 |
Summary of Security Items from December 15 through December 21, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
| Acidcat CMS 2.1.13 |
A vulnerability has been reported in Acidcat CMS that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Acidcat CMS SQL Injection Vulnerability
CVE-2005-4370
CVE-2005-4371 |
Medium |
Secunia Advisory: SA18097, December 19, 1005 |
| Allinta 2.3.2 and prior |
A vulnerability has been reported in Allinta that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Allinta Cross-Site Scripting
CVE-2005-4374
|
Medium |
Secunia, Advisory: SA18060, December 19, 2005 |
Citrix Systems
Citrix Program Neighborhood Client 9.1 and prior |
A vulnerability has been reported in Citrix Program Neighborhood Client that could let local malicious users disclose information.
A vendor solution is available:
http://support.citrix.com/
article/CTX108108
http://support.citrix.com/
article/CTX108354
Currently we are not aware of any exploits for this vulnerability. |
Citrix Program Neighborhood Client Information Disclosure
CVE-2005-3652
CVE-2005-4412 |
Medium |
Citrix Security Alert, CTX108354, CTX108108, December 16, 2005 |
| iCMS |
A vulnerability has been reported in iCMS that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
iCMS Cross-Site Scripting or SQL Injection
CVE-2005-4396
CVE-2005-4397 |
Medium |
Secunia, Advisory: SA18085, December 19, 2005 |
| MailEnable 1.71 & prior |
A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.
A vendor solution is available:
http://www.mailenable.com/
hotfix/
A Proof of Concept exploit has been published. |
MailEnable Arbitrary Code Execution
CVE-2005-4402 |
High |
Security Tracker, Alert ID: 1015378, December 19, 2005 |
Mercury Mail 4.01b
|
Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Mercury Mail Arbitrary Code Execution
CVE-2005-4411 |
High |
Security Tracker, Alert ID: 1015374, December 16, 2005 |
Media2
Media2 CMS Shop |
A vulnerability has been reported in Media2 CMS Shop that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Media2 CMS Shop SQL Injection
CVE-2005-4404 |
Medium |
Secunia, Advisory: SA18079, December 19, 2005 |
Microsoft
Internet Explorer |
A vulnerability has been reported in Internet Explorer, by mismatched DOM objects, that could let remote malicious users to obtain unauthorized access.
Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf
An exploit has been published. |
Microsoft Internet Explorer Unauthorized Access
CVE-2005-1790 |
Medium |
Microsoft, Security Advisory 911302, November 21, 2005
USCERT, VU#887861, November 21, 2005
Microsoft, Security Bulletin MS05-054, December 13, 2005
Avaya, ASA-2005-234, December 14, 2005 |
Microsoft
Internet Explorer 6.0 SP1 and prior |
A vulnerability has been reported in Internet Explorer, by dialog manipulation, that could let remote malicious users execute arbitrary code.
A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Internet Explorer Arbitrary Code Execution
CVE-2005-2829 |
High |
Microsoft, Security Bulletin MS05-054, December 13, 2005
Avaya, ASA-2005-234, December 14, 2005 |
Microsoft
Internet Explorer 6.0 SP1 and prior |
A vulnerability has been reported in Internet Explorer, COM object Instantiation, that could let remote malicious users execute arbitrary code.
A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Internet Explorer Arbitrary Code Execution
CVE-2005-2831 |
High |
Microsoft, Security Bulletin MS05-054, December 13, 2005
Avaya, ASA-2005-234, December 14, 2005 |
Microsoft
Internet Explorer 6.0 SP1 and prior |
A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information.
A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf
There is no exploit code required. |
Microsoft Internet Explorer Information Disclosure
CVE-2005-2830 |
Medium |
Microsoft, Security Bulletin MS05-054, December 13, 2005
Avaya, ASA-2005-234, December 14, 2005 |
Microsoft
Internet Information Server 5.1 |
A vulnerability has been reported in IIS that could let remote malicious users cause a Denial of Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft IIS Denial of Service
CVE-2005-4360 |
Low |
Security Tracker, Alert ID: 1015376, December 18, 2005 |
Microsoft
Windows 2000 Server SP4 and prior, Professional SP4 and prior, Datacenter Server SP4 and prior, Advanced Server SP4 and prior |
A vulnerability has been reported in Windows, Asynchronous Procedure Calls, that could let local malicious users obtain elevated privileges.
A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-055.mspx
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf
Currently we are not aware of any exploits for this vulnerability. |
Microsoft Windows Privilege Elevation
CVE-2005-2827 |
Medium |
Microsoft, Security Bulletin MS05-055, December 13, 2005
Avaya, ASA-2005-234, December 14, 2005 |
| Pegasus Mail 4.21a - 4.21c, 4.30PB1 |
Multiple vulnerabilities have been reported in Pegasus Mail that could let remote malicious uses execute arbitrary code.
Upgrade to newest version:
http://www.pmail.com/
downloads_de_t.htm
Currently we are not aware of any exploits for this vulnerability. |
Pegasus Mail Arbitrary Code Execution
CVE-2005-4445 |
High |
Secunia, Advisory: SA17992, December 20, 2005 |
Soft4e
ECW-Cart 2.03 and prior |
A vulnerability has been reported in ECW-Cart that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ECW-Cart Cross-Site Scripting
CVE-2005-4290 |
Medium |
Security Focus, ID: 15890, December 15, 2005 |
SuperFreaker Studios
UStore |
A vulnerability has been reported in UStore that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
UStore Cross-Site Scripting or SQL Injection
CVE-2005-4355
CVE-2005-4356 |
Medium |
Secunia, Advisory: SA18026, December 19, 2005 |
The Collective
Acuity CMS 2.6.2 |
A vulnerability has been reported in Acuity CMS that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Acuity CMS Cross-Site Scripting
CVE-2005-4369 |
Medium |
Secunia, Advisory: SA18070, December 19, 2005 |
Trend Micro
PC-cillin Internet Security 2005 version 12.00 build 1244 |
A vulnerability has been reported in PC-cillin that could let local malicious users obtain elevated privileges.
Upgrade to version 12.4.
A Proof of Concept exploit script has been published. |
Trend Micro PC-cillin Privilege Elevation
CVE-2005-3360 |
Medium |
Security Tracker, Alert ID: 1015357, December 14, 2005 |
Watchfire
AppScan QA 5.0.609, 5.0.134, Subscription 7 |
A buffer overflow vulnerability has been reported in AppScan that could let remote malicious users execute arbitrary code.
A vendor update is available via the applications update functionality.
A Proof of Concept exploit script has been published. |
Watchfire AppScan Arbitrary Code Execution
CVE-2005-4270
|
High |
Security Focus, ID: 15873, December 15, 2005 |
Xigla Software
Absolute Image Gallery XE |
An input validation vulnerability has been reported in Absolute Image Gallery XE that could let remote malicious users perform Cross-Site Scripting.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Absolute Image Gallery XE Cross-Site Scripting
CVE-2005-4295
|
Medium |
Secunia, Advisory: SA18065, December 15, 2005 |
| ZixForum 1.12 |
An input validation vulnerability has been reported in ZixForum that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ZixForum SQL Injection
CVE-2005-4334 |
Medium |
Security Tracker, Alert ID: 1015359, December 15, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attack Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Almond
Soft.Com
Almond Classifieds |
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
AlmondSoft Almond Classifieds SQL Injection
CVE-2005-4312
CVE-2005-4313 |
Medium |
Security Focus, Bugtraq ID: 15899, December 15, 2005 |
Appfluent Technology
Database IDS 2.0 |
A buffer overflow vulnerability has been reported in the 'APPFLUENT_HOME' environment variable when handling a malformed value, which could let a malicious user execute arbitrary code.
The vulnerability has reportedly been fixed in version 2.1.0.103.
An exploit script has been published. |
|
High |
Security Focus, Bugtraq ID: 15755, December 7, 2005
Security Focus, Bugtraq ID: 15755, December 16, 2005 |
AtlantPro
.Com
Atlant Pro 8.0.9 |
A Cross-Site Scripting vulnerability has been reported in 'atl.cgi' due to insufficient sanitization of the 'before' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Atlant Pro Cross-Site Scripting
CVE-2005-4299 |
Medium |
Security Focus, Bugtraq ID: 15886, December 15, 2005 |
AtlantPro.
Com
AtlantForum Pro 4.0.2, AtlantForum Lite 4.0.2, AtlantForum 4.0.2 |
Cross-Site Scripting vulnerabilities have been reported in 'atl.cgi' due to insufficient sanitization of the 'sch_allsubct,' 'before,' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
AltantForum Multiple Cross-Site Scripting
CVE-2005-4298 |
Medium |
Security Focus, Bugtraq ID: 15887, December 15, 2005 |
binary-concepts
binary board system 0.2.5 |
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'inreplyto,' 'article,' 'branch,' 'board,' 'user,' and search module parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
Medium |
Security Focus, Bugtraq ID: 15913, December 16, 2005 |
Centericq
Centericq 4.20
|
A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages.
Debian:
http://security.debian.
org/pool/updates/
main/c/centericq/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml
A Proof of Concept exploit script has been published.
|
|
Low |
Debian Security Advisory. DSA 912-1, November 30, 2005
Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005 |
Daniel Stenberg
curl 7.12-7.15, 7.11.2
|
A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.
Upgrades available at:
http://curl.haxx.se/
download/curl-
7.15.1.tar.gz
Mandriva:
http://www.mandriva.
com/security/
advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Debian:
http://security.debian.
org/pool/updates/
main/c/curl/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates
OpenPKG:
http://www.openpkg.
org/security.html
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-09.xml
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-875.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, Bugtraq ID: 15756, December 7, 2005
Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005
Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005
Debian Security Advisory, DSA 919-1, December 12, 2005
Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005
Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005
RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005 |
Dick Copits
PDEstore 1.8 |
A Cross-Site Scripting vulnerability has been reported in 'pdestore.cgi' due to insufficient sanitization of the 'product' and 'cart_id' parameters before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
Dick Copits PDEstore Cross-Site Scripting
CVE-2005-4285 |
Medium |
Secunia Advisory: SA18042, December 15, 2005 |
Dropbear SSH Server
Dropbear SSH Server prior to 0.47
|
A buffer overflow vulnerability has been reported in 'svr_chansession.c' due to a buffer allocation error, which could let a remote malicious user execute arbitrary code.
Updates available at:
http://matt.ucc.asn.
au/dropbear/
Debian:
http://www.debian.org/
security/2005/
dsa-923
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory: SA18108, December 19, 2005
Debian Security Advisory, DSA-923-1, December 19, 2005 |
Gentoo Linux
Gentoo Linux |
Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-07.xml
There is no exploit code required. |
|
Medium |
Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005
Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005
Gentoo Linux Security Advisory, GLSA 200512-07, December 15, 2005 |
GNU
Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4
|
Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.
Debian:
http://security.debian.
org/pool/updates/
main/e/enscript/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool
/universe/e/enscript/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-03.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-039.html
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
SGI:
http://www.sgi.com
/support/security/
FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for these vulnerabilities. |
|
|
Security Tracker Alert ID: 1012965, January 21, 2005
RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005
Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005
Fedora Legacy Update Advisory, FLSA:152892, December 17, 2005 |
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml
IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=
dateD
Mandriva:
http://www.mandriva.
com/security/
advisories
TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch
OpenPKG:
http://www.openpkg.
org/security/
OpenPKG-
SA-2005.009-
openpkg.html
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
357.html
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Debian:
http://security.debian.
org/pool/updates/
main/g/gzip
Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101816-1
Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-172.pdf
Sun: Updated Relief/Workaround section.
Sun: Updated Contributing Factors, Relief/Workaround, and Resolution sections.
SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58
ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59
A Proof of Concept exploit has been published. |
GNU GZip
Directory Traversal
CVE-2005-1228 |
Medium |
Bugtraq, 396397, April 20, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Security Focus,13290, May 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005
Debian Security Advisory DSA 752-1, July 11, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005
Avaya Security Advisory, ASA-2005-172, August 29, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005
SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005 |
GNU
gzip 1.2.4, 1.3.3 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download
/3/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Debian:
http://security.debian.
org/pool/updates/
main/g/gzip/gzip
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf
SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58
ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59
Sun: Updated Relief/Workaround section.
There is no exploit code required. |
GNU GZip File Permission Modification
CVE-2005-0988 |
Medium |
Security Focus,
12996,
April 5, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005
Debian Security Advisory DSA 752-1, July 11, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005
Avaya Security Advisory, ASA-2005-172, August 29, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005
SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005 |
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.
org/show_bug.
cgi?id=90626
Mandriva:
http://www.mandriva.
com/security/
advisories
TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html
RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-474.html
SGI:
ftp://oss.sgi.com/
projects/sgi_
propack/download/
3/updates/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
SGI:
http://www.sgi.com/
support/security/
F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4532.html
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/
Trustix:
ftp://ftp.trustix.org0
/pub/trustix/updates/
Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-172.pdf
FedoraLegacy:
http://download.
fedoralegacy.org/
SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58
ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928,
May 10, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005
Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005
RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005
RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005
SGI Security Advisory, 20050603
-01-U, June 23, 2005
Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005
SGI Security Advisory, 20050605
-01-U, July 12, 2005
Secunia Advisory: SA16159, July 21, 2005
Ubuntu Security Notice,
USN-158-1, August 01, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005
Avaya Security Advisory, ASA-2005-172, August 29, 2005
Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005
SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005 |
Hewlett Packard Company
HP-UX B.11.00, B.11.11, B.11.23
|
A remote Denial of Service vulnerability has been reported due to an unspecified error in the WBEM Services.
Update information available at:
www2.itrc.hp.com
/service/cki/doc
Display.do?docId=
c00582373
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
HP Security Bulletin, HPSBMA02088, December 19, 2005 |
IBM
AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2 |
A vulnerability has been reported in the '/usr/lpp/diagnostics/
bin/diagela.sh' script due to the use of absolute path. The impact was not specified.
Updates available at:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html
Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/diagela_
ifix.tar.Z
Currently we are not aware of any exploits for this vulnerability.
|
|
Not Specified |
IBM Security Advisory, November 11, 2005
IBM Security Advisory, December 15, 2005 |
IBM
AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1 |
A buffer overflow vulnerability has been reported in 'slocal' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.
Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
slocal_ifix.tar.Z
Currently we are not aware of any exploits for this vulnerability.
|
|
High |
IBM Security Advisory, December 15, 2005 |
IBM
AIX 5.3 L, 5.3 |
A buffer overflow vulnerability has been reported in the malloc debugging tools due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.
Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
dbgmalloc_ifix.tar.Z
Exploits for this vulnerability may be publicly available.
|
|
High |
IBM Security Advisory, December 15, 2005 |
IBM
AIX 5.3 L, 5.3 |
A vulnerability has been reported in the 'getShell' and 'getCommand utilities,' which could let a malicious user corrupt data and obtain elevated privileges.
Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
getshell_ifix.tar.Z
There is no exploit code required. |
IBM AIX GetShell & GetCommand Arbitrary File Overwrite
CVE-2005-4273
|
Medium |
IBM Security Advisory, December 15, 2005 |
IBM
AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1 |
A buffer overflow vulnerability has been reported in 'muxatmd' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.
Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/libisode_ifix.tar.
Currently we are not aware of any exploits for this vulnerability. |
|
High |
IBM Security Advisory, December 15, 2005 |
Internet Express Products
CommerceSQL 1.0
|
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'keywords' parameter in the Quick Find feature before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
CommerceSQL Cross-Site Scripting
CVE-2005-4292 |
Medium |
Secunia Advisory: SA17932, December 15, 2005 |
IPsec-Tools
IPsec-Tools0.6-0.6.2, 0.5-0.5.2
|
A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.
Upgrades available at:
http://prdownloads.
sourceforge.net/
ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/ipsec-tools/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml
SUSE:
ftp://ftp.suse.com
/pub/suse/
Vulnerability can be reproduced with the PROTOS IPSec Test Suite.
|
|
Low |
Security Focus, Bugtraq ID: 15523, November 22, 2005
Ubuntu Security Notice, USN-221-1, December 01, 2005
Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005
SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005 |
LBL
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5 |
Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-06.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=
index&req=viewdownload
&cid=3&orderby=dateD
FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:10/
tcpdump.patch
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4809.html
Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/
SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.60
ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.61
Exploit scripts have been published. |
|
Low |
Bugtraq,
396932,
April 26, 2005
Fedora Update Notification,
FEDORA-2005-351, May 3,
2005
Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005
Ubuntu Security Notice,
USN-119-1 May 06, 2005
Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005
Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005
Security Focus, 13392, May 12, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005
Avaya Security Advisory,
ASA-2005-137, June 13, 2005
Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005
SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005
Security Focus, 13392, July 21, 2005
Debian Security Advisory, DSA 850-1, October 9, 2005
SCO Security Advisories, SCOSA-2005.60 & SCOSA-2005.61, December 16, 2005 |
libpng
pnmtopng 2.38, 2.37.3-2.37.6 |
A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download
Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/
Mandriva:
http://www.mandriva.
com/security/
advisories
SUSE:
ftp://ftp.suse.com
/pub/suse/
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus, Bugtraq ID: 15427, November 15, 2005
Debian Security Advisory, DSA 904-1, November 21, 2005
Ubuntu Security Notice, USN-218-1, November 21, 2005
Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005
SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005
RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005 |
Michael Arndt
WebCal 3.0 4 |
Multiple HTML injection and Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
WebCal Multiple HTML Injection & Cross-Site Scripting
CVE-2005-4327
|
Medium |
Security Focus, Bugtraq ID: 15917, December 16, 2005 |
Multiple Vendors
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
|
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
Patches available at:
ftp://ftp.foolabs.com/
pub/xpdf/xpdf-
3.01pl1.patch
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-840.html
KDE:
ftp://ftp.kde.org/pub/
kde/
SUSE:
ftp://ftp.suse.com
/pub/suse/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-08.xml
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-878.html
http://rhn.redhat.
com/errata/RHSA-
2005-868.html
http://rhn.redhat.
com/errata/RHSA-
2005-867.html
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
iDefense Security Advisory, December 5, 2005
Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005
RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005
KDE Security Advisory, advisory-20051207-1, December 7, 2005
SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005
Ubuntu Security Notice, USN-227-1, December 12, 2005
Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005
RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005 |
Multiple Vendors
FreeBSD 5.4 & prior |
A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.
Patches and updates available at:
ftp://ftp.freebsd.org/
pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-
05:09.htt.asc
SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.24
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-476.html
Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101739-1
Mandriva:
http://www.mandriva.
com/security/
advisories
Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/
IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604
FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure
CVE-2005-0109
|
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005
SCO Security Advisory, SCOSA-2005.24, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
US-CERT VU#911878
RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005
Sun(sm) Alert Notification, 101739, June 1, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005
IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005
Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005 |
Multiple Vendors
ktools 0.3;
Centericq 4.21, 4.20
|
A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Zone-H Research Center Security Advisory 200503, November 27, 2005
Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005 |
Multiple Vendors
GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2 |
A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html
http://rhn.redhat.com/
errata/RHSA-
2005-343.html
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/
Mandrake:
http://www.mandrake
secure.net/en/ftp.php
SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/
TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/
Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958
Mandriva:
http://www.mandriva.
com/security/
advisories
FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/
Currently we are not aware of any exploits for this vulnerability. |
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service
CVE-2005-0891
|
Low |
Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005
RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005
Ubuntu Security Notice, USN-108-1 April 05, 2005
SGI Security Advisory, 20050401-01-U, April 6, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005
SGI Security Advisory, 20050403-01-U, April 15, 2005
Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005
Conectiva Security Advisory, CLSA-2005:958, June 1, 2005
Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005
Fedora Legacy Update Advisory, FLSA:155510, December 17, 2005 |
Multiple Vendors
phpMyAdmin 2.7.0-pl1 |
A Cross-Site Request Forgery vulnerability has been reported because a remote malicious user can perform unauthorized actions as a logged-in
user via a link or IMG tag to 'server_privileges.php.'
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Advisory: SA18113, December 19, 2005 |
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 |
A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.
OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz
FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html
Mandriva:
http://www.mandriva.
com/security/
advisories
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml
Slackware:
ftp://ftp.slackware.
com/pub/
slackware/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/
OpenPKG:
ftp://ftp.openpkg.org/
release/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
http://http.trustix.org/
pub/trustix/updates/
SGI:
http://www.sgi.com/
support/security/
Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/
NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804
BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html
Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/
Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500
SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48
IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604
FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/
Cisco:
http://www.cisco.com/
warp/public/707/
cisco-response-
20051202-
openssl.shtml
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors OpenSSL Insecure Protocol Negotiation
CVE-2005-2969 |
Medium |
OpenSSL Security Advisory, October 11, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005
RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005
Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005
Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005
Slackware Security Advisory, SSA:2005-286-01, October 13, 2005
Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005
Ubuntu Security Notice, USN-204-1, October 14, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005
SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
SGI Security Advisory, 20051003-01-U, October 26, 2005
Debian Security Advisory DSA 875-1, October 27, 2005
NetBSD Security Update, November 1, 2005
BlueCoat Systems Advisory, November 3, 2005
Debian Security Advisory, DSA 888-1, November 7, 2005
Astaro Security Linux Announce-ment, November 9, 2005
SCO Security Advisory, SCOSA-2005.48, November 15, 2005
IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005
Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005
Cisco Security Notice, Document ID: 68324, December 19, 2005
|
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha |
A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.
libpng:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng
2.39.tar.gz?download
Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/
Mandriva:
http://www.mandriva.
com/security/
advisories
SUSE:
ftp://ftp.suse.com
/pub/suse/
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Debian Security Advisory DSA 904-1, November 21, 2005
Ubuntu Security Notice, USN-218-1 November 21, 2005
Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005
SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005
RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005 |
Multiple Vendors
util-linux 2.8-2.13;
Andries Brouwer util-linux 2.11 d, f, h, i, k, l, n, u, 2.10 s
|
A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges.
Updates available at:
http://www.kernel.
org/pub/linux/utils/
util-linux/testing
/util-linux-2.
12r-pre1.tar.gz
Slackware:
ftp://ftp.slackware.
com/pub/slackware/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/util-linux/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-15.xml
Mandriva:
http://www.mandriva
.com/security/
advisories
Debian:
http://security.debian.
org/pool/updates/
main/u/util-linux/
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/
Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101960-1
SGI:
http://www.sgi.com/
support/security/
FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/
There is no exploit code required. |
Util-Linux UMount Remounting Filesystem Elevated Privileges
CVE-2005-2876
|
Medium |
Security Focus, Bugtraq ID: 14816, September 12, 2005
Slackware Security Advisory, SSA:2005-255-02, September 13, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005
Ubuntu Security Notice, USN-184-1, September 19, 2005
Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005
Debian Security Advisory, DSA 823-1, September 29, 2005
SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005
Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101960, October 10, 2005
SGI Security Advisor, 20051003-01-U, October 26, 2005
Fedora Legacy Update Advisory, FLSA:168326, December 17, 2005
|
Multiple Vendors
Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03
|
A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.
Webmin:
http://prdownloads.
sourceforge.net/
webadmin
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates
OpenPKG:
http://www.openpkg.
org/security.html
Mandriva:
http://www.mandriva.
com/security/
advisories
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-01.xml
http://security.gentoo.
org/glsa/glsa-
200512-02.xml
Mandriva:
http://www.mandriva.
com/security/
advisories
SUSE:
ftp://ftp.suse.com
/pub/suse/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-880.html
An exploit has been published.
|
|
Low |
Security Focus, Bugtraq ID: 15629, November 29, 2005
Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005
Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005
Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005
Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005
US-CERT VU#948385
Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005
Ubuntu Security Notice, USN-222-2, December 12, 2005
Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005
RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005
|
Multiple Vendors
X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0 |
An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.
Patch available at:
https://bugs.freedesktop.
org/attachment.cgi
?id=1909
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-08.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lesstif1-1/
Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-15.xml
Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xfree86/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-
announce/2005-
March/000287.html
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-331.html
SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-044.html< | |
| |
