Skip to content

customize
National Cyber Alert System
Cyber Security Bulletin SB05-334archive

Summary of Security Items from November 24 through November 30, 2005

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source
ASP-Rider 1.6

A vulnerability has been reported in ASP-Rider that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

ASP-Rider SQL Injection

CVE-2005-3931

Medium Secunia, Advisory: SA17792, November 30, 2005
Freeftpd 1.0.10

Multiple vulnerabilities have been reported in Freeftpd that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Freeftpd Denial of Service

CVE-2005-3812

Low Security Focus , ID: 15557 , November 25, 2005
MailEnable Professional 1.7, Enterprise 1.1

A vulnerability has been reported in MailEnable that could let remote malicious users cause a Denial of Service.

A vendor solution is available:
http://www.mailenable.com/
hotfix/MEIMAPS.ZIP

A Proof of Concept exploit has been published.

MailEnable Denial of Service

CVE-2005-3813

Low Security Tracker, Alert ID: 1015268, November 24, 2005

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

Updated to provide information on proof of concept code, malicious software, and provide additional references.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Unauthorized Access

CAN-2005-1790

Medium

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861

Microsoft, Security Advisory 911302, November 29, 2005

Microsoft

Windows Microsoft Distribution Transaction Coordinator (MSDTC) and COM+

A buffer overflow vulnerability has been reported in Windows MSDTC and COM+ that could let local or remote malicious users execute arbitrary code, obtain elevated privileges or cause a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-051.mspx

Vendor has identified potential issues associated with fix:
http://www.microsoft.com/
technet/security/advisory
/909444.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-214.pdf

Nortel:
http://www130.nortelnetworks.com/
cgi-bin/eserv/cs/main.jsp?
cscat=BLTNDETAIL&DocumentOID=
366956&RenditionID=

An exploit has been published.

Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service

CVE-2005-1978
CVE-2005-1979
CVE-2005-1980
CVE-2005-2119

High

Microsoft, Security Bulletin MS05-051, October 11, 2005

US-CERT VU#180868,
US-CERT VU#950516

Technical Cyber Security Alert TA05-284A, October 11, 2005

Microsoft, Security Advisory 909444, October 14, 2005

Avaya, ASA-2005-214, October 11, 2005

Nortel, Security Advisory Bulletin 2005006316, November 11, 2005

Security Focus, ID: 15056, November 27, 2005

NetObjects Fusion 9

A vulnerability has been reported in NetObjects Fusion that could let remote malicious users disclose information.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

NetObjects Fusion Information Disclosure

CVE-2005-3923

Medium Secunia, Advisory: SA17667, November 23, 2005

Online Tech Tools

OASYS Lite 1.0

A vulnerability has been reported in OASYS Lite that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

OASYS Lite Cross-Site Scripting

CVE-2005-3850

Medium Security Focus, ID: 15605, November 28, 2005

Online Tech Tools

OKBSYS Lite 1.0

A vulnerability has been reported in OKBSYS Lite that could let remote malicious users conduct Cross-Site scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

OKBSYS Lite Cross-Site Scripting

CVE-2005-3851

Medium Security Focus, ID: 15607, November 28, 2005

Panda Software

WebAdmin, TruPrevent Personal 2006, 2005, Titanium 2006 Antivirus + Antispyware, Titanium 2005 Antivirus, Titanium
Panda Security 3.0, Platinum 2006 Internet Security, EnterpriSecure Antivirus, ISA Secure, GateDefender, FileSecure with TruPrevent Technologies, FileSecure, ExchangeSecure, EnterpriSecure with TruPrevent Technologies, ClientShield with TruPrevent Technologies, BusinesSecure Antivirus, Antivirus Platinum 2.0, Antivirus for NetWare 2.0, ActiveScan 5.0

A heap overflow vulnerability has been reported when attempting to decompress ZOO archive files, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Panda Software Antivirus Library ZOO Archive Heap Overflow

CVE-2005-3922

High
Security Focus, Bugtraq ID: 15616, November 29, 2005

SpeedProject

SpeedCommander 10.51, 11, Squeez 5.0, ZipStar 5.0

Multiple buffer overflow vulnerabilities have been reported in SpeedCommander, Squeez, and ZipStar that could let remote malicious users execute arbitrary code.

Upgrade to newest version:
http://www.speedproject.de/
enu/download.html

Currently we are not aware of any exploits for this vulnerability.

SpeedProject Arbitrary Code Execution

CVE-2005-3831
CVE-2005-3832

High Secunia, Advisory: SA17420, November 24, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

Apple

Macintosh OS X

 

Multiple vulnerabilities have been reported: a vulnerability was reported when handling HTTP headers in the Apache 2 web server due to an error, which could let a remote malicious user conduct HTTP request smuggling attacks; a vulnerability was reported in the Apache web server's 'mod_ssl' module due to an error, which could let a remote malicious user bypass security restrictions; a vulnerability was reported in 'CoreFoundation' when resolving certain URLs due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in curl when handling NTML authentication due to an error, which could let a remote malicious user compromise a user's system; a vulnerability was reported in 'iodbcadmintoo,' which could let a malicious user execute arbitrary commands with elevated privileges; a vulnerability was reported in OpenSSL when handling certain compatibility options due to an error, which could let a remote malicious user perform rollback attacks; a vulnerability was reported in 'passwordserver' when handling the creation of an Open Directory master server due to an error, which could let a malicious user obtain sensitive information; a vulnerability was reported in the PCRE library used by Safari's JavaScript due to an integer overflow error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in Safari when a downloaded file that contains an overly long filename is downloaded, which could let a remote malicious user save the file outside the designated directory; a vulnerability was reported in Safari because JavaScript dialog boxes don't indicate the web site that created them, which could let a remote malicious user spoof dialog boxes; a vulnerability was reported in Webkit when handling specially crafted content due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in 'sudo' due to an error, which could let a malicious user execute arbitrary code; and a vulnerability was reported in the syslog server due to insufficient sanitization of messages before recording them, which could let a remote malicious user forge log entries and mislead the system administrator.

Patch information available at:
http://docs.info.apple.
com/article.html?
artnum=302847

Currently we are not aware of any exploits for these vulnerabilities.

High
Apple Security Update, APPLE-SA-2005-11-29, November 29, 2005

Centericq

Centericq 4.20

A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages.

Debian:
http://security.debian.
org/pool/updates/
main/c/centericq/

A Proof of Concept exploit script has been published.

Centericq Empty Packet Remote Denial of Service

CVE-2005-3694

Low
Debian Security Advisory. DSA 912-1, November 30, 2005

Easy Software Products

CUPS 1.1.21, 1.1.22 rc1, 1.1.22

A remote Denial of Service vulnerability exists when a malicious user submits a specially crafted HTTP GET request.

Upgrades available at:
http://www.cups.org/
software.php?
SOFTWARE=v1_2

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/inux/core/
updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
772.html

SCO:
ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.51

A Proof of Concept exploit has been published.

CUPS HTTP
GET Denial of Service

CVE-2005-2874

Low

Security Tracker Alert ID, 1012811, January 7, 2005

Fedora Update Notification,
FEDORA-2005-908, September 22, 2005

RedHat Security Advisory, RHSA-2005:772-8, September 27, 2005

SCO Security Advisory, SCOSA-2005.51, November 24, 2005

Ezyhelp
desk

Multiple vulnerabilities have been reported in Ezyhelpdesk that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Ezyhelpdesk SQL Injection

CVE-2005-3826

Medium Secunia, Advisory: SA17697, November 23, 2005

FAD Solutions

DRZES HMS 3.2

Several vulnerabilities have been reported: an SQL injection vulnerability has been reported in some input passed in the customer interface due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability has been reported in 'register_domain.php' due to insufficient sanitization of the 'sld' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

drzes HMS SQL Injection & Cross-Site Scripting
Medium
Secunia Advisory: SA17755, November 29, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml

OpenPKG:
ftp://ftp.openpkg.org/
release/2.3

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-564.html

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Debian:
http://security.debian.org/
pool/updates/main/
p/php4/

Updates available at:
http://www.php.net/
get/php-4.4.0.tar.bz2/
from/a/mirror

There is no exploit code required.

GNU shtool Insecure
Temporary File Creation

CVE-2005-1751

Medium

Secunia Advisory, SA15496,
May 25, 2005

Gentoo Linux Security Advisory, GLSA 200506
-08, June 11, 200

OpenPKG
Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Ubuntu Security Notice, USN-171-1, August 20, 2005

Debian Security Advisory, DSA 789-1, August 29, 2005

Security Focus, Bugtraq ID: 13767, November 25, 2005

Hewlett Packard Company

HP-UX B.11.23, B.11.11, B.11.00

A vulnerability has been reported in HP UX running xterm, which could let a malicious user obtain unauthorized access.

Update 1: Preliminary xterm files are available.

Currently we are not aware of any exploits for this vulnerability.

HP-UX XTerm Unauthorized Access

CVE-2005-3779

Medium

HP Security Advisory, HPSBUX02075, November 14, 2005

HP Security Advisory, HPSBUX02075 Update 1, November 22, 2005

Info-ZIP

UnZip 5.52

A vulnerability has been reported due to a security weakness when extracting an archive to a world or group writeable directory, which could let a malicious user modify file permissions.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SCO:
ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.39/507

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/unzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/unzip/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

There is no exploit code required.

Info-ZIP UnZip File Permission Modification

CVE-2005-2475

Medium

Security Focus, 14450, August 2, 2005

Fedora Update Notification,
FEDORA-2005-844, September 9, 2005

SCO Security Advisory, SCOSA-2005.39, September 28, 2005

Ubuntu Security Notice, USN-191-1, September 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0053, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:197, October 26, 2005

Debian Security Advisory, DSA 903-1, November 21, 2005

Conectiva Linux Announcement, CLSA-2005:1049, November 21, 2005

Jed Wing

CHM lib 0.36, 0.35, 0.3-0.33, 0.2, 0.1

A buffer overflow vulnerability has been reported in the '_chm_decompress_block()' function due to a boundary error when reading input, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://morte.jedrea.com/
~jedwin/projects/
chmlib/chmlib-0.37.tgz

SUSE:
ftp://ftp.suse.com
/pub/suse/

Debian:
http://security.debian.
org/pool/updates/
main/c/chmlib/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-23.xml

Currently we are not aware of any exploits for this vulnerability.

CHM Lib Remote Buffer Overflow

CVE-2005-3318

High

Security Focus, Bugtraq ID: 15211, October 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Debian Security Advisory, DSA 886-1, November 7, 2005

Gentoo Linux Security Advisory, GLSA 200511-23, November 28, 2005

Multiple Vendors

ktools 0.3;
Centericq 4.21, 4.20

A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

KTools Remote Buffer Overflow

CVE-2005-3863

High
Zone-H Research Center Security Advisory 200503, November 27, 2005

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.12, 2.5.0-2.5.69, 2.4-2.4.32

 

A vulnerability has been reported in the network bridging functionality, which could let a remote malicious user poison the bridge forwarding table.

Upgrades available at:
http://kernel.org/pub/
linux/kernel/v2.6/
linux-2.6.11.12.tar.bz2

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

There is no exploit code required.

Linux Kernel Network Bridge Information Disclosure

CVE-2005-3272

Medium

Security Focus, Bugtraq ID: 15536, November 22, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
TouchTunes Rhapsody,
TouchTunes Maestro;
SuSE UnitedLinux 1.0, Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Enterprise Server 9, 8, Linux Desktop 1.0;
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, 2.1 IA64, 2.1, AS 4, AS 3, AS 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; GTK+ 2.8.6, 2.6.4, 2.4.14, 2.4.13, 2.4.10, 2.4.9, 2.4.1, 2.2.4, 2.2.3;
GNOME GdkPixbuf 0.22;
Gentoo Linux ; Ardour 0.99

Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

Updates available at:
ftp://ftp.gtk.org/
pub/gtk/v2.8/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-810.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-14.xml

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
http://http.trustix.
org/pub/trustix/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-229.pdf

Debian:
http://security.debian.
org/pool/updates/
main/g/gtk+2.0/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Currently we are not aware of any exploits for these vulnerabilities.

GTK+ GdkPixbuf XPM Image Rendering Library

CVE-2005-2975
CVE-2005-2976
CVE-2005-3186

High

Fedora Update Notifications
FEDORA-2005-1085 & 1086, November 15, 2005

RedHat Security Advisory, RHSA-2005:810-9, November 15, 2005

Gentoo Linux Security Advisory GLSA 200511-14, November 16, 2005

SUSE Security Announcement, SUSE-SA:2005:065, November 16, 2005

Ubuntu Security Notice, USN-216-1, November 16, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

Avaya Security Advisory, ASA-2005-229, November 21, 2005

Debian Security Advisory, DSA 911-1, November 29, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

 


Multiple Vendors

Gentoo Linux;
eix 0.5 .0-beta, 0.3 .0-r1

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-19.xml

There is no exploit code required.

EIX Insecure Temporary File Creation

CVE-2005-3785

Medium
Gentoo Linux Security Advisory, GLSA 200511-19, November 22, 2005

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-15.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdb/

http://security.ubuntu.
com/ubuntu/pool/
main/b/binutils/

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
http://http.trustix.org/
pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA
-2005-659.html

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-673.html

http://rhn.redhat.
com/errata/RHSA-
2005-709.html

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-222.pdf

Fedora:
http://download.
fedora.redhat.com/
pub/fedora/linux/
core/updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Currently we are not aware of any exploits for these vulnerabilities.

GDB Multiple Vulnerabilities

CVE-2005-1704
CVE-2005-1705

High

Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005

Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005

RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005

RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005

Avaya Security Advisory, ASA-2005-222, October 18, 2005

Fedora Update Notifications,
FEDORA-2005-1032 & 1033, October 27, 2005

Mandriva Linux Security Advisory, MDKSA-2005:215, November 23, 2005

Multiple Vendors

IPsec-Tools IPsec-Tools 0.5; KAME Racoon prior to 20050307

A remote Denial of Service vulnerability has been reported when parsing ISAKMP headers.

Upgrades available at:
http://www.kame.net/snap-users/

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-232.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
ipsec-tools/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.37

SCO:
ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.52

Currently we are not aware of any exploits for this vulnerability.

KAME Racoon Malformed ISAKMP Packet Headers Remote Denial of Service

CVE-2005-0398

Low

Fedora Update Notifications,
FEDORA-2005-
216 & 217,
March 14, 2005

RedHat Security Advisory,
RHSA-2005:232-10, March 23, 2005

Gentoo Linux
Security Advisory, GLSA 200503-33,
March 25, 2005

ALTLinux Security Advisory,
March 29, 2005

SUSE Security Announcement, SUSE-SA:2005:020, March 31, 2005

Ubuntu Security Notice, USN-107-1, April 05, 2005

SCO Security Advisory, SCOSA-2005.37, September 9, 2005

SCO Security Advisory, SCOSA-2005.52, November 28, 2005

Multiple Vendors

Linux kernel 2.6-2.6.12, 2.4-2.4.31

 

A remote Denial of Service vulnerability has been reported due to a design error in the kernel.

The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Remote Denial of Service

CVE-2005-3275

Low
Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself.

Upgrades available at:
http://kernel.org/pub/
linux/kernel/v2.6/
linux-2.6.14.2.tar.bz2

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTrace 'CLONE_THREAD' Denial of Service

CVE-2005-3783

Low

Secunia Advisory: SA17761, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

Multiple Vendors

Linux kernel 2.6-2.6.15

A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.

Patches available at:
http://kernel.org/pub/
linux/kernel/v2.6/testing/
patch-2.6.15-rc3.bz2

An exploit script has been published.

Linux Kernel PrintK Local Denial of Service

CVE-2005-3857

Low
Security Focus, Bugtraq ID: 15627, November 29, 2005

Multiple Vendors

Linux kernel 2.6-2.6.15

 

A Denial of Service vulnerability has been reported because processes are improperly auto-reaped when they are being ptraced.

Patches available at:
http://kernel.org/pub/
linux/kernel/v2.6/testing/
patch-2.6.15-rc3.bz2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTraced Denial of Service

CVE-2005-3784

Low
Security Focus, Bugtraq ID: 15625, November 29, 2005

Multiple Vendors

MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0;
GNU wget 1.10;
Daniel Stenberg curl 7.14.1, 7.13.1, 7.13, 7.12.1- 7.12.3, 7.11- 7.11.2, 7.10.6- 7.10.8

A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code.

WGet:
http://ftp.gnu.org/
pub/gnu/wget/
wget-1.10.2.tar.gz

Daniel Stenberg:
http://curl.haxx.se/
libcurl-ntlmbuf.patch

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/c/curl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-19.xml

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-807.html

http://rhn.redhat.
com/errata/
RHSA-2005-812.html

SUSE:
ftp://ftp.suse.com
/pub/suse/

Slackware:
ftp://ftp.slackware.
com/pub
/slackware/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor WGet/Curl NTLM Username Buffer Overflow

CVE-2005-3185

High

Security Tracker Alert ID: 1015056, October 13, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200

Ubuntu Security Notice, USN-205-1, October 14, 2005

Fedora Update Notifications
FEDORA-2005-995 & 996, October 17, 2005

Fedora Update Notification,
FEDORA-2005-1000, October 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005

RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Slackware Security Advisory, SSA:2005-310-01, November 7, 2005

Conectiva Linux Announcement, CLSA-2005:1045, November 21, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

Multiple Vendors

Miklos Szeredi FUSE 2.4 .0, 2.3.0, 2.3 -rc1, 2.2.1, 2.2;
Gentoo Linux

 

A vulnerability has been reported because fusermount fails to securely handle special characters specified in mount points, which could let a malicious user cause a Denial of Service or add arbitrary mount points.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-17.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

There is no exploit code required.

FUSE Mount Options Corruption

CVE-2005-3531

Medium

Gentoo Linux Security Advisory, GLSA 200511-17, November 22, 2005

Mandriva Linux Security Advisory, MDKSA-2005:216, November 24, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, WS 2.1, IA64, ES 4, ES 3, ES 2.1, IA64, AS 4, AS 3, 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64;
libungif libungif 4.1.3,
4.1, giflib 4.1.3;
Gentoo Linux

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error; and a vulnerability was reported due to a boundary error that causes an out-of-bounds memory access, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=102202

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-03.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-828.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libu/libungif4/

Debian:
http://security.debian.
org/pool/updates/
main/libu/libungif4/

Mandriva:
http://www.mandriva.
com/security/
advisories

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors libungif GIF File Handling

CVE-2005-2974
CVE-2005-3350

High

Security Tracker Alert ID: 1015149, November 3, 2005

Fedora Update Notifications,
FEDORA-2005-1045 & 1046, November 3, 2005

Gentoo Linux Security Advisory GLSA 200511-03, November 4, 2005

RedHat Security Advisory, RHSA-2005:
828-17, November 3, 2005

SUSE Security Summary Report,
SUSE-SR:2005:
025, November 4, 2005

Ubuntu Security Notice, USN-214-1, November 07, 2005

Debian Security Advisory, DSA 890-1, November 9, 2005

Mandriva Linux Security Advisory, MDKSA-2005:207, November 10, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

Multiple Vendors

Ubuntu Linux 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.8

A Denial of Service vulnerability has been reported due to a resource leak when handling POSIX timers in the 'exec()' function.

Upgrades available at:
http://www.kernel.org/
pub/linux/kernel/v2.6/
linux-2.6.9.tar.bz2

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Resource Leak Denial of Service

CVE-2005-3271

Low
Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in the 'miniserv.pl' script due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

Perl 'miniserv.pl' script Format String

CVE-2005-3912

Low
Security Focus, Bugtraq ID: 15629, November 29, 2005

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net
/project/showfiles.
php?group_id=
12694&package_
id =11571
&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-720.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/net-snmp/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-395.html

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-225.pdf

SUSE:
ftp://ftp.SUSE.
com/pub/SUSE

Debian:
http://security.debian.
org/pool/updates/
main/n/net-snmp/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/ucd-snmp

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial of Service

CVE-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Ubuntu Security Notice, USN-190-1, September 29, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 200

SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005

Debian Security Advisory, DSA 873-1, October 26, 2005

Ubuntu Security Notice, USN-190-2, November 21, 2005

Conectiva Linux Announcement, CLSA-2005:1050, November 21, 2005

NuFW

NuFW 1.1, 1.0.11-1.0.15

A Denial of Service vulnerability has been reported due to an error in packet parsing.

Upgrades available at:
http://nufw.org/download/
nufw/nufw-1.0.16.tar.bz2

Currently we are not aware of any exploits for this vulnerability.

NuFW Malformed Packet Remote Denial of Service

CVE-2005-3950

Low
Security Focus, Bugtraq ID: 15645, November 29, 2005

Omnistar Interactive

Omnistar Live prior to 5.2

A vulnerability has been reported in Omnistar Live that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Omnistar Live SQL Injection

CVE-2005-3840

Medium Security Focus, ID: 15550, November 23, 2005

PCRE

PCRE 6.1, 6.0, 5.0

A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.

Updates available at:
http://www.pcre.org/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/pcre3/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-17.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Ubuntu:
http://security.ubuntu.
com/ubuntu/
pool/main/

Debian:
http://security.debian.
org/pool/updates/
main/p/pcre3/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.
com/pub/slackware/
slackware-10.1/
testing/packages/
php-5.0.5/php-
5.0.5-i486-1.tgz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-08.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Gentoo:
http://security.gentoo
.org/glsa/glsa-
200509-12.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/python2.2/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-19.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/python2.3/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/
TurboLinux/
TurboLinux/ia32/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-216.pdf

Trustix:
http://http.trustix.
org/pub/trustix/
updates/

HP:
http://h20293.www2.
hp.com/cgi-bin/
swdepot_parser.
cgi/cgi/displayProduct
Info.pl?productNumber=
HPUXWSSUITE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Updated available at:
http://www.php.net/
get/php-5.1.0.tar.bz2/
from/a/mirror

Currently we are not aware of any exploits for this vulnerability.

PCRE Regular Expression Heap Overflow

CVE-2005-2491

High

Secunia Advisory: SA16502, August 22, 2005

Ubuntu Security Notice, USN-173-1, August 23, 2005

Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005

Fedora Update Notifications,
FEDORA-2005-802 & 803, August 24, 2005

Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005

SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005

Slackware Security Advisories, SSA:2005-242-01 & 242-02, August 31, 2005

Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005

Debian Security Advisory, DSA 800-1, September 2, 2005

SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005

Slackware Security Advisory, SSA:2005-251-04, September 9, 2005

Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005

Conectiva Linux Announce-
ment, CLSA-2005:1009, September 13, 2005

Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005

Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005

Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005

Debian Security Advisory, DSA 821-1, September 28, 2005

Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005

Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005

Avaya Security Advisory, ASA-2005-216, October 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

HP Security Bulletin, HPSBUX02074, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

Security Focus, Bugtraq ID: 14620, November 25, 2005

PHP Labs

Survey Wizard

An SQL injection vulnerability has been reported in 'survey.php' due to insufficient sanitization of the 'sid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Labs Survey Wizard SQL Injection

CVE-2005-3951

Medium
Secunia Advisory: SA17686, November 23, 2005

PHP Labs

Top Auction

SQL injection vulnerabilities have been reported in 'viewcat.php' due to insufficient sanitization of the 'category' and 'type' parameters and insufficient sanitization of some parameters when performing a search, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Labs Top Auction Multiple SQL Injection

CVE-2005-3952

Medium
Secunia Advisory: SA17687, November 23, 2005

Squid

Squid 2.x

A remote Denial of Service vulnerability has been reported when handling certain FTP server responses.

Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/
squid-2.5.STABLE11-
rfc1738_do_
escape.patch

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44

SUSE:
ftp://ftp.suse.com
/pub/suse/

IPCop:
http://prdownloads.
sourceforge.net/
ipcop/ipcop-
sources-1.4.10.tgz
?download

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

There is no exploit code required.

Squid FTP Server Response Handling Remote Denial of Service

CVE-2005-3258

Low

Secunia Advisory: SA17271, October 20, 2005

Fedora Update Notifications,
FEDORA-2005-1009 & 1010, October 20, 2005

Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15157, November 10, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Conectiva Linux Announcement, CLSA-2005:1047, November 21, 2005

Sun Micro-systems, Inc.

Solaris 10.0

Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.

Vendor solution available:
http://sunsolve.sun.
com/searchproxy/
document.do?
assetkey=1-26-
102060-1

An exploit script has been published.

Sun Solaris Traceroute Multiple Buffer Overflows

CVE-2005-2071

High

Security Focus, 14049, June 24, 2005

Sun, Alert ID: 102060, November 23, 2005

Sylpheed

Sylpheed 2.0-2.0.3, 1.0.0-1.0.5

A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_
get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.

Upgrades available at:
http://sylpheed.good-
day.net/sylpheed/
v1.0/sylpheed-
1.0.6.tar.gz

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-13.xml

Debian:
http://security.debian.
org/pool/updates/
main/s/sylpheed/

Debian:
http://security.debian.
org/pool/updates/
main/s/sylpheed-claws/

Currently we are not aware of any exploits for this vulnerability.

Sylpheed LDIF Import Buffer Overflow

CVE-2005-3354

Medium

Bugtraq ID: 15363, November 9, 2005

Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005

Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005

Debian Security Advisory, DSA 906-1, November 22, 2005

Debian Security Advisory, DSA 908-1, November 23, 2005

T & D Systems

ADC2000 NG Pro 1.2

An SQL injection vulnerability has been reported in 'adcbrowres.php' due to insufficient sanitization of the 'cat' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Proof of Concept exploits have been published.

ADC2000 NG Pro SQL Injection

CVE-2005-3876

Medium
Secunia Advisory: SA17744, November 28, 2005

Tunez

Tunez 1.21

Several vulnerabilities have been reported: an SQL injection vulnerability has been reported in 'songinfo.php' due to insufficient sanitization of the 'song_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'searchFor' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Tunez SQL Injection & Cross-Site Scripting

CVE-2005-3833
CVE-2005-3834

Medium
Secunia Advisory: SA17692, November 23, 2005

unalz

unalz 0.52, 0.51, 0.31, 0.23, 0.22, 0.2-0.5

A buffer overflow vulnerability has been reported when handling the '.alz' archive due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available at: (zip file) http://www.kipple.pe.kr
/win/unalz/unalz-0.53.tgz

An exploit script has been published.

Unalz Archive Filename Buffer Overflow

CVE-2005-3862

High
Security Focus, Bugtraq ID: 15577, November 28, 2005

University of Washington

UW-imapd imap-2004c1

A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade to version imap-2004g:
ftp://ftp.cac.
washington.edu/
imap/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Debian:
http://security.debian.
org/pool/updates/
main/u/uw-imap/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-10.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Mandriva:
http://www.mandriva.
com/ security/
advisories

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Currently we are not aware of any exploits for this vulnerability.

UW-imapd Denial of Service and Arbitrary Code Execution

CVE-2005-2933

High

Secunia, Advisory: SA17062, October 5, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005

Debian Security Advisory, DSA 861-1, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005

US-CERT VU#933601

SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005

Slackware Security Advisory, SSA:2005-310-06, November 7, 2005

Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005

Virtual Hosting Control System

Virtual Hosting Control System (VHCS) 2.4.6.2, 2.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'vhcs/gui/errordocs/index.php' error page due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the domain alias management due to an unspecified error, which could let a remote malicious user hijack other users' forwards.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

VHCS Error Page Cross-Site Scripting & Domain Forward Hijack

CVE-2005-3902
CVE-2005-3913

Medium
Secunia Advisory: SA17704, November 23, 2005

Zope

Zope 2.6-2.8.1

A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured Text' functionality via the web. The impact was not specified.

Hotfix available at:
http://www.zope.
org/Products/
Zope/Hotfix
2005-
10-09/security_
alert/Hot fix_2005-
10-09.tar.gz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-20.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Debian:
http://security.debian.
org/pool/updates/
main/z/zope2.7/

Currently we are not aware of any exploits for this vulnerability.

Zope 'Restructured
Text' Unspecified Security Vulnerability

CVE-2005-3323

Not Specified

Zope Security Alert, October 12, 2005

Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Debian Security Advisory, DSA 910-1, November 24, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

AFFCommerce Shopping Cart

AFFCommerce Shopping Cart 1.1.4

SQL injection vulnerabilities have been reported in 'SubCategory.php' due to insufficient sanitization of the 'cl' parameter and in 'ItemInfo.php' and 'ItemReview.php' due to insufficient sanitization of the 'item_id' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

AFFCommerce Shopping Cart Multiple SQL Injection

CVE-2005-3914

Medium
Secunia Advisory: SA17690, November 23, 2005

Agileco

AgileBill 1.4.92

An SQL injection vulnerability has been reported in 'Product_Cat' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AgileBill Pro SQL Injection

CVE-2005-3827

Medium
Security Tracker Alert ID: 1015272, November 25, 2005

Babe Logger

Babe Logger V2

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'gal' parameter and in 'comments.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Babe Logger SQL Injection

CVE-2005-3920

Medium
Security Focus, Bugtraq ID: 15580, November 28, 2005

BakBone

NetVault 7.1

A vulnerability has been reported because 'vstatsmngr.exe' can be manipulated to obtain elevated privileges.

The vendor has released upgrades to address this issue. Please contact the vendor to obtain fixes.

An exploit script has been published.

BakBone NetVault 'NVStats
Mngr.EXE' Elevated Privileges

CVE-2005-1372

Medium

Security Focus, 13408, April 27, 2005

Security Focus, Bugtraq ID:13408, November 25, 2005

BASE Basic Analysis and Security Engine

BASE Basic Analysis and Security Engine 1.2

An SQL injection vulnerability has been reported in 'base_qry_main.php' due to insufficient sanitization of the 'sig[1] parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Debian:
http://security.debian.
org/pool/updates/
main/a/acidlab/

Upgrades available at:
http://prdownloads.
sourceforge.net/
secureideas/base-
1.2.1.tar.gz?download

There is no exploit code required; however, a Proof of Concept exploit has been published.

Basic Analysis and Security Engine SQL Injection

CVE-2005-3325

Medium

Secunia Advisory: SA17314, October 25, 2005

Debian Security Advisory DSA 893-1, November 14, 2005

Security Focus, Bugtraq ID: 15199, November 30, 2005

Bedeng PSP

Bedeng PSP 1.1

SQL injection vulnerabilities have been reported in 'index.php' and 'download.php' due to insufficient sanitization of the 'cwhere' parameter and in 'baca.php' due to insufficient sanitization of the 'ckode'; parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Proof of Concept exploits have been published.

Bedeng PSP SQL Injection

CVE-2005-3953

Medium
Security Focus, Bugtraq ID: 15583, November 28, 2005

BerliOS

SourceWell 1.1.3

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'cnt' " parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

BerliOS SourceWell SQL Injection

CVE-2005-3864

Medium
Security Focus, Bugtraq ID: 15586, November 28, 2005
blogBuddies 0.3

A vulnerability has been reported in blogBuddies that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

blogBuddies Cross-Site Scripting

CVE-2005-3954
CVE-2005-3955

Medium Security Focus, ID: 15555, November 24, 2005

BosDev

BosDates 4.0

SQL injection vulnerabilities have been reported in 'calendar.php' due to insufficient sanitization of the 'year' and 'category' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

BosDates SQL Injection

CVE-2005-3911

Medium
Secunia Advisory: SA17752, November 30, 2005

Cisco Systems

Cisco PIX/ASA 7.0.1.4, 7.0, PIX OS, PIX Firewall 535, 525 6.3, 525, 520, 515E, 515, 506, 501, 6.3.3 (133), 6.3.2, 6.3.1, 6.3 (5), 6.3 (3.109), 6.3 (3.102), 6.3 (3), 6.3 (1), 6.3, 6.2.3 (110), 6.2.3, 6.2.2 .111, 6.2.2, 6.2., 6.2 (3.100), 6.2 (3), 6.2 (2), 6.2 (1), 6.2, 6.1.5 (104), 6.1.5, 6.1.4, 6.1.3, 6.1 (1-5), 6.1, 6.0.4, 6.0.3, 6.0 (4.101), 6.0 (4), 6.0 (2), 6.0 (1), 6.0, 5.3 (3), 5.3 (2), 5.3 (1.200), 5.3 (1), 5.3, 5.2 (9), 5.2 (7), 5.2 (6), 5.2 (5), 5.2 (3.210), 5.2 (2), 5.2 (1), 5.2, 5.1.4, 5.1 (4.206), 5.1, 5.0, 4.4 (8), 4.4 (7.202), 4.4 (4), 4.4, 4.3, 4.2.2, 4.2.1, 4.2 (5), 4.2, 4.1.6 b, 4.1.6, 4.0, 3.1, 3.0, 2.7

A remote Denial of Service vulnerability has been reported when handling TCP SYN packets with invalid checksums.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit has been published.

Cisco PIX Invalid TCP Checksum Remote Denial of Service

CVE-2005-3774

Low

Arhont Ltd.- Information Security Advisory, November 22, 2005

US-CERT VU#853540

Cisco Systems

Firewall Services Module (FWSM) 1.x, 2.x, IOS 12.x, IOS R12.x, PIX 4.x, 5.x, 6.x, 7.x,
Cisco SAN-OS 1.x (MDS 9000 Switches), 2.x (MDS 9000 Switches), VPN 3000 Concentrator

A remote Denial of Service vulnerability has been reported due to errors in the processing of IKEv1 Phase 1 protocol exchange messages.

Patch information available at:
http://www.cisco.com/
warp/public/707/
cisco-sa-20051114-
ipsec.shtml

Rev 1.5: Updated Cisco IOS Products table.

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Cisco IPSec IKE Traffic Remote Denial of Service

CVE-2005-3669

Low

Cisco Security Advisory, Document ID: 68158, November 14, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.5, November 29, 2005

Cisco Systems

IOS 12.0 (2a)

An HTTP injection vulnerability has been reported in the '/level/14/exec/buffers/
assigned/ and /level/14/exec/
buffers/all' scripts, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Cisco IOS HTTP Service HTML Injection

CVE-2005-3921

Medium
Security Focus, Bugtraq ID: 15602, November 28, 2005

Clavister

Clavister Firewall 8.30.01, Security Gateway 8.40.05, 8.50.02, 8.60.01

A vulnerability has been reported in Clavister Firewall and Security Gateway that could let remote malicious users cause a Denial of Service.

Vendor solution available: