 |
Summary of Security Items from August 24 through August 30, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
BFCommand & Control Software
BFCommand & Control Server Manager 1.22_A & prior
BFCommand & Control Vietman Server Manager 2.00_A & prior, 2.14_B |
Multiple vulnerabilities have been reported in BFCommand & Control Server Manager and BFCommand & Control Vietman Server Manager that could let remote malicious users cause a Denial of Service or obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
BFCommand & Control Server Managers Multiple Vulnerabilities |
Medium |
Secunia, Advisory: SA16629, August 30, 2005 |
Home FTP Server
Home FTP Server r1.0.7 b45 |
A Directory Traversal vulnerability has been reported in Home FTP Server that could let remote malicious users access arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Home FTP Server Arbitrary File Access
CAN-2005-2726 |
Medium |
Secunia, Advisory: SA16556, August 25, 2005 |
Leapware
LeapFTP 2.7.0 to 2.7.5 |
A buffer overflow vulnerability has been reported in LeapFTP that could let local malicious users execute arbitrary code.
Upgrade to version 2.7.6:
http://www.leapware.com/
download.html
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
LeapFTP Arbitrary Code Execution
|
High |
Security Tracker, Alert ID: 1014785, August 24, 2005 |
Mercora
IMRadio 1.0_pre7, 1.0_pre6-r4, 1.0pre6-3.3.5-20050130 |
A vulnerability has been reported in IMRadio that could let local malicious users disclose password information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
IMRadio Password Disclosure
|
Medium |
Security Tracker, Alert ID: 1014780, August 24, 2005 |
Microsoft
Internet Explorer 5.5, 6 |
A vulnerability has been reported in Internet Explorer ('msdds.dll' COM Object) that could let remote malicious users execute arbitrary code.
Vendor workarounds available:
http://www.microsoft.com/
technet/security/
advisory/906267.mspx
Advisory update to specify additional versions of 'msdds.dll' and to include additional mitigating factors.
An exploit script has been published.
|
Microsoft Internet Explorer Arbitrary Code Execution
CAN-2005-2127
|
High |
Microsoft Security Advisory 906267, August 18, 2005
US-CERT VU#740372
Microsoft Security Advisory 906267, August 25, 2005
|
Symantec
Symantec AntiVirus Corporate Edition 9.0, 9.0.1, 9.0.2
Symantec Client Security 2.0.1, 2.0.2 |
A vulnerability has been reported in Symantec AntiVirus Corporate Edition and Symantec Client Security (help function) that could let local malicious users obtain elevated privileges.
Vendor fix available:
http://securityresponse.symantec.com
/avcenter/security/Content
/2005.08.24.html
There is no exploit code required. |
Symantec AntiVirus Corporate Edition and Client Security Privilege Elevation
CAN-2005-2017
|
Medium |
Symantec Security Response, ID: SYM05-012, August 24, 2005 |
TechWhale Solutions
BlueWhaleCRM 1.0, 1.0.2 |
A vulnerability has been reported in BlueWhaleCRM that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required. |
BlueWhaleCRM SQL Injection |
Medium |
Security Focus, ID: 14697, August 30, 2005 |
ZipTorrent
ZipTorrent 1.3.7.3 |
A vulnerability has been reported in ZipTorrent that could let local malicious users disclose password information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
ZipTorrent Password Disclosure
|
Medium |
Secunia, Advisory: SA16542, August 24, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Alexis Sukrieh
Backup Manager 0.5.6, 0.5.7 |
A vulnerability has been reported because archives are created with insecure permissions, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://www.sukria.net/packages/
backup-manager/sources/
backup-manager-0 .5.8.tar.gz
Debian:
http://security.debian.org/
pool/updates/main/
b/backup-manager/
There is no exploit code required. |
Alexis Sukrieh Backup Manager Information Disclosure
CAN-2005-1958
|
Medium |
Security Tracker Alert, 1014124, June 7, 2005
Debian Security Advisory, DSA 787-1, August 26, 2005 |
Astaro Security
Astaro Security Linux 6.0 01 |
A vulnerability has been reported due to a weakness that may allow remote malicious user to connect to arbitrary ports which could lead to access control bypass.
This issue was reportedly fixed by the vendor in Astaro Security Linux 6.002
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Astaro Security Linux HTTP CONNECT Unauthorized Access
CAN-2005-2729
|
Medium |
Security Focus Bugtraq ID: 14665, August 25, 2005 |
BlueZ
BlueZ 2.18 & prior
|
A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.bluez.org/
redirect.php?url=
http%3A%2F%2F
bluez.sf.net%2F
down load%2F
bluez-libs-2.19.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-09.xml
Debian:
http://security.debian.org/
pool/updates/contrib/
b/bluez-utils/
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required. |
BlueZ Arbitrary Command Execution
CAN-2005-2547
|
High |
Security Focus 14572, August 16, 2005
Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005
Debian Security Advisory, DSA 782-1, August 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:150, August 25, 2005 |
bzip2
bzip2 1.0.2 |
A remote Denial of Service vulnerability has been reported when processing malformed archives.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.008
-openpkg.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-474.html
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:14/bzip2.patch
Conectiva:
ftp://atualizacoes.
conectiva. com.br/
Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/
SGI:
http://www.sgi.com/
support/security/
IPCop:
http://sourceforge.net/project/
showfiles.php?group_id=
40604&package_id =
35093&release_id=351848
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice,
USN-127-1,
May 17, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
091, May 19,
2005
Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005
SUSE Security Summary
Report, SUSE-SR:2005:015,
June 7, 2005
OpenPKG
Security
Advisory, OpenPKG-
SA-2005.008,
June 10, 2005
RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005
FreeBSD
Security
Advisory,
FreeBSD-SA-05:14, June 29, 2005
Conectiva
Linux Announce
-ment, CLSA-2005:972,
July 6, 2005
Debian
Security Advisory,
DSA 741-1,
July 7, 2005
SGI Security Advisory, 20050605
-01-U,
July 12, 2005
Security Focus, Bugtraq ID: 13657, August 26, 2005 |
Double Precision Incorporated
Courier Mail Server 0.50 |
A remote Denial of Service vulnerability has been reported in the 'spf.c' source file when processing Sender Policy Framework (SPF) data.
Upgrade available at:
http://prdownloads.
sourceforge.net/
courier/courier-0.50.1.tar.bz2?down load
Debian:
http://security.debian.org/
pool/updates/main/
c/courier/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/courier/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia Advisory: SA15901, July 4, 2005
Debian Security Advisory, DSA 784-1, August 25, 2005
Ubuntu Security Notice, USN-174-1, August 26, 2005
|
Elm Development Group
ELM 2.5.5-2.5.7
|
A buffer overflow vulnerability has been reported due to insufficient parsing of SMTP 'Expires' header lines, which could let a remote malicious user execute arbitrary code.
Update to Elm 2.5 PL8 available at:
ftp://ftp.virginia.edu
/pub/elm/
RedHat:
http://rhn.redhat.com/
errata/RHSA
-2005-755.html
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker Alert ID: 1014745, August 20, 2005
RedHat Security Advisory, RHSA-2005:755-07, August 23, 2005 |
FreeRADIUS Server
Project
FreeRADIUS 1.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html
SGI:
http://www.sgi.com/
support/security/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3
There is no exploit code required. |
|
High |
Security
Tracker Alert ID: 1013909,
May 6, 2005
Gentoo Linux Security
Advisory,
GLSA
200505-13,
May 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Security Focus, 13541,
June 10, 2005
RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005
SGI Security Advisory, 20050606-
01-U, July 12, 2005
Fedora Update Notification,
FEDORA-2005-807 August 25, 2005 |
GNU
shtool 2.0.1 & prior |
A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml
OpenPKG:
ftp://ftp.openpkg.org/
release/2.3
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-564.html
Trustix:
http://http.trustix.org/
pub/trustix/updates/
SGI:
http://www.sgi.com/
support/security/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Debian:
http://security.debian.org/
pool/updates/main/
p/php4/
There is no exploit code required. |
|
Medium |
Secunia Advisory, SA15496,
May 25, 2005
Gentoo Linux Security Advisory, GLSA 200506
-08, June 11, 200
OpenPKG
Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005
SGI Security Advisory, 20050703-01-U, July 15, 2005
Ubuntu Security Notice, USN-171-1, August 20, 2005
Debian Security Advisory, DSA 789-1, August 29, 2005
|
Hewlett Packard Company
HP-UX B.11.23, B.11.11, B.11.00 |
A vulnerability has been reported in systems running the Veritas File System (VxFS), which could let a malicious user obtain sensitive information.
Patches information available at:
www2.itrc.hp.com/service/
cki/docDisplay.do?
docId=HPSBUX01218
Currently we are not aware of any exploits for this vulnerability. |
HP-UX Veritas File System Information Disclosure |
Medium |
HP Security Bulletin,
HPSBUX01218, August 24, 2005 |
Inter7
SqWebMail 5.0.4, 5.0 .1, 5.0.0, 4.0.5 -4.0.7, 4.0.4.20040524, 3.6.1, 3.6 .0, 3.5.0-3.5.3 , 3.4.1
|
A vulnerability has been reported due to insufficient sanitization of HTML emails, which could let a remote malicious user execute arbitrary HTML and script code.
Updates available at:
http://www.courier-
mta.org/?download.php
There is no exploit code required; however, a Proof of Concept exploit has been published. |
SqWebMail HTML Email Arbitrary Code Execution
|
Medium |
Secunia Advisory: SA16600, August 29, 2005 |
lm_sensors
lm_sensors 2.9.1
|
A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
l/lm-sensors/
Mandriva:
http://www.mandriva.com/
security/advisories
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-19.xml
There is no exploit code required. |
LM_sensors PWMConfig Insecure Temporary File Creation
CAN-2005-2672
|
Low |
Security Focus, Bugtraq ID: 14624, August 22, 2005
Ubuntu Security Notice, USN-172-1, August 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005
Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005
|
maildrop
maildrop 1.5.3 |
A vulnerability has been reported in lockmail, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.org/
pool/updates/main/
m/maildrop/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 791-1, August 30, 2005 |
Mike Kershaw
Kismet 2005-07-R1
|
Multiple vulnerabilities have been reported: an integer underflow vulnerability was reported when handling pcap files; a vulnerability was reported due to an unspecified error when handling non-printable characters in SSID; and a integer underflow vulnerability was reported in the data frame dissection, which could possibly lead to the execution of arbitrary code.
Upgrade available at:
http://www.kismetwireless.
net/code/kismet-
2005-08-R1.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-10.xml
Debian:
http://security.debian.org/
pool/updates/main/k/kismet/
Currently we are not aware of any exploits for these vulnerabilities.
|
Kismet Multiple Remote Vulnerabilities
CAN-2005-2626
CAN-2005-2627 |
High |
Security Focus, Bugtraq ID 14430, August 16, 2005
Gentoo Linux Security Advisory, GLSA 200508-10, August 19, 200
Debian Security Advisory, DSA 788-1, August 29, 2005 |
MPlayer
MPlayer 1.0 pre7, .0 pre6-r4, 1.0 pre6-3.3.5-20050130
|
A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Security Tracker Alert ID: 1014779, August 24, 2005 |
Multiple Vendors
OpenLDAP 2.1.25; Padl Software pam_ldap Builds 166, 85, 202, 199, 198, 194, 183-192, 181, 180, 173, 172, 122, 121, 113, 107, 105
|
A vulnerability has been reported in OpenLDAP, 'pam_ldap,' and 'nss_ldap' when a connection to a slave is established using TLS and the client is referred to a master, which could let a remote malicious user obtain sensitive information.
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-13.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/libn/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required. |
|
Medium |
Trustix Secure
Linux Advisory, TSLSA-2005-
0031, July 1, 2005
Gentoo Linux Security
Advisory, GLSA 200507-13,
July 14, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
121, July 19, 2005
Ubuntu Security Notice, USN-152-1, July 21, 2005
Turbolinux Security Advisory, TLSA-2005-86 & 87, August 29, 2006 |
Multiple Vendors
RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6 |
A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.
Update available at:
http://cvs.tcpdump.org/
cgi-bin/cvsweb/
tcpdump/print-bgp.c
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/
Slackware:
ftp://ftp.slackware.com/
pub/slackware
IPCop:
http://sourceforge.net/project/
showfiles.php?group_id=
40604&package_id =
35093&release_id=351848
A Proof of Concept exploit script has been published. |
|
Low |
Security Tracker Alert, 1014133, June 8, 2005
Fedora Update Notification,
FEDORA-2005-406, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:101, June 15, 2005
Fedora Update Notification,
FEDORA-2005-407, June 16, 2005
Ubuntu Security Notice,
USN-141-1,
June 21, 2005
Turbolinux
Security Advisory, TLSA-2005-69,
June 22, 2005
Slackware Security
Advisory, SSA:2005-
195-10,
July 15, 2005
Security Focus, Bugtraq ID: 13906, August 26, 200-5 |
Multiple Vendors
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3 , 0.1-0.1.6 1, 0.0.1-0.0.6
|
A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.
Debian:
ftp://security.debian.org
/pool/updates/
main/z/zlib/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:16/zlib.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-05.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/
Mandriva:
http://www.mandriva.com/
security/advisories
OpenBSD:
http://www.openbsd.org/
errata.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
569.html
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/Server/10
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
zsync:
http://prdownloads.
sourceforge.net/zsync/
zsync-0.4.1.tar.gz?
download
Apple:
http://docs.info.apple.com/
article.html?artnum=302163
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
IPCop:
http://sourceforge.net/project/
showfiles.php?group_id=
40604&package_id =
35093&release_id=351848
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory
DSA 740-1,
July 6, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005
Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005
SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005
Ubuntu Security Notice,
USN-148-1, July 06, 2005
RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005
Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005
OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005
Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005
Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005
Fedora Update Notification, FEDORA-2005-565, July 13, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 14162, July 21, 2005
USCERT Vulnerability Note VU#680620, July 22, 2005
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Security Focus, Bugtraq ID: 14162, August 26, 2005
|
Multiple Vendors
dhcpcd 1.3.22 |
A vulnerability has been reported in dhcpcd that could let a remote user perform a Denial of Service.
Debian:
http://security.debian.org/
pool/updates/main/d/dhcpcd/
Mandriva:
http://www.mandriva.com/
security/advisories
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-16.xml
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/ index.php
?id=a&
anuncio=000983
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-603.html
Debian:
http://security.debian.org/
pool/updates/main/
IPCop:
http://sourceforge.net/project/
showfiles.php?group_id=
40604&package_id =
35093&release_id=351848
Currently we are not aware of any exploits for this vulnerability. |
dhcpcd Denial of Service
CAN-2005-1848 |
Low |
Secunia, Advisory: SA15982, July 11, 2005
Debian Security Advisory, DSA 750-1, July 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:117, July 13, 2005
Gentoo Linux Security Advisory, GLSA 200507-16, July 15, 2005
Conectiva, CLSA-2005:983, July 25, 2005
RedHat Security Advisory, RHSA-2005:603-07, July 27, 2005
Debian Security Advisor, DSA 773-1, August 11, 2005
Security Focus, Bugtraq ID: 14206 , August 26, 2005 |
Multiple Vendors
Linux kernel 2.6
-2.6.13
|
A Denial of Service vulnerability has been reported when processing specially crafted ELF headers on 64 bit x86 platforms.
Updates available at:
http://kernel.org/pub/linux/
kernel/v2.6/testing/
ChangeLog-2.6.13-rc4
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Focus, Bugtraq ID: 14661, August 25, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.12 .1 |
A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
This issue has been addressed in Linux kernel 2.6.13-rc7.
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Ubuntu Security Notice, USN-169-1, August 19, 2005
Security Focus, Bugtraq ID 14609, August 19, 2005
Security Focus, Bugtraq ID 14609, August 25, 2005 |
Multiple Vendors
Simpleproxy 3.0-3.2 , 2.2b;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha
|
A format string vulnerability has been reported when handling HTTP proxy replies, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.
net/simpleproxy/simpleproxy-
3.4.tar.gz? download
Debian:
http://security.debian.org/
pool/updates/main/s/
simpleproxy/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 786-1, August 26, 2005 |
Multiple Vendors
Turbolinux
Server 10.0, 8.0, Desktop 10.0, Turbolinux
Home
Appliance
Server 1.0 Workgroup Edition,
Hosting Edition; Trustix Secure Linux 3.0, 2.2, Secure Enterprise
Linux 2.0; Sun Solaris 10.0 _x86, 10.0, 9.0 _x86 Update 2, 9.0 _x86,
9.0, Sun SEAM 1.0-1.0.2;
SuSE Linux Professional
9.3 x86_64,
9.3, Linux Personal 9.3 x86_64, 9.3;
RedHat
Fedora Core3 & 4, Advanced Workstation for the Itanium Processor 2.1; MIT Kerberos 5 5.0 -1.4.1
& prior;
Gentoo Linux
|
Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code.
MIT:
http://web.mit.edu/
kerberos/advisories/
2005-002-patch_
1.4.1.txt.asc
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates
RedHat:
http://rhn.redhat.com
/errata/RHSA-2005-
567.html
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101809-1
SuSE:
http://www.novell.com/linux/
security/advisories.html
Trustix:
http://http.trustix.org/pub/
trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
SGI:
http://www.sgi.com/
support/security/
Debian:
http://www.debian.org/
security/2005/dsa-757
Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id
=a&anuncio=000993
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101810-1
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
MIT krb5 Security Advisory,
2005-002,
July 12, 2005
RedHat Security Advisory,
RHSA-2005:567-08, July 12, 2005
Sun(sm) Alert Notification, 101809, July 12, 2005
Fedora Update Notifications,
FEDORA-2005-
552 & 553,
July 12, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Turbolinux
Security Advisory TLSA-2005-78,
July 13, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
119, July 14,
2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0036,
July, 14, 2005
SGI Security Advisory, 20050703-01-U, July 15, 2005
Debian Security Advisory,
DSA-757-1,
July 17, 2005
US-CERT VU#885830
US-CERT VU#623332
US-CERT VU#259798
Conectiva Linux Advisory,
CLSA-2005
:993, August 8, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101810, August 29, 2005 |
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5
|
Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data that has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://ftp.gnome.org/pub/
gnome/sources/
evolution/2.3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/evolution/
Mandriva:
http://www.mandriva.com/
security/advisories
SUSE:
ftp://ftp.suse.com
/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-12.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
267.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory: SA16394, August 11, 2005
Ubuntu Security Notice, USN-166-1, August 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:141, August 18, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
Gentoo Linux Security Advisory, GLSA 200508-12, August 23, 200
RedHat Security Advisory, RHSA-2005:267-10, August 29, 2005
|
Multiple Vendors
X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0 |
An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.
Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-331.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-044.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.org/
pool/updates/main/x/xfree86/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-412.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-473.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-198.html
Apple:
http://docs.info.apple.com/
article.html?artnum=302163
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus,
12714,
March 2, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005
Ubuntu Security
Notice, USN-92-1 March 07, 2005
Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005
Ubuntu Security
Notice, USN-97-1
March 16, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005
RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005
Debian Security Advisory, DSA 723-1, May 9, 2005
RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005
RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005
RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005
Fedora Update Notifications,
FEDORA-2005-808 & 815, August 25 & 26, 2005 |
Nokia
Affix 3.0-3.2,
2.1-2.1.2,
2.0 -2.0.2 |
A vulnerability has been reported in the 'event_pin_code_request()' function due to an input validation error, which could let a remote malicious user inject arbitrary shell commands via a specially crafted Bluetooth device name.
Patches available at:
http://affix.sourceforge.net/
patch_btsrv_affix_2_1_2
http://affix.sourceforge.net/
patch_btsrv_affix_3_2_0
There is no exploit code required. |
Nokia Affix BTSRV Device Name Remote Command Execution
CAN-2005-2716
|
High |
DMA 2005-0826a Advisory, August 26, 2005 |
Padl Software
pam_ldap Build 179, Build 169 |
A vulnerability has been reported when handling a new password policy control, which could let a remote malicious user bypass authentication policies.
Upgrades available at:
ftp://ftp.padl.com/
pub/pam_ldap.tgz
There is no exploit code required.
|
|
Medium |
Bugtraq ID: 14649, August 24, 2005
US-CERT VU#778916 |
PCRE
PCRE 6.1, 6.0, 5.0 |
A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.
Updates available at:
http://www.pcre.org/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/pcre3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-17.xml
Mandriva:
http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory: SA16502, August 22, 2005
Ubuntu Security Notice, USN-173-1, August 23, 2005
Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005
Fedora Update Notifications,
FEDORA-2005-802 & 803, August 24, 2005
Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005
|
PHP Arena
paFileDB 3.1 |
An SQL injection vulnerability has been reported in 'auth.php' due to insufficient sanitization of the 'user' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
SePro Advisory #5, August 24, 2005 |
phpMyAdmin
phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5 |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie.auth.lib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported in 'error.php' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=23067
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
PHPMyAdmin Cross-Site Scripting |
Medium |
Secunia Advisory: SA16605, August 29, 2005 |
RedHat
Fedora Core3
|
A vulnerability has been reported in xntpd when started using the '-u' option and the group is specified by a string, which could let a malicious user obtain elevated privileges.
Upgrade available at:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/i386 /ntp-4.2.0.a.
20040617-5.FC3.i386.rpm
There is no exploit code required. |
|
Medium |
Fedora Update Notification,
FEDORA-2005-812, August 26, 2005 |
slocate
slocate 2.7
|
A Denial of Service vulnerability has been reported when a specially crafted directory structure that contains long paths is submitted.
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required.
|
|
Low |
Mandriva Linux Security Update Advisory, MDKSA-2005:147, August 22, 2005 |
Sun Microsystems, Inc.
Messaging Server 6.2, iPlanet Messaging Server 5.2 |
A vulnerability has bee reported in in Sun ONE Messaging Server (iPlanet Messaging Server), which could let a remote malicious user execute arbitrary code. Note: Only target users running Internet Explorer are affected.
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101770-1
There is no exploit code required. |
Sun ONE/iPlanet Messaging Server Arbitrary Code Execution
CAN-2005-2022
|
High |
Sun(sm) Alert Notification, 101770, June 17, 2005
Sun(sm) Alert Notification, 101770, August 25, 2005 |
Sun Microsystems, Inc.
Solaris 10.0 _x86, 10.0 |
A vulnerability has been reported in the '/lib/svc/method/net-svc' script, which could let a remote malicious user execute arbitrary code on the DHCP client system with ROOT privileges.
Patches available at:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101897-1
Currently we are not aware of any exploits for this vulnerability.
|
Sun Solaris DHCP Client Remote Code Execution |
High |
Sun(sm) Alert Notification
Sun Alert ID: 101897, August 23, 2005 |
Tor
Tor 0.1.0.13 & prior
|
A vulnerability has been reported when performing a Diffie-Hellman handshake due to a failure to reject certain weak keys, which could let a remote malicious user obtain sensitive information.
Update available at:
http://tor.eff.org/
download.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-16.xml
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Secunia Advisory: SA16424, August 19, 2005
Gentoo Linux Security Advisory, GLSA 200508-16, August 25, 2005 |
University of Minnesota
gopherd 3.0.9 |
A buffer overflow vulnerability has been reported in the 'VlfromLine()' function when copying an input line, which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
UMN Gopher Client Remote Buffer Overflow |
Medium |
Secunia Advisory: SA16614, August 30, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Alexander Palmo
Simple PHP Blog 0.4 |
A Directory Traversal vulnerability has been reported in 'Comment_Delete_cgi.php' due to insufficient sanitization which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, an exploit script has been published. |
Simple PHP Blog Directory Traversal |
Medium |
Bugtraq ID: 14681, August 29, 2005 |
Alexander Palmo
Simple PHP Blog 0.4 |
A vulnerability has been reported in 'upload_img_cgi.php' due to a failure to validate the extension of an uploaded image file, which could let a remote malicious user upload arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Secunia Advisory: SA16598, August 26, 2005 |
All Enthusiast, Inc.
PhotoPost Pro, 5.1
|
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of EXIF data stored in certain image files, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
PhotoPost Cross-Site Scripting
CAN-2005-2737 |
Medium |
Security Tracker Alert ID: 1014803, August 26, 2005 |
CVS
CVS 1.12.7-1.12.12, 1.12.5, 1.12.2 , 1.12.1, 1.11.19, 1.11.17
|
A vulnerability has been reported in the 'cvsbug.in' script due to the insecure creation of temporary files, which could let a malicious user cause data loss or a Denial of Service.
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/
There is no exploit code required. |
CVS 'Cvsbug.In' Script Insecure Temporary File Creation
CAN-2005-2693
|
Low |
Fedora Update Notifications
FEDORA-2005-790 & 791, August 23, 2005
|
De-Neef.net
Looking Glass |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'footer.php' and 'header.php' due to insufficient sanitization of the 'version' array, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'lg.php' due to insufficient sanitization of the 'target' parameter before using in a 'system()' call, which could let a remote malicious user inject arbitrary shell commands.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
Looking Glass Input Validation |
High |
Secunia Advisory: SA16607, August 29, 2005 |
e107.org
e107 website system 0.617, 0.616, 0.603 |
A vulnerability has been reported in the 'forum_post.php' script due to insufficient verification if a forum exists when posting a message, which could let a remote malicious user create arbitrary forum message posts.
No workaround or patch available at time of publishing.
There is no exploit code required. |
e107 Forum_post.PHP Non-existing Forums |
Medium |
Security Tracker Alert ID: 1014819, August 30, 2005 |
Flagship Industries
Ventrilo 2.3, 2.2, 2.1.2-2.1.4 |
A remote Denial of Service vulnerability has been reported when handling certain malformed status query packets.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
Low |
Security Tracker Alert ID: 1014784 , August 24, 2005 |
Foojan
PHP Weblog |
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to the 'Referer' HTTP header before stored in the 'visits' table, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Secunia Advisory: SA16565, August 25, 2005
|
FreeStyle Wiki
Wiki 3.5.8 |
A vulnerability has been reported when validating certain input in the management page, which could let a remote malicious user execute arbitrary Perl commands.
Upgrade available at:
http://prdownloads.
sourceforge.jp/fswiki/
16170/wiki3_5_9.zip
There is no exploit code required.
|
FreeStyle Wiki Arbitrary Perl Command Execution |
Medium |
Secunia Advisory: SA16612, August 30, 2005 |
Gallery Project
Gallery 1.5.1 -RC2 & prior |
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of EXIF data stored in certain image files, which could let a remote malicious user execute arbitrary HTML and script code.
Updates available at:
http://gallery.menalto.com/
modules.php?op=modload&
name=phpWiki&file=index&
pagename=Download
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Gallery Cross-Site Scripting
CAN-2005-2734 |
Medium |
Security Tracker Alert ID: 1014800, August 26, 2005 |
Helpdesk Software
Hesk 0.92
|
A vulnerability has been reported due to insufficient validation of username and password pairs, which could let a remote malicious user bypass authentication and obtain administrative access.
Update available at:
http://www.phpjunkyard.com/
download.php?script=hesk
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
Helpdesk Software Hesk Authentication Bypass |
High |
Security Focus, Bugtraq ID: 14692, August 29, 2005 |
Hewlett Packard Company
OpenView Network Node Manager 7.50 Solaris, 7.50, 6.41 Solaris, 6.41 |
A vulnerability has been reported in the 'node' URI parameter of the 'OvCgi/connectedNodes.ovpl' script, which could let a remote malicious user execute arbitrary code.
Workaround available at:
http://support.openview.
hp.com/news_archives.jsp
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
HP OpenView Network Node Manager Remote Arbitrary Code Execution |
High |
Portcullis Security Advisory, 05-014, August 25, 2005
HP Security Advisory, HPSBMA01224, August 26, 2005 |
Ilia Alshanetsky
FUDForum 2.6.15 |
A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information.
PHPGroupWare:
http://prdownloads.
sourceforge.
net/phpgroupware/
phpgroupware-
0.9.16.00 7.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-20.xml
There is no exploit code required.
|
|
Medium |
Secunia Advisory: SA16414, August 12, 2005
Security Focus, Bugtraq ID: 14556, August 25, 2005
Gentoo Linux Security Advisory, GLSA 200508-20, August 30, 2005 |
Ilia Alshanetsky
FUDForum 2.7, 2.6.12 -2.6.15, 2.6.7 -2.6.10, 2.6-2.6.5
|
A vulnerability has been reported when an image file is merged with a script file and uploaded, which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
FUDforum Avatar Upload Arbitrary Script Upload |
Medium |
Security Focus, Bugtraq ID: 14678, August 29, 2005 |
Interspire
ArticleLive 2005 |
A Cross-Site Scripting vulnerability has been reported in 'articles.newcomment' due to insufficient sanitization of the 'Articleld' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrade available at:
http://www.interspire.com/
articlelive/
There is no exploit code required; however, a
Proof of Concept exploit has been published. |
InterSpire
ArticleLive
NewComment
Cross-Site Scripting
CAN-2005-0881
|
High |
Secunia Advisory,
SA14708, March 23, 2005
Security Focus, Bugtraq ID: 12879, August 23, 2005 |
Jelsoft Enterprises
vBulletin 3.0 |
A vulnerability has been reported in the 'backup.php' script due to insufficient password protection and encryption, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
|
vBulletin 'backup.php' Information Disclosure |
Medium |
Security Tracker Alert ID: 1014805, August 29, 2005 |
Lithium Software
Lithium II Mod 1.24 |
A format string vulnerability has been reported when displaying the score at the end of the game, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Lithium Software Quake 2 Lithium II Mod Format String |
High |
Security Focus, Bugtraq ID: 14664, August 25, 2005 |
Mozilla.org
Firefox 0.x, 1.x |
Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://www.mozilla.org/
products/firefox/
Gentoo:
ftp://security.gentoo.org/
glsa/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
586.html
Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security
&y=2005& m=
slackware-security
.418880
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/epiphany-browser/
http://security.ubuntu.com/
ubuntu/pool/main/e/
enigmail/
http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/m
/mozilla-firefox/
http://security.debian.
org/pool/updates/
main/m/mozilla/
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-24.xml
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Exploits have been published.
|
Firefox Multiple Vulnerabilities
CAN-2005-2260
CAN-2005-2261
CAN-2005-2262
CAN-2005-2263
CAN-2005-2264
CAN-2005-2265
CAN-2005-2267
CAN-2005-2269
CAN-2005-2270
|
|
Secunia Advisory: SA16043, July 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005
Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005
Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005
Fedora Update Notifications,
FEDORA-2005-603 & 605, July 20, 2005
RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005
Slackware Security Advisory, SSA:2005-203-01, July 22, 2005
US-CERT VU#652366
US-CERT VU#996798
Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005
Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005
SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005
Debian Security Advisory, DSA 775-1, August 15, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Debian Security Advisory, DSA 777-1, August 17, 2005
Debian Security Advisory, DSA 779-1, August 20, 2005
Debian Security Advisory, DSA 781-1, August 23, 2005
Gentoo Linux Security Advisory, GLSA 200507-24, August 26, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:127-1, August 26, 2005
Slackware Security Advisory, SSA:2005-085-01, August 28, 2005 |
Multiple Vendors
Gentoo Linux;
Apache Software Foundation Apache 2.1-2.1.5, 2.0.35-2.0.54, 2.0.32, 2.0.28, Beta, 2.0 a9, 2.0
|
A remote Denial of Service vulnerability has been reported in the HTTP 'Range' header due to an error in the byte-range filter.
Patches available at:
http://issues.apache.org/
bugzilla/attachment.cgi
?id=16102
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-15.xml
There is no exploit code required. |
|
Low |
Secunia Advisory: SA16559, August 25, 2005
Security Advisory, GLSA 200508-15, August 25, 2005 |
Multiple Vendors
PHPXMLRPC 1.1.1;
PEAR XML_RPC 1.3.3; Drupal 4.6-4.6.2, 4.5- 4.5.4; Nucleus CMS Nucleus CMS 3.21, 3.2, 3.1, 3.0, RC, 3.0.;
MailWatch for MailScanner 1.0.1; eGroupWare 1.0.6, 1.0.3, 1.0.1, 1.0.0.007, 1.0
|
A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC :
http://prdownloads.
sourceforge.net/
phpxmlrpc/xmlrpc.
1.2.tgz?download
Pear:
http://pear.php.net/
get/XML_RPC-1.4.0.tgz
Drupal:
http://drupal.org/files/
projects/drupal-4.5.5.tar.gz
eGroupWare:
http://prdownloads.
sourceforge.net/
egroupware/eGroupWare
-1.0.0.009.tar .gz?download
MailWatch:
http://prdownloads.
sourceforge.
net/mailwatch/
mailwatch-1.0.2.tar.gz
Nucleus:
http://prdownloads.
sourceforge.
net/nucleuscms/
nucleus-
xmlrpc-patch.
zip ?download
RedHat:
http://rhn.redhat.com/
errata/RHSA-2
005-748.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Mandriva:
http://www.mandriva.com/
security/advisories
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-13.xml
http://security.gentoo.org/
glsa/glsa-200508-14.xml
http://security.gentoo.org/
glsa/glsa-200508-18.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.org/
pool/updates/main/
p/php4/
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required. |
PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution
CAN-2005-2498
|
High |
Security Focus, Bugtraq ID 14560, August 15, 2995
Security Focus, Bugtraq ID 14560, August 18, 2995
RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005
Ubuntu Security Notice, USN-171-1, August 20, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005
Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18,
August 24 & 26, 2005
Fedora Update Notifications,
FEDORA-2005-809 & 810, August 25, 2005
Debian Security Advisory, DSA 789-1, August 29, 2005
SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 |
Multiple Vendors
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3;
XML-RPC for PHP XML-RPC for PHP 1.1, 1.0.99 .2, 1.0.99, 1.0-1.02; WordPress 1.5-1.5.1 .2, 1.2-1.2.2, 0.71,0.7;
S9Y Serendipity 0.8.1, 0.8 -beta6 Snapshot, 0.8 -beta5 & beta6, 0.8;
PostNuke Development Team PostNuke 0.76 RC4a&b, RC4, 0.75; phpMyFAQ 1.5 RC1-RC4, 1.5 beta1-beta3, 1.5 alpha1&2, 1.4-1.4.8, 1.4;
PEAR XML_RPC 1.3 RC1-RC3, 1.3;
MandrakeSoft Linux Mandrake 10.2 x86_64, 10.2, 10.1 x86_64, 10.1 , 10.0 amd64, 10.0, Corporate Server 3.0 x86_64, 3.0;
Drupal 4.6.1, 4.6, 4.5- 4.5.3
|
A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
Drupal:
http://drupal.org/files/
projects/drupal-
4.5.4.tar.gz
Mandriva:
http://www.mandriva.com/
security/advisories
Pear:
http://pear.php.net/get/
XML_RPC-1.3.1.tgz
PhpMyFaq:
http://freshmeat.net/redir/
phpmyfaq/38789/url_zip/
download.php
S9Y Serendipity:
http://prdownloads.
sourceforge.net/php-
blog/serendipity-
0.8.2.tar.gz?d ownload
Trustix:
http://http.trustix.org/
pub/trustix/updates/
WordPress:
http://wordpress.org/
latest.zip
XML-RPC:
http://prdownloads.
sourceforge.net/
phpxmlrpc/
xmlrpc-1.1.1.tgz?download
Xoops:
http://www.xoops.org/
modules/core/
visit.php?cid=3&lid=62
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-01.xml
http://security.gentoo.org/
glsa/glsa-200507-06.xml
http://security.gentoo.org/
glsa/glsa-200507-07.xml
http://security.gentoo.org/
glsa/glsa-200507-15.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Debian:
http://security.debian.org/
pool/updates/main/
d/drupal/
http://security.debian.org/
pool/updates/main/p/
phpgroupware/
http://security.debian.org/
pool/updates/main/e/
egroupware/
SGI:
http://www.sgi.com/
support/security/
SuSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Debian:
http://security.debian.
org/pool/updates/
main/p/php4/
SUSE:
ftp://ftp.suse.com
| |
| |
