 |
Summary of Security Items from August 17 through August 23, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
| ACNews |
A vulnerability has been reported in ACNews that could let remote malicious users disclose sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
ACNews Information Disclosure
CAN-2005-2677
|
Medium |
Security Tracker, Alert ID: 1014749, August 22, 2005 |
Cisco
CiscoWorks Monitoring Center for Security 1.2 to 2.1
CiscoWorks Management Center for IDS Sensors 2.0, 2.1 |
A vulnerability has been reported in CiscoWorks Monitoring Center for Security and CiscoWorks Management Center for IDS Sensors that could let local malicious users spoof or disclose information.
Vendor patch available:
http://www.cisco.com/
pcgi-bin/tablebuild.pl/
mgmt-ctr-ids-app
Currently we are not aware of any exploits for these vulnerabilities. |
CiscoWorks Information Spoofing or Disclosure |
Medium |
Cisco Security Advisory, ID: 66142, August 22, 2005 |
Ivory.org
Whisper 32 1.16 |
A vulnerability has been reported in Whisper 32 that could let local malicious users disclose password information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Whisper 32 Password Disclosure
CAN-2005-2664
|
Medium |
Security Tracker, Alert ID: 1014730, August 18, 2005 |
Microsoft
Internet Explorer 5.5, 6 |
A vulnerability has been reported in Internet Explorer ('msdds.dll' COM Object) that could let remote malicious users execute arbitrary code.
Vendor workarounds available:
http://www.microsoft.com/
technet/security/
advisory/906267.mspx
An exploit script has been published. |
|
High |
Microsoft Security Advisory 906267, August 18, 2005
US-CERT VU#740372
|
Microsoft
Plug and Play |
A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-039.mspx
Vendor has provided additional information:
http://www.microsoft.com/
technet/security/
advisory/906574.mspx
Exploit scripts have been published and worm, "Worm:Win32/Zotob.A", is circulating.
|
Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges
CAN-2005-1983 |
High |
Microsoft Security Bulletin MS05-039, August 9, 2005
US-CERT VU#998653
Microsoft Security Advisory, 899588, August 15, 2005
Microsoft Security Advisory, 906574, August 23, 3005
|
Moneymaker Gaming
Chris Moneymaker's World Poker Championship V1.0 |
A buffer overflow vulnerability has been reported in Chris Moneymaker's World Poker Championship that could let remote malicious users execute arbitrary code.
Vendor will not be creating a bugfix for this issue.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
Chris Moneymaker's World Poker Championship Arbitrary Code Execution
CAN-2005-2639
|
High |
Security Tracker, Alert ID: 1014738, August 19, 2005 |
Nortel
VPN Client 4.86_033, 4.91_021, 5.01_030 |
A vulnerability has been reported in VPN Client that could let local malicious users obtain elevated privileges.
Contact vendor for upgrade to version 5.01_103.
There is no exploit code required. |
Nortel VPN Client Privilege Elevation
CAN-2005-2579
|
Medium |
Nortel Security Advisory 2005006143 V2, August 18, 2005 |
Sysinternals
Process Explorer 9.23 |
A buffer overflow vulnerability has been reported in Process Explorer that could let remote malicious users execute arbitrary code.
Update available at:
http://www.sysinternals.com/
Utilities/ProcessExplorer.html
There is no exploit code required; however, Proof of Concept exploits have been published. |
Process Explorer Arbitrary Code Execution
CAN-2005-2679
|
High |
Security Tracker Alert ID: 1014742, August 19, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Adobe Version Cue 1.0.1, 1.0 |
A vulnerability has been reported due to insecure file permissions on internal Version Cue application files, which could let a malicious user obtain elevated privileges.
Patches available at:
http://www.adobe.com/
support/downloads/
detail.jsp?ftpID=2985
Currently we are not aware of any exploits for this vulnerability. |
Adobe Version Cue for Mac OS X Elevated Privileges
CAN-2005-1842
CAN-2005-1843
|
Medium |
Security Focus, Bugtraq ID: 14638, August 23, 2005 |
Apple
MacOS X 10.3.9, 10.4.2 |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in AppKit, which could let a remote malicious user execute arbitrary code via a crafted Rich Text Format (RTF) file; a buffer overflow vulnerability was reported in AppKit, which could let a remote malicious user execute arbitrary code via a crafted Microsoft Word file; a buffer overflow vulnerability has been reported in the Directory Service's authentication process, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in Safari when rendering Rich Text Format (RTF) files, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in 'servermgrd,' which could let a remote malicious user execute arbitrary code during authentication; and a vulnerability was reported in Safari WebKit when directly accessing URLs that are in PDF files without normal security checks, which could let a remote malicious user execute arbitrary code;
Update information available at:
http://docs.info.apple.com/
article.html?artnum=302163
Currently we are not aware of any exploits for these vulnerabilities. |
Apple Mac OS X Multiple Arbitrary Code Execution Vulnerabilities
CAN-2005-2501
CAN-2005-2502
CAN-2005-2507
CAN-2005-2516
CAN-2005-2518
CAN-2005-2522 |
High |
Apple Security Update 2005-007,
APPLE-SA-2005-08-15,
US-CERT VU#172948
US-CERT VU#435188
US-CERT VU#913820
US-CERT VU#709220
US-CERT VU#461412
US-CERT VU#420316 |
BlueZ
BlueZ 2.18 & prior
|
A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.bluez.org/
redirect.php?url=
http%3A%2F%2F
bluez.sf.net%2F
down load%2F
bluez-libs-2.19.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-09.xml
Debian:
http://security.debian.org/
pool/updates/contrib/
b/bluez-utils/
There is no exploit code required. |
BlueZ Arbitrary Command Execution
CAN-2005-2547
|
High |
Security Focus 14572, August 16, 2005
Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005
Debian Security Advisory, DSA 782-1, August 23, 2005 |
Clam
AntiVirus
0.86.1 |
Multiple vulnerabilities have been reported in Clam AntiVirus that could let remote malicious users cause a Denial of Service.
Upgrade to version 0.86.2:
http://www.clamav.net/
stable.php#pagestart
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Mandriva:
http://www.mandriva.com/
security/advisories?name=
MDKSA-2005:125
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-25.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.org/
pool/updates/main
/c/clamav/
Currently we are not aware of any exploits for these vulnerabilities. |
Clam AntiVirus Multiple Vulnerabilities
CAN-2005-2450
|
Low |
Secunia, Advisory: SA16180, July 25, 2005
Gentoo Linux Security Advisory GLSA 200507-25, July 26, 2005
Mandriva Security Advisory, MDKSA-2005:125, July 27, 2005
SUSE Security Summary Report, SUSE-SR:2005:018, July 28, 2005
Conectiva Linux Announce-
ment, CLSA-2005:987, July 29, 2005
Debian Security Advisory, DSA 776-1, August 16, 2005 |
Elm Development Group
ELM 2.5.5-2.5.7
|
A buffer overflow vulnerability has been reported due to insufficient parsing of SMTP 'Expires' header lines, which could let a remote malicious user execute arbitrary code.
Update to Elm 2.5 PL8 available at:
ftp://ftp.virginia.edu
/pub/elm/
An exploit script has been published. |
|
High |
Security Tracker Alert ID: 1014745, August 20, 2005 |
Eric Raymond
Fetchmail 6.2.5 |
A remote buffer overflow vulnerability has been reported in the POP3 client due to insufficient boundary checks, which could let a malicious user obtain elevated privileges.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Redhat:
http://rhn.redhat.com/
errata/RHSA-2005-
640.html
Ubuntu:
http://www.ubuntulinux.org/
support/ documentation/
usn/usn-153-1
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-21.xml
Debian:
http://security.debian.org/
pool/updates/main/
f/fetchmail/
SGI:
ftp://patches.sgi.com/
support/free/
security/advisories/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Fedora Update Notifications,
FEDORA-2005-613 & 614, July 21, 2005
Redhat Security Advisory, RHSA-2005:640-08, July 25, 2005
Ubuntu Security Notice, USN-153-1, July 26, 2005
Gentoo Security Advisory, GLSA 200507-21, July 25, 2005
Debian Security Advisory, DSA 774-1, August 12, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Turbolinux Security Advisory, TLSA-2005-84, August 18, 2005
|
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Mandriva:
http://www.mandriva.com/
security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-378.html
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.32
There is no exploit code required. |
|
Medium |
Bugtraq, 395703,
April 13, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005
Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005
RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SCO Security Advisory, SCOSA-2005.32, August 18, 2005 |
GNU
cpio 2.6 |
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Mandriva:
http://www.mandriva.com/
security/advisories
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.32
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq,
396429, April 20, 2005
Gentoo Linux Security Advisory, GLSA
200506-16, June 20, 2005
Trustix Secure
Linux Security Advisory, TSLSA-2005-
0030, June 24, 2005
Mandriva Linux Security Update Advisory, MDKSA2005:
116, July 12, 2005
SCO Security Advisory, SCOSA-2005.32, August 18, 2005 |
GNU
shtool 2.0.1 & prior |
A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml
OpenPKG:
ftp://ftp.openpkg.org/
release/2.3
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-564.html
Trustix:
http://http.trustix.org/
pub/trustix/updates/
SGI:
http://www.sgi.com/
support/security/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
There is no exploit code required. |
|
Medium |
Secunia Advisory, SA15496,
May 25, 2005
Gentoo Linux Security Advisory, GLSA 200506
-08, June 11, 200
OpenPKG
Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005
SGI Security Advisory, 20050703-01-U, July 15, 2005
Ubuntu Security Notice, USN-171-1, August 20, 2005
|
HAURI Inc.
ViRobot Linux Server 2.0, ViRobot Expert 4.0 , ViRobot Advanced Server,
Hauri LiveCall |
Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of filenames in compressed archives before extracting into a temporary directory, which could let a remote malicious user write files to arbitrary directories on the target system; and a buffer overflow vulnerability
was reported in the ACE archive decompression library (vrAZace.dll) due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.globalhauri.com/
html/download/down
_unixpatch.html
There is no exploit code required. |
|
High |
Security Tracker Alert ID: 1014740, August 20, 2005 |
KDE
KDE 3.0 - 3.4.2 |
A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.
Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
There is no exploit code required.
|
|
Medium |
KDE Security Advisory, August 15, 2005
Fedora Update Notification,
FEDORA-2005-745, August 15, 2005
Fedora Update Notifications,
FEDORA-2005-744 & 745, August 16, 2005
|
lm_sensors
lm_sensors 2.9.1
|
A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
l/lm-sensors/
There is no exploit code required. |
LM_sensors PWMConfig Insecure Temporary File Creation
CAN-2005-2672
|
Low |
Security Focus, Bugtraq ID: 14624, August 22, 2005
Ubuntu Security Notice, USN-172-1, August 23, 2005
|
MediaWiki
MediaWiki 1.4.5 |
A vulnerability has been reported in MediaWiki that could let remote malicious users perform Cross-Site Scripting attacks.
Update to version 1.4.6:
http://sourceforge.net/
project/showfiles.php
?group_id=34373
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required. |
MediaWiki Cross Site Scripting
CAN-2005-2215 |
Medium |
Security Focus, 14181, July 7, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005 |
Mike Kershaw
Kismet 2005-07-R1
|
Multiple vulnerabilities have been reported: an integer underflow vulnerability was reported when handling pcap files; a vulnerability was reported due to an unspecified error when handling non-printable characters in SSID; and a integer underflow vulnerability was reported in the data frame dissection, which could possibly lead to the execution of arbitrary code.
Upgrade available at:
http://www.kismetwireless.
net/code/kismet-
2005-08-R1.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-10.xml
Currently we are not aware of any exploits for these vulnerabilities.
|
Kismet Multiple Remote Vulnerabilities
CAN-2005-2626
CAN-2005-2627 |
High |
Security Focus, Bugtraq ID 14430, August 16, 2005
Gentoo Linux Security Advisory, GLSA 200508-10, August 19, 2005 |
Multiple Vendors
Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1
|
A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
670.html
http://rhn.redhat.com/
errata/RHSA-
2005-671.html
http://rhn.redhat.com/
errata/RHSA-
2005-708.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xpdf/
KDE:
http://www.kde.org/info/
security/advisory-
20050809-1.txt
Mandriva:
http://www.mandriva.com/
security/advisories
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-08.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.
org/pool/updates/
main/
k/kdegraphics/
Currently we are not aware of any exploits for this vulnerability.
|
XPDF Loca Table Verification Remote Denial of Service
CAN-2005-2097
|
Low |
RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005
Ubuntu Security Notice, USN-163-1, August 09, 2005
KDE Security Advisory, 20050809-1, August 9, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 2005
Fedora Update Notifications,
FEDORA-2005-729, 730, 732, & 733, August 15 & 17, 2005
Debian Security Advisory, DSA 780-1, August 22, 2005
|
Multiple Vendors
SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12 |
A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.
Patches available at:
http://www.kernel.org/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/l/
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel XFRM Array Index Buffer Overflow
CAN-2005-2456 |
High |
Security Focus, 14477, August 5, 2005
Ubuntu Security Notice, USN-169-1, August 19, 2005 |
Multiple Vendors
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3 , 0.1-0.1.6 1, 0.0.1-0.0.6
|
A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.
Debian:
ftp://security.debian.org
/pool/updates/
main/z/zlib/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:16/zlib.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-05.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/
Mandriva:
http://www.mandriva.com/
security/advisories
OpenBSD:
http://www.openbsd.org/
errata.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
569.html
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/Server/10
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
zsync:
http://prdownloads.
sourceforge.net/zsync/
zsync-0.4.1.tar.gz?
download
Apple:
http://docs.info.apple.com/
article.html?artnum=302163
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory
DSA 740-1,
July 6, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005
Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005
SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005
Ubuntu Security Notice,
USN-148-1, July 06, 2005
RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005
Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005
OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005
Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005
Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005
Fedora Update Notification, FEDORA-2005-565, July 13, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 14162, July 21, 2005
USCERT Vulnerability Note VU#680620, July 22, 2005
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
|
Multiple Vendors
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha
|
A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.
Zlib:
http://www.zlib.net/
zlib-1.2.3.tar.gz
Debian:
http://security.debian.org/
pool/updates/main/z/zlib/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/
OpenBSD:
http://www.openbsd.org/
errata.html#libz2
Mandriva:
http://www.mandriva.com/
security/ advisories?name=
MDKSA-2005:124
Fedora:
http://download.fedora.
redhat.com/ pub/fedora
/linux/core/updates/
Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security&y=
2005&m=slackware-
security.323596
FreeBSD:
ftp://ftp.freebsd.org/
pub/FreeBSD/CERT/
advisories/FreeBSD
-SA-05:18.zlib.asc
SUSE:
http://lists.suse.com/
archive/suse-security-
announce/2005-
Jul/0007.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-28.xml
http://security.gentoo.org/
glsa/glsa-200508-01.xml
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Apple:
http://docs.info.apple.com/
article.html?artnum=
302163
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Server/10/updates/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service
CAN-2005-1849
|
Low |
Security Focus, Bugtraq ID 14340, July 21, 2005
Debian Security Advisory DSA 763-1, July 21, 2005
Ubuntu Security Notice, USN-151-1, July 21, 2005
OpenBSD, Release Errata 3.7, July 21, 2005
Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005
Secunia, Advisory: SA16195, July 25, 2005
Slackware Security Advisory, SSA:2005-
203-03, July 22, 2005
FreeBSD Security Advisory, SA-05:18, July 27, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005
Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005
Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005
Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005
Turbolinux Security Advisory , TLSA-2005-83, August 18, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
|
Multiple Vendors
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1 |
A remote Denial of Service vulnerability exists during the decompression process due to a failure to handle malformed input.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200408-26.xml
FileZilla:
http://sourceforge.net/
project/showfiles.
php?group_id=21558
OpenBSD:
ftp://ftp.openbsd.org/
pub/OpenBSD/patches/
3.5/common/017_libz.patch
OpenPKG:
ftp ftp.openpkg.org
Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/
SuSE:
ftp://ftp.suse.com
/pub/suse/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2004.17
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/1/updates/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
We are not aware of any exploits for this vulnerability.
|
|
Low |
Security Focus, August 25, 2004
SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004
Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004
US-CERT VU#238678, October 1, 2004
SCO Security Advisory, SCOSA-2004.17, October 19, 2004
Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004
Fedora Update Notification,
FEDORA-2005-095, January 28, 2005
Fedora Legacy Update Advisory, FLSA:2043, February 24, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005 |
Multiple Vendors
Linux Kernel
2.6 up to & including
2.6.12-rc4 |
Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong function is called before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler
(pktcdvd.c) because the wrong function is called before passing an ioctl to the block device, which could let a malicious user execute arbitrary code.
Update available at:
http://kernel.org/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Mandriva:
http://www.mandriva.com/
security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
A Proof of Concept Denial of Service exploit script has been published. |
|
High |
Secunia Advisory, SA15392, May 17, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:110, July 1, 2005
RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005
Conectiva Linux Announcement, CLSA-2005:999, August 17, 2005 |
Multiple Vendors
Linux kernel 2.2.x, 2.4.x, 2.6.x |
A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.
Update available at:
http://kernel.org/
Trustix:
http://www.trustix.org/
errata/2005/0022/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-472.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
SUSE:
ftp://ftp.suse.com
/pub/suse/
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/T
urboLinux/
Mandriva:
http://www.mandriva.com/
security/advisories
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
An exploit script has been published. |
|
High |
Secunia Advisory, SA15341, May 12, 2005
Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:110 & 111, June 30 & July 1, 3005
Conectiva Linux Announcement, CLSA-2005:999, August 17, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.12 .1 |
A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Ubuntu Security Notice, USN-169-1, August 19, 2005
Security Focus, Bugtraq ID 14609, August 19, 2005 |
Multiple Vendors
Linux kernel
2.6-2.6.12 .1
|
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION
_KEYRING' operation due to an error when attempting to join a key management session.
Patches available at:
http://kernel.org/pub/linux/
kernel/v2.6/snapshots/
patch-2.6.13-rc6-git 1.bz2
Outhunt:
http://security.ubuntu.com/
ubuntu/pool/main/l/
There is no exploit code required. |
|
Low |
Secunia Advisory: SA16355, August 9, 2005
Ubuntu Security Notice, USN-169-1, August 19, 2005 |
Multiple Vendors
ncpfs 2.2.1 - 2.2.4 |
A buffer overflow exists that could lead to local execution of arbitrary code with elevated privileges. The vulnerability is in the handling of the '-T' option in the ncplogin and ncpmap utilities, which are both installed as SUID root by default.
Gentoo: Update to 'net-fs/ncpfs-2.2.5' or later
http://www.gentoo.org
/security/en/glsa/
glsa-200412-09.xml
SUSE: Apply updated packages. Updated packages are available via YaST Online Update or the SUSE FTP site.
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendors ncpfs: ncplogin and ncpmap Buffer Overflow
CAN-2004-1079 |
High |
Gentoo Linux Security Advisory, GLSA 200412-09 / ncpfs, December 15, 2004
Secunia SA13617, December 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005
Fedora Update Notification
FEDORA-2005-435, August 16, 2005 |
Multiple Vendors
Novell Evolution 2.0.2-2.0.4; LibTIFF 3.6.1; sy Software Products CUPS 1.1.12-1.1.23, 1.1.10, 1.1.7, 1.1.6, 1.1.4 -5, 1.1.4-3, 1.1.4 -2, 1.1.4, 1.1.1, 1.0.4 -8, 1.0.4; Ubuntu 4.10, 5.04
|
A remote Denial of Service vulnerability has been reported due to insufficient validation of specific header values.
Libtiff:
http://freshmeat.net/redir/
libtiff/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/
Mandriva:
http://www.mandriva.com/
security/advisories
A Proof of Concept exploit has been published.
|
LibTiff Tiff Image Header Remote Denial of Service
CAN-2005-2452
|
Low |
Security Focus Bugtraq ID 14417, July 29, 2005
Ubuntu Security Notice, USN-156-1, July 29, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:142, August 18, 2005
|
Multiple Vendors
Ubuntu Linux 4.1 ppc, ia64, ia32;
Linux kernel 2.6.8, rc1&rc2 |
A remote Denial of Service vulnerability has been reported when handling UDP packets received by SNMPD due to a NULL pointer dereference.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-169-1, August 19, 2005
|
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1 |
A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel ISO File System Remote Denial of Service
CAN-2005-2457
|
Low |
Ubuntu Security Notice, USN-169-1, August 19, 2005
|
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64,
4.1 ppc, ia64, ia32;
Rob Flynn Gaim 1.3.1, 1.3 .0, 1.2.1, 1.2 , 1.1.1 -1.1.4, 1.0-1.0.2; RedHat Enterprise Linux WS 2.1, IA64, ES 2.1, IA64, AS 2.1, IA64, Desktop 4.0, Advanced Workstation for the Itanium Processor 2.1, IA64
|
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to the way away messages are handled, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability has been reported due to an error when handling file transfers.
Updates available at: http://gaim.sourceforge.net/
downloads.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-589.html
http://rhn.redhat.com/errata/
RHSA-2005-627.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-06.xml
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SUSE:
ftp://ftp.suse.com
/pub/suse/
A Proof of Concept exploit has been published for the buffer overflow vulnerability.
|
|
High |
RedHat Security Advisories, RHSA-2005:589-16 & RHSA-2005:627-11, August 9, 2005
Ubuntu Security Notice, USN-168-1, August 12, 2005
Gentoo Linux Security Advisory, GLSA 200508-06, August 15, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:139, August 16, 2005
Fedora Update Notifications,
FEDORA-2005-750 & 751, August 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
|
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5
|
Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://ftp.gnome.org/pub/
gnome/sources/
evolution/2.3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/evolution/
Mandriva:
http://www.mandriva.com/
security/advisories
SUSE:
ftp://ftp.suse.com
/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-12.xml
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory: SA16394, August 11, 2005
Ubuntu Security Notice, USN-166-1, August 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:141, August 18, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
Gentoo Linux Security Advisory, GLSA 200508-12, August 23, 2005
|
Mutt
Mutt 1.5.10 |
A buffer overflow vulnerability has been reported in 'Handler.c' in the 'mutt_decode_xbit() function,' which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
|
High |
Security Tracker Alert ID: 1014729, August 18, 2005 |
netpbm
10.0 |
A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-04.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/n/
netpbm-free/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SUSE:
ftp://ftp.suse.com
/pub/suse/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
743.html
There is no exploit code required. |
netpbm Arbitrary Code Execution
CAN-2005-2471
|
High |
Secunia Advisory: SA16184, July 25, 2005
Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005
Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005
Ubuntu Security Notice, USN-164-1, August 11, 2005
Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005 |
PCRE
PCRE 6.1, 6.0 , 5.0 |
A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.
Updates available at:
http://www.pcre.org/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/pcre3/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory: SA16502, August 22, 2005
Ubuntu Security Notice, USN-173-1, August 23, 2005
|
Petr Vandrovec
ncpfs prior to 2.2.6 |
Two vulnerabilities exist: a vulnerability exists in 'ncpfs-2.2.0.18/lib/ncplib.c' due to improper access control in the 'ncp_fopen_nwc()' function, which could let a malicious user obtain unauthorized access; and a buffer overflow vulnerability exists in 'ncpfs-2.2.5/sutil/ncplogin.c' due to insufficient validation of the 'opt_set_volume_after_
parsing_all_options()' function, which could let a malicious user execute arbitrary code.
Update available at:
ftp://platan.vc.cvut.cz
/pub/linux/ncpfs/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-44.xml
Debian:
http://www.debian.org/
security/2005/dsa-665
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
SUSE:
ftp://ftp.suse.com
/pub/suse/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-371.html
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
An exploit script has been published. |
|
|
Security Tracker Alert ID: 1013019, January 28, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005
Debian Security Advisory, DSA-665-1, February 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
RedHat Security Advisory, RHSA-2005:371-06, May 17, 2005
Fedora Update Notification
FEDORA-2005-435, August 16, 2005 |
| ProFTPd |
Multiple format string vulnerabilities have been reported in ProFTPd that could let remote malicious users cause a Denial of Service or disclose information.
Upgrade to version 1.3.0rc2:
http://www.proftpd.org/
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200508-02.xml
Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Mandriva:
http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for these vulnerabilities. |
ProFTPD Denial of Service or Information Disclosure
CAN-2005-2390 |
Medium |
Secunia, Advisory: SA16181, July 26, 2005
Gentoo Linux Security Advisory, GLSA 200508-02, August 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Turbolinux Security Advisory, TLSA-2005-82, August 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:140, August 16, 2005 |
Tor
Tor 0.1.0.13 & prior
|
A vulnerability has been reported when performing a Diffie-Hellman handshake due to a failure to reject certain weak keys, which could let a remote malicious user obtain sensitive information.
Update available at:
http://tor.eff.org/
download.html
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Secunia Advisory: SA16424, August 19, 2005 |
| Vim V6.3.082 |
A vulnerability has been reported in Vim that could let remote malicious users execute arbitrary code.
Vendor patch available:
ftp://ftp.vim.org/pub/vim/
patches/6.3/6.3.082
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/v/vim/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Mandriva:
http://www.mandriva.com/
security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-745.html
There is no exploit code required; however, Proof of Concept exploits have been published. |
Vim Arbitrary Code Execution
CAN-2005-2368 |
High |
Security Focus, 14374, July 25, 2005
Ubuntu Security Notice, USN-154-1, July 26, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0038, July 29, 2005
Fedora Update Notifications,
FEDORA-2005-737, 738, & 741, August 10 & 15, 2005
Conectiva Security Advisory, CLSA-2005:995,
Mandriva Linux Security Update Advisory, MDKSA-2005:148, August 22, 2005
RedHat Security, Advisory, RHSA-2005:745-10, August 22, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat 5.x, 6.x, 7.x, Acrobat Reader 5.x, 6.x, 7.x
|
A buffer overflow vulnerability has been reported in the core application plug-in due to an unspecified boundary error, which could let a remote malicious user execute arbitrary code.
Update information available at:
http://www.adobe.com/
support/techdocs/
321644.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-11.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required. |
Adobe Acrobat / Reader Plug-in Buffer Overflow
CAN-2005-2470 |
High |
Adobe Security Advisory, August 16, 2005
US-CERT VU#896220
Gentoo Linux Security Advisory, GLSA 200508-11, August 19, 2005
SUSE Security Announcement, SUSE-SA:2005:047, August 22, 2005 |
| Apache |
A vulnerability has been reported in Apache which can be exploited by remote malicious user to smuggle http requests.
Conectiva:
http://distro.conectiva.com
.br/ atualizacoes/index.php?
id=a&anuncio=000982
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
http://security.ubuntu.com/
ubuntu/pool/main/a/
apache2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
SuSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for these vulnerabilities. |
Apache HTTP Request Smuggling Vulnerability
CAN-2005-1268
CAN-2005-2088 |
Medium |
Secunia, Advisory: SA14530, July 26, 2005
Conectiva, CLSA-2005:982, July 25, 2005
Fedora Update Notification
FEDORA-2005-638 & 639, August 2, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005
Ubuntu Security Notice, USN-160-1, August 04, 2005
Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SUSE Security Announcement, SUSE-SA:2005:046, August 16, 2005
|
ATRC
ATutor 1.5.1 |
A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of the 'course' parameter and in 'search.php' due to insufficient sanitization of the 'words' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
Medium |
Secunia Advisory: SA16496, August 19, 2005 |
BBCaffe
BBCaffe 2.0 |
A Cross-Site Scripting vulnerability has been reported in several scripts due to insufficient filtering of HTML code, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Security Focus, Bugtraq ID 14602, August 18, 2005 |
BEA Systems, Inc.
WebLogic Portal 8.1, SP1-SP4 |
A vulnerability has been reported when enforcing user entitlements, which could let an unauthorized remote malicious user access entitled pages.
Patches available at:
ftp://ftpna.beasys.com/
pub/releases/security/
patch_CR238578_
81SP4.zip
There is no exploit code required.
|
|
Medium |
BEA Security Advisory, BEA05-84.00, August 22, 2005 |
circeOS
SaveWebPortal 3.4 |
Multiple vulnerabilities have been reported: a vulnerability was reported in the '/admin/PhpMyExplorer/
editerfichier.php' script due to insufficient access restrictions, which could let a remote malicious user execute arbitrary PHP scripts; a vulnerability was reported in 'menu_dx.php' due to insufficient verification of the 'SITE_Path' parameter and in 'menu_sx.php' due to insufficient verification of the 'CONTENTS_Dir' parameter before used to include files, which could let a remote malicious user include arbitrary files; a vulnerability was reported in 'footer.php' due to insufficient sanitization of the 'TABLE_Width,' 'SITE_Author_Domain,' 'SITE_Author,' and 'L_info' parameters and in 'header.php,' 'menu_dx.php,' and 'mexu_sx.php' due to insufficient sanitization of multiple parameters, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because it is possible to inject arbitrary HTML and script code via 'HTTP_REFERER' and 'HTTP_USER_AGENT ' HTTP headers.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published.
|
SaveWebPortal Multiple Vulnerabilities |
High |
Secunia Advisory: SA16522, August 23, 2005 |
Cisco Systems
Cisco Clean Access (CCA) 3.5-3.5.3, 3.4-3.4.5, 3.3
- 3.3.9 |
A vulnerability has been reported in the CCA Application Program Interface (API) because authentication is not performed, which could let a remote malicious user bypass security, make configuration changes, or obtain sensitive information.
Patches available at:
http://www.cisco.com/
pcgi-bin/tablebuild.pl/
cca-patches
Currently we are not aware of any exploits for this vulnerability. |
Cisco Clean Access API Access Validation
CAN-2005-2631 |
Medium |
Cisco Security Advisory, 66068, August 17, 2005 |
Cisco Systems
Intrusion Prevention System 5.0 (1) & (2)
|
A vulnerability has been reported in the command line processing (CLI) logic, which could let a local/remote malicious user obtain full administrative privileges.
Updates available at: http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
Currently we are not aware of any exploits for this vulnerability. |
Cisco Intrusion Prevention System Administrative Access
CAN-2005-2681
|
High |
Cisco Security Advisory, cisco-sa-20050824, August 21, 2005 |
Computer Associates
Message Queuing software prior to 1.07 Build 220_13 & 1.11 Build 29_13 |
Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported in the Computer Associates Message Queuing (CAM) service due to an unspecified error when specially crafted packets are submitted to the TCP port; buffer overflow vulnerabilities have been reported due to unspecified boundary errors, which could lead to the execution of arbitrary code; and a vulnerability has been reported due to a failure in the CAM service to verify the legitimacy of the CAFT application, which could let a remote malicious user spoof a legitimate CAFT instance and ultimately execute arbitrary code.
Upgrade information available at:
http://supportconnectw.ca.
com/public/ca_
common_docs/
camsecurity_notice.asp
There is no exploit code required.
|
|
High |
Computer Associates Advisory, August 19, 2005
US-CERT VU#619988 |
Coppermine
Photo Gallery 1.3-1.3.3 , 1.2- 1.2.2 b, 1.1 beta 2, 1.1 .0, 1.0 RC3 |
A vulnerability has been reported in 'Displayimage.php' due to insufficient sanitization of EXIF data, which could let a remote malicious user execute arbitrary script code.
Upgrades available at:
http://prdownloads.
sourceforge.net/
coppermine/cpg1.3.4.zip
There is no exploit code required. |
Coppermine 'Displayimage.
PHP'
Script Injection
CAN-2005-2676 |
Medium |
Security Focus, Bugtraq ID: 14625, August 22, 2005 |
DTLink Software
AreaEdit 0.4.2 , 0.4.1 |
A vulnerability has been reported in 'aspell_setup.php' due to insufficient sanitization of the 'dictionary' variable before used as command line arguments, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://freshmeat.net/redir/
areaedit/58526/url_tgz/
areaedit_0.4.3.tar.g z
There is no exploit code required. |
DTLink Software AreaEdit SpellChecker
Plugin Arbitrary Command Execution
CAN-2005-2682
|
High |
Secunia Advisory: SA16511, August 22, 2005 |
ECW-Shop
ECW-Shop 6.0.2 |
Several vulnerabilities have been discovered: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization 'max' and 'ctg' parameters before returned to users, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported due to insufficient sanitization of the 'min' and 'max' parameters before used in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported because a remote malicious user can modify/reduce the cost of their shopping cart.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploit have been published.
|
ECW Shop
Cross-Site Scripting, SQL Injection & Price Modification
CAN-2005-2621
CAN-2005-2622
CAN-2005-2623 |
Medium |
Secunia Advisory: SA16459, August 17, 2005 |
Emefa Guestbook
Emefa Guestbook 1.2 |
HTML injection vulnerabilities have been reported in 'sign.asp' due to insufficient sanitization of the 'name,' 'location,' and 'email' parameters before stored as a guest book entry, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
|
Medium |
Secunia Advisory: SA16489, August 18, 2005 |
Ethereal
Ethereal
V0.10.11 |
Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code.
Upgrade to version 0.10.12:
http://www.ethereal.com/
download.html
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-687.html
SUSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia, Advisory: SA16225, July 27, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005
RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
|
Isemarket
JaguarControl |
A buffer overflow vulnerability has been reported in 'JaguarEditControl.dll' due to a boundary error, which could let a remote malicious user cause a Denial of Service and/or potentially execute arbitrary code.
No workaround or patch available at time of publishing.
A Denial of Service Proof of Concept exploit has been published.
|
|
High |
Security Focus Bugtraq ID 14558, August 13, 2005 |
mediabox404
mediabox404 1.2, 1.1 |
An SQL injection vulnerability has been reported in 'Login_admin_Mediabox404.php' due to insufficient sanitization of the 'User' and 'Password' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
The vendor has addressed this issue in the latest CVS version.
There is no exploit code required.
|
Mediabox404
SQL Injection
CAN-2005-2634 |
Medium |
Secunia Advisory: SA16493, August 18, 2005 |
MediaWiki
MediaWiki 1.x |
A vulnerability has been reported due to insufficient sanitization of input passed to certain HTML attributes, which could let a remote malicious user execute arbitrary script code.
Upgrades available at:
http://prdownloads.sf.net/
wikipedia/mediawiki-1.4.5.tar.gz?download
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200506-12.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required. |
|
High |
Security Focus, 13861, June 6, 2005
Gentoo Security Advisory, GLSA 200506-12, June 13, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
|
Mozilla.org
Firefox 0.x, 1.x |
Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrar | |
| |
