Skip to content

customize
National Cyber Alert System
Cyber Security Bulletin SB05-355archive

Summary of Security Items from December 15 through December 21, 2005

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source
Acidcat CMS 2.1.13

A vulnerability has been reported in Acidcat CMS that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Acidcat CMS SQL Injection Vulnerability

CVE-2005-4370
CVE-2005-4371

Medium Secunia Advisory: SA18097, December 19, 1005
Allinta 2.3.2 and prior

A vulnerability has been reported in Allinta that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Allinta Cross-Site Scripting

CVE-2005-4374

Medium Secunia, Advisory: SA18060, December 19, 2005

Citrix Systems

Citrix Program Neighborhood Client 9.1 and prior

A vulnerability has been reported in Citrix Program Neighborhood Client that could let local malicious users disclose information.

A vendor solution is available:
http://support.citrix.com/
article/CTX108108

http://support.citrix.com/
article/CTX108354

Currently we are not aware of any exploits for this vulnerability.

Citrix Program Neighborhood Client Information Disclosure

CVE-2005-3652
CVE-2005-4412

Medium Citrix Security Alert, CTX108354, CTX108108, December 16, 2005
iCMS

A vulnerability has been reported in iCMS that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

iCMS Cross-Site Scripting or SQL Injection

CVE-2005-4396
CVE-2005-4397

Medium Secunia, Advisory: SA18085, December 19, 2005
MailEnable 1.71 & prior

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.mailenable.com/
hotfix/

A Proof of Concept exploit has been published.

MailEnable Arbitrary Code Execution

CVE-2005-4402

High Security Tracker, Alert ID: 1015378, December 19, 2005
Mercury Mail 4.01b

Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Mercury Mail Arbitrary Code Execution

CVE-2005-4411

High Security Tracker, Alert ID: 1015374, December 16, 2005

Media2

Media2 CMS Shop

A vulnerability has been reported in Media2 CMS Shop that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Media2 CMS Shop SQL Injection

CVE-2005-4404

Medium Secunia, Advisory: SA18079, December 19, 2005

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer, by mismatched DOM objects, that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

An exploit has been published.

Microsoft Internet Explorer Unauthorized Access

CVE-2005-1790

Medium

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861, November 21, 2005

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, by dialog manipulation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2829

High

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, COM object Instantiation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2831

High

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

There is no exploit code required.

Microsoft Internet Explorer Information Disclosure

CVE-2005-2830

Medium

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Information Server 5.1

A vulnerability has been reported in IIS that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft IIS Denial of Service

CVE-2005-4360

Low Security Tracker, Alert ID: 1015376, December 18, 2005

Microsoft

Windows 2000 Server SP4 and prior, Professional SP4 and prior, Datacenter Server SP4 and prior, Advanced Server SP4 and prior

A vulnerability has been reported in Windows, Asynchronous Procedure Calls, that could let local malicious users obtain elevated privileges.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-055.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Privilege Elevation

CVE-2005-2827

Medium

Microsoft, Security Bulletin MS05-055, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Pegasus Mail 4.21a - 4.21c, 4.30PB1

Multiple vulnerabilities have been reported in Pegasus Mail that could let remote malicious uses execute arbitrary code.

Upgrade to newest version:
http://www.pmail.com/
downloads_de_t.htm

Currently we are not aware of any exploits for this vulnerability.

Pegasus Mail Arbitrary Code Execution

CVE-2005-4445

High Secunia, Advisory: SA17992, December 20, 2005

Soft4e

ECW-Cart 2.03 and prior

A vulnerability has been reported in ECW-Cart that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ECW-Cart Cross-Site Scripting

CVE-2005-4290

Medium Security Focus, ID: 15890, December 15, 2005

SuperFreaker Studios

UStore

A vulnerability has been reported in UStore that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

UStore Cross-Site Scripting or SQL Injection

CVE-2005-4355
CVE-2005-4356

Medium Secunia, Advisory: SA18026, December 19, 2005

The Collective

Acuity CMS 2.6.2

A vulnerability has been reported in Acuity CMS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

Acuity CMS Cross-Site Scripting

CVE-2005-4369

Medium Secunia, Advisory: SA18070, December 19, 2005

Trend Micro

PC-cillin Internet Security 2005 version 12.00 build 1244

A vulnerability has been reported in PC-cillin that could let local malicious users obtain elevated privileges.

Upgrade to version 12.4.

A Proof of Concept exploit script has been published.

Trend Micro PC-cillin Privilege Elevation

CVE-2005-3360

Medium Security Tracker, Alert ID: 1015357, December 14, 2005

Watchfire

AppScan QA 5.0.609, 5.0.134, Subscription 7

A buffer overflow vulnerability has been reported in AppScan that could let remote malicious users execute arbitrary code.

A vendor update is available via the applications update functionality.

A Proof of Concept exploit script has been published.

Watchfire AppScan Arbitrary Code Execution

CVE-2005-4270

High Security Focus, ID: 15873, December 15, 2005

Xigla Software

Absolute Image Gallery XE

An input validation vulnerability has been reported in Absolute Image Gallery XE that could let remote malicious users perform Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Absolute Image Gallery XE Cross-Site Scripting

CVE-2005-4295

Medium Secunia, Advisory: SA18065, December 15, 2005
ZixForum 1.12

An input validation vulnerability has been reported in ZixForum that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ZixForum SQL Injection

CVE-2005-4334

Medium Security Tracker, Alert ID: 1015359, December 15, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

Almond
Soft.Com

Almond Classifieds

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

AlmondSoft Almond Classifieds SQL Injection

CVE-2005-4312
CVE-2005-4313

Medium Security Focus, Bugtraq ID: 15899, December 15, 2005

Appfluent Technology

Database IDS 2.0

A buffer overflow vulnerability has been reported in the 'APPFLUENT_HOME' environment variable when handling a malformed value, which could let a malicious user execute arbitrary code.

The vulnerability has reportedly been fixed in version 2.1.0.103.

An exploit script has been published.

Appfluent Technology Database IDS Buffer Overflow

CVE-2005-4076

High

Security Focus, Bugtraq ID: 15755, December 7, 2005

Security Focus, Bugtraq ID: 15755, December 16, 2005

AtlantPro
.Com

Atlant Pro 8.0.9

A Cross-Site Scripting vulnerability has been reported in 'atl.cgi' due to insufficient sanitization of the 'before' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Atlant Pro Cross-Site Scripting

CVE-2005-4299

Medium Security Focus, Bugtraq ID: 15886, December 15, 2005

AtlantPro.
Com

AtlantForum Pro 4.0.2, AtlantForum Lite 4.0.2, AtlantForum 4.0.2

Cross-Site Scripting vulnerabilities have been reported in 'atl.cgi' due to insufficient sanitization of the 'sch_allsubct,' 'before,' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AltantForum Multiple Cross-Site Scripting

CVE-2005-4298

Medium Security Focus, Bugtraq ID: 15887, December 15, 2005

binary-concepts

binary board system 0.2.5

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'inreplyto,' 'article,' 'branch,' 'board,' 'user,' and search module parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Binary Board System Multiple Cross-Site Scripting

CVE-2005-4333

Medium
Security Focus, Bugtraq ID: 15913, December 16, 2005

Centericq

Centericq 4.20

A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages.

Debian:
http://security.debian.
org/pool/updates/
main/c/centericq/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

A Proof of Concept exploit script has been published.

Centericq Empty Packet Remote Denial of Service

CVE-2005-3694

Low

Debian Security Advisory. DSA 912-1, November 30, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Daniel Stenberg

curl 7.12-7.15, 7.11.2

 

A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.

Upgrades available at:
http://curl.haxx.se/
download/curl-
7.15.1.tar.gz

Mandriva:
http://www.mandriva.
com/security/
advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.
org/pool/updates/
main/c/curl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-09.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-875.html

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL URL Parser Buffer Overflow

CVE-2005-4077

High

Security Focus, Bugtraq ID: 15756, December 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005

Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005

Debian Security Advisory, DSA 919-1, December 12, 2005

Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005

RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005

Dick Copits

PDEstore 1.8

A Cross-Site Scripting vulnerability has been reported in 'pdestore.cgi' due to insufficient sanitization of the 'product' and 'cart_id' parameters before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Dick Copits PDEstore Cross-Site Scripting

CVE-2005-4285

Medium Secunia Advisory: SA18042, December 15, 2005

Dropbear SSH Server

Dropbear SSH Server prior to 0.47

A buffer overflow vulnerability has been reported in 'svr_chansession.c' due to a buffer allocation error, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://matt.ucc.asn.
au/dropbear/

Debian:
http://www.debian.org/
security/2005/
dsa-923

Currently we are not aware of any exploits for this vulnerability.

Dropbear SSH Server Buffer Overflow

CVE-2005-4178

High

Secunia Advisory: SA18108, December 19, 2005

Debian Security Advisory, DSA-923-1, December 19, 2005

Gentoo Linux

Gentoo Linux

Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-07.xml

There is no exploit code required.

Gentoo Linux Multiple Packages Insecure RUNPATH

CVE-2005-4278

Medium

Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005

Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-07, December 15, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

 

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.
org/pool/updates/
main/e/enscript/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-03.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-039.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com
/support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Enscript Input Validation

CVE-2004-1184
CVE-2004-1185
CVE-2004-1186

 

High

 

Security Tracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Fedora Legacy Update Advisory, FLSA:152892, December 17, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=
dateD

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.
org/security/
OpenPKG-
SA-2005.009-
openpkg.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101816-1

Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-172.pdf

Sun: Updated Relief/Workaround section.

Sun: Updated Contributing Factors, Relief/Workaround, and Resolution sections.

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

A Proof of Concept exploit has been published.

GNU GZip
Directory Traversal

CVE-2005-1228

Medium

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download
/3/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip/gzip

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

Sun: Updated Relief/Workaround section.

There is no exploit code required.

GNU GZip File Permission Modification

CVE-2005-0988

Medium

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.
org/show_bug.
cgi?id=90626

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/
projects/sgi_
propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4532.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
ftp://ftp.trustix.org0
/pub/trustix/updates/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-172.pdf

FedoraLegacy:
http://download.
fedoralegacy.org/

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CVE-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

Hewlett Packard Company

HP-UX B.11.00, B.11.11, B.11.23

 

A remote Denial of Service vulnerability has been reported due to an unspecified error in the WBEM Services.

Update information available at:
www2.itrc.hp.com
/service/cki/doc
Display.do?docId=
c00582373

Currently we are not aware of any exploits for this vulnerability.

HP WBEM Services Remote Denial of Service

CVE-2005-4350

Low
HP Security Bulletin, HPSBMA02088, December 19, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2

A vulnerability has been reported in the '/usr/lpp/diagnostics/
bin/diagela.sh' script due to the use of absolute path. The impact was not specified.

Updates available at:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/diagela_
ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

AIX 'diagela' Script

CVE-2005-3749

Not Specified

IBM Security Advisory, November 11, 2005

IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'slocal' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
slocal_ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM AIX Buffer Overflow

CVE-2005-4272

High
IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3

A buffer overflow vulnerability has been reported in the malloc debugging tools due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
dbgmalloc_ifix.tar.Z

Exploits for this vulnerability may be publicly available.

IBM AIX Debug Malloc Tools Buffer Overflow

CVE-2005-4271

High
IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3

A vulnerability has been reported in the 'getShell' and 'getCommand utilities,' which could let a malicious user corrupt data and obtain elevated privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
getshell_ifix.tar.Z

There is no exploit code required.

IBM AIX GetShell & GetCommand Arbitrary File Overwrite

CVE-2005-4273

Medium IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'muxatmd' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/libisode_ifix.tar.

Currently we are not aware of any exploits for this vulnerability.

IBM AIX MUXATMD Buffer Overflow

CVE-2005-4272

High
IBM Security Advisory, December 15, 2005

Internet Express Products

CommerceSQL 1.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'keywords' parameter in the Quick Find feature before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CommerceSQL Cross-Site Scripting

CVE-2005-4292

Medium Secunia Advisory: SA17932, December 15, 2005

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

Upgrades available at:
http://prdownloads.
sourceforge.net/
ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/ipsec-tools/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Low

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=
index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:10/
tcpdump.patch

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4809.html

Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.60

ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.61

Exploit scripts have been published.

LBL TCPDump Remote Denials of Service

CVE-2005-1278
CVE-2005-1279

CVE-2005-1280

Low

Bugtraq,
396932,
April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3,
2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005

Ubuntu Security Notice,
USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005

Avaya Security Advisory,
ASA-2005-137, June 13, 2005

Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Security Focus, 13392, July 21, 2005

Debian Security Advisory, DSA 850-1, October 9, 2005

SCO Security Advisories, SCOSA-2005.60 & SCOSA-2005.61, December 16, 2005

libpng

pnmtopng 2.38, 2.37.3-2.37.6

A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

PNMToPNG Remote Buffer Overflow

CVE-2005-3662

High

Security Focus, Bugtraq ID: 15427, November 15, 2005

Debian Security Advisory, DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1, November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Michael Arndt

WebCal 3.0 4

Multiple HTML injection and Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebCal Multiple HTML Injection & Cross-Site Scripting

CVE-2005-4327

Medium
Security Focus, Bugtraq ID: 15917, December 16, 2005

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available at:
ftp://ftp.foolabs.com/
pub/xpdf/xpdf-
3.01pl1.patch

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-840.html

KDE:
ftp://ftp.kde.org/pub/
kde/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-08.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-878.html

http://rhn.redhat.
com/errata/RHSA-
2005-868.html

http://rhn.redhat.
com/errata/RHSA-
2005-867.html

Currently we are not aware of any exploits for these vulnerabilities.

Xpdf Buffer Overflows

CVE-2005-3191
CVE-2005-3192
CVE-2005-3193

High

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Multiple Vendors

FreeBSD 5.4 & prior

A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.

Patches and updates available at:
ftp://ftp.freebsd.org/
pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-
05:09.htt.asc

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.24

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-476.html

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101739-1

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure

CVE-2005-0109

Medium

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Multiple Vendors

ktools 0.3;
Centericq 4.21, 4.20

A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

Currently we are not aware of any exploits for this vulnerability.

KTools Remote Buffer Overflow

CVE-2005-3863

High

Zone-H Research Center Security Advisory 200503, November 27, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Multiple Vendors

GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2

A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html

http://rhn.redhat.com/
errata/RHSA-
2005-343.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958

Mandriva:
http://www.mandriva.
com/security/
advisories

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service

CVE-2005-0891

Low

Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005

RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005

Ubuntu Security Notice, USN-108-1 April 05, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005

SGI Security Advisory, 20050403-01-U, April 15, 2005

Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005

Conectiva Security Advisory, CLSA-2005:958, June 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Fedora Legacy Update Advisory, FLSA:155510, December 17, 2005

Multiple Vendors

phpMyAdmin 2.7.0-pl1

A Cross-Site Request Forgery vulnerability has been reported because a remote malicious user can perform unauthorized actions as a logged-in
user via a link or IMG tag to 'server_privileges.php.'

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

phpMyAdmin Cross-Site Request Forgery

CVE-2005-4450

Medium
Advisory: SA18113, December 19, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/

OpenPKG:
ftp://ftp.openpkg.org/
release/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/

NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804

BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html

Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Cisco:
http://www.cisco.com/
warp/public/707/
cisco-response-
20051202-
openssl.shtml

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

Medium

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announce-ment, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Cisco Security Notice, Document ID: 68324, December 19, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

libpng:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

NetPBM PNMToPNG Remote Buffer Overflow

CVE-2005-3632

High

Debian Security Advisory DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1 November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Multiple Vendors

util-linux 2.8-2.13;
Andries Brouwer util-linux 2.11 d, f, h, i, k, l, n, u, 2.10 s

A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges.

Updates available at:
http://www.kernel.
org/pub/linux/utils/
util-linux/testing
/util-linux-2.
12r-pre1.tar.gz

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/util-linux/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-15.xml

Mandriva:
http://www.mandriva
.com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/util-linux/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101960-1

SGI:
http://www.sgi.com/
support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Util-Linux UMount Remounting Filesystem Elevated Privileges

CVE-2005-2876

Medium

Security Focus, Bugtraq ID: 14816, September 12, 2005

Slackware Security Advisory, SSA:2005-255-02, September 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Ubuntu Security Notice, USN-184-1, September 19, 2005

Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005

Debian Security Advisory, DSA 823-1, September 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005

Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101960, October 10, 2005

SGI Security Advisor, 20051003-01-U, October 26, 2005

Fedora Legacy Update Advisory, FLSA:168326, December 17, 2005

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

Webmin:
http://prdownloads.
sourceforge.net/
webadmin

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-01.xml

http://security.gentoo.
org/glsa/glsa-
200512-02.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-880.html

An exploit has been published.

Perl 'miniserv.pl' script Format String

CVE-2005-3912
CVE-2005-3962

Low

Security Focus, Bugtraq ID: 15629, November 29, 2005

Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005

Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005

Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005

US-CERT VU#948385

Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

Ubuntu Security Notice, USN-222-2, December 12, 2005

Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.
org/attachment.cgi
?id=1909

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-08.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lesstif1-1/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-15.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-
announce/2005-
March/000287.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-331.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-044.html
<