 |
Summary of Security Items from November 2 through November 8, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
| ASP Knowledgebase |
A vulnerability has been reported in ASPKnowledgebase that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required. |
ASP Knowledgebase SQL Injection Vulnerability
|
Medium |
Security Focus, ID: 15364, November 9, 2005 |
| FileZilla Server Terminal 0.4.9d |
A buffer overflow vulnerability has been reported in FileZilla that could let remote malicious users obtain elevated privileges or execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
FileZilla Server Terminal Privilege Elevation or Arbitrary Code Execution |
High |
Security Focus, ID: 15346, November 7, 2005 |
IpSwitch
WhatsUp Small Business 2004 |
An input validation vulnerability has been reported in WhatsUp Small Business that could let remote malicious users to traverse directories and disclose information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
WhatsUp Small Business Directory Traversal and Information Disclosure
CVE-2005-1939
|
Medium |
Security Tracker, Alert ID: 1015141, November 3, 2005 |
Microsoft
DirectX DirectShow 7.0 to 9.0c |
A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-050.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-214.pdf
V1.3 Updated to note availability of Microsoft Knowledge Base Article 909596 and to clarify an issue affecting Windows 2000 SP4 customers, also updates of file versions.
V1.4 Updated to note complications of the DirectX 8.1 update on machines running DirectX 9.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft DirectX DirectShow Arbitrary Code Execution
CVE-2005-2128
|
High |
Microsoft, Security Bulletin MS05-050, October 11, 2005
USCERT, VU#995220
Technical Cyber Security Alert TA05-284A, October 11, 2005
Avaya, ASA-2005-214, October 11, 2005
Microsoft, Security Bulletin MS05-050 V1.3, October 21, 2005
Microsoft, Security Bulletin MS05-050 V1.4, November 9, 2005 |
Microsoft
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
|
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. This is due to an error when processing EMF (Microsoft Enhanced Metafile) files in the
'GetEnhMetaFilePaletteEntries()' API in 'GDI32.DLL.'
Vendor solution available:
http://www.microsoft.com/
technet/security/Bulletin/
MS05-053.mspx
Proof of Concept exploits have been published. |
Microsoft Windows EMF File Denial of Service Vulnerability
CVE-2005-0803
|
Low |
Secunia SA14631, March 18, 2005
Security Focus, ID: 12834, November 9, 2005
Microsoft, Security Bulletin MS05-053, November 8, 2005
US-CERT, VU#134756, November 9, 2005 |
Microsoft
Windows Graphics Rendering Engine |
A buffer overflow vulnerability has been reported in Windows Graphics Rendering Engine that could let local or remote malicious users execute arbitrary code.
Vendor solution available:
http://www.microsoft.com/
technet/security/Bulletin/
MS05-053.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Graphics Rendering Engine Arbitrary Code Execution
CVE-2005-2123
CVE-2005-2124 |
High |
Security Tracker, Alert ID: 1015168, November 8, 2005
Microsoft, Security Bulletin MS05-053, November 8, 2005
US-CERT, VU#433341, VU#300549, November 9, 2005 |
Microsoft
Windows Kerberos PKINT
|
Multiple vulnerabilities have been reported in Windows Kerberos PKINT that could let remote malicious users disclose information or cause a Denial of Service.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-042.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service
CAN-2005-1981
CAN-2005-1982 |
Low |
Microsoft Security Bulletin MS05-042, August 9, 2005
US-CERT, VU#477341, November 9, 2005 |
Ocean12 Technologies
Calendar Manager Pro 1.0, 1.0.1 |
A vulnerability has been reported in Calendar Manager Pro that could let remote malicious users to bypass authentication.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published. |
Ocean12 Calendar Manager Pro Authentication Bypassing |
Medium |
Security Focus, ID: 15329, November 4, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apache Software Foundation
Apache 2.0.x |
A vulnerability has been reported in 'modules/ssl/ssl_engine_
kernel.c' because the 'ssl_hook_Access()' function does not properly enforce the 'SSLVerifyClient require' directive in a per-location context if a virtual host is configured with the 'SSLVerifyCLient optional' directive, which could let a remote malicious user bypass security policies.
Patch available at:
http://svn.apache.org/
viewcvs?rev=264800
&view=rev
OpenPKG:
ftp://ftp.openpkg.org/
release/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
608.html
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/apache2/
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/
Debian:
http://security.debian.
org/pool/updates/
main/a/apache2/
Mandriva:
http://www.mandriva.
com/security/
advisories
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Debian:
http://security.debian.
org/pool/updates/
main/liba/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-12.xml
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-204.pdf
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/
HP:
http://software.
hp.com/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-816.html
There is no exploit code required. |
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
CVE-2005-2700 |
Medium |
Security Tracker Alert ID: 1014833, September 1, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005
RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005
Ubuntu Security Notice, USN-177-1, September 07, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Debian Security Advisory, DSA 805-1, September 8, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005
Slackware Security Advisory, SSA:2005-251-02, September 9, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005
Debian Security Advisory DSA 807-1, September 12, 2005
US-CERT VU#744929
Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005
Avaya Security Advisory, ASA-2005-204, September 23, 2005
Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005
Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005
HP Security Bulletin,
HPSBUX-
01232, October 5, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
RedHat Security Advisory, RHSA-2005:816-10, November 2, 2005 |
Asterisk
Asterisk@Home 2.0 -beta4, 1.5, Asterisk 1.2 .0-beta1, 1.0.9, 1.0.8, 1.0.7, 0.9 .0, 0.7-0.7.2, 0.4, 0.3, 0.2, 0.1.7-0.1.9 -1 |
A vulnerability has been reported in 'vmail.cgi' due to insufficient sanitization of the 'folder' parameter, which could let a remote malicious user obtain unauthorized access.
Upgrades available at:
http://ftp.digium.com/
pub/asterisk/asterisk
-1.2.0-beta2.tar.gz
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Asterisk Voicemail Unauthorized Access |
Medium |
Assurance.
com.au Vulnerability Advisory, November 7, 2005 |
Christoph Martin
linux-ftpd-ssl 0.17 |
A buffer overflow vulnerability has been reported in the 'vsprintf()' function in the FTP server, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
High |
Secunia Advisory: SA17465, November 8, 2005 |
cPanel Inc.
cPanel 10.6 .0-R137, 10.2 .0-R82
|
A Cross-Site Scripting vulnerability has been reported in the Entropy Chat script due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Secunia Advisory: SA16609, November 4, 2005 |
Debian
horde 3.0.4 |
A vulnerability has been reported because the default Horde3 installation for Debian has a blank administrator password, which could let a local/remote malicious user obtain administrative access.
Upgrade available at:
http://security.debian.
org/pool/updates/
main/h/horde3/
horde3_3.0.4-
4sarge1_all.deb
There is no exploit code required. |
|
High |
Debian Security Advisory, DSA 884-1, November 7, 2005 |
Detlev Offenbach
eric3 prior to 3.7.2 |
A vulnerability has been reported due to a "potential security exploit." The impact was not specified
Upgrades available at:
http://prdownloads.
sourceforge.net/
eric-ide/eric-3.7.2.
tar.gz?download
Debian:
http://security.debian.
org/pool/updates/
main/e/eric/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for this vulnerability.
|
|
Not Specified |
Security Tracker Alert ID: 1014947, September 21, 2005
Debian Security Advisory, DSA 869-1, October 21, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Elm Development Group
ELM 2.5.5-2.5.7
|
A buffer overflow vulnerability has been reported due to insufficient parsing of SMTP 'Expires' header lines, which could let a remote malicious user execute arbitrary code.
Update to Elm 2.5 PL8 available at:
ftp://ftp.virginia.edu
/pub/elm/
RedHat:
http://rhn.redhat.com/
errata/RHSA
-2005-755.html
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker Alert ID: 1014745, August 20, 2005
RedHat Security Advisory, RHSA-2005:755-07, August 23, 2005
Slackware Security Advisory, SSA:2005-311-01, November 8, 2005 |
Eric S Raymond
Fetchmail 6.x |
A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information.
Upgrades available at: http://download.
berlios.de/fetchmail/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-06.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/fetchmail/
There is no exploit code required.
|
|
Medium |
fetchmail-SA-2005-02 Security Announcement, October 21, 2005
Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005
Ubuntu Security Notice, USN-215-1, November 07, 2005
|
F-Secure
Internet Gatekeeper for Linux,
Anti-Virus for Linux Gateways
|
A vulnerability has been reported because certain CGI scripts that have world-executable permissions and set user id (setuid) permissions can be invoked by a malicious user to obtain root privileges.
Fix available at:
http://www.f-secure.
co.jp/download/
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
F-Secure Anti-Virus Gatekeeper &Gateway for Linux Elevated Privileges |
High |
F-Secure Security Bulletin FSC-2005-3, November 7, 2005 |
Gallery
Gallery 1.5 1.4 -1.4.4 -pl5 |
A vulnerability has been reported in 'classes/postnuke0.7.1/
user.php' when determining the gallery name due to incorrect use of the global '$name' variable, which could let a remote malicious user bypass security restrictions.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=7130&
package_id=7239&
release_id=348064
Debian:
http://security.debian.
org/pool/updates/
main/g/gallery/
There is no exploit code required.
|
|
Medium |
Secunia Advisory: SA16389, August 11, 2005
Debian Security Advisory, DSA 879-1, November 2, 2005 |
Gentoo Linux
Gentoo Linux |
Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml
There is no exploit code required. |
Gentoo Linux Multiple Packages Insecure RUNPATH |
Medium |
Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005
Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005 |
GpsDrive
GpsDrive 2.0 9 |
A format string vulnerability has been reported in 'Friendsd,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.
org/pool/updates/
main/g/gpsdrive/
Proof of Concept exploits have been published.
|
|
High |
Security Focus, Bugtraq ID: 15319, November 4, 2005
Debian Security Advisory, DSA 891-1, November 9, 2005 |
Hewlett Packard Company
HP-UX 11.0 4, 11.0, 10.20, B.11.11, B.11.04, B.11.00 |
A vulnerability was reported because remote malicious authenticated users can send specially crafted data to list directories with root privileges.
Updates available at:
http://itrc.hp.com
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
|
Medium |
HP Security Advisory, HPSBUX
02071, November 6, 2005 |
Hewlett Packard Company
HP-UX B.11.00, B.11.11
|
A vulnerability has been reported in 'envd' due to an unspecified error, which could let a remote malicious user execute arbitrary code and/or obtain elevated privileges.
Patches available at: http://itrc.hp.com
Currently we are not aware of any exploits for this vulnerability. |
HP-UX 'envd' Arbitrary Code Execution or Elevated Privileges |
High |
HP Security Bulletin, HPSBUX
02073, November 9, 2005 |
Hewlett Packard Company
HP-UX B.11.00, B.11.11, B.11.23 |
A vulnerability has been reported in 'remshd' due to an unspecified error on systems running in Trusted Mode, which could let a remote malicious user obtain unauthorized access.
Patches available at: http://itrc.hp.com
Currently we are not aware of any exploits for this vulnerability. |
HP-UX Trusted Mode 'remshd' Remote Unauthorized Access |
Medium |
HP Security Bulletin, HPSBUX
02072, November 9, 2005 |
IBM
AIX 5.2.2, 5.2L, 5.2 |
A buffer overflow vulnerability has been reported in 'SWCONS' command due to a boundary error. The impact was not specified.
Update information available at:
http://www-1.ibm.com/
support/docview.wss?
uid=isg1IY78467
Currently we are not aware of any exploits for this vulnerability. |
|
Not Specified |
IBM Advisory, IY78467, November 3, 2005 |
Jed Wing
CHM lib 0.35, 0.3- 0.33, 0.2, 0.1 |
A buffer overflow vulnerability has been reported in '_chm_
find_in_PMGL' due to a failure to properly bounds check input data prior to copying it into an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://morte.jedrea.com/
~jedwin/projects/chmlib/
chmlib-0.36.tgz
Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/
Currently we are not aware of any exploits for this vulnerability.
|
Jed Wing CHM Lib '_chm_find_
in_PMG'L Remote Buffer Overflow
CVE-2005-2930
|
High |
iDefense Security Advisory, October 28, 2005
Debian Security Advisory, DSA 886-1, November 7, 2005 |
Jed Wing
CHM lib 0.36, 0.35, 0.3-0.33, 0.2, 0.1
|
A buffer overflow vulnerability has been reported in the '_chm_decompress_block()' function due to a boundary error when reading input, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://morte.jedrea.com/
~jedwin/projects/
chmlib/chmlib-0.37.tgz
SUSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, Bugtraq ID: 15211, October 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Debian Security Advisory, DSA 886-1, November 7, 2005 |
KDE
KOffice 1.4.1, 1.4, 1.3-1.3.5, 1.2.1, 1.2
|
A buffer overflow vulnerability has been reported when handling a malformed RTF file, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.koffice.org/
download/
Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/k/koffice/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-12.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/k/koffice/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Mandriva:
http://www.mandriva.
com/security/
advisories
Debian:
http://security.debian.
org/pool/updates/
main/k/koffice/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Currently we are not aware of any exploits for this vulnerability. |
KDE KOffice KWord RTF Remote Buffer Overflow
CVE-2005-2971 |
High |
Security Focus, Bugtraq ID: 15060, October 11, 2005
Ubuntu Security Notice, USN-202-1, October 12, 2005
Gentoo Linux Security Advisory, GLSA 200510-12, October 12, 2005
Fedora Update Notification,
FEDORA-2005-984, October 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:185, October 14, 2005
Debian Security Advisory, DSA 872-1, October 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Slackware Security Advisory, SSA:2005-310-02, November 7, 2005
Conectiva Security Announce-ment, CLSA-2005:1042, November 7, 2005 |
lm_sensors
lm_sensors 2.9.1
|
A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lm-sensors/
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-19.xml
Debian:
http://security.debian.
org/pool/updates/
main/l/lm-sensors/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
Fedora:
http://download.fedora.
redhat.com/pub
/fedora/linux/
core/updates/
There is no exploit code required. |
LM_sensors PWMConfig Insecure Temporary File Creation
CVE-2005-2672
|
Low |
Security Focus, Bugtraq ID: 14624, August 22, 2005
Ubuntu Security Notice, USN-172-1, August 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005
Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005
Debian Security Advisory, DSA 814-1, September 15, 2005
Conectiva Linux Announce-
ment, CLSA-2005:1012, September 23, 2005
Fedora Update Notifications,
FEDORA-
2005-1053 & 1054, November 7, 2005
|
Multiple Vendors
ClamAV 0.80-0.87, 0.75.1, 0.70, 0.68, 0.65, 0.60, 0.51-0.54
|
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'libclamav/fsg.c' due to a boundary error when unpacking FSG v1.33 compressed executable files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in 'libclamav/tnef.c' due to a validation error when handling a CAB file that contains a malformed header; a remote Denial of Service vulnerability was reported in 'libclamav/
mspack/cabd.c' due to an error when handling a CAB file that contains a malformed header; and a remote Denial of Service vulnerability was reported in 'libclamav/ole2_extract.c' because the OLE2 unpacker does not properly process DOC files with an invalid property tree.
Upgrades available at:
http://prdownloads.
sourceforge.net/clamav/
clamav-0.87.1.tar.gz
?download
Debian:
http://security.debian.
org/pool/updates/
main/c/clamav/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-04.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Security Tracker Alert ID: 1015154, November 4, 2005
Debian Security Advisory DSA 887-1, November 7, 2005
Gentoo Linux Security Advisory, GLSA 200511-04, November 7, 2005
Mandriva Linux Security Advisory, MDKSA-2005:205, November 7, 2005 |
Multiple Vendors
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 |
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SuSE:
ftp://ftp.suse.com/
pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/h/htdig/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-16.xml
Mandrake:
http://www.mandrake
secure.net/en/ftp.php
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
SCO:
ftp://ftp.sco.com
/pub/updates/
OpenServer/
SCOSA-2005.46/
507
Proof of Concept exploit has been published. |
|
High |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory, DSA 680-1, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005
Fedora Update Notification,
FEDORA-2005-367, April 19, 2005
SCO Security Advisory, SCOSA-2005.46, November 2, 2005 |
Multiple Vendors
Jed Wing CHM lib 0.35-0.37, 0.3-0.33, 0.2, 0.1;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha
|
A buffer overflow vulnerability has been reported in the LZX decompression method, which could possibly let a remote malicious user execute arbitrary code.
Upgrade available at:
http://morte.jedrea.
com/~jedwin/
projects/chmlib/
chmlib-0.37.4.tgz
Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/
Currently we are not aware of any exploits for this vulnerability. |
Jed Wing CHM Lib LZX Decompression Method Buffer Overflow
CVE-2005-2659
|
High |
Debian Security Advisory DSA 886-1, November 7, 2005 |
Multiple Vendors
OpenBSD 3.0-3.7, 2.0-2.9; Keith Muller pax
|
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
OpenBSD:
http://www.openbsd.
org/38.html
There is no exploit code required; |
Pax File Permission Modification Race Condition |
Medium |
Security Focus, Bugtraq ID: 15262, November 1, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1
|
A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.
Upgrades available at:
http://www.squid-cache.
org/Versions/v2/2.5/
squid-2.5.STABLE
11.tar.gz
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/squid/
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Mandriva:
http://www.mandriva.
com/security/
advisories
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44
SUSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia Advisory: SA16992, September 30, 2005
Ubuntu Security Notice, USN-192-1, September 30, 2005
Debian Security Advisory, DSA 828-1, September 30, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Multiple Vendors
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3, 0.1-0.1.6 1, 0.0.1-0.0.6
|
A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.
Debian:
ftp://security.debian.
org/pool/updates/
main/z/zlib/
FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:16/zlib.patch
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200507-05.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/z/zlib/
Mandriva:
http://www.mandriva.
com/security/
advisories
OpenBSD:
http://www.openbsd.
org/errata.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
569.html
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/Server/10
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
zsync:
http://prdownloads.
sourceforge.net/zsync/
zsync-0.4.1.tar.gz?
download
Apple:
http://docs.info.apple.
com/article.html?
artnum=302163
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
IPCop:
http://sourceforge.net/
project/showfiles.php
?group_id=40604&
package_id = 35093
&release_id=351848
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Trolltech:
ftp://ftp.trolltech.com/
qt/source/qt-x11-free-
3.3.5.tar.gz
FedoraLegacy:
http://download.
fedoralegacy.org/
fedora/
Gentoo:
http://security.
gentoo.org/glsa/
glsa-200509-18.xml
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-18.xml
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101989-1
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/aide/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/r/rpm/
Currently we are not aware of any exploits for this vulnerability. |
Zlib Compression Library Buffer Overflow
CVE-2005-2096 |
High |
Debian Security Advisory
DSA 740-1,
July 6, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005
Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005
SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005
Ubuntu Security Notice,
USN-148-1, July 06, 2005
RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005
Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005
OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005
Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005
Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005
Fedora Update Notification, FEDORA-2005-565, July 13, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 14162, July 21, 2005
USCERT Vulnerability Note VU#680620, July 22, 2005
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Security Focus, Bugtraq ID: 14162, August 26, 2005
Debian Security Advisory, DSA 797-1, September 1, 2005
Security Focus, Bugtraq ID: 14162, September 12, 2005
Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005
Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005
Debian Security Advisory, DSA 797-2, September 29, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101989, October 14, 2005
Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005
Ubuntu Security Notice, USN-151-3, October 28, 2005
Ubuntu Security Notice, USN-151-4, November 09, 2005
|
Multiple Vendors
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha
|
A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.
Zlib:
http://www.zlib.net/
zlib-1.2.3.tar.gz
Debian:
http://security.debian.
org/pool/updates/
main/z/zlib/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/z/zlib/
OpenBSD:
http://www.openbsd.
org/errata.html#libz2
Mandriva:
http://www.mandriva.
com/security/
advisories?name=
MDKSA-2005:124
Fedora:
http://download.fedora.
redhat.com/ pub/fedora
/linux/core/updates/
Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security&y=
2005&m=slackware-
security.323596
FreeBSD:
ftp://ftp.freebsd.org/
pub/FreeBSD/CERT/
advisories/FreeBSD
-SA-05:18.zlib.asc
SUSE:
http://lists.suse.com/
archive/suse-security-
announce/2005-
Jul/0007.html
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200507-28.xml
http://security.gentoo.
org/glsa/glsa-
200508-01.xml
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Apple:
http://docs.info.apple.
com/article.html?
artnum=302163
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Server/10/updates/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Trolltech:
ftp://ftp.trolltech.com/
qt/source/qt-x11-free-
3.3.5.tar.gz
FedoraLegacy:
http://download.
fedoralegacy.org/
fedora/
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/aide/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/r/rpm/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service
CVE-2005-1849
|
Low |
Security Focus, Bugtraq ID 14340, July 21, 2005
Debian Security Advisory DSA 763-1, July 21, 2005
Ubuntu Security Notice, USN-151-1, July 21, 2005
OpenBSD, Release Errata 3.7, July 21, 2005
Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005
Secunia, Advisory: SA16195, July 25, 2005
Slackware Security Advisory, SSA:2005-
203-03, July 22, 2005
FreeBSD Security Advisory, SA-05:18, July 27, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005
Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005
Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005
Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005
Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Debian Security Advisory, DSA 797-1, September 1, 2005
Security Focus, Bugtraq ID: 14340, September 12, 2005
Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005
Debian Security Advisory, DSA 797-2, September 29, 2005
Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005
Ubuntu Security Notice, USN-151-3, October 28, 2005
Ubuntu Security Notice, USN-151-4, November 09, 2005 |
Multiple Vendors
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Acme thttpd 2.23 b1, 2.21 b |
A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite arbitrary files.
Debian:
http://security.debian.
org/pool/updates/
main/t/thttpd/
There is no exploit code required. |
|
Medium |
Debian Security Advisory DSA 883-1, November 4, 2005 |
Multiple Vendors
Gnome-DB libgda 1.2.1;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha |
Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_error()' and 'gda_
log_message()' functions, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.
org/pool/updates/
main/libg/libgda2/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libg/libgda2/
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-01.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/3/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Security Focus, Bugtraq ID: 15200, October 25, 2005
Debian Security Advisory,
DSA-871-1 & 871-2, October 25, 2005
Ubuntu Security Notice, USN-212-1, October 28, 2005
Mandriva Linux Security Advisory, MDKSA-2005:203, November 1, 2005
Gentoo Linux Security Advisory, GLSA 200511-01, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Fedora Update Notification,
FEDORA-2005-1029, November 7, 2005 |
Multiple Vendors
GNU gnump3d 2.9-2.9.5;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha |
A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories.
Upgrade to version 2.9.6:
http://savannah.gnu.
org/download/
gnump3d/
gnump3d-2.9.6.tar.gz
Debian:
http://security.debian.
org/pool/updates/
main/g/gnump3d/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml
There is no exploit code required; however, Proof of Concept exploits have been published. |
GNUMP3d Cross-Site Scripting or Directory Traversal
CVE-2005-3122
CVE-2005-3123 |
Medium |
Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005
Debian Security Advisory DSA 877-1, October 28, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Gentoo Linux Security Advisory, GLSA 200511-05, November 6, 2005 |
Multiple Vendors
GNU gnump3d 2.9-2.9.5;
Gentoo Linux |
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://www.gnu.org/
software/gnump3d/
download.html#
Download
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml
There is no exploit code required.
|
|
Medium |
Gentoo Linux Security Advisory GLSA 200511-05, November 7, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.14 |
A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'
Upgrades available at:
http://kernel.org/pub/
linux/kernel/v2.6/
linux-2.6.14.1.tar.bz2
There is no exploit code required. |
|
Low |
Secunia Advisory: SA17504, November 9, 2005 |
Multiple Vendors
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0;
GNU wget 1.10;
Daniel Stenberg curl 7.14.1, 7.13.1, 7.13, 7.12.1- 7.12.3, 7.11- 7.11.2, 7.10.6- 7.10.8
|
A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code.
WGet:
http://ftp.gnu.org/
pub/gnu/wget/
wget-1.10.2.tar.gz
Daniel Stenberg:
http://curl.haxx.se/
libcurl-ntlmbuf.patch
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/curl/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-19.xml
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-807.html
http://rhn.redhat.
com/errata/
RHSA-2005-812.html
SUSE:
ftp://ftp.suse.com
/pub/suse/
Slackware:
ftp://ftp.slackware.
com/pub
/slackware/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor WGet/Curl NTLM Username Buffer Overflow
CVE-2005-3185 |
High |
Security Tracker Alert ID: 1015056, October 13, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200
Ubuntu Security Notice, USN-205-1, October 14, 2005
Fedora Update Notifications
FEDORA-2005-995 & 996, October 17, 2005
Fedora Update Notification,
FEDORA-2005-1000, October 18, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005
RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Slackware Security Advisory, SSA:2005-310-01, November 7, 2005
|
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 |
A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.
OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml
Slackware:
ftp://ftp.slackware.
com/pub/
slackware/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/
OpenPKG:
ftp://ftp.openpkg.org/
release/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/
pub/trustix/updates/
SGI:
http://www.sgi.com/
support/security/
Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/
NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804
BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
can-2005-2969.html
Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors OpenSSL Insecure Protocol Negotiation
CVE-2005-2969 |
Medium |
OpenSSL Security Advisory, October 11, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005
RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005
Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005
Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005
Slackware Security Advisory, SSA:2005-286-01, October 13, 2005
Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005
Ubuntu Security Notice, USN-204-1, October 14, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005
SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
SGI Security Advisory, 20051003-01-U, October 26, 2005
Debian Security Advisory DSA 875-1, October 27, 2005
NetBSD Security Update, November 1, 2005
BlueCoat Systems Advisory, November 3, 2005
Debian Security Advisory, DSA 888-1, November 7, 2005
|
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, WS 2.1, IA64, ES 4, ES 3, ES 2.1, IA64, AS 4, AS 3, 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64;
libungif libungif 4.1.3,
4.1, giflib 4.1.3;
Gentoo Linux
|
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error; and a vulnerability was reported due to a boundary error that causes an out-of-bounds memory access, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=102202
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-03.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-828.html
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libu/libungif4/
Debian:
http://security.debian.
org/pool/updates/
main/libu/libungif4/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Security Tracker Alert ID: 1015149, November 3, 2005
Fedora Update Notifications,
FEDORA-2005-1045 & 1046, November 3, 2005
Gentoo Linux Security Advisory GLSA 200511-03, November 4, 2005
RedHat Security Advisory, RHSA-2005:
828-17, November 3, 2005
SUSE Security Summary Report,
SUSE-SR:2005:
025, November 4, 2005
Ubuntu Security Notice, USN-214-1, November 07, 2005
Debian Security Advisory, DSA 890-1, November 9, 2005 |
Multiple Vendors
RedHat Fedora Core3; Ubuntu Linux 4.1 ppc, ia64, ia32;
NTP NTPd 4.0-4.2 .0a
|
A vulnerability has been reported in xntpd when started using the '-u' option and the group is specified by a string, which could let a malicious user obtain elevated privileges.
Upgrade available at:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
i386 /ntp-4.2.0.a.
20040617-5.FC3.
i386.rpm
NTP:
http://ntp.isc.org
/Main/Download
ViaHTTP?file=
ntp4/snapshots/
ntp-dev/20 05/08/
ntp-dev-4.2.0b-
20050827.tar.gz
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/n/ntp/
Debian:
http://security.debian.
org/pool/updates/
main/n/ntp/
Mandriva:
http://www.mandriva.
com/security/
advisories
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
NetBSD:
ftp://ftp.NetBSD.org/
pub/NetBSD/
security/advisories/
NetBSD-
SA2005-011.txt.asc
There is no exploit code required. |
XNTPD Insecure Privileges
CVE-2005-2496 |
Medium |
Fedora Update Notification,
FEDORA-2005-812, August 26, 2005
Ubuntu Security Notice, USN-175-1, September 01, 2005
Debian Security Advisory, DSA 801-1, September 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:156, September 6, 2005
Conectiva Linux Announcement, CLSA-2005:1029, October 11, 2005
NetBSD Security Advisory 2005-011, November 2, 2005 |
Multiple Vendors
shadow shadow 4.0.3;
Salvatore Valente chfn;
SuSE UnitedLinux 1.0, Linux Professional 10.0 OSS, 10.0, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, Linux Personal 10.0 OSS, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, Linux Enterprise Server for S/390 9.0, 9, 8, Linux Desktop 1.0;
pwdutils pwdutils 3.0.4, 2.6.96, 2.6.90, 2.6.4
|
A vulnerability has been reported in the setuid 'chfn' program due to insufficient argument checking when changing the GECOS field, which could let a malicious user obtain ROOT access.
SUSE:
ftp://ftp.suse.com
/pub/suse/
An exploit script has been published. |
Multiple Vendors CHFN User Modification ROOT Access
CVE-2005-3503
|
High |
SUSE Security Announce-
ment, SUSE-SA:2005:064, November 4, 2005 |
Multiple Vendors
XMail 1.21, 1.0;
W3C Libwww 5.3.2, 3.1, 4.x;
teTeX 2.0-2.0.2, 1.0.6, 1.0.7; TCL/TK 8.5 a2, 8.4.3, 8.4.2;
SAOImage DS9 SAOImage DS9;
Roxen WebServer 4.0.402, 2.2, 2.1.164, 2.1, 2.0.92, 2.0.69, 2.0 .X, 2.0, 1.4 .X, 1.3.122, 1.3 .X, 1.2 .X, 1.1 .X, 4.x, 3.x; Pike 7.7 .x, 7.6 .x, 7.4.327, 7.4 .x, 7.2 .x, 7.0 .x, 0.6 .x, 0.5 .x, 0.4 pl8;
Peter Hofmann xgsmlib;
OpenOffice OpenOffice 1.1.3; NETW netwib 5.30 .0, 5.1 .0; NcFTP Software NcFTP 3.1.9, 3.1.8;
Mike Heffner BFBTester 2.0.1, 2.0; KDE 3.3-3.3.2;
GNU gjc;
firstworks Rudiments Library 0.28.2, 0.27;
Bernhard R. Link reprepro
|
A buffer overflow vulnerability has been reported in certain uses of the 'readdir_r' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor 'ReadDir_R' Buffer Overflow
|
High |
Security Focus, Bugtraq ID: 15259, November 1, 2005 |
NetBSD
NetBSD 2.0.2 & prior
|
Several vulnerabilities have been reported that could lead to a Denial of Service, sensitive information disclosure, or unauthorized access: a vulnerability was reported because the IPsec-AH calculation is always based on the same key in AES-XCBC-MAC; a vulnerability was reported because a malicious user can specify negative offsets when reading the message buffer to read arbitrary kernel memory; a vulnerability was reported in the 'imake(1)' function due to the insecure creation of temporary files; and a vulnerability was reported in the 'sh(1)' command.
Update information available at: http://www.NetBSD.
org/mirrors/
There is no exploit code required. |
NetBSD Kernel, Networking & Application Code Denial of Service, Information Disclosure or Elevated Privileges |
Medium |
Security Tracker Alert ID: 1015132, November 1, 2005 |
OpenVPN
OpenVPN 2.0-2.0.2 |
Several vulnerabilities have been reported: a format string vulnerability was reported in 'options.c' when handling command options in the 'foreign_option()' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error in the OpenVPN server when running in TCP mode.
Updates available at:
http://openvpn.net/
download.html
OpenPKG:
ftp://ftp.openpkg.org/
release/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/o/openvpn/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-07.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Secunia Advisory: SA17376, November 1, 2005
OpenPKG Security Advisory, OpenPKG-
SA-2005.023, November 2, 2005
SUSE Security Summary Report,
SUSE-SR:2005:
025, November 4, 2005
Debian Security Advisory,
DSA 885-1, November 7, 2005
Gentoo Linux Security Advisory, GLSA
200511-07, November 7, 2005
Mandriva Linux Security Advisory, MDKSA-2005:206, November 8, 2005 |
phpMyAdmin
phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5 |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie.
auth.lib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported in 'error.php' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=23067
Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
Medium |
Secunia Advisory: SA16605, August 29, 2005
Debian Security Advisory, DSA 880-1, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
phpMyAdmin
phpMyAdmin 2.x |
Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://prdownloads.
sourceforge.net/
phpmyadmin/
phpMyAdmin
-2.6.4-pl3.tar .gz
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-21.xml
Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
Medium |
Secunia Advisory: SA17289, October 24, 2005
Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005
Debian Security Advisory, DSA 880-1, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Squid Web Proxy
Squid Web Proxy Cache 2.5 & prior |
A remote Denial of Service vulnerability has been reported in the 'storeBuffer()' function when handling aborted requests.
Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/squid-
2.5.STABLE
10-STORE_
PENDING.patch
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-06.xml
OpenPKG:
ftp://ftp.openpkg.org/
release/
Mandriva:
http://www.mandriva.
com/security/
advisories
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/s/squid/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-766.html
SUSE:
ftp://ftp.suse.com
/pub/suse/
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
Security Tracker Alert ID: 1014864, September 7, 2005
Gentoo Linux Security Advisory GLSA 200509-06, September 7, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.021, September 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:162, September 12, 2004
Debian Security Advisory, DSA 809-1, September 13, 2005
Ubuntu Security Notice, USN-183-1, September 13, 2005
RedHat Security Advisory, RHSA-2005:766-7, September 15, 2005
SUSE Security Announcement, SUSE-SA:2005:053, September 16, 2005
SGI Security Advisory, 20050903-02-U, September 28, 2005
Conectiva Linux Announcement, CLSA-2005:1016, September 28, 2005
Debian Security Advisory, DSA 809-2, September 30, 2005
SUSE Security Summary Report,
SUSE-SR:2005:021, September 30, 2005
Turbolinux Security Advisory, TLSA-2005-96, October 3, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005
Debian Security Advisory, DSA 809-3, November 7, 2005
|
Squid Web Proxy
Squid Web Proxy Cache 2.5 .STABLE1-STABLE 10, 2.4 .STABLE6 & 7, STABLE 2, 2.4, 2.3 STABLE 4&5, 2.1 Patch 2, 2.0 Patch 2 |
A remote Denial of Service vulnerability has been reported in '/squid/src/ssl.c' when a malicious user triggers a segmentation fault in the 'sslConnectTimeout()' function.
Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/squid-
2.5.STABLE10-ssl
ConnectTimeout.
patch
Trustix:
http://http.trustix.org/
pub/trustix/updates/
OpenPKG:
| |
| |
