 |
Summary of Security Items from August 31 through September 6, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered t
o be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
3Com
Network Supervisor 5.0.2, Network Director 1.0, 2.0 |
An input validation/ directory traversal vulnerability has been reported in Network Supervisor that could let remote malicious users disclose files.
Vendor patch available:
Network Director 1.0 (up to and including SP1):
http://support.3com.com/
software/3Com_network
_director_v1_0_
sp0_1_cu1.exe
Network Director 1.0 (SP2 and SP3):
http://support.3com.com/
software/3Com_network
_director_v1_0_
sp2_3_cu1.exe
Network Director 2.0:
http://support.3com.com/
software/3com_network
_director_v2_0_cu1.exe
Network Supervisor 5.1:
http://support.3com.com/
software/3com_network
_supervisor_v5_1_cu1.exe
There is no exploit code required. |
3Com Network Supervisor File Disclosure
CAN-2005-2020 |
Medium |
Secunia, Advisory: SA16639, September 2, 2005 |
Altools
ALZip 5.51, 5.52, 6.03, 6.1beta, 6.11 |
A buffer overflow vulnerability has been reported in ALZip (ACE archives) that could let a malicious users obtains unauthorized system control.
Upgrade to version 6.1 :
http://www.altools.net/Portals
/0/ALZip.exe
There is no exploit code required. |
ALZip Unauthorized System Control
CAN-2005-2856 |
Medium |
Secunia Advisory: SA16479, September 7, 2005 |
AttachmateWRQ
Reflection for Secure IT Windows Server 6.0 |
Multiple vulnerabilities have been reported in Reflection for Secure IT that could let malicious users disclose information or obtain unauthorized access.
Vendor workaround available:
http://support.wrq.com/
techdocs/1867.html
There is no exploit code required. |
Reflection for Secure IT Multiple Vulnerabilities
CAN-2005-2770
CAN-2005-2771 |
Medium |
Security Tracker Alert ID: 1014835, September 1, 2005
US-CERT VU#758054
US-CERT VU#902110 |
Dameware
Dameware prior to 4.9.0 |
A vulnerability has been reported in Dameware that could let remote malicious users execute arbitrary code.
Upgrade to version 4.9.0:
http://www.dameware.com/download
An exploit script has been published. |
DameWare Arbitrary Code Execution
CAN-2005-2842 |
High |
Security Focus, 14707, August 31, 2005
US-CERT VU#170905 |
Free SMTP
Free SMTP Server 2.2 |
A vulnerability has been reported in Free SMTP Server that could let remote malicious users create an open mail relay.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Free SMTP Server As Open Relay
CAN-2005-2857 |
Medium |
Secunia Advisory: SA16698, September 5, 2005 |
Indiatimes Messenger
Indiatimes Messenger6.0 |
A buffer overflow vulnerability has been reported in Indiatimes Messenger that could let malicious users cause a Denial of Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Indiatimes Messenger Denial of Service
CAN-2005-2844 |
Low |
Security Tracker Alert ID: 1014842, September 2, 2005 |
Microsoft
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows XP 64-Bit Edition SP1 and 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows 98, 98 SE, and ME |
Multiple vulnerabilities have been reported that include errors in the font, Kernel, Object Management Vulnerability and CSRSS. These are due to input validation and buffer overflow errors. A malicious user could deny service or obtain escalated privileges.
Updates available: h
ttp://www.microsoft.com/technet/
security/Bulletin/MS05-018.mspx
An exploit has been published. |
|
|
Microsoft Security Bulletin MS05-018, April 12, 2005
US-CERT VU#259197
US-CERT VU#775933
US-CERT VU#943749
US-CERT VU#650181
Security Focus, 13115, September 6, 2005 |
Rediff Bol
Rediff Bol 7.0 |
A vulnerability has been reported in Rediff India Abroad that could let remote malicious users disclose the Window's address book.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
Rediff Bol Window's Address Book Disclosure
CAN-2005-2858 |
Medium |
Secunia, Advisory: SA16685, September 5, 2005 |
Savant
Savant Web Server 3.1 |
A vulnerability has been reported in Savant Web Server that could let local malicious users disclose other user information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Savant Web Server User Information Disclosure
CAN-2005-2859 |
Medium |
Secunia Advisory: SA16666, September 6, 2005 |
SlimFTPd 3.17 |
A vulnerability has been reported in SlimFTPd (USER and PASS commands) that could let a remote malicious users cause a Denial of Service.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
|
Low |
Security Tracker, Alert ID: 1014831 , September 1, 005 |
Symantec
Symantec Anti Virus Corporate Edition (LiveUpdate 2.7) |
A vulnerability has been reported in Symantec Anti Virus (internal LiveUpdate feature) that could let local malicious users disclose password information.
Upgrade to newest version of LiveUpdate:
http://www.symantec.com/techsupp
/files/lu/lu.html
These is no exploit code required.
|
Symantec Anti Virus Password Disclosure
CAN-2005-2766
|
Medium |
Security Tracker Alert ID: 1014834, September 1, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Adobe Version Cue 1.0.1, 1.0 |
A vulnerability has been reported due to insecure file permissions on internal Version Cue application files, which could let a malicious user obtain elevated privileges.
Patches available at:
http://www.adobe.com/
support/downloads/
detail.jsp?ftpID=2985
Exploit scripts have been published. |
Adobe Version Cue for Mac OS X Elevated Privileges
CAN-2005-1842
CAN-2005-1843
|
Medium |
Security Focus, Bugtraq ID: 14638, August 23, 2005
Security Focus, Bugtraq ID: 14638, August 31, 2005 |
Apache Software Foundation
Apache 2.0.x |
A vulnerability has been reported in 'modules/ssl/ssl_engine
_kernel.c' because the 'ssl_hook_Access()' function does not properly enforce the 'SSLVerifyClient require' directive in a per-location context if a virtual host is configured with the 'SSLVerifyCLient optional' directive, which could let a remote malicious user bypass security policies.
Patch available at:
http://svn.apache.org/
viewcvs?rev=264800
&view=rev
OpenPKG:
ftp://ftp.openpkg.org/
release/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
608.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
a/apache2/
There is no exploit code required. |
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
CAN-2005-2700 |
Medium |
Security Tracker Alert ID: 1014833, September 1, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005
RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005
Ubuntu Security Notice, USN-177-1, September 07, 2005
|
CVS
CVS 1.12.7-1.12.12, 1.12.5, 1.12.2 , 1.12.1, 1.11.19, 1.11.17
|
A vulnerability has been reported in the 'cvsbug.in' script due to the insecure creation of temporary files, which could let a malicious user cause data loss or a Denial of Service. Misclassified as multiple operating systems.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:20/
cvsbug.patch
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
There is no exploit code required. |
CVS 'Cvsbug.In' Script Insecure Temporary File Creation
CAN-2005-2693
|
Low |
Fedora Update Notifications
FEDORA-2005-790 & 791, August 23, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0045, August 26, 2005
RedHat Security Advisory, RHSA-2005:756-3, September 6, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:20, September 7, 2005 |
frox
frox 0.7.18 |
A vulnerability has been reported which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Security Focus Bugtraq ID: 14711, September 1, 2005 |
Gentoo
net-analyzer/net-snmp 5.2.1 .2, 5.2.1 -r1 |
A vulnerability has been reported because a malicious user with portage group privileges can create a shared object that will be loaded by the Net-SNMP Perl modules, which could lead to elevated privileges.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200509-05.xml
There is no exploit code required. |
Gentoo Net-SNMP Elevated Privileges
CAN-2005-2811 |
Medium |
Gentoo Linux Security Advisory, GLSA 200509-05, September 6, 2005 |
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=dateD
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch
OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.009-
openpkg.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
357.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Debian:
http://security.debian.org/
pool/updates/main/g
/gzip
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-172.pdf
Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396397, April 20, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Security Focus,13290, May 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005
Debian Security Advisory DSA 752-1, July 11, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005
Avaya Security Advisory, ASA-2005-172, August 29, 2005 |
GNU
gzip 1.2.4, 1.3.3 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Debian:
http://security.debian.org/
pool/updates/main/g
/gzip/gzip
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf
There is no exploit code required. |
|
Medium |
Security Focus,
12996,
April 5, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005
Debian Security Advisory DSA 752-1, July 11, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005
Avaya Security Advisory, ASA-2005-172, August 29, 2005 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. Wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
357.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/w/wget/
A Proof of Concept exploit script has been published. |
|
Medium |
Security Tracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005
Ubuntu Security Notice, USN-145-1, June 28, 2005
Ubuntu Security Notice, USN-145-2, September 06, 2005
|
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
SGI:
http://www.sgi.com/
support/security/
F5:
http://tech.f5.com/home/
bigip/solutions/advisories/
sol4532.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928,
May 10, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005
Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005
RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005
RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005
SGI Security Advisory, 20050603
-01-U, June 23, 2005
Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005
SGI Security Advisory, 20050605
-01-U, July 12, 2005
Secunia Advisory: SA16159, July 21, 2005
Ubuntu Security Notice,
USN-158-1, August 01, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Avaya Security Advisory, ASA-2005-172, August 29, 2005 |
Hewlett-Packard
HP-UX B.11.00, B.11.11, B.11.22, B.11.23; only if converted to trusted systems |
A vulnerability has been reported that could let a remote malicious user access the system. HP-UX systems that have been converted to trusted systems contain an unspecified vulnerability that allows a remote user to gain unauthorized access to the target system.
The vendor has issued the following fixes, available at: http://itrc.hp.com
For HP-UX B.11.00 - PHCO_29249 and PHNE_17030
For HP-UX B.11.11 - PHCO_33215
For HP-UX B.11.23 - PHCO_32926
For HP-UX B.11.22, action: disable remshd (OS-Core.CORE2-SHLIBS) and avoid the telnet -t option.
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-169.pdf
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
HP Security Bulletin,
HPSBUX01165 REVISION: 0,
SSRT5899 rev.0, May 25, 2005
Avaya Security Advisory, ASA-2005-169, August 29, 200 |
Inter7
SqWebMail 5.0.4 |
A vulnerability has been reported because the '<script>' tag can be used in HTML comments, which could let a remote malicious user execute arbitrary code when malicious email is viewed.
Patch available at:
http://www.courier-
mta.org/beta/sqwebmail/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
SqWebMail HTML Email Script Tag Script Injection
CAN-2005-2820 |
Medium |
Secunia Advisory: SA16704, September 6, 2005 |
Inter7
SqWebMail 5.0.4, 5.0 .1, 5.0.0, 4.0.5 -4.0.7, 4.0.4.20040524, 3.6.1, 3.6 .0, 3.5.0-3.5.3 , 3.4.1
|
A vulnerability has been reported due to insufficient sanitization of HTML emails, which could let a remote malicious user execute arbitrary HTML and script code.
Updates available at:
http://www.courier-
mta.org/?download.php
Debian:
http://security.debian.org/
pool/updates/main/
c/courier
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Secunia Advisory: SA16600, August 29, 2005
Debian Security Advisory, DSA 793-1, September 1, 2005 |
Jonas Borgstrom
Urban 1.5.3 |
Buffer overflow vulnerabilities have been reported in 'config/config.cc,' 'engine/game.cc,' 'highscor/highscor.cc,' and 'meny/meny.cc,' files when handling an overly long 'HOME' environment variable, which could let a malicious user execute arbitrary code with 'games' group privileges.
Patches available at:
http://www.freebsd.org/
cgi/cvsweb.cgi/ports/
games/urban
A Proof of Concept exploit has been published. |
Urban Multiple Buffer Overflows
CAN-2005-2810 |
High |
Security Tracker Alert ID: 1014848, September 3, 2005 |
KDE
KDE 3.2.0 up to including 3.4.2 |
A vulnerability has been reported in 'kcheckpass.c' due to the insecure creation of the lock file, which could let a malicious user obtain superuser privileges.
Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/
post-3.4.2-kdebase-
kcheckpa ss.diff
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required.
|
KDE kcheckpass Superuser Privilege Escalation
CAN-2005-2494 |
High |
KDE Security Advisory, September 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:160, September 6, 2005 |
KDE
KDE 3.0 - 3.4.2 |
A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.
Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required.
|
|
Medium |
KDE Security Advisory, August 15, 2005
Fedora Update Notification,
FEDORA-2005-745, August 15, 2005
Fedora Update Notifications,
FEDORA-2005-744 & 745, August 16, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:159, September 6, 2005 |
man2web
man2web 0.88, 0.87 |
A vulnerability has been reported in multiple scripts because a remote malicious user can submit arbitrary commands through HTTP GET requests, which could lead to the execution of arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required; however a, a Proof of Concept exploit script has been published. |
Man2web Multiple Scripts Command Execution
CAN-2005-2812 |
High |
Security Focus, Bugtraq ID: 14747, September 6, 2005 |
MPlayer
MPlayer 1.0 pre7, .0 pre6-r4, 1.0 pre6-3.3.5-20050130
|
A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200509-01.xml
Mandriva: http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Security Tracker Alert ID: 1014779, August 24, 2005
Gentoo Linux Security Advisory, GLSA 200509-01, September 1, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:158, September 7, 2005 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, rc1-rc3; libdbi-perl libdbi-perl 1.21, 1.42 |
A vulnerability exists in libdbi-perl due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files.
Debian:
http://security.debian.org/
pool/updates/main/
libd/libdbi-perl/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-38.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-069.html
Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/
libd/libdbi-perl/
Mandrake:
http://www.mandrakesoft.com
/security/advisories?name=
MDKSA-2005:030
SUSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-38.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 658-1, January 25, 2005
Ubuntu Security Notice, USN-70-1, January 25, 2005
Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005
RedHat Security Advisory, RHSA-2005:069-08, February 1, 2005
MandrakeSoft Security Advisory, MDKSA-2005:030, February 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005
Fedora Update Notification,
FEDORA-2005-841, September 6, 2005 |
Multiple Vendors
Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1
|
A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
670.html
http://rhn.redhat.com/
errata/RHSA-
2005-671.html
http://rhn.redhat.com/
errata/RHSA-
2005-708.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xpdf/
KDE:
http://www.kde.org/info/
security/advisory-
20050809-1.txt
Mandriva:
http://www.mandriva.com/
security/advisories
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-08.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.
org/pool/updates/
main/
k/kdegraphics/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability.
|
XPDF Loca Table Verification Remote Denial of Service
CAN-2005-2097
|
Low |
RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005
Ubuntu Security Notice, USN-163-1, August 09, 2005
KDE Security Advisory, 20050809-1, August 9, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 2005
Fedora Update Notifications,
FEDORA-2005-729, 730, 732, & 733, August 15 & 17, 2005
Debian Security Advisory, DSA 780-1, August 22, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005
Turbolinux Security Advisory, TLSA-2005-88, September 5, 2005
|
Multiple Vendors
SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12 |
A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.
Patches available at:
http://www.kernel.org/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/l/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel XFRM Array Index Buffer Overflow
CAN-2005-2456 |
High |
Security Focus, 14477, August 5, 2005
Ubuntu Security Notice, USN-169-1, August 19, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 |
Multiple Vendors
Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0, SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server for S/390 9.0, Linux Enterprise Server 9; 2.6-2.6.12 .4
|
A Denial of Service vulnerability has been reported due to a failure to handle malformed compressed files.
Upgrades available at:
http://www.kernel.org/
pub/linux/kernel/v2.6/
linux-2.6.12.5.tar.gz
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel ZLib Null Pointer Dereference Denial of Service
CAN-2005-2459 |
Low |
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 |
Multiple Vendors
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3 , 0.1-0.1.6 1, 0.0.1-0.0.6
|
A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.
Debian:
ftp://security.debian.org
/pool/updates/
main/z/zlib/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:16/zlib.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-05.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/
Mandriva:
http://www.mandriva.com/
security/advisories
OpenBSD:
http://www.openbsd.org/
errata.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
569.html
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/Server/10
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
zsync:
http://prdownloads.
sourceforge.net/zsync/
zsync-0.4.1.tar.gz?
download
Apple:
http://docs.info.apple.com/
article.html?artnum=302163
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
IPCop:
http://sourceforge.net/project/
showfiles.php?group_id=
40604&package_id =
35093&release_id=351848
Debian:
http://security.debian.org/
pool/updates/main/
z/zsync/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory
DSA 740-1,
July 6, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005
Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005
SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005
Ubuntu Security Notice,
USN-148-1, July 06, 2005
RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005
Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005
OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005
Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005
Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005
Fedora Update Notification, FEDORA-2005-565, July 13, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 14162, July 21, 2005
USCERT Vulnerability Note VU#680620, July 22, 2005
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Security Focus, Bugtraq ID: 14162, August 26, 2005
Debian Security Advisor y, DSA 797-1, September 1, 2005
|
Multiple Vendors
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha
|
A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.
Zlib:
http://www.zlib.net/
zlib-1.2.3.tar.gz
Debian:
http://security.debian.org/
pool/updates/main/z/zlib/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/
OpenBSD:
http://www.openbsd.org/
errata.html#libz2
Mandriva:
http://www.mandriva.com/
security/ advisories
?name=
MDKSA-2005:124
Fedora:
http://download.fedora.
redhat.com/ pub/fedora
/linux/core/updates/
Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security&y=
2005&m=slackware-
security.323596
FreeBSD:
ftp://ftp.freebsd.org/
pub/FreeBSD/CERT/
advisories/FreeBSD
-SA-05:18.zlib.asc
SUSE:
http://lists.suse.com/
archive/suse-security-
announce/2005-
Jul/0007.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-28.xml
http://security.gentoo.org/
glsa/glsa-200508-01.xml
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Apple:
http://docs.info.apple.com/
article.html?artnum=
302163
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Server/10/updates/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
Debian:
http://security.debian.org/
pool/updates/main/
z/zsync/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service
CAN-2005-1849
|
Low |
Security Focus, Bugtraq ID 14340, July 21, 2005
Debian Security Advisory DSA 763-1, July 21, 2005
Ubuntu Security Notice, USN-151-1, July 21, 2005
OpenBSD, Release Errata 3.7, July 21, 2005
Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005
Secunia, Advisory: SA16195, July 25, 2005
Slackware Security Advisory, SSA:2005-
203-03, July 22, 2005
FreeBSD Security Advisory, SA-05:18, July 27, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005
Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005
Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005
Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005
Turbolinux Security Advisory , TLSA-2005-83, August 18, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Debian Security Advisory, DSA 797-1, September 1, 2005 |
Multiple Vendors
Linux kernel 2.6.8 rc1-rc3, 2.6.8, 2.6.11 -rc2-rc4, 2.6.11
|
A Denial of Service vulnerability has been reported due to an error in the AIO (Asynchronous I/O) support in the "is_hugepage_only_range()" function.
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
An exploit script has been published. |
Linux Kernel Asynchronous Input/Output Local Denial of Service
CAN-2005-0916
|
Low |
Secunia Advisory, SA14718,
April 4, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.12 .1 |
A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
This issue has been addressed in Linux kernel 2.6.13-rc7.
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Ubuntu Security Notice, USN-169-1, August 19, 2005
Security Focus, Bugtraq ID 14609, August 19, 2005
Security Focus, Bugtraq ID 14609, August 25, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 |
Multiple Vendors
Linux kernel
2.6-2.6.12 .1
|
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION
_KEYRING' operation due to an error when attempting to join a key management session.
Patches available at:
http://kernel.org/pub/linux/
kernel/v2.6/snapshots/
patch-2.6.13-rc6-git 1.bz2
Ubuntu: :
http://security.ubuntu.com/
ubuntu/pool/main/l/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
There is no exploit code required. |
|
Low |
Secunia Advisory: SA16355, August 9, 2005
Ubuntu Security Notice, USN-169-1, August 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 |
Multiple Vendors
Nikto 1.35; N-Stealth Free Edition 5.8, Commercial Edition 5.8 |
A vulnerability has been reported in Stealth and Nikto, Web vulnerability scanners due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
N-Stalker has released updated versions; users should contact the vendor for information regarding obtaining updates.
Nikto has released an update advising users to be cautious when viewing HTML reports.
There is no exploit code required. |
|
Medium |
Security Focus, Bugtraq ID: 14717, September 1, 2005 |
Multiple Vendors
Novell Evolution 2.0.2-2.0.4; LibTIFF 3.6.1; sy Software Products CUPS 1.1.12-1.1.23, 1.1.10, 1.1.7, 1.1.6, 1.1.4 -5, 1.1.4-3, 1.1.4 -2, 1.1.4, 1.1.1, 1.0.4 -8, 1.0.4; Ubuntu 4.10, 5.04
|
A remote Denial of Service vulnerability has been reported due to insufficient validation of specific header values.
Libtiff:
http://freshmeat.net/redir/
libtiff/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
A Proof of Concept exploit has been published.
|
LibTiff Tiff Image Header Remote Denial of Service
CAN-2005-2452
|
Low |
Security Focus Bugtraq ID 14417, July 29, 2005
Ubuntu Security Notice, USN-156-1, July 29, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:142, August 18, 2005
Turbolinux Security Advisory , TLSA-2005-89, September 5, 2005
|
Multiple Vendors
RedHat Fedora Core3; Ubuntu Linux 4.1 ppc, ia64, ia32;
NTP NTPd 4.0-4.2 .0a
|
A vulnerability has been reported in xntpd when started using the '-u' option and the group is specified by a string, which could let a malicious user obtain elevated privileges.
Upgrade available at:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/i386 /ntp-4.2.0.a.
20040617-5.FC3.i386.rpm
NTP:
http://ntp.isc.org/Main/
DownloadViaHTTP?file=
ntp4/snapshots/ntp-dev/
20 05/08/ntp-dev-4.2.0b-
20050827.tar.gz
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/n/ntp/
Debian:
http://security.debian.org/
pool/updates/main/n/ntp/
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required. |
|
Medium |
Fedora Update Notification,
FEDORA-2005-812, August 26, 2005
Ubuntu Security Notice, USN-175-1, September 01, 2005
Debian Security Advisory, DSA 801-1, September 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:156, September 6, 2005 |
Multiple Vendors
SILC Secure Internet Live Conferencing 1.0, 0.9.11-0.9.21;
Gentoo Linux
|
A vulnerability has been reported due to the insecure creation of '/tmp' in 'silcd.c,' which could let a remote malicious user create/overwrite arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Security Focus, Bugtraq ID: 14716, September 1, 2005 |
Multiple Vendors
Simpleproxy 3.0-3.2 , 2.2b;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha
|
A format string vulnerability has been reported when handling HTTP proxy replies, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.
sourceforge.net/
simpleproxy/simpleproxy-
3.4.tar.gz? download
Debian:
http://security.debian.org/
pool/updates/main/s/
simpleproxy/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory, DSA 786-1, August 26, 2005
US-CERT VU#139421 |
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64,
4.1 ppc, ia64, ia32;
Rob Flynn Gaim 1.3.1, 1.3 .0, 1.2.1, 1.2 , 1.1.1 -1.1.4, 1.0-1.0.2; RedHat Enterprise Linux WS 2.1, IA64, ES 2.1, IA64, AS 2.1, IA64, Desktop 4.0, Advanced Workstation for the Itanium Processor 2.1, IA64
|
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to the way away messages are handled, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability has been reported due to an error when handling file transfers.
Updates available at: http://gaim.sourceforge.
net/downloads.php
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
589.html
http://rhn.redhat.com/
errata/RHSA-2005-
627.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-06.xml
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
A Proof of Concept exploit has been published for the buffer overflow vulnerability.
|
|
High |
RedHat Security Advisories, RHSA-2005:589-16 & RHSA-2005:627-11, August 9, 2005
Ubuntu Security Notice, USN-168-1, August 12, 2005
Gentoo Linux Security Advisory, GLSA 200508-06, August 15, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:139, August 16, 2005
Fedora Update Notifications,
FEDORA-2005-750 & 751, August 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
Slackware Security Advisory, SSA:2005-242-03, August 31, 2005
|
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1 |
A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel ISO File System Remote Denial of Service
CAN-2005-2457
|
Low |
Ubuntu Security Notice, USN-169-1, August 19, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
|
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Trustix Secure Linux 3.0, 2.2,
Trustix Secure Enterprise Linux 2.0; SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server 9;
Linux kernel 2.6-2.6.12 .4
|
A Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions.
Upgrades available at:
http://www.kernel.org/
pub/linux/kernel/v2.6/
linux-2.6.12.5.tar.gz
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel ZLib Invalid Memory Access Denial of Service
CAN-2005-2458 |
Low |
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 |
Nokia
Affix 3.0-3.2,
2.1-2.1.2,
2.0 -2.0.2 |
A vulnerability has been reported in the 'event_pin_code_request()' function due to an input validation error, which could let a remote malicious user inject arbitrary shell commands via a specially crafted Bluetooth device name.
Patches available at:
http://affix.sourceforge.net/
patch_btsrv_affix_2_1_2
http://affix.sourceforge.net/
patch_btsrv_affix_3_2_0
Debian:
http://security.debian.
org/pool/updates/
main/a/affix/
There is no exploit code required. |
Nokia Affix BTSRV Device Name Remote Command Execution
CAN-2005-2716
|
High |
DMA 2005-0826a Advisory, August 26, 2005
Debian Security Advisory, DSA 796-1, September 1, 2005 |
OpenSSL Project
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/
openssl/
Debian:
http://www.debian.org/
security/2004/dsa-603
Mandrakesoft:
http://www.mandrakesoft.
com/security/advisories
?name=
MDKSA-2004:147
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
FedoraLegacy:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005
-476.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-170.pdf
There is no exploit code required. |
OpenSSL
Insecure Temporary File Creation
CAN-2004-0975 |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004
Ubuntu Security Notice, USN-24-1, November 11, 2004
Debian Security Advisory
DSA-603-1, December 1, 2004
Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004
Turbolinux Security Announce-
ment, 20050131, January 31, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005
Avaya Security Advisory, ASA-2005-170, August 29, 2005 |
Padl Software
pam_ldap Build 179, Build 169 |
A vulnerability has been reported when handling a new password policy control, which could let a remote malicious user bypass authentication policies.
Upgrades available at:
ftp://ftp.padl.com/
pub/pam_ldap.tgz
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-22.xml
There is no exploit code required.
|
|
Medium |
Bugtraq ID: 14649, August 24, 2005
US-CERT VU#778916
Gentoo Linux Security Advisory, GLSA 200508-22, August 31, 2005 |
PCRE
PCRE 6.1, 6.0, 5.0 |
A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.
Updates available at:
http://www.pcre.org/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/pcre3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-17.xml
Mandriva:
http://www.mandriva.com/
security/advisories
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Ubuntu:
http://security.ubuntu.
com/ubuntu/
pool/main/
Debian:
http://security.debian.
org/pool/updates/
main/p/pcre3/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory: SA16502, August 22, 2005
Ubuntu Security Notice, USN-173-1, August 23, 2005
Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005
Fedora Update Notifications,
FEDORA-2005-802 & 803, August 24, 2005
Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005
SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005
Slackware Security Advisories, SSA:2005-242-01 & 242-02 , August 31, 2005
Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005
Debian Security Advisory, DSA 800-1, September 2, 2005
SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005
|
PolyGen
PolyGen 1.0.6 |
A Denial of Service vulnerability has been reported due to resource exhaustion.
Debian:
http://security.debian.org/
pool/updates/main/
p/polygen/
Currently we are not aware of any exploits for this vulnerability.
|
PolyGen Denial of Service
CAN-2005-2656 |
Low |
Debian Security Advisory, DSA 794-1, September 1, 2005 |
| ProFTPd |
Multiple format string vulnerabilities have been reported in ProFTPd that could let remote malicious users cause a Denial of Service or disclose information.
Upgrade to version 1.3.0rc2:
http://www.proftpd.org/
Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200508-02.xml
Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Mandriva:
http://www.mandriva.
com/security/advisories
Debian:
http://security.debian.
org/pool/updates/
main/p/proftpd/
OpenPKG:
ftp://ftp.openpkg.org/
release/
Currently we are not aware of any exploits for these vulnerabilities. |
ProFTPD Denial of Service or Information Disclosure
CAN-2005-2390 |
Medium |
Secunia, Advisory: SA16181, July 26, 2005
Gentoo Linux Security Advisory, GLSA 200508-02, August 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Turbolinux Security Advisory, TLSA-2005-82, August 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:140, August 16, 2005
Debian Security Advisories, DSA 795-1 & 795-2, September 1, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.020, September 6, 2005 |
| pstotext V1.9 |
A vulnerability has been reported in pstotext ('-dSAFER') that could let malicious users execute arbitrary postscript code.
Debian:
http://security.debian.
org/pool/updates/
main/p/pstotext/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200507-29.xml
There is no exploit code required. |
pstotext Arbitrary Code Execution
CAN-2005-2536 |
High |
Secunia, Advisory: SA16183, July 25, 2005
Debian Security Advisory, DSA 792-1, August 31, 2005
Gentoo Linux Security Advisory, GLSA 200507-29, August 31, 2005 |
Smb4k
Smb4k 0.4-0.6 |
A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.
Patches available at:
http://download.berlios.de/
smb4k/001_security_fix_
smb4k_0.4.1a.diff.gz
Upgrades available at:
http://download.berlios.de/
smb4k/smb4k-0.6.3.tar.gz
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required. |
|
Medium |
Security Focus, Bugtraq ID: 14756, September 7, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:157, September 6, 2005
|
Squid Web Proxy
Squid Web Proxy Cache 2.5 .STABLE1-STABLE 10, 2.4 .STABLE6 & 7, STABLE 2, 2.4, 2.3 STABLE 4&5, 2.1 Patch 2, 2.0 Patch 2 |
A remote Denial of Service vulnerability has been reported in '/squid/src/ssl.c' when a malicious user triggers a segmentation fault in the 'sslConnectTimeout()' function.
Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/squid-
2.5.STABLE10-ssl
ConnectTimeout.patch
There is no exploit code required. |
Squid 'sslConnect
Timeout()' Remote Denial of Service
CAN-2005-2796 |
Low |
Security Tracker Alert ID: 1014846, September 2, 2005 |
University of Minnesota
gopherd 3.0.9 |
A buffer overflow vulnerability has been reported in the 'VlfromLine()' function when copying an input line, which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
An exploit script has been published.
|
|
Medium |
Secunia Advisory: SA16614, August 30, 2005
US-CERT VU#619812 |
| Vim V6.3.082 |
A vulnerability has been reported in Vim that could let remote malicious users execute arbitrary code.
Vendor patch available:
ftp://ftp.vim.org/pub/vim/
patches/6.3/6.3.082
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/v/vim/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/
core/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Mandriva:
http://www.mandriva.
com/security/
advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-745.html
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-189.pdf
There is no exploit code required; however, Proof of Concept exploits have been published. |
Vim Arbitrary Code Execution
CAN-2005-2368 |
High |
Security Focus, 14374, July 25, 2005
Ubuntu Security Notice, USN-154-1, July 26, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0038, July 29, 2005
Fedora Update Notifications,
FEDORA-2005-737, 738, & 741, August 10 & 15, 2005
Conectiva Security Advisory, CLSA-2005:995,
Mandriva Linux Security Update Advisory, MDKSA-2005:148, August 22, 2005
RedHat Security, Advisory, RHSA-2005:745-10, August 22, 2005
Avaya Security Advisory, ASA-2005-189-, August 31, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Barracuda Networks
Barracuda Spam Firewall 3.1.17 firmware |
Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'IMG.PL' which could let a remote malicious user obtain sensitive information; and a vulnerability was reported when user-supplied commands are submitted to the web interface, which could let a remote malicious user execute arbitrary commands.
The vendor has released firmware version 3.1.18 to address this and other issues. Please contact the vendor to obtain the upgrade.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
| |
| |
