrary code execution.
Patch information available at:
http://docs.info.apple.com/
article.html?artnum=302163
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
|
Apple
Safari Web Browser 1.3 |
A remote Denial of Service vulnerability has been reported when certain JavaScript operations are performed.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Apple Safari Web Browser JavaScript Remote Denial of Service
CAN-2005-2594
|
Low |
Security Focus 14528, August 9, 2005 |
BlueZ
BlueZ 2.18 & prior
|
A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.bluez.org/
redirect.php?url=
http%3A%2F%2F
bluez.sf.net%2F
down load%2F
bluez-libs-2.19.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-09.xml
There is no exploit code required. |
BlueZ Arbitrary Command Execution
CAN-2005-2547
|
High |
Security Focus 14572, August 16, 2005
Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005 |
Centericq
Centericq 4.20 |
A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/
pool/updates/main/c/
centericq/
Debian:
http://security.debian.org/
pool/updates/main/
There is no exploit code required. |
|
Medium |
Security
Focus, 14144,
July 5, 2005
Debian
Security
Advisory,
DSA 754-1,
July 13, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Charlton
crip 3.5 |
A vulnerability has been reported due to the creation of temporary files in an insecure manner, which could let a malicious user overwrite files or cause a Denial of Service.
Debian:
http://security.debian.org
/pool/updates/main/c/crip/
Debian:
http://security.debian.org/
pool/updates/main/
There is no exploit code required. |
Crip Helper Script Insecure Temporary File Creation
CAN-2005-0393
|
Medium |
Debian Security Advisory, DSA 733-1, June 30, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Clam AntiVirus
ClamAV 0.x |
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'cli_scanszdd()' function in 'libclamav/scanners.c' due to a memory and file descriptor leak; and a remote Denial of Service vulnerability was reported in 'libclamav/mspack/mszipd.c' due to insufficient validation of the 'ENSURE_BITS()' macro user-supplied cabinet file header.
Upgrades available at:
http://prdownloads.source
forge.net/clamav/clamav-0.86.1.tar.gz?download
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Debian:
http://security.debian.org/
pool/updates/main/c/clamav/
Debian:
http://security.debian.org/
pool/updates/main/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Security Tracker Alert ID: 1014332, June 29, 2005
Conectiva Linux Announce-
ment, CLSA-2005:973, July 6, 2005
Debian Security Advisory, DSA 737-1, July 6, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Dada Mail
Dada Mail 2.9.2 |
A vulnerability has been reported due to insufficient sanitization of archived messages before displayed, which could let a remote malicious user inject arbitrary script code.
Upgrade available at:
http://prdownloads.
sourceforge.net/
mojomail/dada-2_
10_0-alpha1.tar.
gz? download
There is no exploit code required. |
Dada Mail Archives HTML Injection
CAN-2005-2595 |
Medium |
Secunia Advisory: SA16435, August 16, 2005 |
Eric Raymond
Fetchmail 6.2.5 |
A remote buffer overflow vulnerability has been reported in the POP3 client due to insufficient boundary checks, which could let a malicious user obtain elevated privileges.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Redhat:
http://rhn.redhat.com/errata/
RHSA-2005-640.html
Ubuntu:
http://www.ubuntulinux.org/
support/ documentation/
usn/usn-153-1
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-21.xml
Debian:
http://security.debian.org/
pool/updates/main/
f/fetchmail/
SGI:
ftp://patches.sgi.com/
support/free/
security/advisories/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Fedora Update Notifications,
FEDORA-2005-613 & 614, July 21, 2005
Redhat Security Advisory, RHSA-2005:640-08, July 25, 2005
Ubuntu Security Notice, USN-153-1, July 26, 2005
Gentoo Security Advisory, GLSA 200507-21, July 25, 2005
Debian Security Advisory, DSA 774-1, August 12, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
|
Ettercap
Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2 |
A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.
sourceforge.net/ettercap/
ettercap-NG-0.7.3.
tar.gz?download
Debian:
http://security.debian.org/
pool/updates/main/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory, SA15535, May 31, 2005
US-CERT VU#286468
Debian Security Advisory, DSA 773-1, August 11, 2005 |
FUSE
FUSE 2.x |
A vulnerability has been reported because certain memory is not correctly cleared before returned to users, which could let a malicious user obtain sensitive information.
Update available at:
http://sourceforge.net/project/
showfiles.php?
group_id=121684
Debian:
http://security.debian.org/
pool/updates/main/
A Proof of Concept exploit script has been published. |
|
Medium |
Secunia Advisory, SA15561, June 3, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Gallery
Gallery 1.5 1.4 -1.4.4 -pl5 |
A vulnerability has been reported in 'classes/postnuke0.7.1/user.php' when determining the gallery name due to incorrect use of the global '$name' variable, which could let a remote malicious user bypass security restrictions.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
7130&package_id=
7239&release_id=348064
There is no exploit code required.
|
|
Medium |
Secunia Advisory: SA16389, August 11, 2005 |
GNOME
gEdit 2.0.2, 2.2 .0, 2.10.2 |
A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
Debian:
http://security.debian.org/
pool/updates/main/g/gedit/
Debian:
http://security.debian.org/
pool/updates/main/
An exploit has been published. |
|
High |
Securiteam,
May 22, 2005
Ubuntu Security Notice,
USN-138-1,
June 09, 2005
Gentoo Linux Security Advisory, GLSA 200506-09,
June 11, 2005
RedHat Security Advisory,
RHSA-2005:499-05, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:102,
June 16, 2005
Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005
SGI Security Advisory, 20050603-
01-U, June 23, 2005
Debian Security Advisory,
DSA 753-1,
July 12, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Hewlett Packard Company
Ignite-UX B.3.x, C.6.x
|
Several vulnerabilities have been reported: a vulnerability was reported in 'add_new_client' command, which could let a malicious user obtain access to the file system or cause a Denial of Service; and a vulnerability was reported in the 'make_recovery' command, which could let a malicious user obtain sensitive information.
Patches available at:
http://www.hp.com/
go/softwaredepot
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
HP Security Bulletin,
HPSBUX01219, August 16, 2005 |
High Availability
Linux Project
Heartbeat 1.2.3 |
An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.
Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/
Conectiva:
ftp://atualizacoes.
conectiva.com.br
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-05.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.org/
pool/updates/main/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
h/heartbeat/
There is no exploit code required. |
Heartbeat Arbitrary File Overwrite
CAN-2005-2231 |
Medium |
Secunia Advisory: SA16039,
July 12, 2005
Debian Security Advisory,
DSA 761-1,
July 19, 2005
Conectiva Linux Announce-
ment,
CLSA-2005:
991, August 4, 2005
Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:132, August 10, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005
Ubuntu Security Notice, USN-165-1, August 11, 2005
Debian Security Advisory DSA 761-2 , August 15, 2005
|
HT Editor
HT Editor 0.8 |
Several vulnerabilities have been reported: a vulnerability was reported in the Executable and Linking Format (ELF) parser due to a heap overflow, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the Portable Executable (PE) parser due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-08.xml
Debian:
http://security.debian.org/
pool/updates/main/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-08, May 10, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Kadu
Kadu 0.4.0 |
An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service.
Upgrade to version 0.4.1:
http://www.kadu.net/wiki/
index.php/English:
Main_Page
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-26.xml
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/
Debian:
http://security.debian.org/
pool/updates/main/
Currently we are not aware of any exploits for this vulnerability. |
Kadu Denial of Service
CAN-2005-1852 |
Low |
Secunia, Advisory: SA16238, July 27, 2005
Gentoo Security Advisory, GLSA 200507-26, July 27, 2005
Conectiva Linux Announce-
ment, CLSA-2005:989, August 4, 2005
Ubuntu Security Notice,
USN-162-1, August 08, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005
|
Kaspersky Labs
Antivirus for Linux Servers 5.5 -2 |
A vulnerability have been reported in '/var/log/kav/5.5/kav4unix' due to insecure default directory permissions, which could let a malicious user overwrite arbitrary files with privileges of the root user.
Users of affected packages are urged to contact the vendor for further information on obtaining fixes.
There is no exploit code required; however, an exploit script has been published.
|
|
Medium |
Secunia Advisory: SA16425, August 15, 2005 |
KDE
KDE 3.0 - 3.4.2 |
A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.
Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
There is no exploit code required.
|
|
Medium |
KDE Security Advisory, August 15, 2005
Fedora Update Notification,
FEDORA-2005-745, August 15, 2005
|
Mozilla.org
Firefox 1.0 |
A vulnerability exists when a predictable name is issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.
Update available at:
http://www.mozilla.org/
products/firefox/all.html
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml
http://security.gentoo.org/
glsa/glsa-200503-32.xml
FedoraLegacy:
http://download.fedoralegacy.org/\
redhat/
HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133
An exploit has been published.
|
Mozilla Firefox Predictable Plugin Temporary
Directory
CAN-2005-0578
|
|
Mozilla Foundation Security Advisory, 2005-28, February 25, 2005
SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005
Fedora Update Notification,
FEDORA-2005-247
2005-03-23
Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005
Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005
HP Security Bulletin,
HPSBUX01133, August 8, 2005 |
Multiple Vendors
Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1
|
A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-670.html
http://rhn.redhat.com/errata/
RHSA-2005-671.html
http://rhn.redhat.com/errata/
RHSA-2005-708.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xpdf/
KDE:
http://www.kde.org/info/
security/advisory-
20050809-1.txt
Mandriva:
http://www.mandriva.com/
security/advisories
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-08.xml
Currently we are not aware of any exploits for this vulnerability.
|
XPDF Loca Table Verification Remote Denial of Service
CAN-2005-2097
|
Low |
RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005
Ubuntu Security Notice, USN-163-1, August 09, 2005
KDE Security Advisory, 20050809-1, August 9, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 200-5
|
Multiple Vendors
dhcpcd 1.3.22 |
A vulnerability has been reported in dhcpcd that could let a remote user perform a Denial of Service.
Debian:
http://security.debian.org/
pool/updates/main/d/dhcpcd/
Mandriva:
http://www.mandriva.com/
security/advisories
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-16.xml
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/ index.php
?id=a&
anuncio=000983
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-603.html
Debian:
http://security.debian.org/
pool/updates/main/
Currently we are not aware of any exploits for this vulnerability. |
dhcpcd Denial of Service
CAN-2005-1848 |
Low |
Secunia, Advisory: SA15982, July 11, 2005
Debian Security Advisory, DSA 750-1, July 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:117, July 13, 2005
Gentoo Linux Security Advisory, GLSA 200507-16, July 15, 2005
Conectiva, CLSA-2005:983, July 25, 2005
RedHat Security Advisory, RHSA-2005:603-07, July 27, 2005
Debian Security Advisor, DSA 773-1, August 11, 2005 |
Multiple Vendors
Qpopper 4.x; Gentoo Linux |
Several vulnerabilities have been reported: a vulnerability was reported because user supplied config and trace files are processed with elevated privileges, which could let a malicious user create/overwrite arbitrary files; and a vulnerability was reported due to an unspecified error which could let a malicious user create group or world-writable files.
Upgrades available at:
ftp://ftp.qualcomm.com/eudora/
servers/unix/popper/
old/qpopper4.0.5.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-17.xml
Debian:
http://security.debian.org/
pool/updates/main/q/qpopper/
SuSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://security.debian.org/
pool/updates/main/
There is no exploit code required. |
|
Medium |
Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005
Secunia Advisory, SA15475, May 24, 2005
Debian Security Advisories, DSA 728-1 & 728-2, May 25 & 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Debian Security Advisor, DSA 773-1, August 11, 2005 |
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; Easy Software Products CUPS 1.1.19
- 1.1.23 |
A remote Denial of Service vulnerability has been reported when the application fails to do proper bounds checking when handling malformed PDF files.
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-706.html
Currently we are not aware of any exploits for this vulnerability.
|
Easy Software Products CUPS Remote Denial of Service
CAN-2005-2097
|
Low |
RedHat Security Advisory, RHSA-2005:706-04, August 9, 2005 |
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64,
4.1 ppc, ia64, ia32;
Rob Flynn Gaim 1.3.1, 1.3 .0, 1.2.1, 1.2 , 1.1.1 -1.1.4, 1.0-1.0.2; RedHat Enterprise Linux WS 2.1, IA64, ES 2.1, IA64, AS 2.1, IA64, Desktop 4.0, Advanced Workstation for the Itanium Processor 2.1, IA64
|
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to the way away messages are handled, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability has been reported due to an error when handling file transfers.
Updates available at: http://gaim.sourceforge.net/
downloads.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-589.html
http://rhn.redhat.com/errata/
RHSA-2005-627.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-06.xml
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Mandriva:
http://www.mandriva.com/
security/advisories
A Proof of Concept exploit has been published for the buffer overflow vulnerability.
|
|
High |
RedHat Security Advisories, RHSA-2005:589-16 & RHSA-2005:627-11, August 9, 2005
Ubuntu Security Notice, USN-168-1, August 12, 2005
Gentoo Linux Security Advisory, GLSA 200508-06, August 15, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:139, August 16, 2005
|
Multiple Vendors
UbuntuLinux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5
|
Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://ftp.gnome.org/pub/
gnome/sources/evolution/2.3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/evolution/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory: SA16394, August 11, 2005
Ubuntu Security Notice, USN-166-1, August 11, 2005
|
MySQL AB
MySQL 3.x, 4.x
|
Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'
Updates available at:
http://dev.mysql.com/
downloads/mysql/
Debian:
http://security.debian.org/
pool/updates/main/
m/mysql
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Mandrake:
http://www.mandrakesoft.com
/security/advisories
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
m/mysql-dfsg/
SuSE:
ftp://ftp.suse.com/
pub/suse
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101864-1
We are not aware of any exploits for these vulnerabilities. |
|
|
Secunia Advisory, SA12783, October 11, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004
Ubuntu Security Notice, USN-32-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004
Turbolinux Security Announcement, February 17, 2005
Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101864, August 11, 2005 |
MySQL
MySQL 4.x |
A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges.
Update available at:
http://lists.mysql.com/
internals/20600
Ubuntu:
http://www.ubuntulinux.org/
support/documentation/
usn/usn-63-1
Debian:
http://www.debian.org/
security/2005/dsa-647
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200501-33.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
FedoraLegacy:
http://download.
fedoralegacy.
org/fedora/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
OpenPKG:
ftp://ftp.openpkg.org/
release/2.2/
UPD/mysql-
4.0.21-2.2.2.src.rpm
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101864-1
Currently we are not aware of any exploits for this vulnerability. |
MySQL 'mysqlaccess.sh' Unsafe Temporary Files
CAN-2005-0004 |
Medium |
Security Tracker Alert, 1012914, January 17,2005
Ubuntu Security Notice USN-63-1 January 18, 2005
Debian Security Advisory
DSA-647-1 mysql, January 19, 2005
Gentoo GLSA 200501-33, January 23, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005
Conectiva Linux Security Announcement, CLA-2005:947, April 20, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.006, April 20, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101864, August 11, 2005 |
Namazu Project
Namazu 2.0.13 and prior |
A vulnerability exists which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Input passed to 'namazu.cgi' isn't properly sanitized before being returned to the user if the query begins from a tab ('%09'). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
Update to version 2.0.14:
http://namazu.org/#download
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.org/
pool/updates
/main/n/namazu2/
SuSE:
ftp://ftp.suse.com/
pub/suse/
HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBMA01212&
locale=en_US
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Namazu Security Advisory, December 15, 2004
Debian Security Advisory, DSA 627-1, January 6, 2005
SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005
HP Security Bulletin, HPSBMA01212, August 9, 2005
|
netpbm
10.0 |
A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-04.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/n/
netpbm-free/
There is no exploit code required. |
netpbm Arbitrary Code Execution
CAN-2005-2471
|
High |
Secunia Advisory: SA16184, July 25, 2005
Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005
Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005
Ubuntu Security Notice, USN-164-1, August 11, 2005
|
Net-SNMP
Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1
|
A remote Denial of Service vulnerability has been reported when handling stream-based protocols.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
12694&package_id =
11571&release_id=338899
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-720.html
Mandriva:
http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
Secunia
Advisory: SA15930,
July 6, 2005
Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005
Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005
RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005 |
Nullsoft
SHOUTcast 1.9.4 |
A format string vulnerability exists that could allow a remote malicious user to execute arbitrary code on the target system. A remote user can supply a specially crafted request to the target server containing format string characters to cause the target service to crash or execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-04.xml
Nullsoft:
http://www.shoutcast.
com/download/
files.phtml
An exploit script has been published. |
|
High |
Security Tracker Alert ID: 1012675, December 24, 2004
Gentoo GLSA 200501-04, January 5, 2005
Security Focus, 12096, February 19, 2005
Security Focus, 12096, August 14, 2005
|
RedHat
sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64 |
A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.
Updates available at:
http://rhn.redhat.com/
errata/RHSA-
2005-502.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-598.html
There is no exploit code required. |
RedHat Linux SysReport Proxy Information Disclosure
CAN-2005-1760
|
Medium |
RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
RedHat Security Advisory, RHSA-2005:598-04, August 9, 2005 |
Rob Flynn
Gaim prior to 1.3.1 |
Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message.
Updates available at:
http://gaim.sourceforge.net
/downloads.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-11.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-518.html
Debian:
http://security.debian.org/
pool/updates/main/g/gaim/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Debian:
http://security.debian.org/
pool/updates/main/
There is no exploit code required. |
|
Low |
Secunia Advisory, SA15648,
June 10, 2005
Ubuntu Security Notice USN-139-1, June 10, 2005
Gentoo Linux Security Advisory, GLSA 200506-
11, June 12, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:099,
June 14, 2005
Fedora Update Notifications,
FEDORA-2005-410, & 411,
June 17, 2005
RedHat Security Advisory, RHSA-2005:518-03,
June 16, 2005
Debian Security Advisory,
DSA 734-1,
July 5, 2005
SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Royal Institute of Technology
Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f |
Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
ftp://ftp.pdc.kth.se/
pub/heimdal/src/
heimdal-0.6.5.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-24.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Debian:
http://security.debian.org/
pool/updates/main/
h/heimdal/
Debian:
http://security.debian.
org/pool/updates/main/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory, SA15718,
June 20, 2005
Gentoo Linux Security Advisory, GLSA 200506-
24, June 29, 2005
SUSE Security Announcement, SUSE-SA:2005:040,
July 6, 2005
Debian Security Advisory,
DSA 758-1,
July 18, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Sendmail Consortium
Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11 |
A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Debian:
http://security.debian.org/
pool/updates/main/
c/clamav/
Debian:
http://security.debian.
org/pool/updates/main/
There is no exploit code required. |
|
Low |
Security Focus, 14047, June 23
SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005
Debian Security Advisory, DSA 737-1, July 6, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Todd Miller
Sudo 1.6-1.6.8, 1.5.6-1.5.9 |
A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz
OpenBSD:
http://www.openbsd.org/
errata.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Mandriva:
http://www.mandriva.com/
security/advisories
OpenPKG:
ftp://ftp.openpkg.org/
release/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-535.html
Debian:
http://security.debian.org/
pool/updates/main/s/sudo/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Debian:
http://security.debian.org/
pool/updates/main/s/sudo/
OpenBSD:
http://www.openbsd.org/
errata.html
SGI:
http://www.sgi.com/
support/security/
Debian:
http://security.debian.
org/pool/updates/main/
There is no exploit code required. |
|
High |
Security Focus, 13993, June 20, 2005
Ubuntu Security Notice, USN-142-1, June 21, 2005
Fedora Update Notifications,
FEDORA-2005-
472 & 473,
June 21, 2005
Slackware
Security Advisory, SSA:2005-172-01, June 22, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
103, June 22,
2005
OpenPKG
Security Advisory, OpenPKG-SA-2005.012,
June 23, 2005
Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0030, June 24, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:036,
June 24, 2005
Turbolinux
Security Advisory,
TLSA-2005-73, June 28, 2005
RedHat Security Advisory,
RHSA-2005:
535-06,
June 29, 2005
Debian Security Advisory, 735-1, July 1, 2005
Conectiva
Linux Announce-ment, CLSA-2005:976,
July 6, 2005
Debian Security Advisory,
DSA 735-2,
July 8, 2005
SGI Security Advisory, 20050702-01-U, July 12, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
University of Minnesota
gopherd 3.0.9, 3.0.7, 3.0.3 |
A vulnerability has been reported in 'gopher.c' due to the failure to verify a file's existence before writing to it, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/
pool/updates/main/g/gopher
Debian:
http://security.debian.org/
pool/updates/main/
There is no exploit code required. |
Gopher Insecure Temporary File Creation
CAN-2005-1853 |
Medium |
Debian Security Advisory, DSA 770-1, July 29, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Vipul
Razor-agents prior to 2.72 |
Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.
Updates available at:
http://prdownloads.
sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Debian:
http://security.debian.org/
pool/updates/main/r/razor/
Debian:
http://security.debian.
org/pool/updates/main/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Security Focus, Bugtraq ID 13984, June 17, 2005
Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0030, June 24, 2005
Debian Security Advisory, DSA 738-1, July 5,2 005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Wojtek Kaniewski
ekg 2005-
06-05 22:03 |
A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/
pool/updates/main/e/ekg/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/
Debian:
http://security.debian.
org/pool/updates/main/
There is no exploit code required. |
Wojtek Kaniewski
EKG Insecure
Temporary File
Creation
CAN-2005-1916
|
Medium |
Secunia Advisory: SA15889,
July 5, 2005
Debian Security Advisory,
DSA 760-1,
July 18, 2005
Ubuntu Security Notice, USN-162-1, August 08, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
Wojtek Kaniewski
Ekspery-mentalny
Klient Gadu-Gadu (ekg) 2005-04-11 |
Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.
Debian:
http://security.debian.org/
pool/updates/main/e/ekg/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/
Debian:
http://security.debian.
org/pool/updates/main/
There is no exploit code required. |
|
Medium |
Debian Security Advisory,
DSA 760-1,
July 18, 2005
Ubuntu Security Notice, USN-162-1, August 08, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005
|
Yukihiro Matsumoto
Ruby 1.8.2 |
A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/
Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml
Mandriva:
http://www.mandriva.
com/security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-543.html
Debian:
http://security.debian.
org/pool/updates/main/
Currently we are not aware of any exploits for this vulnerability. |
Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution
CAN-2005-1992
|
High |
Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005
Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005
Debian Security Advisory, DSA 748-1, July 11, 2005
Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005
RedHat Security Advisory, RHSA-2005:
543-08, August 5, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat 5.1-7.0.2
, Acrobat Reader 5.1-7.0.2
|
A buffer overflow vulnerability has been reported in the core application plug-in due to an unspecified boundary error, which could let a remote malicious user execute arbitrary code.
Update information available at:
http://www.adobe.com/
support/techdocs/
321644.html
There is no exploit code required. |
Adobe Acrobat / Reader Plug-in Buffer Overflow
CAN-2005-2470 |
High |
Adobe Security Advisory, August 16, 2005
US-CERT VU#896220 |
America OnLine
AOL Client Software 9.0 |
A vulnerability has been reported due to a failure to secure the installation path from modifications, which could let a malicious user execute arbitrary code with SYSTEM privileges.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
|
High |
Security Focus, 14530, August 9, 2005 |
BONA Computech Co. Ltd.
ADSL-FR4II
|
Multiple vulnerabilities have been reported: a vulnerability was reported because an undocumented open port on 5678/tcp allows web management access; a Denial of Service vulnerability was reported when port scanning all ports; and a vulnerability was reported in the backup configuration file because the administrative password is in clear text.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
|
Medium |
Secunia Advisory: SA16445, August 15, 2005 |
Clam AntiVirus
ClamAV 0.x |
A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.
Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml
Trustix:
http://http.trustix.org/pub/
trustix/updates/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Debian:
http://security.
debian.org/pool/
updates/main/c/clamav/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.
debian.org/pool/
updates/main/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia
Advisory, SA15811,
June 24, 2005
Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005
Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005
SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005
Debian Security Advisory, DSA 737-1, July 6, 2005
Conectiva Linux Announcement, CLSA-2005:973, July 6, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:113, July 12, 2005
Debian Security Advisory, DSA 773-1, August 11, 2005 |
CPAINT
CPAINT 1.3 |
A vulnerability has been reported due to an unspecified error, which could let a remote malicious user execute arbitrary ASP/PHP commands or obtain sensitive information.
Upgrade available at:
http://prdownloads.
sourceforge.net/cpaint/
cpaint-v1.3-SP.
tar.gz?download
There is no exploit code required. |
CPaint Arbitrary Command Execution & Information Disclosure
CAN-2005-2613
|
High |
Security Focus, 14565, August 15, 2005 |
Discuz!
Discuz! 4.0 rc4 & prior |
A vulnerability has been reported due to insufficient validation of user-supplied filenames on uploaded files, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
High |
STG Security Advisory: [SSA-20050812-27, August 15, 2005 |
Dokeos
Open Source Learning & Knowledge Management Tool 1.6 RC, 1.5.3-1.5.5, 1.5 , 1.4 |
Multiple Directory Traversal vulnerabilities have been reported: a vulnerability was reported in '/claroline/scorm/
scormdocument.php' due to insufficient sanitization of the 'delete' parameter before used to delete directories, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in '/claroline/document/
document.php' due to insufficient sanitization of the 'move_file' and 'move_to' parameters before used to move files, which could let a remote malicious user obtain sensitive information; and a vulnerability has been reported in 'claroline/scorm/
showinframes.php' and '/claroline/scorm/
contents.php' because generated error messages can be used to determine the existence of a file.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Secunia Advisory: SA16407, August 15, 2005 |
EMC Software
NetWorker 6.x, 7.1.3, 7.2; Sun StorEdge Enterprise Backup Software 7.0-7.2, Solstice Backup Software 6.0, 6.1
|
Several vulnerabilities have been reported: a vulnerability was been reported in 'AUTH_UNIX' due to weak authentication, which could let a remote malicious user execute arbitrary commands, view/modify configuration, cause a Denial of Service, or obtain sensitive information; a vulnerability was reported due to insufficient authentication of tokens, which could let a remote malicious user execute arbitrary commands as ROOT; and a vulnerability was reported in the Legato PortMapper because any host can call 'pmap_set' and 'pmap_unset,' which could let a remote malicious user cause a Denial of Service or eavesdrop on NetWorker process communications.
Patch information available at:
http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
authentication.htm
http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
token_authentication.htm
http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
port_mapper.htm
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101886-1
There is no exploit code required.
|
EMC Legato NetWorker Multiple Vulnerabilities
CAN-2005-0357
CAN-2005-0358
CAN-2005-0359 |
High |
US-CERT VU#606857
US-CERT VU#407641
US-CERT VU#801089
Sun(sm) Alert Notification
Sun Alert ID: 101886, August 17, 2005 |
EQdkp
< | |
| |
