 |
Summary of Security Items from October 5 through October 11, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
aeNovo
aeNovo, aeNovoShop, aeNovoWYSI |
Multiple input validation vulnerabilities have been reported in aeNovo, aeNovoShop, and aeNovoWYSI that could let remote malicious users perform SQL injection or Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
aeNovo SQL Injection or Cross-Site Scripting |
Medium |
Security Focus, ID: 15036, 15038, October 7, 2005 |
| aspReady FAQ Manager |
An input validation vulnerability has been reported in aspReady FAQ Manager that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required. |
aspReady FAQ Manager SQL Injection |
Medium |
Security Tracker, Alert ID: 1015015, October 6, 2005 |
GFI MailSecurity
GFI MailSecurity for Exchange/ SMTP 8.1 |
A buffer overflow vulnerability has been reported in GFI MailSecurity that could let remote malicious users execute arbitrary code or cause a Denial of Service.
A vendor patch is available:
ftp://ftp.gfi.com/
patches/MSEC8_PATCH_
20050919_01.zip
Currently we are not aware of any exploits for this vulnerability. |
GFI MailSecurity Arbitrary Code Execution or Denial of Service
|
High |
Security Focus, ID 15081, October 11, 2005 |
Hauri
vrAZMain.dll 5.8.22.137 in ViRobot Expert 4.0, ViRobot Advanced Server, LiveCall
|
A buffer overflow vulnerability has been reported in vrAZMain.dll 5.8.22.137 utilized in ViRobot Expert 4.0, ViRobot Advanced Server, LiveCall, ALZ archive processing, that could let remote malicious users execute arbitrary code.
Vendor upgrade, vrAZMain.dll 5.9.22.154, available via online update.
Currently we are not aware of any exploits for this vulnerability. |
Hauri Arbitrary Code Execution |
High |
Secunia, Advisory: SA16852, October 6, 2005 |
MailEnable Enterprise 1.1, Professional 1.6
|
A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.
Vendor hotfix available:
http://www.mailenable.com/hotfix/
An exploit has been published. |
MailEnable Arbitrary Code Execution
CAN-2005-3155 |
High |
Secunia, Advisory: SA17010, October 4, 2005
Security Focus, ID: 15006, October 7, 2005 |
Microsoft
Client Service for NetWare |
A buffer overflow vulnerability has been reported in Client Service for NetWare that could let malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-046.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Client Service for NetWare Arbitrary Code Execution
CAN-2005-1985 |
High |
Microsoft, Security Bulletin MS05-046, October 11, 2005 |
Microsoft
Collaboration Data Objects |
A buffer overflow vulnerability has been reported in Collaboration Data Objects that could let remote malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-048.mspx
A Proof of Concept exploit script has been published. |
Microsoft Collaboration Data Objects Arbitrary Code Execution
CAN-2005-1987
|
High |
Microsoft, Security Bulletin MS05-048, October 11, 2005
USCERT, VU#883460
Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Microsoft
DirectX DirectShow 7.0 to 9.0c |
A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-050.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft DirectX DirectShow Arbitrary Code Execution
CAN-2005-2128
|
High |
Microsoft, Security Bulletin MS05-050, October 11, 2005
USCERT, VU#995220
Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Microsoft
Internet Explorer 5.01, 5.5, 6.0 |
A vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-052.mspx
An exploit has been published. |
Microsoft Internet Explorer Arbitrary Code Execution
CAN-2005-2127
|
High |
Microsoft, Security Bulletin MS05-052, October 11, 2005
Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Microsoft
Network Connection Manager |
A vulnerability has been reported in Network Connection Manager that could let malicious users cause a Denial of Service.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-045.mspx
An exploit has been published. |
Microsoft Network Connection Manager Denial of Service
CAN-2005-2307
|
Low |
Microsoft Security Bulletin MS05-045, October 11, 2005 |
Microsoft
Windows FTP Client |
An input validation vulnerability has been reported in Windows FTP Client that could let remote malicious users to obtain arbitrary file control.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-044.mspx
A Proof of Concept exploit script has been published. |
Microsoft Windows FTP Client Arbitrary File Control
CAN-2005-2126
|
Medium |
Microsoft, Security Bulletin MS05-044, October 11, 2005 |
Microsoft
Windows Microsoft Distribution Transaction Coordinator (MSDTC) and COM+ |
A buffer overflow vulnerability has been reported in Windows MSDTC and COM+ that could let local or remote malicious users execute arbitrary code, obtain elevated privileges or cause a Denial of Service.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-051.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service
CAN-2005-1978
CAN-2005-1979
CAN-2005-1980
CAN-2005-2119 |
High |
Microsoft, Security Bulletin MS05-051, October 11, 2005
US-CERT VU#180868,
US-CERT VU#950516
Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Microsoft
Windows Plug and Play |
A buffer overflow vulnerability has been reported in Windows Plug and Play that could let malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-047.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Plug and Play Arbitrary Code Execution
CAN-2005-2120 |
High |
Microsoft, Security Bulletin MS05-047, October 11, 2005
USCERT, VU#214572
Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Microsoft
Windows Shell |
A vulnerability has been reported in Windows Shell that could let malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-049.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Shell Arbitrary Code Execution
CAN-2005-2117
CAN-2005-2118
CAN-2005-2122 |
High |
Microsoft, Security Bulletin MS05-049, October 11, 2005
USCERT, VU#922708
Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Microsoft
Windows XP Wireless Zero Configuration Service
|
A vulnerability has been reported in Windows XP Wireless Zero Configuration Service that could let remote malicious users disclose information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure |
Medium |
Security Focus, ID: 15008, October 4, 2005 |
RarLab
WinRar prior to 3.51 |
Multiple vulnerabilities have been reported in WinRar that could let remote malicious users to execute arbitrary code.
Upgrade to newest version:
http://www.rarlabs.com/
download.htm
Currently we are not aware of any exploits for this vulnerability. |
WinRAR Arbitrary Code Execution |
High |
Secunia, Advisory: SA16973, October 11, 2005 |
Symantec
Symantec AntiVirus Scan Engine 4.0, 4.3 |
A buffer overflow vulnerability has been reported in Symantec AntiVirus that could let remote malicious users execute arbitrary code.
Vendor upgrade available:
http://securityresponse.symantec.
com/avcenter/security/Content
/2005.10.04.html#savse4-3-12
Currently we are not aware of any exploits for this vulnerability. |
Symantec Anti Virus Arbitrary Code Execution
CAN-2005-2758
|
High |
Symantec Security Response, SYM05-017, October 4, 2005
USCERT, VU#849209 |
Webroot Software Inc.
Webroot Desktop Firewall 1.3.0.43 |
Multiple vulnerabilities have been reported in Webroot Desktop Firewall that could let local malicious users bypass authentication or execute arbitrary code.
Upgrade to version 1.3.0.5.2 using the applications 'Check for Updates' functionality.
Currently we are not aware of any exploits for these vulnerabilities. |
Webroot Desktop Firewall Authentication Bypassing or Arbitrary Code Execution |
High |
Security Focus, ID; 15016, October 6, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apache Software Foundation
Apache 2.0.x |
A vulnerability has been reported in 'modules/ssl/ssl_engine_
kernel.c' because the 'ssl_hook_Access()' function does not properly enforce the 'SSLVerifyClient require' directive in a per-location context if a virtual host is configured with the 'SSLVerifyCLient optional' directive, which could let a remote malicious user bypass security policies.
Patch available at:
http://svn.apache.org/
viewcvs?rev=264800
&view=rev
OpenPKG:
ftp://ftp.openpkg.org/
release/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
608.html
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/apache2/
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/
Debian:
http://security.debian.
org/pool/updates/
main/a/apache2/
Mandriva:
http://www.mandriva.
com/security/
advisories
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Debian:
http://security.debian.
org/pool/updates/
main/liba/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-12.xml
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-204.pdf
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
HP:
http://software.
hp.com/
There is no exploit code required. |
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
CAN-2005-2700 |
Medium |
Security Tracker Alert ID: 1014833, September 1, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005
RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005
Ubuntu Security Notice, USN-177-1, September 07, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Debian Security Advisory, DSA 805-1, September 8, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005
Slackware Security Advisory, SSA:2005-251-02, September 9, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005
Debian Security Advisory DSA 807-1, September 12, 2005
US-CERT VU#744929
Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005
Avaya Security Advisory, ASA-2005-204, September 23, 2005
Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005
Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005
HP Security Bulletin,
HPSBUX-
01232, October 5, 2005 |
ARC
ARC 5.21 j
|
A vulnerability has been reported due to the insecure creation of temporary new archives by 'arc' and 'marc' before renamed to the user specified filename, which could let a malicious user obtain sensitive information.
Debian:
http://security.debian.
org/pool/updates/
main/a/arc/
There is no exploit code required. |
|
Medium |
Secunia Advisory: SA16805, September 16, 2005
Debian Security Advisory, DSA 843-1, October 5, 2005 |
Bacula
Bacula 1.36 .3 |
Vulnerabilities have been reported in 'autoconf/randpass' and 'scripts/mtx-changer.in' due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files.
The vulnerabilities have been fixed in the CVS repositories.
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
There is no exploit code required. |
|
Medium |
Secunia Advisory: SA16866, September 20, 2005
SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
Cyphor
Cyphor 0.19 |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'lostpwd.php' due to insufficient sanitization of the 'email' and 'nick' parameters and in 'newmsg.php' due to insufficient sanitization of the 'fid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'include/footer.php' due to insufficient sanitization of the 't_login' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits and an exploit script has been published.
|
Cyphor Cross-Site Scripting & SQL Injection |
Medium |
Security Focus, Bugtraq ID: 15049, October 10, 2005
Secunia Advisory: SA17104, October 10, 2005 |
Debian
mason 0.13.92 |
A vulnerability has been reported in 'debian/postinst' due to a missing call to 'update-rc.d' after configuring mason, which could leave the system without a firewall and a false sense of security.
Upgrade available at:
http://security.debian.
org/pool/updates/
main/m/mason/
mason_1.0.0-
2.2_a ll.deb
There is no exploit code required.
|
|
Medium |
Debian Security Advisory, DSA 845-1, October 6, 2005 |
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Mandriva:
http://www.mandriva.
com/security/
advisories
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-378.html
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.32
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-191.pdf
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/cpio/
Debian:
http://security.debian.
org/pool/updates/
main/c/cpio/
There is no exploit code required. |
|
Medium |
Bugtraq, 395703,
April 13, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005
Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005
RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SCO Security Advisory, SCOSA-2005.32, August 18, 2005
Avaya Security Advisory, ASA-2005-191, September 6, 2005
Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005
Ubuntu Security Notice, USN-189-1, September 29, 2005
Debian Security Advisory, DSA 846-1, October 7, 2005 |
GNU
cpio 2.6 |
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200506-16.xml
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Mandriva:
http://www.mandriva.
com/security/
advisories
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.32
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-191.pdf
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/cpio/
Debian:
http://security.debian.
org/pool/updates/
main/c/cpio/
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq,
396429, April 20, 2005
Gentoo Linux Security Advisory, GLSA
200506-16, June 20, 2005
Trustix Secure
Linux Security Advisory, TSLSA-2005-
0030, June 24, 2005
Mandriva Linux Security Update Advisory, MDKSA2005:
116, July 12, 2005
SCO Security Advisory, SCOSA-2005.32, August 18, 2005
Avaya Security Advisory, ASA-2005-191, September 6, 2005
Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005
Ubuntu Security Notice, USN-189-1, September 29, 2005
Debian Security Advisory, DSA 846-1, October 7, 2005
|
GNU
Texinfo 4.7 |
A vulnerability has been reported in 'textindex.c' due to insecure creation of temporary files by the 'sort_offline()' function, which could let a malicious user create/ overwrite arbitrary files.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-04.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/texinfo/
There is no exploit code required.
|
|
Medium |
Security Focus, Bugtraq ID: 14854, September 15, 2005
Gentoo Linux Security Advisory, GLSA 200510-04, October 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:175, October 6, 2005
Ubuntu Security Notice, USN-194-1, October 06, 2005
|
Graphviz
Graphviz 2.2.1
|
A vulnerability has been reported in '/dotty/dotty/dotty.lefty' due to the insecure creation of temporary files, which could let a malicious user overwrite arbitrary files.
Update available at:
http://www.graphviz.org/
Download_source.php
Debian:
http://security.debian.
org/pool/updates/
main/g/graphviz/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 857-1, October 10, 2005 |
Hiki
Hiki 0.8-0.8.2 |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'login' link due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported due to an unspecified error when handling access to missing pages, which could let a remote malicious user execute arbitrary HTML and script code.
Updates available at: http://hikiwiki.org/en/
download.html
There is no exploit code required. |
|
Medium |
Hiki Advisory, 2005-08-04, October 6, 2005 |
Hylafax
Hylafax 4.2.1 |
Several vulnerabilities have been reported: a vulnerability was reported in the 'xferfaxstats' script due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files; and a vulnerability was reported because ownership of the UNIX domain socket is not created or verified, which could let a malicious user obtain sensitive information and cause a Denial of Service.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-21.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
There is no exploit code required. |
|
Medium |
Security Focus, Bugtraq ID: 14907, September 22, 2005
Gentoo Linux Security Advisory, GLSA 200509-21, September 30, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:177, October 7, 2005 |
Inter7
SqWebMail 5.0.4 |
A vulnerability has been reported because the '<script>' tag can be used in HTML comments, which could let a remote malicious user execute arbitrary code when malicious email is viewed.
Patch available at:
http://www.courier-
mta.org/beta/
sqwebmail/
Debian:
http://security.debian.
org/pool/updates/
main/c/courier/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/courier/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
SqWebMail HTML Email Script Tag Script Injection
CAN-2005-2820 |
Medium |
Secunia Advisory: SA16704, September 6, 2005
Debian Security Advisory DSA 820-1, September 24, 2005
Ubuntu Security Notice, USN-201-1, October 11, 2005 |
Inter7
SqWebMail 5.0.4, 5.0 .1, 5.0.0, 4.0.5 -4.0.7, 4.0.4.20040524, 3.6.1, 3.6 .0, 3.5.0-3.5.3 , 3.4.1
|
A vulnerability has been reported due to insufficient sanitization of HTML emails, which could let a remote malicious user execute arbitrary HTML and script code.
Updates available at:
http://www.courier-
mta.org/?download.php
Debian:
http://security.debian.
org/pool/updates/
main/c/courier
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/courier/
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Secunia Advisory: SA16600, August 29, 2005
Debian Security Advisory, DSA 793-1, September 1, 2005
Ubuntu Security Notice, USN-201-1, October 11, 2005 |
Kaspersky Labs
Kaspersky Antivirus for Linux Servers 5.0.5, AntiVirus for Linux Workstations 5.0.5, Anti-Virus Personal 5.0.227;
F-Secure Anti-Virus For Linux 4.5 |
A buffer overflow vulnerability has been reported in the scan engine when parsing a malformed 'CHM' file, which could let a remote malicious user execute arbitrary code.
The vendor has released a signature update to address this issue. Users with updated signatures released after July 2005 are not vulnerable.
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, Bugtraq ID: 15054, October 10, 2005 |
KDE
KOffice 1.4.1, 1.4, 1.3-1.3.5, 1.2.1, 1.2
|
A buffer overflow vulnerability has been reported when handling a malformed RTF file, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.koffice.org/
download/
Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches/
Currently we are not aware of any exploits for this vulnerability. |
KDE KOffice KWord RTF Remote Buffer Overflow
CAN-2005-2971 |
High |
Security Focus, Bugtraq ID: 15060, October 11, 2005 |
LBL
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5 |
Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-06.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=
index&req=viewdownload
&cid=3&orderby=dateD
FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:10/
tcpdump.patch
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4809.html
Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/
Exploit scripts have been published. |
|
Low |
Bugtraq,
396932,
April 26, 2005
Fedora Update Notification,
FEDORA-2005-351, May 3,
2005
Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005
Ubuntu Security Notice,
USN-119-1 May 06, 2005
Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005
Security Focus, 13392, May 12, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005
Avaya Security Advisory,
ASA-2005-137, June 13, 2005
Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 13392, July 21, 2005
Debian Security Advisory, DSA 850-1, October 9, 2005 |
MasqMail
MasqMail 0.2.18 |
Several vulnerabilities have been reported: a vulnerability was reported in the email address due to a sanitization error when the message fails to be sent, which could let a malicious user execute arbitrary commands with privileges of the mail user; and a vulnerability was reported when handling log files due to an unspecified error, which could let a remote malicious user overwrite arbitrary files.
Mandriva:
http://www.mandriva.
com/security/
advisories
Debian:
http://security.debian.
org/pool/updates/
main/m/masqmail/
There is no exploit code required.
|
MasqMail Elevated Privileges
CAN-2005-2662
CAN-2005-2663 |
Medium |
Mandriva Linux Security Update Advisory, MDKSA-2005:168, September 20, 2005
Debian Security Advisory, DSA 848-1, October 8, 2005 |
Mozilla
Firefox 1.0.7, 1.0.6
|
A remote Denial of Service vulnerability has been reported in the 'iframe' tag due to an error when handling overly large size attributes.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Mozilla Firefox IFRAME Handling Remote Denial of Service |
Low |
Security Tracker Alert ID: 1015011, October 6, 2005 |
Multiple Vendors
DIA 0.91-0.94;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha
|
A vulnerability has been reported in 'plug-ins/python/diasvg_
import.py' due to the insecure use of the 'eval()' function when handling a malicious Scalable Vector Graphics (SVG) file, which could let a remote malicious user execute arbitrary python code.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/d/dia/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-06.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Debian:
http://security.debian.
org/pool/updates/
main/d/dia/
A Proof of Concept exploit has been published. |
|
High |
Security Focus, Bugtraq ID: 15000, October 3, 2005
Ubuntu Security Notice, USN-193-1, October 04, 2005
Gentoo Linux Security Advisory, GLSA 200510-06, October 6, 2005
SUSE Security Summary Report. SUSE-SR:2005:022, October 7, 2005
Debian Security Advisory DSA, 847-1, October 8, 2005
|
Multiple Vendors
Cfengine 2.1.9, 2.1.8, 2.1.7 p1, 2.1 .0a9, 2.1.0a8, 2.1.0a6, 2.0.1-2.0.7 p1-p3, 2.0 .8p1, 2.0 .8, 2.0 .0, 1.6 a11, 1.6 a10, 1.5.3 -4,
1.5 x;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha
|
Several vulnerabilities have been reported: a vulnerability was reported in '/bin/cfmailfilter' and '/contrib/cfcron.in' due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files; and a vulnerability was reported in 'contrib/vicf.in/ due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files.
Debian:
http://security.debian.
org/pool/updates/
main/c/cfengine/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/cfengine/
There is no exploit code required. |
|
Medium |
Debian Security Advisories, DSA 835-1 & 836-1, October 1, 2005
Ubuntu Security Notice, USN-198-1, October 10, 2005
|
Multiple Vendors
Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6 |
A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.
A fixed version (5.8.4 or later) is available at:
http://www.perl.com/
CPAN/src/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/p/perl/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200501-38.xml
Debian:
http://security.debian.
org/pool/updates/
main/p/perl/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Mandrake:
http://www.mandrake
secure.net/en/ftp.php
HP:
http://software.hp.com/
Fedora:
http://download.fedora.
redhat.com/ pub/fedora/
linux/core/updates/3/
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-196.pdf
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-674.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Ubuntu Security Notice, USN-94-1 March 09, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005
Debian Security Advisory, DSA 696-1 , March 22, 2005
Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005
HP Security Bulletin, HPSBUX01208, June 16, 2005
Secunia, Advisory: SA16193, July 25, 2005
Avaya Security Advisory, ASA-2005-196, September 13, 2005
RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005 |
Multiple Vendors
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, MandrakeSoft Corporate Server 3.0 x86_64, 3.0, 2.1 x86_64, 2.1; Hylafax Hylafax 4.2.1
|
A vulnerability has been reported due to a failure to implement UNIX domain network communication securely, which could let a malicious user obtain sensitive information.
Mandriva:
http://www.mandriva.
com/security/
advisories
There is no exploit code required. |
Multiple Vendors HylaFAX Insecure UNIX Domain Socket Usage |
Medium |
Mandriva Linux Security Update Advisory, MDKSA-2005:177, October 7, 2005
|
Multiple Vendors
RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6 |
A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.
Update available at:
http://cvs.tcpdump.org/
cgi-bin/cvsweb/
tcpdump/print-bgp.c
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Mandriva:
http://www.mandriva.
com/security/
advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/
Slackware:
ftp://ftp.slackware.com/
pub/slackware
IPCop:
http://sourceforge.net/
project/showfiles.php
?group_id=40604&
package_id =35093
&release_id=351848
IBM:
http://www.ibm.com/
support/
Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/
A Proof of Concept exploit script has been published. |
|
Low |
Security Tracker Alert, 1014133, June 8, 2005
Fedora Update Notification,
FEDORA-2005-406, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:101, June 15, 2005
Fedora Update Notification,
FEDORA-2005-407, June 16, 2005
Ubuntu Security Notice,
USN-141-1,
June 21, 2005
Turbolinux
Security Advisory, TLSA-2005-69,
June 22, 2005
Slackware Security
Advisory, SSA:2005-
195-10,
July 15, 2005
Security Focus, Bugtraq ID: 13906, August 26, 2005
Security Focus, Bugtraq ID: 13906, October 3, 2005
Debian Security Advisory, DSA 854-1, October 9, 2005 |
Multiple Vendors
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
Real Networks RealPlayer For Unix 10.0.4, 10.0.3, RealPlayer 10 for Linux , Japanese, German, English, Helix Player for Linux 1.0-1.0.4
|
A format string vulnerability has been reported when displaying an invalid-handle error message, which could let a remote malicious user execute arbitrary code.
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-788.html
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/
core/updates/
Debian:
http://security.debian.
org/pool/updates/
main/h/helix-player/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-07.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
An exploit script has been published. |
RealNetworks RealPlayer & Helix Player Format String
CAN-2005-2710
|
High |
RedHat Security Advisory, RHSA-2005:788-3, September 27, 2005
Fedora Update Notifications,
FEDORA-2005-940 & 941, September 27, 2005
US-CERT VU#361181
Debian Security Advisory DSA 826-1, September 29, 2005
Gentoo Linux Security Advisory, GLSA 200510-07, October 7, 2005
SUSE Security Announcement, SUSE-SA:2005:059, October 10, 2005
|
Multiple Vendors
Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1
|
A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.
Upgrades available at:
http://www.squid-cache.
org/Versions/v2/2.5/
squid-2.5.STABLE
11.tar.gz
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/squid/
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Mandriva:
http://www.mandriva.
com/security/
advisories
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia Advisory: SA16992, September 30, 2005
Ubuntu Security Notice, USN-192-1, September 30, 2005
Debian Security Advisory, DSA 828-1, September 30, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005 |
Multiple Vendors
SuSE Linux Enterprise Server 9, Linux 9.3 x86_64;
Linux kernel 2.6.11, 2.6.8, 2.6.5 |
A vulnerability has been reported in 'ptrace' 64-bit platforms which could let a malicious user access kernel memory pages.
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
514.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12 |
A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.
Patches available at:
http://www.kernel.org/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-663.html
Mandriva:
http://www.mandriva.
com/security/
advisories
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel XFRM Array Index Buffer Overflow
CAN-2005-2456 |
High |
Security Focus, 14477, August 5, 2005
Ubuntu Security Notice, USN-169-1, August 19, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Ubuntu Linux 5.0 4 amd64, 4.1 ia64;
SuSE Linux 9.3 x86_64, 9.1 x86_64, 9.0 x86_64;
Linux kernel 2.6.10, 2.6.8 |
A Denial of Service has been reported in 'ptrace()' due to insufficient validation of memory addresses.
Updates available at:
http://kernel.org/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/linux-source-
2.6.8.1/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-663.html
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
514.html
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Ubuntu Security Notice, USN-137-1, June 08, 2005
SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Multiple Vendors Linux Kernel 64 Bit 'AR-RSC' Register Access (Updated) |
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, 2.6.8 |
A vulnerability was reported has been reported in the 'mmap()' function because memory maps can be created with a start address after the end address, which could let a malicious user cause a Denial of Service or potentially obtain elevated privileges.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/
l/linux-source-2.6.8.1/
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Ubuntu Security Notice, USN-137-1, June 08, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Gentoo Linux;
GNU GDB 6.3 |
Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-15.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdb/
http://security.ubuntu.
com/ubuntu/pool/
main/b/binutils/
Mandriva:
http://www.mandriva.
com/security/
advisories
Trustix:
http://http.trustix.org/
pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA
-2005-659.html
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-673.html
http://rhn.redhat.
com/errata/RHSA-
2005-709.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005
Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005
RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005
RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005 |
Multiple Vendors
Linux kernel
2.6 prior to 2.6.12.1
|
A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.
Updates available at:
http://www.kernel.org/
SUSE:
http://www.novell.com/
linux/security/
advisories/2005_
44_kernel.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-663.html
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Tracker Alert ID: 1014275, June 23, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
|
Multiple Vendors
Linux kernel 2.6.8, 2.6.10 |
A vulnerability has been reported in the EXT2/EXT3 file systems, which could let a remote malicious user bypass access controls.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
Mandriva:
http://www.mandriva.
com/security/
advisories
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel EXT2/EXT3 File Access Bypass
CAN-2005-2801 |
Medium |
Security Focus, Bugtraq ID: 14792, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Linux kernel 2.6.8, 2.6.10 |
A remote Denial of Service vulnerability has been reported in the 'ipt_recent' module when specially crafted packets are sent.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
Mandriva:
http://www.mandriva.
com/security/
advisories
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel 'Ipt_recent' Remote Denial of Service
CAN-2005-2872 |
Low |
Security Focus, Bugtraq ID: 14791, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Linux kernel 2.6.8-2.6.10, 2.4.21
|
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-663.html
Mandriva:
http://www.mandriva.
com/security/
advisories
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for these vulnerabilities. |
Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service
CAN-2005-2490
CAN-2005-2492 |
High |
Secunia Advisory: SA16747, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005
Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.12 .1 |
A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
This issue has been addressed in Linux kernel 2.6.13-rc7.
SUSE:
ftp://ftp.SUSE.com/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-663.html
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for this vulnerability.
|
|
Medium |
Ubuntu Security Notice, USN-169-1, August 19, 2005
Security Focus, Bugtraq ID 14609, August 19, 2005
Security Focus, Bugtraq ID 14609, August 25, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.14 |
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/
request_key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.
Patches available at:
http://kernel.org/pub/
linux/kernel/v2.6/testing/
patch-2.6.14-rc4.bz2
There is no exploit code required. |
Linux Kernel Denial of Service & Information Disclosure
CAN-2005-3119
CAN-2005-3180
CAN-2005-3181
|
Medium |
Secunia Advisory: SA17114, October 12, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.14 |
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-514.html
Currently we are not aware of any exploits for these vulnerabilities.
|
|
Low |
Secunia Advisory: SA16969, September 27, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Linux Kernel 2.6-2.6.14 |
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_
mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping
via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of an non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on an SMP system that is operating under a heavy load.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
Low |
Ubuntu Security Notice, USN-199-1, October 10, 2005
|
Multiple Vendors
Linux kernel
2.6-2.6.12 .1
|
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION
_KEYRING' operation due to an error when attempting to join a key management session.
Patches available at:
http://kernel.org/pub/
linux/kernel/v2.6/
snapshots/patch-
2.6.13-rc6-git 1.bz2
Ubuntu: :
http://security.ubuntu.
com/ubuntu/pool/
main/l/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-514.html
There is no exploit code required. |
|
Low |
Secunia Advisory: SA16355, August 9, 2005
Ubuntu Security Notice, USN-169-1, August 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Multiple Vendors
Novell Evolution 2.0.2-2.0.4; LibTIFF 3.6.1; sy Software Products CUPS 1.1.12-1.1.23, 1.1.10, 1.1.7, 1.1.6, 1.1.4 -5, 1.1.4-3, 1.1.4 -2, 1.1.4, 1.1.1, 1.0.4 -8, 1.0.4; Ubuntu 4.10, 5.04
|
A remote Denial of Service vulnerability has been reported due to insufficient validation of specific header values.
Libtiff:
http://freshmeat.net/
redir/libtiff/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tiff/
Mandriva:
http://www.mandriva.
com/security/
advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
A Proof of Concept exploit has been published.
|
LibTiff Tiff Image Header Remote Denial of Service
CAN-2005-2452
|
Low |
Security Focus Bugtraq ID 14417, July 29, 2005
Ubuntu Security Notice, USN-156-1, July 29, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:142, August 18, 2005
Turbolinux Security Advisory, TLSA-2005-89, September 5, 2005
Conectiva Linux Announcement, CLSA-2005:1021, October 6, 2005
|
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10
|
A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.
OpenSSL:
http://www.openssl.org/
source/openssl-
0.9.7h.tar.gz
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors OpenSSL Insecure Protocol Negotiation
CAN-2005-2969
|
Medium |
OpenSSL Security Advisory, October 11, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005
RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005
Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005 |
Multiple Vendors
Turbolinux
Server 10.0, 8.0, Desktop 10.0, Turbolinux
Home
Appliance
Server 1.0 Workgroup Edition,
Hosting Edition; Trustix Secure Linux 3.0, 2.2, Secure Enterprise
Linux 2.0; Sun Solaris 10.0 _x86, 10.0, 9.0 _x86 Update 2, 9.0 _x86,
9.0, Sun SEAM 1.0-1.0.2;
SuSE Linux Professional
9.3 x86_64,
9.3, Linux Personal 9.3 x86_64, 9.3;
RedHat
Fedora Core3 & 4, Advanced Workstation for the Itanium Processor 2.1; MIT Kerberos 5 5.0 -1.4.1
& prior;
Gentoo Linux
|
Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code.
MIT:
http://web.mit.edu/
kerberos/advisories/
2005-002-patch_
1.4.1.txt.asc
Mandriva:
http://www.mandriva.
com/security/
advisories
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates
RedHat:
http://rhn.redhat.com
/errata/RHSA-2005-
567.html
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-
101809-1
SuSE:
http://www.novell.com
/linux/security/
advisories.html
Trustix:
http://http.trustix.org/
pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
SGI:
http://www.sgi.com/
support/security/
Debian:
http://www.debian.org/
security/2005/dsa-757
Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id
=a&anuncio=000993
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-
101810-1
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-562.html
| |
| |
