 |
Summary of Security Items from November 2 through November 8, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
| ASP Knowledgebase |
A vulnerability has been reported in ASPKnowledgebase that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required. |
ASP Knowledgebase SQL Injection Vulnerability
|
Medium |
Security Focus, ID: 15364, November 9, 2005 |
| FileZilla Server Terminal 0.4.9d |
A buffer overflow vulnerability has been reported in FileZilla that could let remote malicious users obtain elevated privileges or execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
FileZilla Server Terminal Privilege Elevation or Arbitrary Code Execution |
High |
Security Focus, ID: 15346, November 7, 2005 |
IpSwitch
WhatsUp Small Business 2004 |
An input validation vulnerability has been reported in WhatsUp Small Business that could let remote malicious users to traverse directories and disclose information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
WhatsUp Small Business Directory Traversal and Information Disclosure
CVE-2005-1939
|
Medium |
Security Tracker, Alert ID: 1015141, November 3, 2005 |
Microsoft
DirectX DirectShow 7.0 to 9.0c |
A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-050.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-214.pdf
V1.3 Updated to note availability of Microsoft Knowledge Base Article 909596 and to clarify an issue affecting Windows 2000 SP4 customers, also updates of file versions.
V1.4 Updated to note complications of the DirectX 8.1 update on machines running DirectX 9.
Currently we are not aware of any exploits for this vulnerability. |
Microsoft DirectX DirectShow Arbitrary Code Execution
CVE-2005-2128
|
High |
Microsoft, Security Bulletin MS05-050, October 11, 2005
USCERT, VU#995220
Technical Cyber Security Alert TA05-284A, October 11, 2005
Avaya, ASA-2005-214, October 11, 2005
Microsoft, Security Bulletin MS05-050 V1.3, October 21, 2005
Microsoft, Security Bulletin MS05-050 V1.4, November 9, 2005 |
Microsoft
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
|
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. This is due to an error when processing EMF (Microsoft Enhanced Metafile) files in the
'GetEnhMetaFilePaletteEntries()' API in 'GDI32.DLL.'
Vendor solution available:
http://www.microsoft.com/
technet/security/Bulletin/
MS05-053.mspx
Proof of Concept exploits have been published. |
Microsoft Windows EMF File Denial of Service Vulnerability
CVE-2005-0803
|
Low |
Secunia SA14631, March 18, 2005
Security Focus, ID: 12834, November 9, 2005
Microsoft, Security Bulletin MS05-053, November 8, 2005
US-CERT, VU#134756, November 9, 2005 |
Microsoft
Windows Graphics Rendering Engine |
A buffer overflow vulnerability has been reported in Windows Graphics Rendering Engine that could let local or remote malicious users execute arbitrary code.
Vendor solution available:
http://www.microsoft.com/
technet/security/Bulletin/
MS05-053.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Graphics Rendering Engine Arbitrary Code Execution
CVE-2005-2123
CVE-2005-2124 |
High |
Security Tracker, Alert ID: 1015168, November 8, 2005
Microsoft, Security Bulletin MS05-053, November 8, 2005
US-CERT, VU#433341, VU#300549, November 9, 2005 |
Microsoft
Windows Kerberos PKINT
|
Multiple vulnerabilities have been reported in Windows Kerberos PKINT that could let remote malicious users disclose information or cause a Denial of Service.
Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-042.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service
CAN-2005-1981
CAN-2005-1982 |
Low |
Microsoft Security Bulletin MS05-042, August 9, 2005
US-CERT, VU#477341, November 9, 2005 |
Ocean12 Technologies
Calendar Manager Pro 1.0, 1.0.1 |
A vulnerability has been reported in Calendar Manager Pro that could let remote malicious users to bypass authentication.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published. |
Ocean12 Calendar Manager Pro Authentication Bypassing |
Medium |
Security Focus, ID: 15329, November 4, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Apache Software Foundation
Apache 2.0.x |
A vulnerability has been reported in 'modules/ssl/ssl_engine_
kernel.c' because the 'ssl_hook_Access()' function does not properly enforce the 'SSLVerifyClient require' directive in a per-location context if a virtual host is configured with the 'SSLVerifyCLient optional' directive, which could let a remote malicious user bypass security policies.
Patch available at:
http://svn.apache.org/
viewcvs?rev=264800
&view=rev
OpenPKG:
ftp://ftp.openpkg.org/
release/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
608.html
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/apache2/
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/
Debian:
http://security.debian.
org/pool/updates/
main/a/apache2/
Mandriva:
http://www.mandriva.
com/security/
advisories
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Debian:
http://security.debian.
org/pool/updates/
main/liba/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-12.xml
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-204.pdf
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/
HP:
http://software.
hp.com/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-816.html
There is no exploit code required. |
Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
CVE-2005-2700 |
Medium |
Security Tracker Alert ID: 1014833, September 1, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005
RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005
Ubuntu Security Notice, USN-177-1, September 07, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Debian Security Advisory, DSA 805-1, September 8, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005
Slackware Security Advisory, SSA:2005-251-02, September 9, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005
Debian Security Advisory DSA 807-1, September 12, 2005
US-CERT VU#744929
Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005
Avaya Security Advisory, ASA-2005-204, September 23, 2005
Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005
Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005
HP Security Bulletin,
HPSBUX-
01232, October 5, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
RedHat Security Advisory, RHSA-2005:816-10, November 2, 2005 |
Asterisk
Asterisk@Home 2.0 -beta4, 1.5, Asterisk 1.2 .0-beta1, 1.0.9, 1.0.8, 1.0.7, 0.9 .0, 0.7-0.7.2, 0.4, 0.3, 0.2, 0.1.7-0.1.9 -1 |
A vulnerability has been reported in 'vmail.cgi' due to insufficient sanitization of the 'folder' parameter, which could let a remote malicious user obtain unauthorized access.
Upgrades available at:
http://ftp.digium.com/
pub/asterisk/asterisk
-1.2.0-beta2.tar.gz
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Asterisk Voicemail Unauthorized Access |
Medium |
Assurance.
com.au Vulnerability Advisory, November 7, 2005 |
Christoph Martin
linux-ftpd-ssl 0.17 |
A buffer overflow vulnerability has been reported in the 'vsprintf()' function in the FTP server, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
|
High |
Secunia Advisory: SA17465, November 8, 2005 |
cPanel Inc.
cPanel 10.6 .0-R137, 10.2 .0-R82
|
A Cross-Site Scripting vulnerability has been reported in the Entropy Chat script due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Secunia Advisory: SA16609, November 4, 2005 |
Debian
horde 3.0.4 |
A vulnerability has been reported because the default Horde3 installation for Debian has a blank administrator password, which could let a local/remote malicious user obtain administrative access.
Upgrade available at:
http://security.debian.
org/pool/updates/
main/h/horde3/
horde3_3.0.4-
4sarge1_all.deb
There is no exploit code required. |
|
High |
Debian Security Advisory, DSA 884-1, November 7, 2005 |
Detlev Offenbach
eric3 prior to 3.7.2 |
A vulnerability has been reported due to a "potential security exploit." The impact was not specified
Upgrades available at:
http://prdownloads.
sourceforge.net/
eric-ide/eric-3.7.2.
tar.gz?download
Debian:
http://security.debian.
org/pool/updates/
main/e/eric/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for this vulnerability.
|
|
Not Specified |
Security Tracker Alert ID: 1014947, September 21, 2005
Debian Security Advisory, DSA 869-1, October 21, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Elm Development Group
ELM 2.5.5-2.5.7
|
A buffer overflow vulnerability has been reported due to insufficient parsing of SMTP 'Expires' header lines, which could let a remote malicious user execute arbitrary code.
Update to Elm 2.5 PL8 available at:
ftp://ftp.virginia.edu
/pub/elm/
RedHat:
http://rhn.redhat.com/
errata/RHSA
-2005-755.html
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker Alert ID: 1014745, August 20, 2005
RedHat Security Advisory, RHSA-2005:755-07, August 23, 2005
Slackware Security Advisory, SSA:2005-311-01, November 8, 2005 |
Eric S Raymond
Fetchmail 6.x |
A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information.
Upgrades available at: http://download.
berlios.de/fetchmail/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-06.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/fetchmail/
There is no exploit code required.
|
|
Medium |
fetchmail-SA-2005-02 Security Announcement, October 21, 2005
Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005
Ubuntu Security Notice, USN-215-1, November 07, 2005
|
F-Secure
Internet Gatekeeper for Linux,
Anti-Virus for Linux Gateways
|
A vulnerability has been reported because certain CGI scripts that have world-executable permissions and set user id (setuid) permissions can be invoked by a malicious user to obtain root privileges.
Fix available at:
http://www.f-secure.
co.jp/download/
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
F-Secure Anti-Virus Gatekeeper &Gateway for Linux Elevated Privileges |
High |
F-Secure Security Bulletin FSC-2005-3, November 7, 2005 |
Gallery
Gallery 1.5 1.4 -1.4.4 -pl5 |
A vulnerability has been reported in 'classes/postnuke0.7.1/
user.php' when determining the gallery name due to incorrect use of the global '$name' variable, which could let a remote malicious user bypass security restrictions.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=7130&
package_id=7239&
release_id=348064
Debian:
http://security.debian.
org/pool/updates/
main/g/gallery/
There is no exploit code required.
|
|
Medium |
Secunia Advisory: SA16389, August 11, 2005
Debian Security Advisory, DSA 879-1, November 2, 2005 |
Gentoo Linux
Gentoo Linux |
Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml
There is no exploit code required. |
Gentoo Linux Multiple Packages Insecure RUNPATH |
Medium |
Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005
Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005 |
GpsDrive
GpsDrive 2.0 9 |
A format string vulnerability has been reported in 'Friendsd,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.
org/pool/updates/
main/g/gpsdrive/
Proof of Concept exploits have been published.
|
|
High |
Security Focus, Bugtraq ID: 15319, November 4, 2005
Debian Security Advisory, DSA 891-1, November 9, 2005 |
Hewlett Packard Company
HP-UX 11.0 4, 11.0, 10.20, B.11.11, B.11.04, B.11.00 |
A vulnerability was reported because remote malicious authenticated users can send specially crafted data to list directories with root privileges.
Updates available at:
http://itrc.hp.com
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
|
Medium |
HP Security Advisory, HPSBUX
02071, November 6, 2005 |
Hewlett Packard Company
HP-UX B.11.00, B.11.11
|
A vulnerability has been reported in 'envd' due to an unspecified error, which could let a remote malicious user execute arbitrary code and/or obtain elevated privileges.
Patches available at: http://itrc.hp.com
Currently we are not aware of any exploits for this vulnerability. |
HP-UX 'envd' Arbitrary Code Execution or Elevated Privileges |
High |
HP Security Bulletin, HPSBUX
02073, November 9, 2005 |
Hewlett Packard Company
HP-UX B.11.00, B.11.11, B.11.23 |
A vulnerability has been reported in 'remshd' due to an unspecified error on systems running in Trusted Mode, which could let a remote malicious user obtain unauthorized access.
Patches available at: http://itrc.hp.com
Currently we are not aware of any exploits for this vulnerability. |
HP-UX Trusted Mode 'remshd' Remote Unauthorized Access |
Medium |
HP Security Bulletin, HPSBUX
02072, November 9, 2005 |
IBM
AIX 5.2.2, 5.2L, 5.2 |
A buffer overflow vulnerability has been reported in 'SWCONS' command due to a boundary error. The impact was not specified.
Update information available at:
http://www-1.ibm.com/
support/docview.wss?
uid=isg1IY78467
Currently we are not aware of any exploits for this vulnerability. |
|
Not Specified |
IBM Advisory, IY78467, November 3, 2005 |
Jed Wing
CHM lib 0.35, 0.3- 0.33, 0.2, 0.1 |
A buffer overflow vulnerability has been reported in '_chm_
find_in_PMGL' due to a failure to properly bounds check input data prior to copying it into an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://morte.jedrea.com/
~jedwin/projects/chmlib/
chmlib-0.36.tgz
Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/
Currently we are not aware of any exploits for this vulnerability.
|
Jed Wing CHM Lib '_chm_find_
in_PMG'L Remote Buffer Overflow
CVE-2005-2930
|
High |
iDefense Security Advisory, October 28, 2005
Debian Security Advisory, DSA 886-1, November 7, 2005 |
Jed Wing
CHM lib 0.36, 0.35, 0.3-0.33, 0.2, 0.1
|
A buffer overflow vulnerability has been reported in the '_chm_decompress_block()' function due to a boundary error when reading input, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://morte.jedrea.com/
~jedwin/projects/
chmlib/chmlib-0.37.tgz
SUSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, Bugtraq ID: 15211, October 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Debian Security Advisory, DSA 886-1, November 7, 2005 |
KDE
KOffice 1.4.1, 1.4, 1.3-1.3.5, 1.2.1, 1.2
|
A buffer overflow vulnerability has been reported when handling a malformed RTF file, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.koffice.org/
download/
Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/k/koffice/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-12.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/k/koffice/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Mandriva:
http://www.mandriva.
com/security/
advisories
Debian:
http://security.debian.
org/pool/updates/
main/k/koffice/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Currently we are not aware of any exploits for this vulnerability. |
KDE KOffice KWord RTF Remote Buffer Overflow
CVE-2005-2971 |
High |
Security Focus, Bugtraq ID: 15060, October 11, 2005
Ubuntu Security Notice, USN-202-1, October 12, 2005
Gentoo Linux Security Advisory, GLSA 200510-12, October 12, 2005
Fedora Update Notification,
FEDORA-2005-984, October 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:185, October 14, 2005
Debian Security Advisory, DSA 872-1, October 26, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Slackware Security Advisory, SSA:2005-310-02, November 7, 2005
Conectiva Security Announce-ment, CLSA-2005:1042, November 7, 2005 |
lm_sensors
lm_sensors 2.9.1
|
A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lm-sensors/
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-19.xml
Debian:
http://security.debian.
org/pool/updates/
main/l/lm-sensors/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
Fedora:
http://download.fedora.
redhat.com/pub
/fedora/linux/
core/updates/
There is no exploit code required. |
LM_sensors PWMConfig Insecure Temporary File Creation
CVE-2005-2672
|
Low |
Security Focus, Bugtraq ID: 14624, August 22, 2005
Ubuntu Security Notice, USN-172-1, August 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005
Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005
Debian Security Advisory, DSA 814-1, September 15, 2005
Conectiva Linux Announce-
ment, CLSA-2005:1012, September 23, 2005
Fedora Update Notifications,
FEDORA-
2005-1053 & 1054, November 7, 2005
|
Multiple Vendors
ClamAV 0.80-0.87, 0.75.1, 0.70, 0.68, 0.65, 0.60, 0.51-0.54
|
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'libclamav/fsg.c' due to a boundary error when unpacking FSG v1.33 compressed executable files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in 'libclamav/tnef.c' due to a validation error when handling a CAB file that contains a malformed header; a remote Denial of Service vulnerability was reported in 'libclamav/
mspack/cabd.c' due to an error when handling a CAB file that contains a malformed header; and a remote Denial of Service vulnerability was reported in 'libclamav/ole2_extract.c' because the OLE2 unpacker does not properly process DOC files with an invalid property tree.
Upgrades available at:
http://prdownloads.
sourceforge.net/clamav/
clamav-0.87.1.tar.gz
?download
Debian:
http://security.debian.
org/pool/updates/
main/c/clamav/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-04.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Security Tracker Alert ID: 1015154, November 4, 2005
Debian Security Advisory DSA 887-1, November 7, 2005
Gentoo Linux Security Advisory, GLSA 200511-04, November 7, 2005
Mandriva Linux Security Advisory, MDKSA-2005:205, November 7, 2005 |
Multiple Vendors
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 |
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SuSE:
ftp://ftp.suse.com/
pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/h/htdig/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-16.xml
Mandrake:
http://www.mandrake
secure.net/en/ftp.php
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
SCO:
ftp://ftp.sco.com
/pub/updates/
OpenServer/
SCOSA-2005.46/
507
Proof of Concept exploit has been published. |
|
High |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory, DSA 680-1, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005
Fedora Update Notification,
FEDORA-2005-367, April 19, 2005
SCO Security Advisory, SCOSA-2005.46, November 2, 2005 |
Multiple Vendors
Jed Wing CHM lib 0.35-0.37, 0.3-0.33, 0.2, 0.1;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha
|
A buffer overflow vulnerability has been reported in the LZX decompression method, which could possibly let a remote malicious user execute arbitrary code.
Upgrade available at:
http://morte.jedrea.
com/~jedwin/
projects/chmlib/
chmlib-0.37.4.tgz
Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/
Currently we are not aware of any exploits for this vulnerability. |
Jed Wing CHM Lib LZX Decompression Method Buffer Overflow
CVE-2005-2659
|
High |
Debian Security Advisory DSA 886-1, November 7, 2005 |
Multiple Vendors
OpenBSD 3.0-3.7, 2.0-2.9; Keith Muller pax
|
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
OpenBSD:
http://www.openbsd.
org/38.html
There is no exploit code required; |
Pax File Permission Modification Race Condition |
Medium |
Security Focus, Bugtraq ID: 15262, November 1, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1
|
A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.
Upgrades available at:
http://www.squid-cache.
org/Versions/v2/2.5/
squid-2.5.STABLE
11.tar.gz
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/squid/
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Mandriva:
http://www.mandriva.
com/security/
advisories
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44
SUSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia Advisory: SA16992, September 30, 2005
Ubuntu Security Notice, USN-192-1, September 30, 2005
Debian Security Advisory, DSA 828-1, September 30, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Multiple Vendors
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3, 0.1-0.1.6 1, 0.0.1-0.0.6
|
A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.
Debian:
ftp://security.debian.
org/pool/updates/
main/z/zlib/
FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:16/zlib.patch
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200507-05.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/z/zlib/
Mandriva:
http://www.mandriva.
com/security/
advisories
OpenBSD:
http://www.openbsd.
org/errata.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
569.html
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/Server/10
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
zsync:
http://prdownloads.
sourceforge.net/zsync/
zsync-0.4.1.tar.gz?
download
Apple:
http://docs.info.apple.
com/article.html?
artnum=302163
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
IPCop:
http://sourceforge.net/
project/showfiles.php
?group_id=40604&
package_id = 35093
&release_id=351848
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Trolltech:
ftp://ftp.trolltech.com/
qt/source/qt-x11-free-
3.3.5.tar.gz
FedoraLegacy:
http://download.
fedoralegacy.org/
fedora/
Gentoo:
http://security.
gentoo.org/glsa/
glsa-200509-18.xml
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-18.xml
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101989-1
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/aide/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/r/rpm/
Currently we are not aware of any exploits for this vulnerability. |
Zlib Compression Library Buffer Overflow
CVE-2005-2096 |
High |
Debian Security Advisory
DSA 740-1,
July 6, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005
Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005
SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005
Ubuntu Security Notice,
USN-148-1, July 06, 2005
RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005
Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005
OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005
Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005
Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005
Fedora Update Notification, FEDORA-2005-565, July 13, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 14162, July 21, 2005
USCERT Vulnerability Note VU#680620, July 22, 2005
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Security Focus, Bugtraq ID: 14162, August 26, 2005
Debian Security Advisory, DSA 797-1, September 1, 2005
Security Focus, Bugtraq ID: 14162, September 12, 2005
Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005
Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005
Debian Security Advisory, DSA 797-2, September 29, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101989, October 14, 2005
Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005
Ubuntu Security Notice, USN-151-3, October 28, 2005
Ubuntu Security Notice, USN-151-4, November 09, 2005
|
Multiple Vendors
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha
|
A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.
Zlib:
http://www.zlib.net/
zlib-1.2.3.tar.gz
Debian:
http://security.debian.
org/pool/updates/
main/z/zlib/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/z/zlib/
OpenBSD:
http://www.openbsd.
org/errata.html#libz2
Mandriva:
http://www.mandriva.
com/security/
advisories?name=
MDKSA-2005:124
Fedora:
http://download.fedora.
redhat.com/ pub/fedora
/linux/core/updates/
Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security&y=
2005&m=slackware-
security.323596
FreeBSD:
ftp://ftp.freebsd.org/
pub/FreeBSD/CERT/
advisories/FreeBSD
-SA-05:18.zlib.asc
SUSE:
http://lists.suse.com/
archive/suse-security-
announce/2005-
Jul/0007.html
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200507-28.xml
http://security.gentoo.
org/glsa/glsa-
200508-01.xml
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Apple:
http://docs.info.apple.
com/article.html?
artnum=302163
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Server/10/updates/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.33
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Trolltech:
ftp://ftp.trolltech.com/
qt/source/qt-x11-free-
3.3.5.tar.gz
FedoraLegacy:
http://download.
fedoralegacy.org/
fedora/
Debian:
http://security.debian.
org/pool/updates/
main/z/zsync/
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/a/aide/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/r/rpm/
Currently we are not aware of any exploits for this vulnerability.
|
Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service
CVE-2005-1849
|
Low |
Security Focus, Bugtraq ID 14340, July 21, 2005
Debian Security Advisory DSA 763-1, July 21, 2005
Ubuntu Security Notice, USN-151-1, July 21, 2005
OpenBSD, Release Errata 3.7, July 21, 2005
Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005
Secunia, Advisory: SA16195, July 25, 2005
Slackware Security Advisory, SSA:2005-
203-03, July 22, 2005
FreeBSD Security Advisory, SA-05:18, July 27, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005
Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005
Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005
Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005
Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005
SCO Security Advisory, SCOSA-2005.33, August 19, 2005
Debian Security Advisory, DSA 797-1, September 1, 2005
Security Focus, Bugtraq ID: 14340, September 12, 2005
Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005
Debian Security Advisory, DSA 797-2, September 29, 2005
Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005
Ubuntu Security Notice, USN-151-3, October 28, 2005
Ubuntu Security Notice, USN-151-4, November 09, 2005 |
Multiple Vendors
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Acme thttpd 2.23 b1, 2.21 b |
A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite arbitrary files.
Debian:
http://security.debian.
org/pool/updates/
main/t/thttpd/
There is no exploit code required. |
|
Medium |
Debian Security Advisory DSA 883-1, November 4, 2005 |
Multiple Vendors
Gnome-DB libgda 1.2.1;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha |
Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_error()' and 'gda_
log_message()' functions, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.
org/pool/updates/
main/libg/libgda2/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libg/libgda2/
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-01.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/3/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Security Focus, Bugtraq ID: 15200, October 25, 2005
Debian Security Advisory,
DSA-871-1 & 871-2, October 25, 2005
Ubuntu Security Notice, USN-212-1, October 28, 2005
Mandriva Linux Security Advisory, MDKSA-2005:203, November 1, 2005
Gentoo Linux Security Advisory, GLSA 200511-01, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Fedora Update Notification,
FEDORA-2005-1029, November 7, 2005 |
Multiple Vendors
GNU gnump3d 2.9-2.9.5;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha |
A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories.
Upgrade to version 2.9.6:
http://savannah.gnu.
org/download/
gnump3d/
gnump3d-2.9.6.tar.gz
Debian:
http://security.debian.
org/pool/updates/
main/g/gnump3d/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml
There is no exploit code required; however, Proof of Concept exploits have been published. |
GNUMP3d Cross-Site Scripting or Directory Traversal
CVE-2005-3122
CVE-2005-3123 |
Medium |
Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005
Debian Security Advisory DSA 877-1, October 28, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Gentoo Linux Security Advisory, GLSA 200511-05, November 6, 2005 |
Multiple Vendors
GNU gnump3d 2.9-2.9.5;
Gentoo Linux |
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://www.gnu.org/
software/gnump3d/
download.html#
Download
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml
There is no exploit code required.
|
|
Medium |
Gentoo Linux Security Advisory GLSA 200511-05, November 7, 2005 |
Multiple Vendors
Linux kernel 2.6-2.6.14 |
A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'
Upgrades available at:
http://kernel.org/pub/
linux/kernel/v2.6/
linux-2.6.14.1.tar.bz2
There is no exploit code required. |
|
Low |
Secunia Advisory: SA17504, November 9, 2005 |
Multiple Vendors
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0;
GNU wget 1.10;
Daniel Stenberg curl 7.14.1, 7.13.1, 7.13, 7.12.1- 7.12.3, 7.11- 7.11.2, 7.10.6- 7.10.8
|
A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code.
WGet:
http://ftp.gnu.org/
pub/gnu/wget/
wget-1.10.2.tar.gz
Daniel Stenberg:
http://curl.haxx.se/
libcurl-ntlmbuf.patch
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/curl/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-19.xml
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-807.html
http://rhn.redhat.
com/errata/
RHSA-2005-812.html
SUSE:
ftp://ftp.suse.com
/pub/suse/
Slackware:
ftp://ftp.slackware.
com/pub
/slackware/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor WGet/Curl NTLM Username Buffer Overflow
CVE-2005-3185 |
High |
Security Tracker Alert ID: 1015056, October 13, 2005
Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200
Ubuntu Security Notice, USN-205-1, October 14, 2005
Fedora Update Notifications
FEDORA-2005-995 & 996, October 17, 2005
Fedora Update Notification,
FEDORA-2005-1000, October 18, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005
RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Slackware Security Advisory, SSA:2005-310-01, November 7, 2005
|
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 |
A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.
OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml
Slackware:
ftp://ftp.slackware.
com/pub/
slackware/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/
OpenPKG:
ftp://ftp.openpkg.org/
release/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/
pub/trustix/updates/
SGI:
http://www.sgi.com/
support/security/
Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/
NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804
BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
can-2005-2969.html
Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors OpenSSL Insecure Protocol Negotiation
CVE-2005-2969 |
Medium |
OpenSSL Security Advisory, October 11, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005
RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005
Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005
Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005
Slackware Security Advisory, SSA:2005-286-01, October 13, 2005
Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005
Ubuntu Security Notice, USN-204-1, October 14, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005
SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
SGI Security Advisory, 20051003-01-U, October 26, 2005
Debian Security Advisory DSA 875-1, October 27, 2005
NetBSD Security Update, November 1, 2005
BlueCoat Systems Advisory, November 3, 2005
Debian Security Advisory, DSA 888-1, November 7, 2005
|
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, WS 2.1, IA64, ES 4, ES 3, ES 2.1, IA64, AS 4, AS 3, 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64;
libungif libungif 4.1.3,
4.1, giflib 4.1.3;
Gentoo Linux
|
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error; and a vulnerability was reported due to a boundary error that causes an out-of-bounds memory access, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=102202
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-03.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-828.html
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libu/libungif4/
Debian:
http://security.debian.
org/pool/updates/
main/libu/libungif4/
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Security Tracker Alert ID: 1015149, November 3, 2005
Fedora Update Notifications,
FEDORA-2005-1045 & 1046, November 3, 2005
Gentoo Linux Security Advisory GLSA 200511-03, November 4, 2005
RedHat Security Advisory, RHSA-2005:
828-17, November 3, 2005
SUSE Security Summary Report,
SUSE-SR:2005:
025, November 4, 2005
Ubuntu Security Notice, USN-214-1, November 07, 2005
Debian Security Advisory, DSA 890-1, November 9, 2005 |
Multiple Vendors
RedHat Fedora Core3; Ubuntu Linux 4.1 ppc, ia64, ia32;
NTP NTPd 4.0-4.2 .0a
|
A vulnerability has been reported in xntpd when started using the '-u' option and the group is specified by a string, which could let a malicious user obtain elevated privileges.
Upgrade available at:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
i386 /ntp-4.2.0.a.
20040617-5.FC3.
i386.rpm
NTP:
http://ntp.isc.org
/Main/Download
ViaHTTP?file=
ntp4/snapshots/
ntp-dev/20 05/08/
ntp-dev-4.2.0b-
20050827.tar.gz
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/n/ntp/
Debian:
http://security.debian.
org/pool/updates/
main/n/ntp/
Mandriva:
http://www.mandriva.
com/security/
advisories
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
NetBSD:
ftp://ftp.NetBSD.org/
pub/NetBSD/
security/advisories/
NetBSD-
SA2005-011.txt.asc
There is no exploit code required. |
XNTPD Insecure Privileges
CVE-2005-2496 |
Medium |
Fedora Update Notification,
FEDORA-2005-812, August 26, 2005
Ubuntu Security Notice, USN-175-1, September 01, 2005
Debian Security Advisory, DSA 801-1, September 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:156, September 6, 2005
Conectiva Linux Announcement, CLSA-2005:1029, October 11, 2005
NetBSD Security Advisory 2005-011, November 2, 2005 |
Multiple Vendors
shadow shadow 4.0.3;
Salvatore Valente chfn;
SuSE UnitedLinux 1.0, Linux Professional 10.0 OSS, 10.0, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, Linux Personal 10.0 OSS, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, Linux Enterprise Server for S/390 9.0, 9, 8, Linux Desktop 1.0;
pwdutils pwdutils 3.0.4, 2.6.96, 2.6.90, 2.6.4
|
A vulnerability has been reported in the setuid 'chfn' program due to insufficient argument checking when changing the GECOS field, which could let a malicious user obtain ROOT access.
SUSE:
ftp://ftp.suse.com
/pub/suse/
An exploit script has been published. |
Multiple Vendors CHFN User Modification ROOT Access
CVE-2005-3503
|
High |
SUSE Security Announce-
ment, SUSE-SA:2005:064, November 4, 2005 |
Multiple Vendors
XMail 1.21, 1.0;
W3C Libwww 5.3.2, 3.1, 4.x;
teTeX 2.0-2.0.2, 1.0.6, 1.0.7; TCL/TK 8.5 a2, 8.4.3, 8.4.2;
SAOImage DS9 SAOImage DS9;
Roxen WebServer 4.0.402, 2.2, 2.1.164, 2.1, 2.0.92, 2.0.69, 2.0 .X, 2.0, 1.4 .X, 1.3.122, 1.3 .X, 1.2 .X, 1.1 .X, 4.x, 3.x; Pike 7.7 .x, 7.6 .x, 7.4.327, 7.4 .x, 7.2 .x, 7.0 .x, 0.6 .x, 0.5 .x, 0.4 pl8;
Peter Hofmann xgsmlib;
OpenOffice OpenOffice 1.1.3; NETW netwib 5.30 .0, 5.1 .0; NcFTP Software NcFTP 3.1.9, 3.1.8;
Mike Heffner BFBTester 2.0.1, 2.0; KDE 3.3-3.3.2;
GNU gjc;
firstworks Rudiments Library 0.28.2, 0.27;
Bernhard R. Link reprepro
|
A buffer overflow vulnerability has been reported in certain uses of the 'readdir_r' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor 'ReadDir_R' Buffer Overflow
|
High |
Security Focus, Bugtraq ID: 15259, November 1, 2005 |
NetBSD
NetBSD 2.0.2 & prior
|
Several vulnerabilities have been reported that could lead to a Denial of Service, sensitive information disclosure, or unauthorized access: a vulnerability was reported because the IPsec-AH calculation is always based on the same key in AES-XCBC-MAC; a vulnerability was reported because a malicious user can specify negative offsets when reading the message buffer to read arbitrary kernel memory; a vulnerability was reported in the 'imake(1)' function due to the insecure creation of temporary files; and a vulnerability was reported in the 'sh(1)' command.
Update information available at: http://www.NetBSD.
org/mirrors/
There is no exploit code required. |
NetBSD Kernel, Networking & Application Code Denial of Service, Information Disclosure or Elevated Privileges |
Medium |
Security Tracker Alert ID: 1015132, November 1, 2005 |
OpenVPN
OpenVPN 2.0-2.0.2 |
Several vulnerabilities have been reported: a format string vulnerability was reported in 'options.c' when handling command options in the 'foreign_option()' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error in the OpenVPN server when running in TCP mode.
Updates available at:
http://openvpn.net/
download.html
OpenPKG:
ftp://ftp.openpkg.org/
release/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.
org/pool/updates/
main/o/openvpn/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-07.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Secunia Advisory: SA17376, November 1, 2005
OpenPKG Security Advisory, OpenPKG-
SA-2005.023, November 2, 2005
SUSE Security Summary Report,
SUSE-SR:2005:
025, November 4, 2005
Debian Security Advisory,
DSA 885-1, November 7, 2005
Gentoo Linux Security Advisory, GLSA
200511-07, November 7, 2005
Mandriva Linux Security Advisory, MDKSA-2005:206, November 8, 2005 |
phpMyAdmin
phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5 |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie.
auth.lib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported in 'error.php' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=23067
Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
Medium |
Secunia Advisory: SA16605, August 29, 2005
Debian Security Advisory, DSA 880-1, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
phpMyAdmin
phpMyAdmin 2.x |
Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://prdownloads.
sourceforge.net/
phpmyadmin/
phpMyAdmin
-2.6.4-pl3.tar .gz
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-21.xml
Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
Medium |
Secunia Advisory: SA17289, October 24, 2005
Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005
Debian Security Advisory, DSA 880-1, November 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Squid Web Proxy
Squid Web Proxy Cache 2.5 & prior |
A remote Denial of Service vulnerability has been reported in the 'storeBuffer()' function when handling aborted requests.
Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/squid-
2.5.STABLE
10-STORE_
PENDING.patch
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-06.xml
OpenPKG:
ftp://ftp.openpkg.org/
release/
Mandriva:
http://www.mandriva.
com/security/
advisories
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
universe/s/squid/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-766.html
SUSE:
ftp://ftp.suse.com
/pub/suse/
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
Currently we are not aware of any exploits for this vulnerability.
|
|
Low |
Security Tracker Alert ID: 1014864, September 7, 2005
Gentoo Linux Security Advisory GLSA 200509-06, September 7, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.021, September 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:162, September 12, 2004
Debian Security Advisory, DSA 809-1, September 13, 2005
Ubuntu Security Notice, USN-183-1, September 13, 2005
RedHat Security Advisory, RHSA-2005:766-7, September 15, 2005
SUSE Security Announcement, SUSE-SA:2005:053, September 16, 2005
SGI Security Advisory, 20050903-02-U, September 28, 2005
Conectiva Linux Announcement, CLSA-2005:1016, September 28, 2005
Debian Security Advisory, DSA 809-2, September 30, 2005
SUSE Security Summary Report,
SUSE-SR:2005:021, September 30, 2005
Turbolinux Security Advisory, TLSA-2005-96, October 3, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005
Debian Security Advisory, DSA 809-3, November 7, 2005
|
Squid Web Proxy
Squid Web Proxy Cache 2.5 .STABLE1-STABLE 10, 2.4 .STABLE6 & 7, STABLE 2, 2.4, 2.3 STABLE 4&5, 2.1 Patch 2, 2.0 Patch 2 |
A remote Denial of Service vulnerability has been reported in '/squid/src/ssl.c' when a malicious user triggers a segmentation fault in the 'sslConnectTimeout()' function.
Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/squid-
2.5.STABLE10-ssl
ConnectTimeout.
patch
Trustix:
http://http.trustix.org/
pub/trustix/updates/
OpenPKG:
ftp://ftp.openpkg.org/
release/
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/squid/
Debian:
http://security.debian.
org/pool/updates/
main/s/squid/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-766.html
SUSE:
ftp://ftp.suse.com
/pub/suse/
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44
There is no exploit code required. |
Squid 'sslConnect
Timeout()' Remote Denial of Service
CVE-2005-2796 |
Low |
Security Tracker Alert ID: 1014846, September 2, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.021, September 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:162, September 12, 2005
Ubuntu Security Notice, USN-183-1, September 13, 2005
Debian Security Advisory, DSA 809-1, September 13, 2005
RedHat Security Advisory, RHSA-2005:766-7, September 15, 2005
SUSE Security Announcement, SUSE-SA:2005:053, September 16, 2005
SGI Security Advisory, 20050903-02-U, September 28, 2005
Conectiva Linux Announcement, CLSA-2005:1016, September 28, 2005
SUSE Security Summary Report,
SUSE-SR:2005:021, September 30, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005 |
Squid
Squid 2.x |
A remote Denial of Service vulnerability has been reported when handling certain FTP server responses.
Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/
squid-2.5.STABLE11-
rfc1738_do_
escape.patch
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandriva:
http://www.mandriva.
com/security/
advisories
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required.
|
Squid FTP Server Response Handling Remote Denial of Service
CVE-2005-3258
|
Low |
Secunia Advisory: SA17271, October 20, 2005
Fedora Update Notifications,
FEDORA-2005-1009 & 1010, October 20, 2005
Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Sylpheed
Sylpheed 2.0-2.0.3, 1.0.0-1.0.5
|
A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_
get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.
Upgrades available at:
http://sylpheed.good-
day.net/sylpheed/
v1.0/sylpheed-
1.0.6.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Bugtraq ID: 15363, November 9, 2005 |
Todd Miller
Sudo 1.x |
A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.
Debian:
http://security.debian.
org/pool/updates/
main/s/sudo/
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/sudo/
SUSE:
ftp://ftp.suse.com
/pub/suse/
There is no exploit code required. |
|
Medium |
Debian Security Advisory, DSA 870-1, October 25, 2005
Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005
Ubuntu Security Notice, USN-213-1, October 28, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
University of Washington
UW-imapd imap-2004c1 |
A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code.
Upgrade to version imap-2004g:
ftp://ftp.cac.
washington.edu/
imap/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Debian:
http://security.debian.
org/pool/updates/
main/u/uw-imap/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-10.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Mandriva:
http://www.mandriva.
com/ security/
advisories
Slackware:
ftp://ftp.slackware.
com/pub/
slackware/
Currently we are not aware of any exploits for this vulnerability. |
UW-imapd Denial of Service and Arbitrary Code Execution
CVE-2005-2933 |
High |
Secunia, Advisory: SA17062, October 5, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005
Debian Security Advisory, DSA 861-1, October 11, 2005
Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005
US-CERT VU#933601
SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005
Slackware Security Advisory, SSA:2005-310-06, November 7, 2005
|
up-imapproxy
up-imapproxy 1.2.4, 1.2.3 |
A format string vulnerability has been reported in the 'ParseBannerAnd
Capability()' function when processing the banner or capability line received from the IMAP server, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.
org/pool/updates/
main/u/up-imapproxy/
A Proof of Concept exploit script has been published. |
|
High |
Debian Security Advisory DSA 852-1, October 9, 2005
Security Focus, Bugtraq ID: 15048, November 3, 2005 |
Veritas Software
VERITAS Cluster Server 2.x, 3.x, 4.x, Storage Foundation 2.x, 3.x, 4.x, Storage Foundation Cluster File System 4.x, Storage Foundation for Database (DB2, Oracle and Sybase) 3.x, 4.x, Storage Foundation for Oracle Real Application Clusters (RAC) 3.x, 4.x
|
A buffer overflow vulnerability has been reported in the 'ha' command when handling the 'VCSI18N_LANG' environmental variable, which could let a malicious user execute arbitrary code with root privileges.
Patches available at:
http://support.veritas.
com/docs/279870
Currently we are not aware of any exploits for this vulnerability. |
VERITAS Cluster Server for UNIX Buffer Overflow |
High |
Symantec Security Advisory, SYM05-023,
November 8, 2005 |
Zope
Zope 2.6-2.8.1
|
A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured
Text' functionality via the web. The impact was not specified.
Hotfix available at:
http://www.zope.
org/Products/
Zope/Hotfix 2005-
10-09/security_
alert/Hot fix_2005-
10-09.tar.gz
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-20.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Currently we are not aware of any exploits for this vulnerability. |
Zope 'Restructured
Text' Unspecified Security Vulnerability
CVE-2005-3323
|
Not Specified |
Zope Security Alert, October 12, 2005
Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
| Apache |
A vulnerability has been reported in Apache which can be exploited by remote malicious users to smuggle http requests.
Conectiva:
http://distro.conectiva.com
.br/ atualizacoes/index.php?
id=a&anuncio=000982
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
http://security.ubuntu.com/
ubuntu/pool/main/a/
apache2/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/
SuSE:
ftp://ftp.suse.com
/pub/suse/
Debian:
http://security.debian.org/
pool/updates/main/
a/apache/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/a/apache/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
IBM has released fixes for Hardware Management Console addressing this issue. Users should contact IBM for further information.
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Currently we are not aware of any exploits for this vulnerability. |
Apache HTTP Request Smuggling Vulnerability
CVE-2005-1268
CVE-2005-2088 |
Medium |
Secunia, Advisory: SA14530, July 26, 2005
Conectiva, CLSA-2005:982, July 25, 2005
Fedora Update Notification
FEDORA-2005-638 & 639, August 2, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005
Ubuntu Security Notice, USN-160-1, August 04, 2005
Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SUSE Security Announcement, SUSE-SA:2005:046, August 16, 2005
Debian Security Advisory DSA 803-1, September 8, 2005
Ubuntu Security Notice, USN-160-2, September 07, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Security Focus, Bugtraq ID: 14106, September 21, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
Slackware Security Advisory, SSA:2005-310-04, November 7, 2005
|
Apache Software Foundation
Tomcat 5.5-5.5.12
|
A remote Denial of Service vulnerability has been reported due to the inefficient generation of directory listing for web directories that have a large number of files.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Low |
Security Tracker Alert ID: 1015147, November 3, 2005 |
Apple
QuickTime Player 7.0-7.0.2, 6.5-6.5.2, 6.1, 5.0.2, 6,
|
Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported when handling a 'Pascal' style string loading a '.mov' video file, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code; an integer overflow vulnerability was reported when handling certain movie attributes when loading a '.mov' video file, which could let a remote malicious user potentially execute arbitrary code; a vulnerability was reported due to a NULL pointer dereferencing error when handling certain missing video file movie attributes, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported in the QuickTime PictureViewer due to a boundary error when decompressing PICT data, which could let a remote malicious user overwrite memory and potentially execute arbitrary code.
Updates available at:
http://www.apple.com/
support/downloads/
quicktime703.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Security Tracker Alert ID: 1015152, November 4, 2005
US-CERT VU#855118 |
ATutor
ATutor 1.5.1 pl2 |
An SQL injection vulnerability has been reported in 'registration.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
ATutor SQL Injection |
Medium |
Security Focus, Bugtraq ID: 15355, November 8, 2005 |
Belchior Foundry
vCard Pro 3.1 |
An SQL injection vulnerability has been reported in 'addrbook.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Belchior Foundry vCard Pro SQL Injection
|
Medium |
Security Focus, Bugtraq ID: 15254, November 1, 2005 |
Cisco Systems
Cisco 4000 Series Airespace Wireless LAN Controller 3.1.59 .24, 2000 Series Airespace Wireless LAN Controller 3.1.59 .24,
Cisco 1240 Series Access Point, 1200 Series Access Point,
Cisco 1131 Series Access Point |
A vulnerability has been reported in controllers that are in the Lightweight Access Point Protocol (LWAPP) mode of operation because unencrypted traffic is accepted even when configured to encrypt traffic, which could let an unauthorized remote malicious user send unencrypted network packets to a secure network by spoofing the MAC address of another host that has already authenticated.
Upgrade information available at:
http://www.cisco.com/
warp/public/707/
cisco-sa-20051102-
lwapp.shtml
This could be exploited with a publicly available packet crafting or MAC address spoofing utility. |
Cisco Airespace Wireless LAN Controller Unencrypted Connections
CVE-2005-3482
|
Medium |
Cisco Security Advisory: 68034, November 2, 2005 |
Cisco Systems
Cisco IOS 10.x, 11.x, 12.x, R11.x, R12.x |
A buffer overflow vulnerability has ben reported when validating whether certain system memory has been corrupted by a heap-based buffer overflow before the internal operating system timers execute code, which could let a remote malicious user execute arbitrary code.
Update information available at:
http://www.cisco.com/
warp/public/707/cisco-
sa-20051102-timers.shtml
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
Cisco Security Advisory: 68064 Rev 1.0-1.2, Updated November 4, 2005
US-CERT VU#562945 |
Cisco Systems
CiscoWorks Management Center for IPS Sensors (IPSMC) 2.1 |
A vulnerability has been reported due to an error in the Cisco IOS IPS (Intrusion Prevention System) configuration file that is generated by the IPS MC and deployed to IOS IPS devices, which could potentially allow malicious traffic to pass through.
Patch information available at:
http://www.cisco.com/
warp/public/707/
cisco-sa-20051101-
ipsmc.shtml
Rev 1.1: Updated information in the Software Versions and Fixes section.
There is no exploit code required.
|
Cisco Management Center for IPS Sensors Signature Disable
CVE-2005-3427
|
Medium |
Cisco Security Advisory, 68065, November 1, 2005
US-CERT VU#154883
Cisco Security Advisory, 68065 Rev1.1, Updated November 3, 2005 |
CutePHP Team
CuteNews 1.4.1 |
A Directory Traversal vulnerability has been reported in 'show_archives.php' and 'show_news.php' due to insufficient verification of the 'template' parameter before used to include files, which could let a remote malicious user obtain sensitive information and execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published. |
CutePHP CuteNews Directory Traversal & PHP Code Execution
CVE-2005-3507
|
High |
Security Focus, Bugtraq ID: 15295, November 3, 2005 |
Elite Forum
Elite Forum 1.0 .0.0 |
A vulnerability has been reported due to insufficient sanitization of input when posting a reply, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required;
|
Elite Forum HTML Injection |
Medium |
h4cky0u.org Advisory, HYSA-2005-009, November 1, 2005 |
FRISK Software International
F-Prot Antivirus for Windows, Solaris, Linux and BSD 4.4.2, 3.12 d, 3.12 b,
Frisk Software Linux, Exchange, BSD, Antivirus 3.16 c |
A vulnerability has been reported due to insufficient scanning of decompressed ZIP files that have a header value greater than 15, which could let a remote malicious user bypass the scanning engine.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
F-Prot Antivirus ZIP Attachment Version Scan Bypass
CVE-2005-3499
|
Medium |
Security Tracker Alert ID: 1015148, November 3, 2005 |
F-Secure
Internet Gatekeeper 6.4.0-6.42, Anti-Virus for MS Exchange 6.40 |
A Directory Traversal vulnerability has been reported in the Web Console, which could let a remote malicious user obtain sensitive information.
Update information available at:
http://www.f-secure.com/
security/fsc-2005-2.shtml
There is no exploit code required.
|
F-Secure Web Console Directory Traversal |
Medium |
F-Secure Security Bulletin FSC-2005-2, November 2, 2005 |
Gallery
Gallery 2.4
|
An SQL injection vulnerability has been reported in 'ShowGallery.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Security Focus, Bugtraq ID: 15313, November 4, 2005 |
IBM
Lotus Domino 6.5.0-6.5.4, 6.0-6.0.4, Lotus Domino Web Access (iNotes) 6.x
|
Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling mail rules creation in DWA (Domino Web Access); a remote Denial of Service vulnerability was reported in the Out-Of-Office Agent when processing a message with a From field greater than 256 characters; an unspecified vulnerability was reported in Agents and in MIME to CD conversion; a remote Denial of Service vulnerability was reported when handling invalid HTTP addresses in DWA due to an unspecified error; a remote Denial of Service vulnerability was reported in the mail router when handling a document in the user's mail box that contains an invalid attachment; and a remote Denial of Service vulnerability was reported in Update Task when updating views in the Domino Directory.
Updates available at:
http://www-10.lotus.com/
ldd/r5fixlist.nsf/8c4f0b
18f61ab80585256cb
400719709/59999026d
2bf23e8852570a5006b
0a5d?OpenDocument
Some of these vulnerabilities do not require exploit code. |
IBM Lotus Domino/Notes Multiple Vulnerabilities |
Low |
Secunia Advisory: SA17429, November 4, 2005 |
IBM
Tivoli Access Manager for Business Integration 5.x, Tivoli Access Manager for e-business 5.x, Tivoli Access Manager for Operating Systems 5.x, Tivoli Directory Integrator 5.x, 6.x, Tivoli Directory Server 5.x, 6.x, Tivoli Federated Identity Manager 6.x, Tivoli Identity Manager 4.x |
A vulnerability has been reported in the server's 'slapd' daemon due to an unspecified error, which could let a remote malicious user obtain unauthorized access and change, modify and/or delete directory data.
Update information available at:
http://www-1.ibm.com/
support/docview.wss
?uid=swg21221665
Currently we are not aware of any exploits for this vulnerability. |
IBM Tivoli Directory Server Security Bypass |
Medium |
IBM Security Advisory, November 9, 2005 |
IBM
Websphere Application Server 5.1.1 .4, 5.1.1 .3
|
A vulnerability has been reported in the log file when tracing for the session manager is enabled because the 'QueryString' is logged when a URL is encoded, which could let a remote malicious user obtain sensitive information.
Update information available at:
http://www-1.ibm.com/
support/docview.wss?
uid=swg24010781
There is no exploit code required. |
IBM WebSphere Application Server Information Disclosure
CVE-2005-3498
|
Medium |
Security Tracker Alert ID: 1015134, November 2, 2005 |
ibProArcade
ibProArcade 2.5.2 |
An SQL injection vulnerability has been reported in the 'report' module due to insufficient sanitization of input in the 'user' parameter in 'index.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Update available at:
http://www.ibproarcade.com/
A Proof of Concept exploit has been published. |
ibProArcade Module SQL Injection |
Medium |
Secunia Advisory: SA17457, November 7, 2005 |
Invision Power Services
Invision Board 2.1 |
Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported due to insufficient of unspecified input in the administration interface before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and multiple HTML injection vulnerabilities were reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
|
Invision Power Board Multiple Cross-Site Scripting & HTML Injection |
Medium |
Security Focus, Bugtraq ID: 15344 & 15345, November 7, 2005 |
Jelsoft Enterprises
VBulletin 3.0-3.0.9, 2.3.0-2.3.4, 2.2.0-2.2.9, 2.0.3, 2.0 rc 2& rc 3, 1.0.1 lite
|
An input validation vulnerability has been reported in the image upload handling, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at:
http://www.vbulletin.com/
forum/showthread.php?
t=161721
There is no exploit code required.
|
vBulletin Image Upload Input Validation |
Medium |
Security Focus, Bugtraq ID: 15296, November 3, 2005 |
Johannes F. Kuhlmann
FlatFrag 0.3 & prior |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to insufficient bounds checking of user-supplied data before coping to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code: and a remote Denial of Service vulnerability was reported due to an attempt to dereference a NULL pointer.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
|
High |
Security Focus, Bugtraq ID: 15287, November 2, 2005 |
JPortal
JPortal Web Portal 2.3.1, 2.2.1 |
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published. |
|
Medium |
Security Focus, Bugtraq ID: 15324, November 4, 2005 |
Macromedia
Flash 7.0.19 .0, 7.0 r19, 6.0.79 .0, 6.0.65 .0, 6.0.47 .0, 6.0.40 .0, 6.0.29 .0, 6.0
|
A vulnerability has been reported due to insufficient validation of the frame type identifier that is read from a SWF file, which could let a remote malicious user execute arbitrary code.
Update information available at:
http://www.macromedia.com/
devnet/security/security_
zone/mpsb05-07.html
An exploit has been published.
|
Macromedia Flash Array Index Remote Arbitrary Code Execution
CVE-2005-2628
|
High |
Macromedia Security Advisory, MPSB05-07, November 5, 2005 |
Macromedia
Flash 7.0.19 .0 & prior |
An input validation vulnerability has been reported in 'ActionDefineFunction' due to an error for a critical array index value, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Update information available at:
http://www.macromedia.
com/devnet/security/
security
zone/
mpsb05-07.html
A Proof of Concept exploit has been published. |
Macromedia Flash Input Validation |
High |
Macromedia Security Bulletin, MPSB05-07, November 7, 2005 |
Mozilla.org
Netscape 8.0.3.3, 7.2;
Mozilla Firefox 1.5 Beta1, 1.0.6;
Mozilla Browser 1.7.11; Mozilla Thunderbird 1.0.6
|
A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://ftp.mozilla.org/
pub/mozilla.org/
firefox/releases/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
769.html
http://rhn.redhat.com/
errata/RHSA-2005-
768.html
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/
core/updates/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/m/
mozilla-firefox/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-11.xml
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200509-11.xml
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.
org/pool/updates/
main/m/mozilla-firefox/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
HP:
http://software.hp.com/
Mandriva:
http://www.mandriva.
com/security/
advisories
HPSBUX01231 Rev1:
Preliminary Mozilla 1.7.12 available.
Netscape:
http://browser.netscape.
com/ns8/download/
default.jsp
Debian:
http://security.debian.
org/pool/updates/
main/m/mozilla/
http://security.debian.
org/pool/updates/
main/m/mozilla-
thunderbird/
HPSBUX01231 Rrev.2: HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)) is available detailing information on the availability of version 1.7.12.01 of Mozilla for various HP platforms. Users should see the referenced advisory or contact HP for further information.
A Proof of Concept exploit script has been published. |
Mozilla/Netscape/ Firefox Browsers Domain Name Buffer Overflow
CVE-2005-2871 |
High |
Security Focus, Bugtraq ID: 14784, September 10, 2005
RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005
Fedora Update Notifications,
FEDORA-2005-871-184, September 10, 2005
Ubuntu Security Notice, USN-181-1, September 12, 2005
US-CERT VU#573857
Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005
Security Focus, Bugtraq ID: 14784, September 22, 2005
Slackware Security Advisory, SSA:2005-269-01, September 26, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005
Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005
Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005
Debian Security Advisory, DSA 837-1, October 2, 2005
Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005
HP Security Bulletin,
HPSBUX01231, October 3, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005
HP Security Bulletin,
HPSBUX01231 Rev 1, October 12, 2005
Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005
HP Security Bulletin,
HPSBUX01231 Rev 2, November 9, 2005
|
Multiple Vendors
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2;
Gentoo Linux;
Ethereal Group Ethereal 0.10.1-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7
|
A vulnerability has been reported in Ethereal, IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service.
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-25.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Currently we are not aware of any exploits for this vulnerability. |
Ethereal Denial of Service
CVE-2005-3313 |
Low |
Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005
Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Conectiva Security Announce-ment, CLSA-2005:1043, November 8, 2005 |
Multiple Vendors
Mozilla Firefox 1.5 beta 1 & beta 2, 1.0-1.0.7, 0.10.1, 0.10, 0.9-0.9.3, 0.8, Firefox Preview Release; Browser 1.8 Alpha 1-Alpha 4, 1.7-1.7.12, 1.6, 1.5.1, 1.5, 1.4.4, 1.4.2, 1.4.1, 1.4 1 & b, 1.4, 1.3.1, 1.3, 1.2.1, 1.2, Alpha & Beta, 1.1, Alpha & Beta, 1.0-1.0.2, 0.9.48, 0.9.35, 0.9.2-0.9.9, 0.8, M16, M15; KDE Konqueror Embedded 0.1, Konqueror 3.3-3.3.2, 3.2.3, 3.2.2 -6, 3.2.1, 3.1-3.1.5, 3.0.5 b, 3.0.5, 3.0- 3.0.3, 2.2.2, 2.2.1, 2.1.2, 2.1.1 |
A vulnerability has been reported due to a failure to ensure that cookies are properly associated to domain names, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Multiple Vendor Web Browser Cookie Hostname Information Disclosure |
Medium |
Security Focus, Bugtraq ID: 15331, November 4, 2005 |
Multiple Vendors
PHPXMLRPC 1.1.1;
PEAR XML_RPC 1.3.3; Drupal 4.6-4.6.2, 4.5- 4.5.4; Nucleus CMS Nucleus CMS 3.21, 3.2, 3.1, 3.0, RC, 3.0.;
MailWatch for MailScanner 1.0.1; eGroupWare 1.0.6, 1.0.3, 1.0.1, 1.0.0.007, 1.0
|
A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC :
http://prdownloads.
sourceforge.net/
phpxmlrpc/xmlrpc.
1.2.tgz?download
Pear:
http://pear.php.net/
get/XML_RPC-1.4.0.tgz
Drupal:
http://drupal.org/files/
projects/drupal-
4.5.5.tar.gz
eGroupWare:
http://prdownloads.
sourceforge.net/
egroupware/
eGroupWare-
1.0.0.009.tar .
gz?download
MailWatch:
http://prdownloads.
sourceforge.
net/mailwatch/
mailwatch-1.0.2.tar.gz
Nucleus:
http://prdownloads.
sourceforge.
net/nucleuscms/
nucleus-
xmlrpc-patch.
zip ?download
RedHat:
http://rhn.redhat.com/
errata/RHSA-2
005-748.html
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/php4/
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-13.xml
http://security.gentoo
.org/glsa/glsa-
200508-14.xml
http://security.gentoo.
org/glsa/glsa-
200508-18.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.
org/pool/updates/
main/p/php4/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-20.xml
http://security.gentoo.
org/glsa/glsa-
200508-21.xml
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Debian:
http://security.
debian.org/pool/
updates/main/p/
phpgroupware/
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
slackware-current/
slackware/
ftp://ftp.slackware.com/
pub/slackware/
slackware-10.1/
testing/packages/
php-5.0.5/php-5.0.5
-i486-1.tgz
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-19.xml
Debian:
http://security.debian.
org/pool/updates/
main/d/drupal/
Debian:
http://security.debian.
org/pool/updates/
main/e/egroupware/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/10/
b2evolution:
http://prdownloads.
sourceforge.net/evocms/
b2evolution-0.9.1b-2005-
09-16.zip?download
There is no exploit code required. |
PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution
CVE-2005-2498
|
High |
Security Focus, Bugtraq ID 14560, August 15, 2995
Security Focus, Bugtraq ID 14560, August 18, 2995
RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005
Ubuntu Security Notice, USN-171-1, August 20, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005
Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18,
August 24 & 26, 2005
Fedora Update Notifications,
FEDORA-2005-809 & 810, August 25, 2005
Debian Security Advisory, DSA 789-1, August 29, 2005
SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005
Gentoo Linux Security Advisory, GLSA GLSA 200508-20& 200508-21, August 30 & 31, 2005
Slackware Security Advisory, SSA:2005-242-02, August 31, 2005
Debian Security Advisory, DSA 798-1, September 2, 2005
SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Slackware Security Advisories, SSA:2005-251-03 & 251-04, September 9, 2005
Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005
Debian Security Advisory, DSA 840-1, October 4, 2005
Debian Security Advisory, DSA 842-1, October 4, 2005
Conectiva Linux Announcement, CLSA-2005:1024, October 7, 2005
Security Focus, Bugtraq ID: 14560, November 7, 2005 |
Multiple Vendors
PunBB 1.2.1-1.2.9;
BLOG:CMS 4.0 .0-4.0 .0d, 3.6.4, 3.6.2, 3.1-3.1.4, 3.0
|
Several vulnerabilities have been reported: a HTML injection vulnerability was reported when uploading images due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported because addresses can be hidden that use the 'X_FORWARDED_FOR' field in the HTTP header, which could let a remote malicious user spoof the origin; and an unspecified information disclosure vulnerability was reported.
PunBB:
http://www.punbb.org/
download/punbb-
1.2.10.tar.gz
Blog:CMS:
http://prdownloads.
sourceforge.net/blogcms/
blogcms.4.0.0e.tgz
There is no exploit code required. |
PunBB/Blog:CMS HTML Injection, Origin Spoof & Information Disclosure |
Medium |
Security Focus, Bugtraq IDs: 15322, 15326, & 15328, November 4, 2005 |
Multiple Vendors
RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9 |
A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005
|
Multiple Vendors
RedHat Fedora Core4, Core3;
Ethereal Group Ethereal 0.10
-0.10.12, 0.9-0.9.16, 0.8.19, 0.8.18 |
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting).
Upgrades available at:
http://prdownloads.sourceforge.
net/ethereal/ethereal-
0.10.13.tar.gz?download
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-809.html
Mandriva:
http://www.mandriva.com/
security/advisories
Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-227.pdf
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-25.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
An exploit script has been published.
|
|
High |
Ethereal Security Advisory, enpa-sa-00021, October 19, 2005
Fedora Update Notifications,
FEDORA-2005-1008 & 1011, October 20, 2005
RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005
Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005
Avaya Security Advisory, ASA-2005-227, October 28, 2005
Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005
Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
|
Multiple Vendors
University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
|
A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.
University of Kansas Lynx:
http://lynx.isc.org/current/
lynx2.8.6dev.14.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200510-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/lynx/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-803.html
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/
Mandriva:
http://www.mandriva.
com/security/
advisories
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
SGI:
http://www.sgi.com/
support/security/
Mandriva:
http://www.mandriva.com/
security/advisories
Debian:
http://security.debian.
org/pool/updates/
main/l/lynx/
http://security.debian.
org/pool/updates/
main/l/lynx-ssl/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lynx/
(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)
SUSE:
ftp://ftp.suse.com
/pub/suse/
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.47
A Proof of Concept Denial of Service exploit script has been published. |
Lynx 'HTrjis()' NNTP Remote Buffer Overflow
CVE-2005-3120 |
High |
Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005
Ubuntu Security Notice, USN-206-1, October 17, 2005
RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005
Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005
Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
SGI Security Advisory, 20051003-01-U, October 26, 2005
Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005
Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005
Ubuntu Security Notice, USN-206-2, October 29, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Slackware Security Advisory, SSA:2005-310-03, November 7, 2005
SCO Security Advisory, SCOSA-2005.47, November 8, 2005
|
Multiple Vendors
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3;
XML-RPC for PHP XML-RPC for PHP 1.1, 1.0.99 .2, 1.0.99, 1.0-1.02; WordPress 1.5-1.5.1 .2, 1.2-1.2.2, 0.71,0.7;
S9Y Serendipity 0.8.1, 0.8 -beta6 Snapshot, 0.8 -beta5 & beta6, 0.8;
PostNuke Development Team PostNuke 0.76 RC4a&b, RC4, 0.75; phpMyFAQ 1.5 RC1-RC4, 1.5 beta1-beta3, 1.5 alpha1&2, 1.4-1.4.8, 1.4;
PEAR XML_RPC 1.3 RC1-RC3, 1.3;
MandrakeSoft Linux Mandrake 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, 10.0 amd64, 10.0, Corporate Server 3.0 x86_64, 3.0;
Drupal 4.6.1, 4.6, 4.5- 4.5.3
|
A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
Drupal:
http://drupal.org/files/
projects/drupal-
4.5.4.tar.gz
Mandriva:
http://www.mandriva.com/
security/advisories
Pear:
http://pear.php.net/get/
XML_RPC-1.3.1.tgz
PhpMyFaq:
http://freshmeat.net/redir/
phpmyfaq/38789/url_zip/
download.php
S9Y Serendipity:
http://prdownloads.
sourceforge.net/php-
blog/serendipity-
0.8.2.tar.gz?download
Trustix:
http://http.trustix.org/
pub/trustix/updates/
WordPress:
http://wordpress.org/
latest.zip
XML-RPC:
http://prdownloads.
sourceforge.net/
phpxmlrpc/
xmlrpc-1.1.1.tgz?download
Xoops:
http://www.xoops.org/
modules/core/
visit.php?cid=3&lid=62
Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-01.xml
http://security.gentoo.org/
glsa/glsa-200507-06.xml
http://security.gentoo.org/
glsa/glsa-200507-07.xml
http://security.gentoo.org/
glsa/glsa-200507-15.xml
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Debian:
http://security.debian.org/
pool/updates/main/
d/drupal/
http://security.debian.org/
pool/updates/main/p/
phpgroupware/
http://security.debian.org/
pool/updates/main/e/
egroupware/
SGI:
http://www.sgi.com/
support/security/
SuSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Debian:
http://security.debian.
org/pool/updates/
main/p/php4/
SUSE:
ftp://ftp.suse.com
/pub/suse/
MAXdev MD-Pro Content Management:
http://www.maxdev.
com/Downloads-index
-req-viewdownload
-cid-3.phtml
b2evolution:
http://prdownloads.
sourceforge.net/evocms/
b2evolution-0.9.1b-2005-
09-16.zip?download
Exploit scripts have been published.
|
Multiple Vendors XML-RPC for PHP Remote Code Injection
CVE-2005-1921
|
High |
Security Focus, 14088, June 29, 2005
Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005
Fedora Update Notifications,
FEDORA-2005-517 & 518, July 5, 2006
Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005
US-CERT VU#442845
Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005
Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005
SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005
Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005
SGI Security Advisory, 20050703-01-U, July 15, 2005
Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005
Debian Security Advisory, DSA 789-1, August 29, 2005
SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005
Security Focus, Bugtraq ID: 14088, November 7, 2005 |
OSTE
OSTE 1.x |
A vulnerability has been reported in 'index,php' due to insufficient verification of the 'page' and 'site' parameters before including files, which could let a remote malicious user execute arbitrary remote PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
OSTE File Inclusion Vulnerability |
High |
Secunia Advisory: SA17493, November 8, 2005 |
PHP Handicapper
PHP Handicapper |
Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'process_signup.
php' due to insufficient sanitization of the 'login' parameter and in 'msg.php' due to insufficient sanitization of the 'msg' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'process_signup.
php' due to insufficient sanitization of the 'serviceid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Secunia Advisory: SA17412, November 3, 2005 |
PHP
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x |
Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_
globals' directive; a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an integer overflow vulnerability was reported in 'pcrelib' due to an error, which could let a remote malicious user corrupt memory.
Upgrades available at:
http://www.php.net/get/
php-4.4.1.tar.gz
SUSE:
ftp://ftp.suse.com
/pub/suse/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
There is no exploit code required. |
|
Medium |
Secunia Advisory: SA17371, October 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005 |
phpBB Group
phpBB 2.0-2.0.18, 1.4.4, 1.4.0-1.4.2, 1.2.1, 1.2 .0, 1.0 .0
|
A Cross-Site Scripting vulnerability has been reported in 'Usercp_sendpasswd.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
PHPBB Forum Cross-Site Scripting |
Medium |
Security Focus, Bugtraq ID: 15357, November 8, 2005 |
PHPFM
PHPFM |
A file upload vulnerability has been reported, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
PHPFM Arbitrary File Upload |
Medium |
Security Focus, Bugtraq ID: 15335, November 7, 2005 |
PHPKIT
PHPKIT 1.6.1 R2 & prior
|
Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'admin/admin.php' due to insufficient sanitization of the 'site_body' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of the referer HTTP header, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'id' and 'PHPKITSID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'path' parameter in various scripts due to insufficient verification before used to include files, which could let a remote malicious user execute arbitrary PHP code; and a vulnerability was reported in the 'eval()' call due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
PHPKit Multiple Input Validation |
High |
Hardened PHP Project Security Advisory, November 7, 2005 |
PHPList
PHPList Mailing List Manager 2.10.1, 2.8.12, 2.6-2.6.4
|
Multiple vulnerabilities have been reported: a vulnerability was reported because users can access other users' personal details; a vulnerability was reported in the sign up process, which could let a remote malicious user obtain access without providing a password; a vulnerability was reported due to insufficient sanitization of some input in the administration interface before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported due to insufficient sanitization of some input in the administration interface before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported due to insufficient sanitization of some input passed in the administration interface before displaying, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://prdownloads.
sourceforge.net/
phplist/phplist-
2.10.2.tgz?download
There is no exploit code required; however, Proof of Concept exploits have been published.
|
PHPList Multiple Input Validation |
Medium |
Secunia Advisory: SA17476, November 8, 2005 |
PhpWeb
Things
PhpWebThings 0.4.4
|
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'forum.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'Forum.PHP' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published. |
phpWebThings Cross-Site Scripting & SQL Injection |
Medium |
Security Focus, Bugtraq ID: 15276 & 15277, November 2, 2005 |
SAP
SAP Web Application Server 7.0, 6.40, 6.20, 6.10
|
Several vulnerabilities have been reported: an HTTP response splitting vulnerability was reported due to insufficient sanitization of user-supplied input, which could lead to a false sense of trust; several Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a URI redirection vulnerability was reported in the 'sap-exiturl' parameter, which could let a remote malicious user steal cookie-based credentials or enhance phishing style attacks.
The vendor has released solutions and patch information regarding this issue. Users are advised to contact the vendor for further information.
There is no exploit code required; however, Proof of Concept exploits have been published for the Cross-Site Scripting & URI Redirection vulnerabilities. |
SAP Web Application Server HTTP Response Splitting, Cross-Site Scripting & URI Redirection |
Medium |
Security Focus, Bugtraq ID: 15360, 15361, & 15362, November 9, 2005 |
Scorched 3D
Scorched 3D 39.1, 37.1, 37.0, 36.0-36.2, 35.0 |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to boundary and format string errors in various functions, which could let a remote malicious user execute arbitrary code; a vulnerability as reported in 'ServerConnect
Handler.cpp' due to an error when handing the 'numplayers' field, which could let a remote malicious user freeze a vulnerable server; a buffer overflow vulnerability was reported in 'ComsMessage
Handler.cpp' due to an error when creating error messages, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in 'Logger.cpp' due to an error when handling overly large values.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
High |
Secunia Advisory: SA17423, November 4, 2005 |
Six Apart
Movable Type 3.17, 3.16, 3.2, 2.63, 2.0 |
Several vulnerabilities have been reported; a vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user create an arbitrary blog path; and a vulnerability was reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
There is no exploit code required.
Currently we are not aware of any exploits for these vulnerabilities. |
Movable Type Arbitrary Blog Creation Path & Entry Posting HTML Injection |
Medium |
Security Focus, Bugtraq ID: 15302 & 15305, November 3, 2005 |
SquirrelMail
SquirrelMail 1.4.0-1.4.5-RC1.
|
A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/
manipulate sensitive information.
Upgrades available at:
http://www.squirrelmail.org/
download.php
Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-595.html
Apple:
http://docs.info.apple.
com/article.html?
artnum=302163
Fedora:
http://download.
fedora.redhat.com/
pub/fedora/linux/
core/updates/
Fedora:
http://download.
fedoralegacy.org/
fedora/
Mandriva:
http://www.mandriva.
com/security/
advisories
There is no exploit code required.
|
|
Medium |
GulfTech Security Research
Advisory, July 13, 2005
Debian Security Advisory,
DSA 756-1,
July 13, 2005
RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005
Fedora Update Notifications,
FEDORA-2005-779 & 780, August 22, 2005
Fedora Legacy Update Advisory, FLSA:163047, September 15, 2005
Mandriva Linux Security Advisory, MDKSA-2005:202, November 2, 2005 |
Sun Microsystems, Inc.
JDK (Windows Production Release) 1.5.0_05, 1.4.2_09, 1.4.2_08, JDK (Solaris Production Release) 1.5.0_05, 1.4.2_09, 1.4.2_08, JDK (Linux Production Release) 1.5.0_05, 1.4.2_09, 1.4.2_08, JDK 1.5 .0_05, 1.4.2_09, 1.4.2_08 |
A remote Denial of Service vulnerability has been reported due to a font deserialization error.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability |
Sun Java Development Kit Font Serialization Remote Denial of Service |
Low |
Security Focus, Bugtraq ID: 15312, November 4, 2005 |
The XMB Group
XMB Forum 1.9.3 |
A Cross-Site Scripting vulnerability has been reported in 'u2u.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
XMB Cross-Site Scripting |
Medium |
Security Focus, Bugtraq ID: 15342, November 7, 2005 |
The XMB Group
XMB Forum 1.9.3
|
An SQL injection vulnerability has been reported in 'post.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
XMB Forum SQL Injection |
Medium |
Security Focus, Bugtraq ID: 15267, November 1, 2005 |
toendaCMS
toendaCMS 0.6.1 |
Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'admin.php' due to insufficient verification of the 'id_user' parameter before used to display files, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported because user credentials and session information is stored inside the web root, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
http://www.toenda.com/
de/data/files/Software/
toendaCMS_Version
0.6.0_Stable/toenda
CMS_0.6.2_Stable.zip
There is no exploit code required; however, a Proof of Concept exploit has been published. |
toendaCMS Information Disclosure |
Medium |
SEC-CONSULT Security Advisory, November 7, 2005 |
Veritas Software
NetBackup Server 5.1, 5.0, NetBackup Enterprise Server 5.1, 5.0, NetBackup Client 5.1, 5.0 |
A buffer overflow vulnerability has been reported in a shared library used by the VERITAS NetBackup volume manager daemon (vmd), which could let a remote malicious user potentially execute arbitrary code or cause a Denial of Service.
Patches available at:
http://support.veritas.
com/menu_ddProduct_
NBUESVR_view_
DOWNLOAD.htm
Currently we are not aware of any exploits for this vulnerability. |
VERITAS NetBackup Volume Manager Daemon Buffer Overflow
CVE-2005-3116
|
High |
Symantec Security Advisory, SYM05-024, November 8, 2005 |
Vubb
Vubb
|
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a path disclosure vulnerability has been reported when an error message is displayed, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
|
Medium |
KAPDA Advisory :#10, November 1, 2005 |
WebGroup Media
Cerberus Helpdesk 2.6.1, 2.0-2.5
|
A vulnerability has been reported in the 'attachment_
send.php' script due to insufficient authentication when accessing tickets, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Security Tracker Alert ID: 1015153, November 4, 2005 |
YaBB
YaBB 2.0, RC1 & RC2, 1.41, 1.40, YaBB 1 Gold Release, SP 1.4, SP 1.3-1.3.2, SP 1.2, SP 1
|
A vulnerability has been reported in the attachment upload handling due to an input validation error, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://www.yabbforum.
com/downloads.php?
file=YaBB_2.1.zip
There is no exploit code required. |
YaBB Image Upload HTML Injection |
Medium |
Secunia Advisory: SA17411, November 9, 2005 |
Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- IDC: As mobile workforce grows, IT support could lag: According to a study by IDC, the global mobile workforce is expected to grow by more than 20% in the next four years, with 878 million mobile workers toiling away on laptops, handhelds and cell phones by 2009. However, IT managers today often don’t deal with the complexities associated with managing, securing and supporting handheld devices and applications for mobile workers. Source: http://www.computerworld.com/mobiletopics/
mobile/story/0,10801,106062,00.html.
- Agencies jockey over wireless spectrum: By the end of this month, federal agencies will release to the Commerce Department plans on how they will manage their allotment of the nation’s airwaves.
Since President Bush unveiled a sweeping spectrum management memorandum last December that included 24 recommendations and key milestones, federal agencies have been scrambling to determine how much of the electromagnetic spectrum they are using and for what purposes.
Source: http://www.gcn.com/vol1_no1/daily-updates/37475-1.html.
- New type of phishing could hit mobile phone users: Experts are warning that a new type of phishing that could siphon bank details from mobile phone users.
Mophophishing is where hackers send out fake banking applications to unsuspecting mobile phone users. The users then type their account details into the application thinking they were accessing their accounts when they were actually sending their personal details back to the hacker.
Spotting a phishing email is relatively straightforward, the user need only examine the source code of an HTML email and inspect the domain name and path of any link to verify its authenticity. But with a mobile application, this information is concealed deep within the application code itself.
Source: http://www.scmagazine.com/uk/news/article/525582/new-type-phishing-hit-mobile-phone-users/
Wireless Vulnerabilities
[back to top]
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script
(Reverse Chronological Order) |
Script name |
Workaround or Patch Available |
Script Description |
| November 9, 2005 |
advisory_212005.80.txt |
No |
Sample exploitation for the PHPKit Multiple Input Validation vulnerabilities. |
| November 9, 2005 |
phzine01.zip |
N/A |
Phearless Serbian/Croatian Security Magazine Issue #01 Included in this issue: The Art of Sniffing, The Art of Footprinting, SQL Injection Techniques, Wireless - Under the hood, Cross Site Scripting with examples, VX Coding - New ideas, Win Hack and Tweak, Samba Lin and Win Dance, Exploiting ShopAdmin, CGI Exploiting, and Mirc Scripting Basics. |
| November 9, 2005 |
phzine02.zip |
N/A |
Phearless Serbian/Croatian Security Magazine Issue #02. Included in this issue: Symbian OS - Under the Hood, Runtime Decryption and Meta Swap Engine, BlackHand.w32(DeadCode.a/b) Analysis, prc-ko - the 4th Native API virus, NT Startup Methods Exposed, Phearless Challenge #2: Reversme, Full Reverse(Target VCT #1), Full Reverse(Target VCT #2), Full Reverse(Target VCT #3), Writing Linux Shellcode - Basics, Hiding Behind Firewall, Phreaking in Serbia, Cryptology 101, Win Hacks and Tips #2, and Security from iso/osi Reference Model Perspective. |
| November 9, 2005 |
phzine03.zip |
N/A |
Phearless Serbian/Croatian Security Magazine Issue #03. Included in this issue: Injecting Malware: Symbian Micro Kernel, Smart EPO Techniques, Debugging Programs On Win32, Nanomites And Misc Stuff, Full Reverse(Target: tElock), Full Reverse(Target: MrStop's Crackme #1), Full Reverse(Target: Inline patching nSPack 2.x), Xtreem Exploiting Steps, Exploiting Non-Exec Stack, Exploiting Stack BOf Over SEH, Security Of Web Pages, How To Stay OUT Of JAIL, Secret Of BSOD, and Recent Computer Networks. |
| November 9, 2005 |
phzine04.zip |
N/A |
Phearless Serbian/Croatian Security Magazine Issue #04. Included in this issue: Symbian C++ Reference - Part 1, Symbian OS - Polymorphic MDL, TINY phile about SQL injections, Developing Network Security Tool(s), The Art of Reversing, Open Your Windows (OS), Malloc Demistified - Part 1, Bypass DEP on Heap, Client/Server Systems, Uncommon Tribute to Practical Switching, and Cisco Routers Exposed. |
| November 9, 2005 |
scapy-1.0.2.tar.gz |
N/A |
A powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer that provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. |
| November 8, 2005 |
atutor_151pl2_xpl.php
atutor151pl2.txt |
No |
Proof of Concept exploits for the ATutor SQL Injection vulnerability. |
| November 8, 2005 |
ibProArcade.txt |
Yes |
Exploit details for the ibProArcade Module SQL Injection vulnerability. |
| November 8, 2005 |
ipb.2.1.txt
ipb.2.1-english.txt |
No |
Exploit details for the Invision Power Board Multiple Cross-Site Scripting & HTML Injection vulnerabilities. |
| November 8, 2005 |
phpWebThings144.txt |
No |
Exploit details for the phpWebThings Cross-Site Scripting & SQL Injection vulnerabilities. |
| November 8, 2005 |
prdelka-vs-BSD-ptrace.tar.gz |
Yes |
Exploit for the NetBSD ptrace() root vulnerability. |
| November 8, 2005 |
qbrute-v1.1.zip |
N/A |
A MD5 Calculator and Cracker written in Perl. |
| November 8, 2005 |
qcrack-v0.25.tgz |
N/A |
A program written to test the security of md5/md4/md2 passwords by attempting to brute force them. |
| November 8, 2005 |
susechfn.sh
|
Yes |
Script that exploits the Multiple Vendors CHFN User Modification ROOT Access vulnerability. |
| November 8, 2005 |
tkadv2005-11-001.txt |
Yes |
Exploit details for the PHPList Multiple Input Validation vulnerabilities. |
| November 8, 2005 |
twiki20030201.pl.txt |
Yes |
Exploit for the TWiki Search Shell Metacharacter Remote Arbitrary Command Execution Vulnerability. |
| November 8, 2005 |
waraxe-2005-SA043.txt |
Yes |
Exploit details for the Phorum SQL Injection vulnerability. |
| November 8, 2005 |
x_dtsuids.pl.txt |
Yes |
Exploit for the Solaris 10 DtPrintinfo/Session vulnerability. |
| November 8, 2005 |
zone.labs-fw.txt |
No |
Proof of Concept exploit for the ZoneAlarm Personal Firewall Program Control Feature Bypass vulnerability. |
| November 7, 2005 |
fsigk_exp.py
|
Yes |
Proof of Concept exploit for the F-Secure Anti-Virus Gatekeeper & Gateway for Linux Elevated Privileges vulnerability. |
| November 7, 2005 |
hpux_ftpd_preauth_list.pm |
Yes |
Proof of Concept exploit for the HP-UX FTP Server Directory Listing Vulnerability. |
| November 7, 2005 |
lnxFTPDssl_warez.c |
No |
Script that exploits the Linux-FTPD-SSL FTP Server Remote Buffer Overflow Vulnerability. |
| November 7, 2005 |
netmail.txt |
No |
Proof of Concept exploit for the Novell Netmail Script Insertion Vulnerability. |
| November 5, 2005 |
formatPaper.txt |
N/A |
A whitepaper that discusses further advances in the exploitation in format string bugs. |
| November 5, 2005 |
WifiScanner-1.0.1.tar.gz |
N/A |
An analyzer and detector of 802.11b stations and access points that can listen alternatively on all the 14 channels, write packet information in real time, search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. |
| November 5, 2005 |
wzdFTPd.pm.txt |
No |
Exploit for the Wzdftpd SITE Command Arbitrary Command Execution Vulnerability. |
| November 4, 2005 |
20051021.MS05-047.c |
Yes |
Remote Denial of Service exploit for the Microsoft Windows Plug and Play Arbitrary Code Execution vulnerability. |
| November 4, 2005 |
coarseknocking-0.0.2.tar.gz |
N/A |
A simple implementation of Port Knocking techniques that sniffs network packets looking for predetermined keys and executes commands to open and close ports on the firewall. |
| November 4, 2005 |
CuteNews1.4.1.txt |
No |
Exploit for the CutePHP CuteNews Directory Traversal & PHP Code Execution vulnerability. |
| November 4, 2005 |
galerie_2.4_exploit.pl
gallery24.pl.txt
|
No |
Proof of Concept exploits for the Gallery SQL Injection vulnerability. |
| November 4, 2005 |
gpsdrive-ex-long-ppc.pl
gpsdrive-ex-short-x86.pl
gpsdrive-ex-long-ppc.pl.txt
|
No |
Proof of Concept exploits for the GpsDrive Remote Format String vulnerability. |
| November 4, 2005 |
phpinfoXSS.txt |
No |
Proof of Concept exploit for the PHP 'phpinfo.php' Cross-Site Scripting vulnerability. |
| November 4, 2005 |
qbrute.zip |
N/A |
A MD5 Calculator and Cracker that is written in Perl. |
| November 4, 2005 |
rna_deleter.rgp
rna_bof.rgs
|
No |
Scripts that exploit the RealArcade Vulnerabilities. |
| November 4, 2005 |
ssf.zip |
N/A |
A tool that exploits the various weakness in VoIP-Phones. |
| November 4, 2005 |
StackBasedOverflows-Windows-Part1.pdf |
N/A |
A document titled "Writing Stack Based Overflows on Windows - Part I: Basic Concepts." |
| November 4, 2005 |
StackBasedOverflows-Windows-Part2.pdf |
N/A |
A document titled "Writing Stack Based Overflows on Windows - Part II: Windows Assembly for writing Exploits." |
| November 3, 2005 |
asusvsbugs.zip |
No |
Proof of Concept exploit for the code for Asus Video Security Buffer Overflow & Directory Traversal vulnerabilities. |
| November 3, 2005 |
cirt-40-advisory.pdf |
No |
Exploitation details for the IpSwitch Whatsup Small Business 2004 Directory Traversal vulnerability. |
| November 3, 2005 |
NeroNet1202.txt |
No |
Exploitation details for the NeroNet Limited Directory Traversal Vulnerability. |
| November 3, 2005 |
php-handicapper.txt |
No |
Exploitation details for the PHP Handicapper Cross-Site Scripting & SQL Injection vulnerabilities. |
| November 3, 2005 |
scorchbugs.zip |
No |
Proof of Concept exploit for the Scorched 3D Multiple vulnerabilities. |
| November 3, 2005 |
up-imapproxy-exp.c |
Yes |
Proof of Concept exploit for the up-imapproxy Format String vulnerability. |
| November 2, 2005 |
bcarrydos.zip |
No |
Proof of Concept exploit for the Battle Carry Remote Denial of Service vulnerability. |
| November 2, 2005 |
flatfragz.zip |
No |
Proof of Concept exploit for the Johannes F. Kuhlmann FlatFrag Multiple Remote Buffer Overflow & Denial of Service vulnerabilities. |
| November 2, 2005 |
ggwbofc.zip
ggwbof.zip |
Yes |
Proof of Concept exploits for the GraphOn GO-Global For Windows Remote Buffer Overflow vulnerability. |
| November 2, 2005 |
gliderbof.zip
|
No |
Proof of Concept exploit for the Glider Collect'N Kill Remote Buffer Overflow vulnerability. |
| November 1, 2005 |
IEcrash.zip |
No |
Exploit for the Microsoft Internet Explorer Malformed HTML Parsing Denial of Service vulnerability. |
[back to
top]
Trends
- Spyware Has Become A "Global Pandemic" For Enterprises: Survey: A new study by Webroot Software found that 48% of enterprise PCs are infected with adware. They found that the average enterprise PC had 3.9 adware infections in the third quarter of this year, up from 3.6 in the previous quarter.
Source: http://www.networkingpipeline.com/showArticle.jhtml?articleID=173600626.
- New Linux worm crawls the web: A new Linux worm is crawling the web looking for a large number of vulnerable PHP systems and applications. The worm, known as Linux.Plupii (Symantec) or Linux/Lupper.worm (McAfee. It installs a Trojan using wget and the attack allows for arbitrary code execution under the privileges of the web server user.
The worm exploits PHP based vulnerabilities discovered back in June, and affects a large number of PHP web applications that use XML-RPC. Source: http://www.securityfocus.com/brief/38.
- US-CERT is currently aware of a new worm which targets web servers running vulnerable versions of XML-RPC for PHP. Once the worm infects a web server, it opens a backdoor to the compromised server and begins scanning for additional servers to infect.
- Phishing Alert: Google: Websense® Security Labs™ has received reports of a new phishing attack that targets users of Google's search engine. Users are redirected to a spoofed copy of Google's front page with a large message claiming "You WON $400.00 !!!". They are presented with instructions for collecting their prize money, which included entering credit card numbers and shipping addresses. Once the information has been collected, users are directed to Google's legitimate website.Source: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=332.
- Online ID theft worsens, scares U.S. bank customers: Banks and regulators have increased their efforts to stop identity theft over the Internet but many Americans fear that fraudsters remain one step ahead when banking online. Source: http://www.computerworld.com/securitytopics/
security/story/0,10801,106066,00.html/.
- Hey Linux Users: No Software Is Impenetrable: The vulnerability that affects a Windows network today is very likely to infect a Linux or Unix network connected to it. Companies that fail to secure their Linux networks may find rogue code spreading and infecting interconnected Windows networks. Source: http://www.newsfactor.com/story.xhtml?story_id=02000000GPIG.
[back to top]
Viruses/Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank |
Common Name |
Type of Code |
Trend |
Date |
Description |
1 |
Netsky-P |
Win32 Worm |
Stable |
March 2004 |
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
2 |
Mytob-BE |
Win32 Worm |
Stable |
June 2005 |
A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data. |
3 |
Netsky-D |
Win32 Worm |
Stable |
March 2004 |
A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
4 |
Mytob-GH |
Win32 Worm |
Stable |
November 2005 |
A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
5 |
Mytob-AS |
Win32 Worm |
Stable |
June 2005 |
A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
6 |
Netsky-Z |
Win32 Worm |
Stable |
April 2004 |
A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
7 |
Lovgate.w |
Win32 Worm |
Stable |
April 2004 |
A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
8 |
Zafi-D |
Win32 Worm |
Stable |
December 2004 |
A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
9 |
Zafi-B |
Win32 Worm |
Stable |
June 2004 |
A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
10 |
Mytob.C |
Win32 Worm |
Stable |
March 2004 |
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
Table updated November 7, 2005
[back to
top]
|
|
|
|
Last updated
February 13, 2008
|
|
Get Adobe Reader
US-CERT is part of the Department of Homeland Security