U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-054)

Summary of Security Items from February 16 through February 22, 2005

Original release date: February 23, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.


Bugs, Holes, & Patches The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

 

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

3Com

3CDaemon 2.0 revision 10

Multiple vulnerabilities exist: a buffer overflow vulnerability exists when a remote malicious user submits a specially crafted FTP username, which could lead to the execution of arbitrary code; a buffer overflow vulnerability exists in several FTP commands, including cd, send, ls, put, delete, rename, rmdir, literal, stat, and cwd, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user submits an FTP user command with format string characters; a format string vulnerability exists in the cd, delete, rename, rmdir, literal, stat, and cwd [and others] commands, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user connects to the TFTP service and requests an MS-DOS device name; a vulnerability exists when the directory to an MS-DOS device name or a filename is changed, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

An exploit script has been published.

3Com 3CDaemon Multiple Remote Vulnerabilities

CVE Names:
CAN-2005-0275
CAN-2005-0276
CAN-2005-0277
CAN-2005-0278

Low/Medium/ High

(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)

[I.T.S] Security Research Team Advisory, January 4, 2005

SecurityFocus, 12155, February 19, 2005

DigiPen

Bontago 1.1

A buffer overflow vulnerability exists in 'nickname' values due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Bontago Game Server Nickname Remote Buffer Overflow

CVE Name:
CAN-2005-0501

High
Secunia Advisory,
SA14350, February 21, 2005

GD Software

SD Server 4.0.70 & prior

A Directory Traversal vulnerability exists due to insufficient validation of user-supplied input, which could let a remote malicious user obtain sensitive information.

Upgrade available at:
http://www.gdsoftware.dk/dl_file.asp?
link=SDServer%204.0.0.72.zip

There is no exploit code required; however, a Proof of Concept exploit has been published.

SD Server Directory Traversal

CVE Name:
CAN-2005-0507

Medium
x0n3-h4ck Italian Security Team Advisory, February 21, 2005

KarjaSoft

Sami HTTP Server 1.0.5

Several vulnerabilities exist: a Directory Traversal vulnerability exists due to an input validation error, which could let a remote malicious user obtain sensitive information; and a remote Denial of Service vulnerability exists due to a NULL pointer dereference error.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

KarjaSoft Sami HTTP Server Input Validation Holes

CVE Names:
CAN-2005-0450
CAN-2005-0451

Low/Medium

(Medium if sensitive information can be obtained)

Global Security Solution IT Advisory, February 15, 2005

Microsoft

ASP.NET 1.0, SP1 & SP2, 1.1, SP1

Multiple Cross-Site Scripting vulnerabilities exist when Unicode characters ranging from U+ff00-U+ff60 are converted to ASCII due to insufficient validation, which could let a remote malicious user execute arbitrary HTML or script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting

CVE Name:
CAN-2005-0452

High
SecurityFocus, 12574, February 16, 2005

Microsoft

Internet Explorer 6.0, SP1&SP2

A vulnerability exists because the title bar can be spoofed when a malicious user submits an overly long hostname due to a flaw in script-initiated pop-up windows.

No workaround or patch available at time of publishing.

An exploit script has been published.

 

Microsoft Internet Explorer Script-initiated Pop-up Windows Spoofing

CVE Name:
CAN-2005-0500

Medium
SecurityFocus, 12602, February 21, 2005

OpenConnect Systems

WebConnect 6.4.4, 6.5

Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits a request that has an MS-DOS device name; and a vulnerability exists in the ''jretest.html' script due to insufficient validation of the 'WCP_USER' parameter, which could let a remote malicious user obtain sensitive information.

Updates available at: http://www.oc.com/solutions/webconnect.jsp

Proofs of Concept exploits have been published.

WebConnect Remote Denial of Service and Information Disclosure

CVE Names:
CAN-2004-0465
CAN-2004-0466

Low/Medium

(Medium if sensitive information can be obtained)

CIRT Advisory, February 20, 2005

TrackerCam

TrackerCam 5.12

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the TrackerCam HTTP server, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in TrackerCam PHP scripts due to insufficient bounds checks on arguments, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability exists in the 'ComGetLogFile.php3' script, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to insufficient sanitization of HTML content in the username and password fields, which could let a remote malicious user launch phishing style attacks; and multiple remote Denial of Service vulnerabilities exist.

No workaround or patch available at time of publishing.

An exploit script has been published.

TrackerCam Multiple Remote Vulnerabilities

CVE Names:
CAN-2005-0478
CAN-2005-0479
CAN-2005-0480
CAN-2005-0481
CAN-2005-0482

Low/ Medium/ High

(Low of a DoS; medium if sensitive information can be obtained; and High if arbitrary code can be executed)

SecurityFocus, 12592, February 18, 2005

webwasher AG

Webwasher Classic 2.2.1, 3.3 build 44, 3.3

A vulnerability exists due to a design error because connections to the local host interface are allowed by the proxy, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
ftp://ftp.webwasher.com/pub/
wwash/wash34.ex

There is no exploit code required; however, a Proofs of Concept exploit has been published.

 

WebWasher Classic HTTP CONNECT Unauthorized Access

CVE Name:
CAN-2005-0316

Medium

Secunia Advisory,
SA14058, January 28, 2005

SecurityFocus, 12394, February 18, 2005

Xinkaa

WEB Station 1.0.3

A Directory Traversal vulnerability exists due to an input validation error when handling certain types of requests, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is not exploit code required; however, Proofs of Concept exploits have been published.

Xinkaa WEB Station Directory Traversal

CVE Name:
CAN-2005-0502

Medium
Secunia Advisory,
SA14349, February 21, 2005

Yahoo! Inc.

Yahoo! Messenger 6.0 .0.1750

A vulnerability exists during the installation process due to a failure to properly secure directories and executables, which could let a malicious user obtain elevated privileges.

Upgrade available at:
http://messenger.yahoo.com/

There is no exploit code required.

Yahoo! Messenger Insecure Default Installation

CVE Name:
CAN-2005-0242

Medium
Secunia Advisory,
SA11815, February 18, 2005

Yahoo! Inc.

Yahoo! Messenger 6.0 .0.1750

A vulnerability exists due to a failure to correctly display files with long filenames in the file transfer dialogue box, which could let a remote malicious user spoof downloaded file names.

Upgrade available: http://messenger.yahoo.com/

There is no exploit code required.

Yahoo! Messenger Download Dialogue Box File Name Spoofing

CVE Name:
CAN-2005-0243

Medium
Secunia Advisory,
SA13712, February 18, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

ADP

Elite System Max 9000 Series

A vulnerability exists because certain configuration files can be overwritten via the FTP server, which could let a malicious user obtain shell access.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

ADP Elite System Max 9000 Series Shell Access

CVE Name:
CAN-2005-0497

Medium
Secunia Advisory, SA14358, February 22, 2005

bidwatcher

bidwatcher 1.3-1.3.16

A vulnerability exists due to a failure of the application to properly implement a formatted string function, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.sourceforge.net/
bidwatcher/bidwatcher-1.3.17.tar.gz

Debian:
http://security.debian.org/pool/
updates/main/b/bidwatcher/

Currently we are not aware of any exploits for this vulnerability.

Bidwatcher Remote Format String

CVE Name:
CAN-2005-0158

High
Debian Security Advisory DSA 687-1, February 18, 2005

Carnegie Mellon University

Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18

Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/

Gentoo:
http://security.gentoo.org/glsa/glsa-200410-05.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/RHSA-2004-546.html

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Debian:
http://security.debian.org/pool/updates/
main/c/cyrus-sasl/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

OpenPGK:
ftp ftp.openpkg.org

FedoraLegacy:
http://download.fedoralegacy.org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

Cyrus SASL Buffer Overflow & Input Validation

CVE Name:
CAN-2004-0884

High

SecurityTracker Alert ID: 1011568, October 7, 2004

Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12 , 14, & 16, 2004

Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004

OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005

Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005

Dan Stromberg

fallback-reboot 0.9, 0.95, 0.96

A remote Denial of Service vulnerability when the daemon status is written to a non-existent terminal.

Upgrades available at:
http://dcs.nac.uci.edu/~strombrg/fallback-
reboot/fallback-reboot.tar.gz

Currently we are not aware of any exploits for this vulnerability.

Fallback-reboot Remote Denial of Service

CVE Name:
CAN-2005-0510

Low
Secunia Advisory,
SA14328, February 22, 2005

Dotcom-Projects.com

DCP-Portal 6.1.1

Multiple vulnerabilities exist due to insufficient validation of user-supplied input in the 'index.php' and 'forums.php' scripts,which could let a remote malicious user inject arbitrary SQL commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

DCP-Portal Input Validation

CVE Name:
CAN-2005-0454

High
hackgen-2005-#003, February 16, 2005

gFTP

gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17

A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz

Debian:
http://security.debian.org/pool/
updates/main/g/gftp/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit code required.

gFTP Remote Directory Traversal

CVE Name:
CAN-2005-0372

Medium

SecurityFocus, February 14, 2005

Debian Security Advisory, DSA 686-1, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005

GlFtpd

GlFtpd 1.26-1.29.1, 1.31, 1.32, 2.0, RC1-RC7

Multiple Directory Traversal vulnerabilities exists in various ZIP related plugins due to insufficient sanitization of user-supplied data, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

glFTPD ZIP Plugins Multiple Directory Traversal

CVE Name:
CAN-2005-0483

Medium
SecurityFocus, 12586, February 18, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

 

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.org/pool/
updates/main/e/enscript/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-03.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-039.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

SGI:
http://www.sgi.com/support/security/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Enscript Input Validation

CVE Names:
CAN-2004-1184
CAN-2004-1185
CAN-2004-1186

 

Low/High

(High if arbitrary code can be executed)

SecurityTracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

GNU Midnight Commander Project

Midnight Commander 4.x

Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.

Debian:
http://security.debian.org/pool/
updates/main/m/mc/

SUSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-24.xml

Currently we are not aware of any exploits for these vulnerabilities.

Low/ Medium/ High

(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)

SecurityTracker Alert, 1012903, January 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005

GNU

CUPS 1.1.22

A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SGI:
http://www.sgi.com/support/security/

SuSE:
ftp://ftp.suse.com/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

A Proof of Concept exploit script has been published.

GNU CUPS HPGL ParseCommand() Buffer Overflow

CVE Name:
CAN-2004-1267


High

CUPS Advisory STR #1023, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Turbolinux Security Announcement, February 17, 2005

GNU

CUPS Ippasswd 1.1.22

A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/security/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

A Proof of Concept exploit has been published.

GNU CUPS lppasswd Denial of Service

CVE Name:
CAN-2004-1268

 

Low

SecurityTracker Alert ID, 1012602, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

Turbolinux Security Announcement, February 17, 2005

GNU

Emacs prior to 21.4.17

 

A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.

Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4

Debian:
http://security.debian.org/pool/.../e/emacs20/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/emacs21/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-20.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Debian:
http://security.debian.org/pool/
updates/main/e/emacs21/

Currently we are not aware of any exploits for this vulnerability.

Emacs Format String

CVE Name:
CAN-2005-0100

High

SecurityTracker Alert, 1013100, February 7, 2005

Debian Security Advisory,
DSA-670-1 & 671-1, February 8, 2005

Ubuntu Security Notice, USN-76-1, February 7, 2005

Fedora Update Notifications
FEDORA-2005-145 & 146, February 14, 2005

Gentoo Linux Security Advisory, GLSA 200502-20, February 15, 2005

Mandrakelinux Security Update Advisory,MDKSA-2005:03, February 15, 2005

Debian Security Advisory, DSA 685-1, February 17, 2005

INL

Ulog-php 08- 0.8.2

Multiple SQL injection vulnerabilities exist due to insufficient sanitization of user-supplied input before used in SQL queries, which could let a malicious user modify data or exploit database implementation vulnerabilities.

Upgrades available at:
http://www.inl.fr/download/
ulog-php-1.0.tar.gz

There is no exploit code required.

INL Ulog-php Multiple SQL Injection

CVE Name:
CAN-2005-0463

Medium
SecurityFocus, 12610, February 21, 2005

J. Schilling

CDRTools 2.0, 2.0.1 a18, 2.0.3.

A vulnerability exists in 'cdrecord,' which could let a malicious user obtain root privileges.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-18.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/10/updates/

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/9/updates/

Exploit scripts have been published.

CDRTools Unspecified Privilege Escalation

CVE Name:
CAN-2004-0806

High

SecurityFocus, August 31, 2004

US-CERT Vulnerability Note VU#700326, September 17, 2004

Fedora Legacy Update Advisory, FLSA:2058, February 21, 2005

Jouni Malinen

wpa_supplicant prior to 0.2.7 and 0.3.8

A remote Denial of Service vulnerability exists in 'wpa.c' when processing WPA2 frames due to insufficient validation of the Key Data Length.

Update available at:
http://hostap.epitest.fi/wpa_supplicant/

Currently we are not aware of any exploits for this vulnerability.

Jouni Malinen wpa_supplicant Remote Denial of Service

CVE Name:
CAN-2005-0470

Low
SecurityTracker Alert, 1013226, February 17, 2005

KDE

KDE 3.3- 3.3.2

Several buffer overflow vulnerabilities exist in the 'FLICCD' utility due to boundary errors, which could let a malicious user obtain elevated privileges vulnerabilities and execute arbitrary code.

Patches available at:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.3.2-kdeedu-kstars.diff

Currently we are not aware of any exploits for these vulnerabilities.

KDE 'FLICCD' Utility Multiple Buffer Overflows

CVE Name:
CAN-2005-0011

High
Secunia Advisory,
SA14306, February 16, 2005

KDE

kdelibs 3.3.2

A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.

Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

KDE 'DCOPIDLING' Library

CVE Name:
CAN-2005-0365

Medium

SecurityFocus, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005

KDE

KDE 3.x, 2.x

A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.

The vulnerability has been fixed in the CVS repository.

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160

Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-009.html

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

KDE kio_ftp FTP Command Injection Vulnerability

CVE Name:
CAN-2004-1165

Medium

KDE Advisory Bug 95825, December 26, 2004

Debian Security Advisory, DSA 631-1, January 10, 2005

Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3

A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

A Proof of Concept exploit script has been published.

Linux Kernel Local RLIMIT_MEMLOCK
Bypass Denial
of Service

CVE Name:
CAN-2005-0179

Low

Bugtraq, January 7, 2005

Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32

 

Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-29.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Debian:
http://security.debian.org/pool/
updates/main/m/mailman/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Mailman Multiple Remote Vulnerabilities

CVE Names:
CAN-2004-1143
CAN-2004-1177

Medium/ High

(High if arbitrary code can be executed)

SecurityTracker, January 12, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005

SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005

Debian Security Advisory, DSA 674-3, February 21, 2005

Multiple Vendors

ISC BIND 8.4.4, 8.4.5

A remote Denial of Service vulnerability exists in the 'q_usedns' array due to in sufficient validation of the length of user-supplied input prior to copying it into static process buffers. This could possibly lead to the execution of arbitrary code.

Upgrade available at:
http://www.isc.org/index.pl?/sw/bind/

Astaro Linux:
http://www.astaro.org/showflat.php?Cat=
&Number=55637&page=0&view=
collapsed&sb=5&o=&fpart=1#55637

Currently we are not aware of any exploits for this vulnerability.

ISC BIND 'Q_UseDNS' Remote Denial of Service

CVE Name:
CAN-2005-0033

Low/High

(High if arbitrary code can be executed)

US-CERT Vulnerability Note, VU#327633, January 25, 2005

Astaro Security Linux Announcement, February 17, 2005

Multiple Vendors

Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0

Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.

SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html

Trustix:
http://http.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

A Proof of Concept exploit script has been published.

Multiple Vendors Linux Kernel IGMP Integer Underflow

CVE Name:
CAN-2004-1137

Low/ Medium

(Medium if elevated privileges can be obtained)

iSEC Security Research Advisory 0018, December 14, 2004

SecurityFocus, December 25, 2005

Secunia, SA13706, January 4, 2005

Avaya Security Advisory, ASA-2005-006, January 14, 2006

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/pool/
updates/main/e/evolution/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Currently we are not aware of any exploits for this vulnerability.

Evolution Camel-Lock-Helper Application Remote Buffer Overflow

CVE Name:
CAN-2005-0102

High

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 673-1, February 10, 2005

Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005

Multiple Vendors

MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1

A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.

Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html

OpenPKG:
ftp.openpkg.org

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html

SuSE:
ftp://ftp.suse.com/pub/suse

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

MySQL Database Unauthorized GRANT Privilege

CVE Name:
CAN-2004-0957

Medium

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Multiple Vendors

OpenLDAP 2.0-2.0.23, 2.0.25, 2.0.27, 2.1 .20, 2.1.4, 2.1.10-2.1.19, 2.1.22, 2.2.6, 2.2.15; SuSE Linux 8.2, 9.0 x86_64, 9.0, 9.1 x86_64, 9.1, 9.2 x86_64, 9.2

Multiple unspecified remote vulnerabilities exist in the 'slapd' daemon.

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

OpenLDAP SlapD Multiple Remote Denials of Service
Low
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Multiple Vendors

OpenSSH 3.0 p1-3.0.2 pl1, 3.0-3.0.2, 3.1-3.5, 3.1pl1, 3.2.2 p1, 3.2.3 p1, 3.3 p1-3.5pl1, 3.6.1 p1&pl2, 3.6.1, 3.7, 3.7.1, 3.7 p1&pl2, 3.7.1 p1, 3.8.1 p1, 3.9.1 pl1

An information disclosure vulnerability exists in the portable version of OpenSSH that is distributed for operating systems other than its native OpenBSD platform, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssh/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit code required.

OpenSSH-portable Remote Information Disclosure

CVE Name:
CAN-2003-0190

Medium

Ubuntu Security Notice, USN-34-1 November 30, 2004

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0

Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch

http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml

Debian:
http://security.debian.org/pool/
updates/main/s/squid/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-061.html

SUSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/errata/2005/0003/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit required.

Squid Proxy Web Cache WCCP Functionality Remote Denial of Service & Buffer Overflow

CVE Names:
CAN-2005-0094
CAN-2005-0095

Low/High

(High if arbitrary code can be executed)

Secunia Advisory, SA13825, January 13, 2005

Debian Security Advisory, DSA 651-1, January 20, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005

Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005

RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005

Turbolinux Security Announcement, February 17, 2005

 

Multiple Vendors

ALSA alsa-lib 1.0.6;
RedHat Enterprise Linux WS 4, ES 4, Enterprise Linux Desktop version 4, Enterprise Linux AS 4

A vulnerability exists in the Advanced Linux Sound Architecture (ALSA) mixer code, which could let a malicious user modify system information.

RedHat:
http://www.redhat.com/support/errata/
RHSA-2005-033.html

Currently we are not aware of any exploits for this vulnerability.

ALSA Mixer Code Protection Bypass

CVE Name:
CAN-2005-0087

Medium
Red Hat Security Advisory, RHSA-2005:033-01, February 15, 2005

Multiple Vendors

Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1

A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows

CVE Name:
CAN-2005-0490

High
iDEFENSE Security Advisory , February 21, 2005

Multiple Vendors

Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions

Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml

KDE:
ftp://ftp.kde.org/pub/kde/security_patches/
post-3.3.1-kdegraphics.diff

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/

SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-132.html

Currently we are not aware of any exploits for these vulnerabilities.

 

Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows

CVE Names:
CAN-2004-0888
CAN-2004-0889

High

SecurityTracker Alert ID, 1011865, October 21, 2004

Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004

Debian Security Advisory, DSA 599-1, November 25, 2004

SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004

Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005

Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136, February 8 & 9, 2005

Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005

Mandrakelinux Security Update Advisories, MDKSA-2005:041-044, February 18, 2005

RedHat Security Advisory, RHSA-2005:132-09, February, 18. 2005

Multiple Vendors

Gentoo Linux;
GNU Mailman 2.1-2.1.5; RedHat Fedora Core3 & Core2; Ubuntu Linux 4.1 ppc, ia64, ia32

A Directory Traversal vulnerability exists in 'private.py' due to an input validation error, which could let a remote malicious user obtain sensitive information.

Debian:
http://security.debian.org/pool/
updates/main/m/mailman/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-11.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-136.html

SUSE:
ftp://ftp.suse.com/pub/suse/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/

There is no exploit code required.

GNU Mailman Remote Directory Traversal

CVE Name:
CAN-2005-0202

Medium

Debian Security Advisory, DSA 674-1, February 10, 2005

Ubuntu Security Notice USN-78-1, February 10, 2005

Fedora Update Notifications
FEDORA-2005-131 & 132, February 10, 2005

Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005

RedHat Security Advisory, RHSA-2005:136-08, February 10, 2005

Fedora Update Notifications,
FEDORA-2005-131 & 132, February 10, 2005

Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005

Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005

SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:037, February 14, 2005

Ubuntu Security Notice, USN-78-2 , February 17, 2005

Debian Security Advisory, DSA 674-3, February 21, 2005

Multiple Vendors

Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0

Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information, or cause a Denial of Service.

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-28.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

X.org:
http://www.x.org/pub/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:137
(libxpm)

http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:138
(XFree86)

Debian:
http://www.debian.org/
security/2004/dsa-607
(XFree86)

SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/

TurboLinux:
http://www.turbolinux.com/update/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-023_RHSA-2004-537.pdf

http://support.avaya.com/elmodocs2/
security/ASA-2005-025_RHSA-2005-004.pdf

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-06.xml

http://security.gentoo.org/
glsa/glsa-200502-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors LibXPM Multiple Vulnerabilities

CVE Name:
CAN-2004-0914

Low/ Medium/ High

(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)

X.Org Foundation Security Advisory, November 17, 2004

Fedora Update Notifications,
FEDORA-2004-433 & 434, November 17 & 18, 2004

SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004

Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004

Fedora Security Update Notifications
FEDORA-2003-464, 465, 466, & 467, December 1, 2004

RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004

Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004

Debian Security Advisory
DSA-607-1 xfree86 -- several vulnerabilities, December 10, 2004

Turbolinux Security Announcement, January 20, 2005

Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005

Gentoo Linux Security Advisories, GLSA 200502-06 & 07, February 7, 2005

Ubuntu Security Notice, USN-83-1 February 16, 2005

Multiple Vendors

Gentoo Linux;
GProFTPD GProFTPD 8.1.7

A format string vulnerability exists in the 'gprostats' utility, which could let a remote malicious user execute arbitrary code.

Upgrade available at:
http://mange.dynup.net/linux.html#Download

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-26.xml

Currently we are not aware of any exploits for this vulnerability.

GProFTPD GProstats Remote Format String

CVE Name:
CAN-2005-0484

High
Gentoo Linux Security Advisory, GLSA 200502-26, February 18, 2005

Multiple Vendors

Gentoo Linux;
lighttpd lighttpd 1.3.7

A vulnerability exists in the 'buffer_urldecode()' function because encoded control sequences are handled incorrectly, which could let a remote malicious user obtain sensitive information.

Upgrade available at:
http://www.lighttpd.net/download/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-21.xml

There is no exploit code required.


Lighttpd 'buffer_urldecode()' Function Information Disclosure

CVE Name:
CAN-2005-0453

Medium

Gentoo Linux Security Advisory, GLSA 200502-21, February 15, 2005

Multiple Vendors

Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10

A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.

Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-016.html

http://rhn.redhat.com/errata/
RHSA-2005-017.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Exploit scripts have been published.

Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges

CVE Name:
CAN-2005-0001

High

SecurityTracker Alert, 1012862, January 12, 2005

SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005

RedHat Security Advisory, RHSA-2005:016-13 & 017-14, January 21, 2005

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing

A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are not properly processed, which could let a remote malicious user execute arbitrary code with root privileges.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Trustix:
http://http.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005
-016RHSA-2006-017RHSA-2005-043.pdf

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Another exploit script has been published.

Linux Kernel uselib() Root Privileges

CVE Name:
CAN-2004-1235

High

iSEC Security Research Advisory, January 7, 2005

Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

PacketStorm, January 27, 2005

Avaya Security Advisory, ASA-2005-034, February 8, 2005

Ubuntu Security Notice, USN-57-1, February 9, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux Kernel 2.6 - 2.6.10 rc2

The DRM module in the Linux kernel is susceptible to a local Denial of Service vulnerability. This vulnerability likely results in the corruption of video memory, crashing the X server. Malicious users may be able to modify the video output.

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Linux Kernel Local DRM Denial of Service

CVE Name:
CAN-2004-1056

Low

Ubuntu Security Notice USN-38-1 December 14, 2004

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3

An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel
SCSI IOCTL Integer
Overflow

CVE Name:
CAN-2005-0180

High

Bugtraq, January 7, 2005

Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005

SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Multiple Vulnerabilities

CVE Names:
CAN-2005-0176
CAN-2005-0177
CAN-2005-0178 CAN-2005-0204

Low/Medium

(Low if a DoS)

Ubuntu Security Notice, USN-82-1, February 15, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

MySQL AB
Conectiva
Debian
Engarde
FreeBSD
Gentoo
HP
IBM
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
Trustix
Sun
SuSE

MySQL AB MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, 3.23.8- 3.23.10, 3.23.22- 3.23.34, 3.23.36- 3.23.56, 3.23.58, 4.0 .0- 4.0.15, 4.0.18, 4.1.0-0, 4.1 .0-alpha

A vulnerability exists in the MySQL 'mysqld_multi' script due to insecure temporary file handling, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/m/mysql/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

OpenPKG:
ftp://ftp.openpkg.org/release/
2.0/UPD/mysql-4.0.18-2.0.1.src.rpm

Gentoo:
http://security.gentoo.org/glsa/
glsa-200405-20.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is not exploit code required.

MySQL 'mysqld_multi' Insecure Temporary File Handling

CVE Name:
CAN-2004-0388

Medium

Debian Security Advisory, DSA 483-1, April 14, 2004

Gentoo Linux Security Advisory, GLSA 200405-20, May 25, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:034, April 20, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.014, April 14, 2004

Turbolinux Security Announcement, February 17, 2005

MySQL AB

MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0

A buffer overflow vulnerability exists in the 'mysql_real_connect' function due to insufficient boundary checking, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Note: Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue.

Debian:
http://security.debian.org/pool/
updates/main/m/mysql/

Trustix:
http://http.trustix.org/pub/trustix/updates/

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SUSE:
ftp://ftp.suse.com/pub/suse

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

We are not aware of any exploits for this vulnerability.

MySQL Mysql_real_connect Function Remote Buffer Overflow

CVE Name:
CAN-2004-0836

Low/High

(High if arbitrary code can be executed)

Secunia Advisory,
SA12305, August 20, 2004

Debian Security Advisory, DSA 562-1, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

MySQL AB

MySQL 3.23.49, 4.0.20

A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/m/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-02.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata
/RHSA-2004-569.html

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

MySQL
'Mysqlhotcopy' Script Elevated Privileges

CVE Name:
CAN-2004-0457

Medium

Debian Security Advisory, DSA 540-1, August 18, 2004

Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004

SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004

RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

MySQL AB

MySQL 3.x, 4.x

 

Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'

Updates available at:
http://dev.mysql.com/downloads/mysql/

Debian:
http://security.debian.org/pool/
updates/main/m/mysql

Trustix:
http://http.trustix.org/pub/trustix/updates/

Mandrake:
http://www.mandrakesoft.com
/security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/

SuSE:
ftp://ftp.suse.com/pub/suse

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

We are not aware of any exploits for these vulnerabilities.

MySQL Security Restriction Bypass & Remote Denial of Service

CVE Names:
CAN-2004-0835
CAN-2004-0837

Low/ Medium

(Low if a DoS; and Medium if security restrictions can be bypassed)

Secunia Advisory, SA12783, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Ubuntu Security Notice, USN-32-1, November 25, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Netkit

Linux Netkit 0.17

A Denial of Service vulnerability exists when processing malformed size packets.

Debian:
http://security.debian.org/pool/updates/
main/n/netkit-rwho/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

Netkit RWho Malformed Packet Size Denial of Service

CVE Name:
CAN-2004-1180

Low

Debian Security Advisory DSA 678-1, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:039, February 17, 2005

NewsBruiser

NewsBruiser 2.0-2.3, 2.4, 2.4.1, 2.5, 2.6

A vulnerability exists in the comment system due to an error, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://newsbruiser.tigris.org/files/
documents/158/20687/NewsBruiser
-2.6.1.tar.gz

There is no exploit script required.

NewsBruiser Security Restrictions Bypass

CVE Name:
CAN-2005-0461

Medium
Secunia Advisory,
SA14262, February 17, 2005

Novell

Mono 1.0.5

Several Cross-Site Scripting vulnerabilities exist when converting Unicode characters ranging from U+ff00-U+ff60 to ASCII, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mono Multiple Cross-Site Scripting

CVE Name:
CAN-2005-0509

High
Secunia Advisory,
SA14325, February 22, 2005

Nullsoft

SHOUTcast 1.9.4

A format string vulnerability exists that could allow a remote malicious user to execute arbitrary code on the target system. A remote user can supply a specially crafted request to the target server containing format string characters to cause the target service to crash or execute arbitrary code.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-04.xml

An exploit script has been published.

Nullsoft SHOUTcast Format String Flaw

CVE Name:
CAN-2004-1373

High

SecurityTracker Alert ID: 1012675, December 24, 2004

Gentoo GLSA 200501-04, January 5, 2005

SecurityFocus, 12096, February 19, 2005

 

PHP Arena

paFaq Beta4

Multiple vulnerabilities exist in the 'question.php,' 'answer.php,' 'search.php,' and 'comment.php' scripts due to insufficient validation of user-supplied input, which could let a remote malicious user obtain sensitive information or unauthorized network access.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

PaFaq Input Validation

CVE Name:
CAN-2005-0475

Medium
PersianHacker.NET 200505-07, February 15, 2005

PostgreSQL

PostgreSQL 7.4.5; Avaya CVLAN, Integrated Management, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0

A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-16.xml

Debian:
http://security.debian.org/pool/updates/
main/p/postgresql/

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrakesoft:
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:149

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-489.html

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-024_
RHSA-2004-489.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

There is no exploit code required.

PostgreSQL Insecure Temporary File Creation

CVE Name:
CAN-2004-0977

Medium

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200410-16, October 18, 2004

Debian Security Advisory, DSA 577-1, October 29, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.046, October 29, 2004

Mandrakesoft Security Advisory, MDKSA-2004:149, December 13, 2004

Red Hat Advisory RHSA-2004:489-17, December 20, 2004

Avaya Security Advisory, ASA-2005-024, January 25, 2005

Turbolinux Security Announcement, February 17, 2005

RedHat

Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: two Denial of Service vulnerabilities exist; and a vulnerability exists in the Linux 4 kernel 4GB/4GB split patch, which could let a malicious user obtain sensitive information.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Currently we are not aware of any exploits for these vulnerabilities.

Red Hat Enterprise Linux Kernel Multiple Vulnerabilities

CVE Names:
CAN-2005-0090
CAN-2005-0091
CAN-2005-0092

Low/Medium

(Low if a DoS)

RedHat Security Advisory, RHSA-2005:092-14, February 18,2005

Redhat

GNOME VFS

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64;
Red Hat Linux Advanced Workstation 2.1 - ia64;
Red Hat Enterprise Linux ES version 2.1 - i386;
Red Hat Enterprise Linux WS version 2.1 - i386;
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64;
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64;
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Multiple vulnerabilities exist in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. A malicious user who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts.

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/
manuals/enterprise/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
http://www.suse.com/en/private
/download/updates/92_i386.html

Avaya:
http://support.avaya.com/japple/css/
japple?temp.groupID=128450&temp.
selectedFamily=128451&temp.selected
Product=154235&temp.selectedBucket
=126655&temp.feedbackState=askFor
Feedback&temp.documentID=198525&PAGE=
avaya.css.CSSLvl1Detail&execute
Transaction= avaya.css.UsageUpdate()

SGI:
ftp://patches.sgi.com/support/free/
security/patches/ProPack/3/

Fedora:
http://download.fedoralegacy.org/redhat/

We are not aware of any exploits for these vulnerabilities.

Red Hat GNOME VFS updates address extfs vulnerability

CVE Name:
CAN-2004-0494

High

Red Hat Security Advisory ID: RHSA-2004:373-01, August 4, 2004

Fedora Update Notification
FEDORA-2004-272 & 273, September 1, 2004

SecurityFocus, Bugtraq ID: 10864, December 7, 2004

Fedora Legacy Update Advisory, FLSA:1944, February 20, 2005

Rob Flynn

Gaim 1.0-1.0.2, 1.1.1, 1.1.2

Multiple remote Denial of Service vulnerabilities exist: a vulnerability exists when a remote malicious ICQ or AIM user submits certain malformed SNAC packets; and a vulnerability exists when parsing malformed HTML data.

Upgrades available at:
http://gaim.sourceforge.net/downloads.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

There is no exploit code required.

Gaim Multiple Remote Denials of Service

CVE Names:
CAN-2005-0472
CAN-2005-0473

Low

Gaim Advisory, February 17, 2005

Fedora Update Notifications,
FEDORA-2005-159 & 160, February 21, 2005

US-CERT Vulnerability Note VU#839280

US-CERT Vulnerability Note VU#523888

Simon Tatham

PSCP 0.54, 0.55, PSFTP 0.55, PuTTY 0.48-0.56

Several vulnerabilities exist: a vulnerability exists in 'sftp.c' due to an integer overflow in the 'fxp_readdir_recv()' function, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in 'sftp.c' due to an integer overflow in the 'sftp_pkt_getstring()' function, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.chiark.greenend.org.uk/
~sgtatham/putty/download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-28.xml

Currently we are not aware of any exploits for these vulnerabilities.

Simon Tatham PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow

CVE Name:
CAN-2005-0467

High
Secunia Advisory,
SA14333, February 21, 2005

sox.sourceforge
.net
  Fedora
  Mandrakesoft
  Gentoo
  Conectiva
  RedHat

SoX 12.17.4, 12.17.3,
and 12.17.2

Multiple vulnerabilities exist that could allow a remote malicious user to execute arbitrary code This is due to boundary errors within the "st_wavstartread()" function when processing ".WAV" file headers and can be exploited to cause stack-based buffer overflows. Successful exploitation requires that a user is tricked into playing a malicious ".WAV" file with a large value in a length field.

Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/1/

http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/2/

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:076

Gentoo:
http://security.gentoo.org/glsa/
glsa-200407-23.xml

Conectiva:
ftp://atualizacoes.conectiva.com.br

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-409.html

Slackware:
ftp://ftp.slackware.com/pub/slackware/

SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/

Debian:
http://security.debian.org/pool
/updates/main/s/sox/

Fedora:
http://download.fedoralegacy.
org/redhat/

An exploit script has been published.

SoX ".WAV" File Processing Buffer Overflow Vulnerabilities

CVE Name:
CAN-2004-0557

High

Secunia, SA12175, 12176, 12180, July 29, 2004

SecurityTracker Alerts 1010800 and 1010801, July 28/29, 2004

Mandrakesoft Security Advisory MDKSA-2004:076, July 28, 2004

PacketStorm, August 5, 2004

Slackware Security Advisory, SSA:2004-223-03, august 10, 2004

SGI Security Advisory, 20040802-01-U, August 14, 2004

Debian Security Advisory, DSA 565-1, October 13, 2004

Fedora Legacy Update Advisory, FLSA:1945, February 20, 2005

Squid-cache.org

Squid Web Proxy Cache 2.5 .STABLE5-STABLE8

A remote Denial of Service vulnerability exists when performing a Fully Qualify Domain Name (FQDN) lookup and and unexpected response is received.

Patches available at:
http://downloads.securityfocus.com/
vulnerabilities/patches/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-25.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy FQDN Remote Denial of Service

CVE Name:
CAN-2005-0446

Low

Secunia Advisory,
SA14271, February 14, 2005

Gentoo Linux Security Advisory GLSA, 200502-25, February 18, 2005

Ubuntu Security Notice, USN-84-1, February 21, 2005

Fedora Update Notifications,
FEDORA-2005-153 & 154,
February 21, 2005

SUSE Security Announcement, SUSE-SA:2005:008, February 21, 2005

Sun Microsystems, Inc.

Solaris 7.0, 7.0 _x86, 8.0, 8.0 _x86, 9.0, 9.0 _x86

A vulnerability exists in the 'kcms_configure(1)' command, which could let a malicious user cause a Denial or Service or possibly obtain elevated privileges.

Patches available at:
http://classic.sunsolve.sun.com/
pub-cgi/retrieve.pl?doc=fsalert
%2F57706&zone
_32=category%3Asecurity

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris 'kcms_configure(1)' Command

CVE Name:
CAN-2004-0481

Low/Medium

(Medium if elevated privileges can be obtained)

Sun(sm) Alert Notification, 57706, February 18, 2005

Tarantella Inc.

Enterprise 3 3.30, 3.40, Secure Global Desktop Enterprise Edition 3.42, 4.0

A vulnerability exists due to a design error, which could let a remote malicious user obtain sensitive information.

Workaround available at:
http://www.tarantella.com/security/
bulletin-11.html

There is no exploit code required.

Tarantella Enterprise/Secure Global Desktop Remote Information Disclosure

CVE Name:
CAN-2005-0486

Medium
Tarantella Security Bulletin #11, February 18, 2005

Typespeed

Typespeed 0.4.1

A local format string vulnerability exists which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/t/typespeed/

Currently we are not aware of any exploits for this vulnerability.

Typespeed Format String

CVE Name:
CAN-2005-0105

Medium
Debian Security Advisory DSA 684-1, February 16, 2005

Uim

Uim 4.5

A vulnerability exists in the Uim library because environment variables contents are always trusted, which could let a malicious user obtain elevated privileges.

Upgrade available at:
http://uim.freedesktop.org/releases/
uim-0.4.5.1.tar.gz

Currently we are not aware of any exploits for this vulnerability.

UIM LibUIM Elevated Privileges

CVE Name:
CAN-2005-0503

Medium
SecurityFocus, 12604, February 21, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

Apache Software Foundation

Batik Squiggle Browser 1.5

A vulnerability exists that could permit a user to bypass certain security restrictions due to an unspecified error in the Squiggle browser script code.

Update to version 1.5.1:
http://www.apache.org/dyn/closer.cgi/
xml/batik

Currently we are not aware of any exploits for this vulnerability.

Batik Squiggle Browser Access

CVE Name:
CAN-2005-0508

Medium
SecurityFocus, Bugtraq ID 12619, February 22, 2005

Craig Knudsen

WebCalendar 0.9.45

 

A vulnerability exists in 'user_valid_crypt function()' due to insufficient validation of the user-supplied login name parameter, which could let a remote malicious user obtain sensitive information or unauthorized network access.

Update available at: http://www.k5n.us/webcalendar.php?topic=Download

A Proof of Concept exploit has been published.

Craig Knudsen WebCalendar 'user_valid_crypt function()' Input Validation

CVE Name:
CAN-2005-0474

Medium
Scovetta Labs Security Advisory, SCL-2005.001, February 17, 2005

GigaFast

EE400-R Broadband Router

Two vulnerabilities exist that be exploited by a local malicious user to cause a Denial of Service and disclose some sensitive information. This is due to errors in the 'backup.cfg' configuration file and an error in the handling of DNS queries.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

GigaFast EE400-R Broadband Router Two Vulnerabilities

CVE Name:
CAN-2005-0498
CAN-2005-0499

Low/Medium

(Medium if sensitive information can be obtained)

Secunia
SA14366, February 22, 2005

GNU

AWStats 5.0-5.9, 6.0-6.2

Several vulnerabilities exist: a vulnerability exists in the 'awstats.pl' script due to insufficient validation of the 'configdir' parameter, which could let a remote malicious user execute arbitrary code; and an unspecified input validation vulnerability exists.

Upgrades available at:
http://awstats.sourceforge.net/files/awstats-6.3.tgz

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-36.xml

Exploit scripts have been published.

GNU AWStats Multiple Remote Input Validation

CVE Name:
CAN-2005-0116

High

Securiteam, January 18, 2005

Gentoo Linux Security Advisory [UPDATE] GLSA 200501-36:03, February 14, 2005

US-CERT Vulnerability Note VU#272296

SecurityFocus, February 16, 2005

GNU

BibORB version 1.3.2 and prior

Multiple input validation vulnerabilities exist that could permit a remote malicious user to conduct Cross-Site Scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.

Upgrade:
http://biborb.glymn.net/doku.php?id=
download&DokuWiki=
396024aefb12a718f8336c07de2160e9

A Proof of Concept exploit has been published.

GNU BibORB Multiple Vulnerabilities

CVE Name:
CAN-2005-0251
CAN-2005-0252
CAN-2005-0253
CAN-2005-0254

High
SecurityFocus, Bugtraq ID 12583, February 17, 2005

GPL

MercuryBoard 1.0.x and 1.1.x

A Cross-Site Scripting vulnerability exists due to input validation errors in the input passed to the 'f' parameter in 'forum.php.'

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

GPL MercuryBoard 'f' Cross-Site Scripting Vulnerability

CVE Name:
CAN-2005-0462

High
SecurityTracker Alert ID: 1013223, February 17, 2005

GPL

MercuryBoard 1.1.0

Multiple vulnerabilities exists that could permit users to conduct Cross-Site Scripting SQL injection attacks. Input in multiple variables in 'index.php' is not properly validated.

Update to version 1.1.2:
http://www.mercuryboard.com/index.
php?a=downloads

A Proof of Concept exploit has been published.

GPL MercuryBoard Multiple Vulnerabilities

CVE Name:
CAN-2005-0306
CAN-2005-0307
CAN-2005-0414

 

High
Secunia, SA13870, February 17, 2005

GPL

MercuryBoard 1.1.2. Version 1.0.x and
1.1.x

A vulnerability exists that could permit system information disclosure. This is due to a design error that exposes debug information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

GPL Mercuryboard Debug Information Disclosure Vulnerability

CVE Name:
CAN-2005-0460

Low
Secunia SA14284, February 15, 2005

Invision Power Services

Invision Power Board 1.3.1

An input validation vulnerability exists which could permit users to conduct script insertion attacks. Input passed in some nested SML codes in a forum post or signature is not properly validated.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Invision Power Board Script Insertion Vulnerability

CVE Name:
CAN-2005-0477

High

Secunia, SA14329, February 21, 2005

Jelsoft Enterprises

vBulletin 3.0.6 and prior

An input validation vulnerability exists that could let remote malicious users inject and execute arbitrary PHP code. Nested input passed to the 'template' parameter in 'misc.php' is not properly verified.

Update to version 3.0.7: http://www.vbulletin.com/download.php

A Proof of Concept exploit has been published.

Jelsoft Enterprises vBulletin PHP Code Injection Vulnerability

CVE Name:
CAN-2005-0511

High
Secunia
SA14326, February 22, 2005

Jelsoft Enterprises

VBulletin VBulletin 3.0 Gamma, beta 2-beta7. 3.0-3.0.4

A vulnerability exists in the 'forumdisplay.php' script due to insufficient sanitization when the 'showforumusers' option is enabled, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Jelsoft VBulletin 'Forumdisplay.PHP' Script Remote Command Execution

CVE Name:
CAN-2005-0429

High

SecurityFocus, February 14, 2005

SecurityFocus, 12542, February 16, 2005

Kayako

eSupport 2.3.1

A Cross-Site Scripting vulnerability exists due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Kayako ESupport Cross-Site Scripting

CVE Name:
CAN-2005-0487

High
SecurityFocus, 12563, February 15, 2005

Knox Software

Arkeia 4.0-4.2, 5.2, 5.3

A buffer overflow vulnerability exists when handling data that is contained in a type 77 request packet due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
ftp://ftp.arkeia.com/

Exploit scripts have been published.

Knox Arkeia Type 77 Request Remote Buffer Overflow

CVE Name:
CAN-2005-0491

High
Secunia Advisory, SA14327, February 22, 2005

Mark Burgess

Cfengine 2.0.0 to 2.1.7p1.

Input validation and buffer overflow vulnerabilities exist in Cfengine which could allow a remote malicious user to execute arbitrary code or cause a DoS (Denial of Service). The vulnerabilities are caused due to insufficient input validation and a boundary error in the cfservd daemon when processing authentication requests. The problems lies in the AuthenticationDialogue()" function, which is responsible for performing RSA authentication and key agreement.

Update to version 2.1.8 available at: http://www.cfengine.org/mirrors.html

Gentoo:
http://security.gentoo.org/glsa/
glsa-200408-08.xml

An exploit script has been published.

Cfengine RSA Authentication Heap Corruption

CVE Names:
CAN-2004-1701
CAN-2004-1702

High

Core Security Technologies Advisory, Advisory ID: CORE-2004-0714, August 9, 2004

SecurityFocus, 10899, February 19, 2005

Miro International

Mambo 4.5.2

A vulnerability exists in 'Tar.php' that could permit a remote malicious user to execute arbitrary commands on the target system.

A fixed version (4.5.2.1) is available at: http://mamboforge.net/frs/?group_id=5

A Proof of Concept exploit has been published.

Miro International Mambo Remote Code Vulnerability

CVE Name:
CAN-2005-0512

High
Mambo Help Reference 20050219, February 18, 2005

osCommerce

osCommerce 2.2 ms2

A Cross-Site Scripting vulnerability exists in 'Contact_us.php' which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

osCommerce 'Contact_us.PHP' Cross-Site Scripting

CVE Name:
CAN-2005-0458

High
SecurityFocus, 12568, February 15, 2005

PHP Arena

paNews 2.0b4

An input validation vulnerability exists that could permit a remote user to conduct Cross-Site Scripting attacks. The 'comment.php' script does not properly validate user-supplied input in the 'showpost' parameter.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

PHP Arena paNews 'comment.php' Cross-Site Scripting Vulnerability

CVE Name:
CAN-2005-0485

High
SecurityTracker Alert ID: 1013224, February 17, 2005

phpBB Team

phpBB 2.0.11

Multiple vulnerabilities exist which remote users could exploit to disclose and delete sensitive information. This is due to errors in the avatar handling functions.

Update to version 2.0.12: http://www.phpbb.com/downloads.php

Currently we are not aware of any exploits for this vulnerability.

 

phpBB Information Disclosure Vulnerability

CVE Name:
CAN-2005-0258
CAN-2005-0259

Medium
phpBB Advisory 265423, February 21, 2005

PHP Group

PHP 4.0-4.0.7, 4.0.7 RC1-RC3, 4.1 .0-4.1.2, 4.2 .0-4.2.3, 4.3-4.3.8, 5.0 candidate 1-3, 5.0 .0-5.0.2

A vulnerability exists in the 'open_basedir' directory setting due to a failure of the cURL module to properly enforce restrictions, which could let a malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP cURL Open_Basedir Restriction Bypass

CVE Name:
CAN-2004-1392

Medium

SecurityTracker Alert ID, 1011984, October 28, 2004

Ubuntu Security Notice, USN-66-1, January 20, 2005

Ubuntu Security Notice, USN-66-2, February 17, 2005

phpMyAdmin

phpMyAdmin 2.6.2-dev

A vulnerability exists that could permit a remote user to directly access the '\libraries\select_lang.lib.php' file to cause the system to display an error message that discloses the installation path.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

phpMyAdmin Information Disclosure Vulnerability

CVE Name:
CAN-2005-0459

Low

SecurityTracker Alert ID: 1013210, February 16, 2005

pMachine, Inc.

pMachine 2.4

An input validation vulnerability exists that could permit a remote user to execute arbitrary commands on the target system. The 'pm/add_ons/mail_this_entry/mail_autocheck.php' script does not properly validate user-supplied input.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

pMachine Remote Code Execution Vulnerability

CVE Name:
CAN-2005-0513

High
SecurityFocus, Bugtraq ID 12597, February 19, 2005

Python

SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4

A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected.

Patches for Python 2.2, 2.3, and 2.4, available at:
http://python.org/security/
PSF-2005-001/patch-2.2.txt
(Python 2.2)

http://python.org/security/
PSF-2005-001/patch.txt
(Python 2.3, 2.4)

The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1.

Debian:
http://www.debian.org/security/
2005/dsa-666

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-09.xml

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:035

Trustix:
http://www.trustix.org/errata/2005/0003/

Red Hat:
http://rhn.redhat.com/errata
/RHSA-2005-109.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Python SimpleXMLRPCServer Remote Code

CVE Name:
CAN-2005-0089
CAN-2005-0088

High

Python Security Advisory: PSF-2005-001, February 3, 2005

Gentoo, GLSA 200502-09, February 08, 2005

Mandrakesoft, MDKSA-2005:035, February 10, 2005

Trustix #2005-0003, February 11, 2005

RedHat Security Advisory, RHSA-2005:109-04, February 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

US-CERT Vulnerability Note VU#356409

Seth M. Knorr

Biz Mail Form 2.1

An input validation vulnerability exists that could permit remote malicious users to use the program as an open mail relay. Input passed to the 'email' parameter is not properly validated .

Update to version 2.2:
http://www.bizmailform.com/
downloadnew.html

Currently we are not aware of any exploits for this vulnerability.

Seth M. Knorr Biz Mail Form Access Vulnerability

CVE Name:
CAN-2005-0493

Medium
Secunia
SA14351, February 22, 2005

Squid-cache.org

Squid 2.5

A vulnerability exists that could permit a remote malicious user to send multiple Content-length headers with special HTTP requests to corrupt the cache on the Squid server.

A patch (squid-2.5.STABLE7-header_parsing.patch) is available at: http://www.squid-cache.org/Versions/v2/2.5/bugs/
squid-2.5.STABLE7-header_parsing.patch

Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000923

Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200502-04.xml

Debian:
http://www.debian.org/
security/2005/dsa-667

Ubuntu:
http://www.ubuntulinux.org/support/
documentation/usn/usn-77-1

SuSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/errata/2005/0003/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html

SuSE:
ftp://ftp.suse.com/pub/suse/

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/s/squid/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Squid Error in Parsing HTTP Headers

CVE Name:
CAN-2005-0174
CAN-2005-0175

Medium

SecurityTracker Alert ID, 1012992, January 25, 2005

Gentoo GLSA 200502-04, February 2, 2005

Debian DSA-667-1, February 4, 2005

SUSE, SUSE-SR:2005:003, February 4, 2005

US-CERT Vulnerability Note, VU#924198

US-CERT Vulnerability Note, VU#625878

Trustix #2005-0003, February 11, 2005

Ubuntu Security Notice, USN-77-1, February 7, 2005

SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:034, February 11, 2005

RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005

Turbolinux Security Announcement, February 17, 2005

Symantec

Norton AntiVirus for Microsoft Exchange 2.1, prior to build 2.18.85;
Symantec Norton Antivirus 2004 for Windows;
Symantec Norton Antivirus 2004 for Macintosh;
Symantec Norton Antivirus 9.0 for Macintosh

A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target system. The DEC2EXE engine does not properly parse UPX compressed files when inspecting them for viruses.

A fix is available via LiveUpdate and at: http://www.symantec.com/techsupp

Symantec Response Updated 2/17/2005
Further breakout to clarify vulnerable and non-vulnerable builds
.

Currently we are not aware of any exploits for this vulnerability.

Symantec Norton Anti-Virus Buffer Overflow

CVE Name:
CAN-2005-0249

High

Symantec Security Response, SYM05-003, February 8, 2005

US-CERT Vulnerability Note VU#107822

Symantec Security Response, SYM05-003, Updated February 17, 2005

Thomson

TCW690 Cable Modem Software version ST42.03.0a

Two vulnerabilities exist that could permit users to cause a Denial of Service and security restriction bypass. This is due to a boundary error in the HTTP interface and an error in the authorization process.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Thomson TCW690 Cable Modem Two Vulnerabilities

CVE Name:
CAN-2005-0494
CAN-2003-1085

Low/Medium

(Medium if security restrictions can be bypassed)

SecurityFocus, Bugtraq ID 12595, February 19, 2005

University of California (BSD License)

PostgreSQL 7.x, 8.x

 

Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration.

Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7: http://wwwmaster.postgresql.
org/download/mirrors-ftp

Ubuntu:
http://www.ubuntulinux.org/
support/
documentation/usn/usn-71-1

Debian:
http://www.debian.org/
security/2005/dsa-668

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-08.xml

Fedora:
http://download.fedora.redhat.com/
pub
/fedora/linux/core/updates/

Trustix:
http://http.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/postgresql/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-141.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-19.xml

Debian:
http://security.debian.org/
pool/updates/main/p/postgresql/

Mandrakesoft:
http://www.mandrakesoft.com/
security/ advisories?name=
MDKSA-2005:040

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

University of California PostgreSQL Multiple Vulnerabilities

CVE Name:
CAN-2005-0227
CAN-2005-0246
CAN-2005-0244
CAN-2005-0245
CAN-2005-0247

Medium/ High

(High if arbitrary code can be executed)

PostgreSQL Security Release, February 1, 2005

Ubuntu Security Notice USN-71-1 February 01, 2005

Debian Security Advisory
DSA-668-1, February 4, 2005

Gentoo GLSA 200502-08, February 7, 2005

Fedora Update Notifications,
FEDORA-2005-124 & 125, February 7, 2005

Ubuntu Security Notic,e USN-79-1 , February 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-19, February 14, 2005

RedHat Security Advisory, RHSA-2005:141-06, February 14, 2005

Debian Security Advisory, DSA 683-1, February 15, 2005

Mandrakesoft, MDKSA-2005:040, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Verity

Ultraseek 5.x

An input validation vulnerability exists processing search requests could permit remote users to conduct Cross-Site Scripting attacks.

Update to version 5.3.3.

Currently we are not aware of any exploits for this vulnerability.

Verity Ultraseek Cross-Site Scripting Vulnerability

CVE Name:
CAN-2005-0514

High

Secunia,
SA14367, February 22, 2005

US-CERT VU#716144

Yann Ramin

IRM 1.x

A vulnerability exists which could permit malicious users to bypass certain security restrictions.This is due to an error in the LDAP login code.

Update to version 1.5.2.1:
http://sourceforge.net/project/
showfiles.php?group_id=14522

A Proof of Concept exploit has been published.

Yann Ramin IRM LDAP Login Security Bypass Vulnerability

CVE Name:
CAN-2005-0505

Medium

SecurityFocus, Bugtraq ID 12614, February 22, 2005

Zeroboard

Multiple input validation vulnerabilities exist that could permit a remote user to conduct Cross-Site Scripting attacks. Functions affected are: 'gallery,' 'union_schedule,' 'view_image.php,' and 'id.'

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Zeroboard Cross-Site Scripting Vulnerabilities

CVE Name:
CAN-2005-0495

High
SecurityFocus, Bugtraq ID 12596, February 19, 2005

[back to top] 

Recent Exploit Scripts/Techniques

The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
February 21, 2005 bontagobof.zip
No
Exploit for the Bontago Game Server Nickname Remote Buffer Overflow vulnerability.
February 21, 2005 IE-POPUP.txt
No
Exploit for the Microsoft Internet Explorer Pop-up Window Title Bar Spoofing vulnerability.
February 19, 2005 3cdaemon_exp.c
No
Script that exploits the 3Com 3CDaemon Multiple Remote Vulnerabilities.
February 19, 2005 arksink2.c
arkeia_type77_win32.pm
arkeia_type77_macos.pm
arkeia_agent_access.pm
Yes
Exploits for the Knox Arkeia Type 77 Request Remote Buffer Overflow vulnerability.
February 19, 2005 cfengine_hof.c
Yes
Script that exploits the Cfengine RSA Authentication Heap Corruption vulnerability.
February 19, 2005 shoutcast-fmt-exp.c
shoutcast194_exp.c
Yes
Exploits for the Nullsoft SHOUTcast File Request Format String vulnerability.
February 19, 2005 TCW690_POST.c
No
Script that exploits the Thomson TCW690 Cable Modem Multiple vulnerabilities.
February 18, 2005 cabrightstor_disco.pm
cabrightstor_disco_servicepc.pm
Yes
Exploit for the BrightStor ARCserve Backup Discovery Service Buffer Overflow vulnerability.
February 18, 2005 chipmunk.forum.txt
No
Exploit for the Chipmunk Forum SQL Injection Vulnerabilities
February 18, 2005 cms.core.txt
No
Exploit for the CMScore Multiple SQL Injection Vulnerabilities.
February 18, 2005 ecl-eximspa.c
Yes
Exploit for the GNU Exim
Buffer Overflows vulnerability.
February 18, 2005 elog_unix_win.c
Yes
Exploit for the GNU ELOG Disclosure and Code Execution Vulnerabilities.
February 18, 2005 linux-2.6.10.c
Yes
Linux v2.6.10 and below kernel exploit which allows nonpriveleged users to read kernel memory.
February 18, 2005
mercuryboard.1.1.1.txt
Yes
Exploit for the GPL MercuryBoard Multiple Vulnerabilities.
February 18, 2005 my.phpforum.1.0.txt
No
Exploit for the GPL MyPHP Forum SQL Injection Vulnerability.
February 18, 2005 SInAR-0.2.tar.bz2
N/A
An Invisible kernel based rootkit for Solaris 8, 9, and 10.
February 18, 2005 tcambof.zip
No
Exploit for the TrackerCam Multiple Remote Vulnerabilities.
February 18, 2005 vbulletin-3.0.4.txt
vbulletin304-xp.pl
No
Script that exploits the Jelsoft VBulletin 'Forumdisplay.PHP' Script Remote Command Execution vulnerability.
February 16, 2005 GHCaws.pl
awexpl.c
Yes
Scripts that exploit the GNU AWStats Multiple Remote Input Validation vulnerabilities.

[back to top]

Trends
  • Phishers twisted a long-standing scam tactic, the Nigerian scam, into their newest technique to fake consumers out of their bank account information and the money in those accounts. The new scheme starts with an e-mail from a phony bank, claiming that a large amount of money has been placed into a new account opened in the recipient's name and a link to the bogus bank is included, along with an account number and a PIN. For more information, see "New Phishing Tactic Dangles Millions As Bait" located at: http://www.techweb.com/wire/security/60402291.
  • Most companies that suffer intrusions are afraid of negative publicity and don't report intrusions which leave consumers unaware when their identities may have been compromised. For more information, see "Hacking Attacks Rarely Made Public, Experts Say" locate at: http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=7690556.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trends
Date
1
Netsky-P Win32 Worm Stable March 2004
2
Zafi-D Win32 Worm Stable December 2004
3
Zafi-B Win32 Worm Slight Increase June 2004
4
Netsky-Q Win32 Worm Slight Decrease March 2004
5
Netsky-D Win32 Worm Stable March 2004
6
Sober-I Win32 Worm Stable November 2004
7
Bagle.bj Win32 Worm Stable January 2005
8
Netsky-B Win32 Worm Stable February 2004
9
Bagle.z Win32 Worm Stable April 2004
10
Bagle-AU Win32 Worm Stable October 2004

Table Updated February 22, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • MyDoom: Another variant of the MyDoom worm, which spreads by sending copies of itself using its own SMTP engine and harvesting potential e-mail targets from search engines such as Google and Yahoo. For more information, see: http://software.silicon.com/malware/0,3800003100,39127940,00.htm
  • Sober: MessageLabs said that it has intercepted 1,400 copies of W32.Sober-K-mm in Germany, France, the US and the UK. Sober-K-mm sends itself as an attachment and creates random subject lines and body texts in either English or German, depending on the email addresses harvested by the worm. For more information, see: http://www.vnunet.com/news/1161399
  • FBI Hoax: The FBI warned Tuesday, February 22, that a computer virus is being spread through unsolicited e-mails that purport to come from the FBI. The e-mails appear to come from an fbi.gov address. They tell recipients that they have accessed illegal Web sites and that their Internet use has been monitored by the FBI's "Internet Fraud Complaint Center," the FBI said. For more information, see: http://www.washingtonpost.com/wp-dyn/articles/A45131-2005Feb22.html

The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.

NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.

Name
Aliases
Type
AdClicker-BW   Trojan
Backdoor.Spyboter.A Backdoor.Win32.Spyboter.gen Trojan
Backdoor.Wortbot   Trojan
BackDoor-CKB   Trojan
BKDR_SURILA.O BackDoor-CEB
Backdoor.Nemog.D
Backdoor:Win32/Surila.O
Troj/Surila-P
Win32.Gavvo
Trojan
Bropia.G IM-Worm.Win32.Bropia.g Win32 Worm
Downloader-VA   Trojan
PWS-Bancban.gen.b PWSteal.Bancos.Q
Trojan-Spy.Win32.Banbra.bd
Trojan
PWS-Lineage   Trojan
Rishp Spyware.Apropos
Trojan-Downloader.Win32.Agent.ji
TROJ_AGENT.OZ
Trojan
Sober.K Email-Worm.Win32.Sober.k
Sober.M
W32.Sober.K@mm
W32/Sober
W32/Sober-K
W32/Sober.K@mm
W32/Sober.l@MM
W32/Sober.M.worm
W32/Sober.M@mm
Win32.Sober.K
Win32/Sober.K.Worm
WORM_SOBER.K
Win32 Worm
Troj/Lineage-D   Trojan
Troj/PurScan-V   Trojan
Troj/Surila-P
  Trojan
Troj_DlDer DlDer
Trojan.Win32.DlDer
Trojan
Trojan.Anicmoo   Trojan
Trojan.Anicmoo.B   Trojan
Trojan.Goldun PWS-Goldun
Troj/Agent-BR
Trojan-Spy.Win32.Goldun.d
TROJ_GOLDUN.F
W32/Goldun.A@pws
Win32.Grams.I
Win32/Grams.I!Trojan
Trojan
Trojan.Goldun.B PWS-Banker.k.dll
Trojan-Spy.Win32.Goldun.m
Trojan
Trojan.Goldun.C   Trojan
Trojan.Startpage.I   Trojan
Trojan.Tabela.A   Trojan
Trojan-Proxy.Win32.Agent.ci Proxy-Sambe
Win32.Reigndar.C
Win32/Sambe.A.12800.Trojan
Trojan
W32.Ahker.D@mm Email-Worm.Win32.Anker.d
W32/Generic.worm!p2p
WORM_AHKER.D
Win32 Worm
W32.Bropia.R IM-Worm.Win32.Bropia.i
Win32 Worm
W32.Derdero.B@mm   Win32 Worm
W32.Derdero.C@mm   Win32 Worm
W32.Doxpar W32/Doxpar.worm Win32 Worm
W32.Jumpred.A   Win32 Worm
W32.Kipis.L@mm   Win32 Worm
W32.Mydoom.AZ@mm W32/Mydoom.bc@MM Win32 Worm
W32.Mydoom.BA@mm Email-Worm.Win32.Mydoom.am
MyDoom.AT@mm
MyDoom.BC
MyDoom.M
W32.Mydoom.AZ@mm
W32/Mydoom
W32/MyDoom-BC
W32/Mydoom.Am@mm
W32/Mydoom.AZ@mm
W32/Mydoom.BB@mm
W32/Mydoom.bc@MM
Win32.Mydoom.AY
Win32.Mydoom.AZ
Win32.Mydoom.AZ!ZIP
Win32/Mydoom.AZ!Worm
WORM_MYDOOM.BA
WORM_MYDOOM.BC
Win32 Worm
W32.Spybot.JPB   Win32 Worm
W32/Assiral-A WORM_ASSIRAL.A Win32 Worm
W32/Assiral-A
  Win32 Worm
W32/Bropia.worm.p   Win32 Worm
W32/Bropia-P WORM_BROPIA.S
W32/Bropia.worm.q
Win32 Worm
W32/Codbot-C W32/Sdbot.worm.gen.j Win32 Worm
W32/Derdero.a@MM Email-Worm.Win32.Bloored.a
PE_DERDERO.A
W32.Derdero.A@mm
W32/Derdero
W32/Derdero-A
Win32.Derdool.B
Win32.HLLP.Dermedo
Win32 Worm
W32/Derdero-A Email-Worm.Win32.Bloored.a
PE_DERDERO.A
W32.Derdero.A@mm
W32/Derdero
W32/Derdero.a@MM
Win32.Derdool.B
Win32.HLLP.Dermedo
Win32 Worm
W32/Forbot-EC Backdoor.Win32.PdPinch.gen
WORM_WOOTBOT.GEN
Win32 Worm
W32/Forbot-EG Backdoor.Win32.PdPinch.gen Win32 Worm
W32/Gaobot.DAC.worm Gaobot.DAC
Rbot
Sdbot
Win32 Worm
W32/Kipis-I Email-Worm.Win32.Kipis.k
W32.Kipis.K@mm
Win32 Worm
W32/Mydoom.bb@MM Email-Worm.Win32.Mydoom.am
Email-Worm.Win32.Mydoom.m
Mydoom.AO
Mydoom.AU
MyDoom.BB
MyDoom.BF
MyDoom.M
W32.Mydoom.AX@mm
W32/Downloader
W32/Mydoom
W32/MyDoom-O
W32/Mydoom.AO.worm
W32/Mydoom.AY@mm
W32/Mydoom.bf@MM
Win32.Mydoom.AU
Win32.Mydoom.AU!ZIP
Win32/Mydoom.AU!Worm
Win32/Mydoom.BB@mm
WORM_MYDOOM.BB
WORM_MYDOOM.BF
WORM_MYDOOM.M
Win32 Worm
W32/Mydoom.bc@MM Email-Worm.Win32.Mydoom.am
MyDoom.BC
MyDoom.M
W32.Mydoom.AZ@mm
W32/Mydoom
W32/MyDoom-BC
W32/Mydoom.Am@mm
W32/Mydoom.AZ@mm
Win32.Mydoom.AY
Win32.Mydoom.BC
Win32/MyDoom.O!Worm
WORM_MYDOOM.BC
Win32 Worm
W32/Mydoom.bd@MM Email-Worm.Win32.Mydoom.am
MyDoom.BD
Mydoom.m
W32.Mydoom.AZ@mm
W32/Mydoom
W32/MyDoom-BC
W32/Mydoom.Am@mm
W32/Mydoom.BA@mm
Win32.Mydoom.AX
WORM_MYDOOM.BD
WORM_MYDOOM_BD
Win32 Worm
W32/Mydoom.BE@mm Email-Worm.Win32.Mydoom.am
MyDoom.BE
Mydoom.m
W32.MyDoom.BA@mm
W32.Mydoom.BB@mm
W32.Mydoom.gen@mm
W32/Mydoom
W32/MyDoom-BC
W32/MyDoom-BE
W32/Mydoom.Am@mm
W32/Mydoom.bf@MM
Win32.Mydoom.BA
Win32.Mydoom.BB
Win32/Mydoom.BA!Worm
Win32/MyDoom.O!Worm
WORM_MYDOOM.BE
Win32 Worm
W32/MyDoom-AS
W32/Mydoom.ba@MM Win32 Worm
W32/MyDoom-O WORM_MYDOOM.M
I-Worm.Mydoom.m
Win32 Worm
W32/Poebot-A Backdoor.Win32.PoeBot.a Win32 Worm
W32/Poebot-H Backdoor.Win32.PoeBot.a
Win32 Worm
W32/Rbot-WB   Win32 Worm
W32/Rbot-WF   Win32 Worm
W32/Sdbot-SB
  Win32 Worm
W32/Sdbot-VH
  Win32 Worm
W32/Sdbot-VL
  Win32 Worm
W32/Sober-K Email-Worm.VBS.Sober.k
W32/Sober.M@mm
WORM_SOBER.GEN
Win32 Worm
W32/Spybot.GPU BackDoor-COD
Backdoor.Win32.Rbot.iv
Win32.ForBot.ME
Win32 Worm
Win32.Banker.M PWS-Banker!sys
PWSteal.Banker.B
Troj/Haxdor-Fam
Trojan-Spy.Win32.Banker.ds
W32/Banker.GQ
Win32.Banker
Win32 Worm
Win32.Bropia.J W32/Bropia.worm.l
Win32 Worm
Win32.Bropia.K IM-Worm.Win32.Bropia.f
W32.Bropia.M
W32.Bropia.N
W32/Bropia.worm.n
WORM_BROPIA.O
Win32 Worm
Win32.Bropia.N BackDoor-COD
IM-Worm.Win32.Bropia.g
Troj/Manacle-A
W32.Bropia.N
WORM_BROPIA.R
Win32 Worm
Win32.Bropia.R IM-Worm.Win32.Bropia.i
IM-Worm.Win32.Bropia.j
W32.Bropia.Q
W32/Bropia.worm
W32/Bropia.worm.q
Win32.Bropia.Q
Win32/Bropia.Q!Worm
WORM_BROPIA.Q
Win32 Worm
Win32.Rbot.BSM Backdoor.Win32.Rbot.iv
W32/Spybot.GPV
Win32 Worm
Win32.Rbot.BTK Backdoor.Win32.Rbot.je
W32/Bropia.worm.q
Win32/Rbot.BTK!Worm
Win32 Worm
WORM_AIMDES.B IM-Worm.Win32.Aimes.b
Malware-d
W32.Aimdes.B
Win32.Aimdes.B
Win32 Worm
WORM_AIMDES.C IM-Worm.Win32.Aimes.b
Malware-d
W32.Aimdes.C@mm
Win32.Aimdes.D
Win32 Worm
WORM_AIMDES.D   Win32 Worm
WORM_BROPIA.O W32/Bropia.worm
Win32 Worm
WORM_BROPIA.Q Bropia.M
IM-Worm.Win32.Bropia.j
W32.Bropia.P
W32.Bropia.Q
W32/Bropia-P
W32/Bropia.worm
W32/Bropia.worm.q
Win32.Bropia.P
Win32.Bropia.Q
Win32.Bropia.R
Win32/Bropia.O1!Worm
Win32/Bropia.Q!Worm
WORM_BROPIA.P
WORM_BROPIA.S
Win32 Worm
WORM_INFORYOU.A W32/Inforyou-A
W32/Inforyou.dll
Win32 Worm
WORM_MYDOOM.M W32.Mydoom.gen@mm
W32/Mydoom
W32/MyDoom-BC
Trojan

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.


Bugs, Holes, & Patches The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

 

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

3Com

3CDaemon 2.0 revision 10

Multiple vulnerabilities exist: a buffer overflow vulnerability exists when a remote malicious user submits a specially crafted FTP username, which could lead to the execution of arbitrary code; a buffer overflow vulnerability exists in several FTP commands, including cd, send, ls, put, delete, rename, rmdir, literal, stat, and cwd, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user submits an FTP user command with format string characters; a format string vulnerability exists in the cd, delete, rename, rmdir, literal, stat, and cwd [and others] commands, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user connects to the TFTP service and requests an MS-DOS device name; a vulnerability exists when the directory to an MS-DOS device name or a filename is changed, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

An exploit script has been published.

3Com 3CDaemon Multiple Remote Vulnerabilities

CVE Names:
CAN-2005-0275
CAN-2005-0276
CAN-2005-0277
CAN-2005-0278

Low/Medium/ High

(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)

[I.T.S] Security Research Team Advisory, January 4, 2005

SecurityFocus, 12155, February 19, 2005

DigiPen

Bontago 1.1

A buffer overflow vulnerability exists in 'nickname' values due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Bontago Game Server Nickname Remote Buffer Overflow

CVE Name:
CAN-2005-0501

High
Secunia Advisory,
SA14350, February 21, 2005

GD Software

SD Server 4.0.70 & prior

A Directory Traversal vulnerability exists due to insufficient validation of user-supplied input, which could let a remote malicious user obtain sensitive information.

Upgrade available at:
http://www.gdsoftware.dk/dl_file.asp?
link=SDServer%204.0.0.72.zip

There is no exploit code required; however, a Proof of Concept exploit has been published.

SD Server Directory Traversal

CVE Name:
CAN-2005-0507

Medium
x0n3-h4ck Italian Security Team Advisory, February 21, 2005

KarjaSoft

Sami HTTP Server 1.0.5

Several vulnerabilities exist: a Directory Traversal vulnerability exists due to an input validation error, which could let a remote malicious user obtain sensitive information; and a remote Denial of Service vulnerability exists due to a NULL pointer dereference error.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

KarjaSoft Sami HTTP Server Input Validation Holes

CVE Names:
CAN-2005-0450
CAN-2005-0451

Low/Medium

(Medium if sensitive information can be obtained)

Global Security Solution IT Advisory, February 15, 2005

Microsoft

ASP.NET 1.0, SP1 & SP2, 1.1, SP1

Multiple Cross-Site Scripting vulnerabilities exist when Unicode characters ranging from U+ff00-U+ff60 are converted to ASCII due to insufficient validation, which could let a remote malicious user execute arbitrary HTML or script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting

CVE Name:
CAN-2005-0452

High
SecurityFocus, 12574, February 16, 2005

Microsoft

Internet Explorer 6.0, SP1&SP2

A vulnerability exists because the title bar can be spoofed when a malicious user submits an overly long hostname due to a flaw in script-initiated pop-up windows.

No workaround or patch available at time of publishing.

An exploit script has been published.

 

Microsoft Internet Explorer Script-initiated Pop-up Windows Spoofing

CVE Name:
CAN-2005-0500

Medium
SecurityFocus, 12602, February 21, 2005

OpenConnect Systems

WebConnect 6.4.4, 6.5

Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits a request that has an MS-DOS device name; and a vulnerability exists in the ''jretest.html' script due to insufficient validation of the 'WCP_USER' parameter, which could let a remote malicious user obtain sensitive information.

Updates available at: http://www.oc.com/solutions/webconnect.jsp

Proofs of Concept exploits have been published.

WebConnect Remote Denial of Service and Information Disclosure

CVE Names:
CAN-2004-0465
CAN-2004-0466

Low/Medium

(Medium if sensitive information can be obtained)

CIRT Advisory, February 20, 2005

TrackerCam

TrackerCam 5.12

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the TrackerCam HTTP server, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in TrackerCam PHP scripts due to insufficient bounds checks on arguments, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability exists in the 'ComGetLogFile.php3' script, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to insufficient sanitization of HTML content in the username and password fields, which could let a remote malicious user launch phishing style attacks; and multiple remote Denial of Service vulnerabilities exist.

No workaround or patch available at time of publishing.

An exploit script has been published.

TrackerCam Multiple Remote Vulnerabilities

CVE Names:
CAN-2005-0478
CAN-2005-0479
CAN-2005-0480
CAN-2005-0481
CAN-2005-0482

Low/ Medium/ High

(Low of a DoS; medium if sensitive information can be obtained; and High if arbitrary code can be executed)

SecurityFocus, 12592, February 18, 2005

webwasher AG

Webwasher Classic 2.2.1, 3.3 build 44, 3.3

A vulnerability exists due to a design error because connections to the local host interface are allowed by the proxy, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
ftp://ftp.webwasher.com/pub/
wwash/wash34.ex

There is no exploit code required; however, a Proofs of Concept exploit has been published.

 

WebWasher Classic HTTP CONNECT Unauthorized Access

CVE Name:
CAN-2005-0316

Medium

Secunia Advisory,
SA14058, January 28, 2005

SecurityFocus, 12394, February 18, 2005

Xinkaa

WEB Station 1.0.3

A Directory Traversal vulnerability exists due to an input validation error when handling certain types of requests, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is not exploit code required; however, Proofs of Concept exploits have been published.

Xinkaa WEB Station Directory Traversal

CVE Name:
CAN-2005-0502

Medium
Secunia Advisory,
SA14349, February 21, 2005

Yahoo! Inc.

Yahoo! Messenger 6.0 .0.1750

A vulnerability exists during the installation process due to a failure to properly secure directories and executables, which could let a malicious user obtain elevated privileges.

Upgrade available at:
http://messenger.yahoo.com/

There is no exploit code required.

Yahoo! Messenger Insecure Default Installation

CVE Name:
CAN-2005-0242

Medium
Secunia Advisory,
SA11815, February 18, 2005

Yahoo! Inc.

Yahoo! Messenger 6.0 .0.1750

A vulnerability exists due to a failure to correctly display files with long filenames in the file transfer dialogue box, which could let a remote malicious user spoof downloaded file names.

Upgrade available: http://messenger.yahoo.com/

There is no exploit code required.

Yahoo! Messenger Download Dialogue Box File Name Spoofing

CVE Name:
CAN-2005-0243

Medium
Secunia Advisory,
SA13712, February 18, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

ADP

Elite System Max 9000 Series

A vulnerability exists because certain configuration files can be overwritten via the FTP server, which could let a malicious user obtain shell access.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

ADP Elite System Max 9000 Series Shell Access

CVE Name:
CAN-2005-0497

Medium
Secunia Advisory, SA14358, February 22, 2005

bidwatcher

bidwatcher 1.3-1.3.16

A vulnerability exists due to a failure of the application to properly implement a formatted string function, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.sourceforge.net/
bidwatcher/bidwatcher-1.3.17.tar.gz

Debian:
http://security.debian.org/pool/
updates/main/b/bidwatcher/

Currently we are not aware of any exploits for this vulnerability.

Bidwatcher Remote Format String

CVE Name:
CAN-2005-0158

High
Debian Security Advisory DSA 687-1, February 18, 2005

Carnegie Mellon University

Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18

Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/

Gentoo:
http://security.gentoo.org/glsa/glsa-200410-05.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/RHSA-2004-546.html

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Debian:
http://security.debian.org/pool/updates/
main/c/cyrus-sasl/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

OpenPGK:
ftp ftp.openpkg.org

FedoraLegacy:
http://download.fedoralegacy.org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

Cyrus SASL Buffer Overflow & Input Validation

CVE Name:
CAN-2004-0884

High

SecurityTracker Alert ID: 1011568, October 7, 2004

Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12 , 14, & 16, 2004

Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004

OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005

Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005

Dan Stromberg

fallback-reboot 0.9, 0.95, 0.96

A remote Denial of Service vulnerability when the daemon status is written to a non-existent terminal.

Upgrades available at:
http://dcs.nac.uci.edu/~strombrg/fallback-
reboot/fallback-reboot.tar.gz

Currently we are not aware of any exploits for this vulnerability.

Fallback-reboot Remote Denial of Service

CVE Name:
CAN-2005-0510

Low
Secunia Advisory,
SA14328, February 22, 2005

Dotcom-Projects.com

DCP-Portal 6.1.1

Multiple vulnerabilities exist due to insufficient validation of user-supplied input in the 'index.php' and 'forums.php' scripts,which could let a remote malicious user inject arbitrary SQL commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

DCP-Portal Input Validation

CVE Name:
CAN-2005-0454

High
hackgen-2005-#003, February 16, 2005

gFTP

gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17

A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.gftp.org/gftp-2.0.18.tar.gz

Debian:
http://security.debian.org/pool/
updates/main/g/gftp/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit code required.

gFTP Remote Directory Traversal

CVE Name:
CAN-2005-0372

Medium

SecurityFocus, February 14, 2005

Debian Security Advisory, DSA 686-1, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005

GlFtpd

GlFtpd 1.26-1.29.1, 1.31, 1.32, 2.0, RC1-RC7

Multiple Directory Traversal vulnerabilities exists in various ZIP related plugins due to insufficient sanitization of user-supplied data, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

glFTPD ZIP Plugins Multiple Directory Traversal

CVE Name:
CAN-2005-0483

Medium
SecurityFocus, 12586, February 18, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

 

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.org/pool/
updates/main/e/enscript/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-03.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-039.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

SGI:
http://www.sgi.com/support/security/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Enscript Input Validation

CVE Names:
CAN-2004-1184
CAN-2004-1185
CAN-2004-1186

 

Low/High

(High if arbitrary code can be executed)

SecurityTracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

GNU Midnight Commander Project

Midnight Commander 4.x

Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code.

Debian:
http://security.debian.org/pool/
updates/main/m/mc/

SUSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-24.xml

Currently we are not aware of any exploits for these vulnerabilities.

Low/ Medium/ High

(Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed)

SecurityTracker Alert, 1012903, January 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005

GNU

CUPS 1.1.22

A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.'

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

SGI:
http://www.sgi.com/support/security/

SuSE:
ftp://ftp.suse.com/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

A Proof of Concept exploit script has been published.

GNU CUPS HPGL ParseCommand() Buffer Overflow

CVE Name:
CAN-2004-1267


High

CUPS Advisory STR #1023, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Turbolinux Security Announcement, February 17, 2005

GNU

CUPS Ippasswd 1.1.22

A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file.

Fixes are available in the CVS repository and are included in version 1.1.23rc1.

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-013.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/security/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

A Proof of Concept exploit has been published.

GNU CUPS lppasswd Denial of Service

CVE Name:
CAN-2004-1268

 

Low

SecurityTracker Alert ID, 1012602, December 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005

SGI Security Advisory, 20050101-01-U, January 19, 2005

Turbolinux Security Announcement, February 17, 2005

GNU

Emacs prior to 21.4.17

 

A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.

Update available at:
ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4

Debian:
http://security.debian.org/pool/.../e/emacs20/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/emacs21/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-20.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Debian:
http://security.debian.org/pool/
updates/main/e/emacs21/

Currently we are not aware of any exploits for this vulnerability.

Emacs Format String

CVE Name:
CAN-2005-0100

High

SecurityTracker Alert, 1013100, February 7, 2005

Debian Security Advisory,
DSA-670-1 & 671-1, February 8, 2005

Ubuntu Security Notice, USN-76-1, February 7, 2005

Fedora Update Notifications
FEDORA-2005-145 & 146, February 14, 2005

Gentoo Linux Security Advisory, GLSA 200502-20, February 15, 2005

Mandrakelinux Security Update Advisory,MDKSA-2005:03, February 15, 2005

Debian Security Advisory, DSA 685-1, February 17, 2005

INL

Ulog-php 08- 0.8.2

Multiple SQL injection vulnerabilities exist due to insufficient sanitization of user-supplied input before used in SQL queries, which could let a malicious user modify data or exploit database implementation vulnerabilities.

Upgrades available at:
http://www.inl.fr/download/
ulog-php-1.0.tar.gz

There is no exploit code required.

INL Ulog-php Multiple SQL Injection

CVE Name:
CAN-2005-0463

Medium
SecurityFocus, 12610, February 21, 2005

J. Schilling

CDRTools 2.0, 2.0.1 a18, 2.0.3.

A vulnerability exists in 'cdrecord,' which could let a malicious user obtain root privileges.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-18.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/10/updates/

FedoraLegacy:
http://download.fedoralegacy.org/
redhat/9/updates/

Exploit scripts have been published.

CDRTools Unspecified Privilege Escalation

CVE Name:
CAN-2004-0806

High

SecurityFocus, August 31, 2004

US-CERT Vulnerability Note VU#700326, September 17, 2004

Fedora Legacy Update Advisory, FLSA:2058, February 21, 2005

Jouni Malinen

wpa_supplicant prior to 0.2.7 and 0.3.8

A remote Denial of Service vulnerability exists in 'wpa.c' when processing WPA2 frames due to insufficient validation of the Key Data Length.

Update available at:
http://hostap.epitest.fi/wpa_supplicant/

Currently we are not aware of any exploits for this vulnerability.

Jouni Malinen wpa_supplicant Remote Denial of Service

CVE Name:
CAN-2005-0470

Low
SecurityTracker Alert, 1013226, February 17, 2005

KDE

KDE 3.3- 3.3.2

Several buffer overflow vulnerabilities exist in the 'FLICCD' utility due to boundary errors, which could let a malicious user obtain elevated privileges vulnerabilities and execute arbitrary code.

Patches available at:
ftp://ftp.kde.org/pub/kde/security_
patches/post-3.3.2-kdeedu-kstars.diff

Currently we are not aware of any exploits for these vulnerabilities.

KDE 'FLICCD' Utility Multiple Buffer Overflows

CVE Name:
CAN-2005-0011

High
Secunia Advisory,
SA14306, February 16, 2005

KDE

kdelibs 3.3.2

A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files.

Patch available at:
http://bugs.kde.org/attachment.
cgi?id=9205&action=view

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

KDE 'DCOPIDLING' Library

CVE Name:
CAN-2005-0365

Medium

SecurityFocus, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005

KDE

KDE 3.x, 2.x

A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.

The vulnerability has been fixed in the CVS repository.

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:160

Debian:
http://security.debian.org/pool/
updates/main/k/kdelibs/

Gentoo:
http://security.gentoo.org/glsa/glsa-
200501-18.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-009.html

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

KDE kio_ftp FTP Command Injection Vulnerability

CVE Name:
CAN-2004-1165

Medium

KDE Advisory Bug 95825, December 26, 2004

Debian Security Advisory, DSA 631-1, January 10, 2005

Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005

Fedora Update Notifications
FEDORA-2005-063 & 064, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3

A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

A Proof of Concept exploit script has been published.

Linux Kernel Local RLIMIT_MEMLOCK
Bypass Denial
of Service

CVE Name:
CAN-2005-0179

Low

Bugtraq, January 7, 2005

Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32

 

Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-29.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Debian:
http://security.debian.org/pool/
updates/main/m/mailman/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Mailman Multiple Remote Vulnerabilities

CVE Names:
CAN-2004-1143
CAN-2004-1177

Medium/ High

(High if arbitrary code can be executed)

SecurityTracker, January 12, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005

SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005

Debian Security Advisory, DSA 674-3, February 21, 2005

Multiple Vendors

ISC BIND 8.4.4, 8.4.5

A remote Denial of Service vulnerability exists in the 'q_usedns' array due to in sufficient validation of the length of user-supplied input prior to copying it into static process buffers. This could possibly lead to the execution of arbitrary code.

Upgrade available at:
http://www.isc.org/index.pl?/sw/bind/

Astaro Linux:
http://www.astaro.org/showflat.php?Cat=
&Number=55637&page=0&view=
collapsed&sb=5&o=&fpart=1#55637

Currently we are not aware of any exploits for this vulnerability.

ISC BIND 'Q_UseDNS' Remote Denial of Service

CVE Name:
CAN-2005-0033

Low/High

(High if arbitrary code can be executed)

US-CERT Vulnerability Note, VU#327633, January 25, 2005

Astaro Security Linux Announcement, February 17, 2005

Multiple Vendors

Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100,
Avaya Modular Messaging (MSS) 1.1, 2.0

Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions.

SUSE:
http://www.novell.com/linux/security/
advisories/2004_44_kernel.html

Trustix:
http://http.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/ubuntu/pool

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-006_RHSA-2004-549
RHSA-2004-505RHSA-2004-689.pdf

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

A Proof of Concept exploit script has been published.

Multiple Vendors Linux Kernel IGMP Integer Underflow

CVE Name:
CAN-2004-1137

Low/ Medium

(Medium if elevated privileges can be obtained)

iSEC Security Research Advisory 0018, December 14, 2004

SecurityFocus, December 25, 2005

Secunia, SA13706, January 4, 2005

Avaya Security Advisory, ASA-2005-006, January 14, 2006

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2 (beta)

A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code.

Update available at:
http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/pool/
updates/main/e/evolution/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Currently we are not aware of any exploits for this vulnerability.

Evolution Camel-Lock-Helper Application Remote Buffer Overflow

CVE Name:
CAN-2005-0102

High

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 673-1, February 10, 2005

Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005

Multiple Vendors

MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1

A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.

Upgrades available at:
http://dev.mysql.com/downloads
/mysql/4.0.html

OpenPKG:
ftp.openpkg.org

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-611.html

SuSE:
ftp://ftp.suse.com/pub/suse

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/mysql-dfsg/m

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

MySQL Database Unauthorized GRANT Privilege

CVE Name:
CAN-2004-0957

Medium

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Multiple Vendors

OpenLDAP 2.0-2.0.23, 2.0.25, 2.0.27, 2.1 .20, 2.1.4, 2.1.10-2.1.19, 2.1.22, 2.2.6, 2.2.15; SuSE Linux 8.2, 9.0 x86_64, 9.0, 9.1 x86_64, 9.1, 9.2 x86_64, 9.2

Multiple unspecified remote vulnerabilities exist in the 'slapd' daemon.

SuSE:
ftp://ftp.suse.com/pub/suse/

Currently we are not aware of any exploits for these vulnerabilities.

OpenLDAP SlapD Multiple Remote Denials of Service
Low
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Multiple Vendors

OpenSSH 3.0 p1-3.0.2 pl1, 3.0-3.0.2, 3.1-3.5, 3.1pl1, 3.2.2 p1, 3.2.3 p1, 3.3 p1-3.5pl1, 3.6.1 p1&pl2, 3.6.1, 3.7, 3.7.1, 3.7 p1&pl2, 3.7.1 p1, 3.8.1 p1, 3.9.1 pl1

An information disclosure vulnerability exists in the portable version of OpenSSH that is distributed for operating systems other than its native OpenBSD platform, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssh/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit code required.

OpenSSH-portable Remote Information Disclosure

CVE Name:
CAN-2003-0190

Medium

Ubuntu Security Notice, USN-34-1 November 30, 2004

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0

Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-wccp
_denial_of_service.patch

http://www.squid-cache.org/Versions/v2/
2.5/bugs/squid-2.5.STABLE7-gopher_
html_parsing.patch

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-25.xml

Debian:
http://security.debian.org/pool/
updates/main/s/squid/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates

RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-061.html

SUSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/errata/2005/0003/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit required.

Squid Proxy Web Cache WCCP Functionality Remote Denial of Service & Buffer Overflow

CVE Names:
CAN-2005-0094
CAN-2005-0095

Low/High

(High if arbitrary code can be executed)

Secunia Advisory, SA13825, January 13, 2005

Debian Security Advisory, DSA 651-1, January 20, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005

Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005

RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005

Turbolinux Security Announcement, February 17, 2005

 

Multiple Vendors

ALSA alsa-lib 1.0.6;
RedHat Enterprise Linux WS 4, ES 4, Enterprise Linux Desktop version 4, Enterprise Linux AS 4

A vulnerability exists in the Advanced Linux Sound Architecture (ALSA) mixer code, which could let a malicious user modify system information.

RedHat:
http://www.redhat.com/support/errata/
RHSA-2005-033.html

Currently we are not aware of any exploits for this vulnerability.

ALSA Mixer Code Protection Bypass

CVE Name:
CAN-2005-0087

Medium
Red Hat Security Advisory, RHSA-2005:033-01, February 15, 2005

Multiple Vendors

Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1

A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows

CVE Name:
CAN-2005-0490

High
iDEFENSE Security Advisory , February 21, 2005

Multiple Vendors

Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions

Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/

Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml

KDE:
ftp://ftp.kde.org/pub/kde/security_patches/
post-3.3.1-kdegraphics.diff

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/

SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-132.html

Currently we are not aware of any exploits for these vulnerabilities.

 

Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows

CVE Names:
CAN-2004-0888
CAN-2004-0889

High

SecurityTracker Alert ID, 1011865, October 21, 2004

Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004

Debian Security Advisory, DSA 599-1, November 25, 2004

SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004

Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005

Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136, February 8 & 9, 2005

Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005

Mandrakelinux Security Update Advisories, MDKSA-2005:041-044, February 18, 2005

RedHat Security Advisory, RHSA-2005:132-09, February, 18. 2005

Multiple Vendors

Gentoo Linux;
GNU Mailman 2.1-2.1.5; RedHat Fedora Core3 & Core2; Ubuntu Linux 4.1 ppc, ia64, ia32

A Directory Traversal vulnerability exists in 'private.py' due to an input validation error, which could let a remote malicious user obtain sensitive information.

Debian:
http://security.debian.org/pool/
updates/main/m/mailman/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-11.xml

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata
/RHSA-2005-136.html

SUSE:
ftp://ftp.suse.com/pub/suse/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mailman/

There is no exploit code required.

GNU Mailman Remote Directory Traversal

CVE Name:
CAN-2005-0202

Medium

Debian Security Advisory, DSA 674-1, February 10, 2005

Ubuntu Security Notice USN-78-1, February 10, 2005

Fedora Update Notifications
FEDORA-2005-131 & 132, February 10, 2005

Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005

RedHat Security Advisory, RHSA-2005:136-08, February 10, 2005

Fedora Update Notifications,
FEDORA-2005-131 & 132, February 10, 2005

Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005

Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005

SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:037, February 14, 2005

Ubuntu Security Notice, USN-78-2 , February 17, 2005

Debian Security Advisory, DSA 674-3, February 21, 2005

Multiple Vendors

Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0

Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information, or cause a Denial of Service.

Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-28.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

X.org:
http://www.x.org/pub/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-537.html

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:137
(libxpm)

http://www.mandrakesoft.com/security/
advisories?
name=MDKSA-2004:138
(XFree86)

Debian:
http://www.debian.org/
security/2004/dsa-607
(XFree86)

SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/

TurboLinux:
http://www.turbolinux.com/update/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-023_RHSA-2004-537.pdf

http://support.avaya.com/elmodocs2/
security/ASA-2005-025_RHSA-2005-004.pdf

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-06.xml

http://security.gentoo.org/
glsa/glsa-200502-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors LibXPM Multiple Vulnerabilities

CVE Name:
CAN-2004-0914

Low/ Medium/ High

(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)

X.Org Foundation Security Advisory, November 17, 2004

Fedora Update Notifications,
FEDORA-2004-433 & 434, November 17 & 18, 2004

SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004

Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004

Fedora Security Update Notifications
FEDORA-2003-464, 465, 466, & 467, December 1, 2004

RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004

Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004

Debian Security Advisory
DSA-607-1 xfree86 -- several vulnerabilities, December 10, 2004

Turbolinux Security Announcement, January 20, 2005

Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005

Gentoo Linux Security Advisories, GLSA 200502-06 & 07, February 7, 2005

Ubuntu Security Notice, USN-83-1 February 16, 2005

Multiple Vendors

Gentoo Linux;
GProFTPD GProFTPD 8.1.7

A format string vulnerability exists in the 'gprostats' utility, which could let a remote malicious user execute arbitrary code.

Upgrade available at:
http://mange.dynup.net/linux.html#Download

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-26.xml

Currently we are not aware of any exploits for this vulnerability.

GProFTPD GProstats Remote Format String

CVE Name:
CAN-2005-0484

High
Gentoo Linux Security Advisory, GLSA 200502-26, February 18, 2005

Multiple Vendors

Gentoo Linux;
lighttpd lighttpd 1.3.7

A vulnerability exists in the 'buffer_urldecode()' function because encoded control sequences are handled incorrectly, which could let a remote malicious user obtain sensitive information.

Upgrade available at:
http://www.lighttpd.net/download/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-21.xml

There is no exploit code required.


Lighttpd 'buffer_urldecode()' Function Information Disclosure

CVE Name:
CAN-2005-0453

Medium

Gentoo Linux Security Advisory, GLSA 200502-21, February 15, 2005

Multiple Vendors

Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10

A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.

Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-016.html

http://rhn.redhat.com/errata/
RHSA-2005-017.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Exploit scripts have been published.

Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges

CVE Name:
CAN-2005-0001

High

SecurityTracker Alert, 1012862, January 12, 2005

SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005

RedHat Security Advisory, RHSA-2005:016-13 & 017-14, January 21, 2005

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing

A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are not properly processed, which could let a remote malicious user execute arbitrary code with root privileges.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Trustix:
http://http.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-034_RHSA-2005
-016RHSA-2006-017RHSA-2005-043.pdf

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Another exploit script has been published.

Linux Kernel uselib() Root Privileges

CVE Name:
CAN-2004-1235

High

iSEC Security Research Advisory, January 7, 2005

Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005

Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005

PacketStorm, January 27, 2005

Avaya Security Advisory, ASA-2005-034, February 8, 2005

Ubuntu Security Notice, USN-57-1, February 9, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux Kernel 2.6 - 2.6.10 rc2

The DRM module in the Linux kernel is susceptible to a local Denial of Service vulnerability. This vulnerability likely results in the corruption of video memory, crashing the X server. Malicious users may be able to modify the video output.

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Linux Kernel Local DRM Denial of Service

CVE Name:
CAN-2004-1056

Low

Ubuntu Security Notice USN-38-1 December 14, 2004

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3

An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel
SCSI IOCTL Integer
Overflow

CVE Name:
CAN-2005-0180

High

Bugtraq, January 7, 2005

Fedora Update Notifications,
FEDORA-2005-013 & 014, January 10, 2005

SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Multiple Vulnerabilities

CVE Names:
CAN-2005-0176
CAN-2005-0177
CAN-2005-0178 CAN-2005-0204

Low/Medium

(Low if a DoS)

Ubuntu Security Notice, USN-82-1, February 15, 2005

RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005

MySQL AB
Conectiva
Debian
Engarde
FreeBSD
Gentoo
HP
IBM
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
Trustix
Sun
SuSE

MySQL AB MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, 3.23.8- 3.23.10, 3.23.22- 3.23.34, 3.23.36- 3.23.56, 3.23.58, 4.0 .0- 4.0.15, 4.0.18, 4.1.0-0, 4.1 .0-alpha

A vulnerability exists in the MySQL 'mysqld_multi' script due to insecure temporary file handling, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/m/mysql/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

OpenPKG:
ftp://ftp.openpkg.org/release/
2.0/UPD/mysql-4.0.18-2.0.1.src.rpm

Gentoo:
http://security.gentoo.org/glsa/
glsa-200405-20.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is not exploit code required.

MySQL 'mysqld_multi' Insecure Temporary File Handling

CVE Name:
CAN-2004-0388

Medium

Debian Security Advisory, DSA 483-1, April 14, 2004

Gentoo Linux Security Advisory, GLSA 200405-20, May 25, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:034, April 20, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.014, April 14, 2004

Turbolinux Security Announcement, February 17, 2005

MySQL AB

MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0

A buffer overflow vulnerability exists in the 'mysql_real_connect' function due to insufficient boundary checking, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Note: Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue.

Debian:
http://security.debian.org/pool/
updates/main/m/mysql/

Trustix:
http://http.trustix.org/pub/trustix/updates/

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

SUSE:
ftp://ftp.suse.com/pub/suse

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

We are not aware of any exploits for this vulnerability.

MySQL Mysql_real_connect Function Remote Buffer Overflow

CVE Name:
CAN-2004-0836

Low/High

(High if arbitrary code can be executed)

Secunia Advisory,
SA12305, August 20, 2004

Debian Security Advisory, DSA 562-1, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

MySQL AB

MySQL 3.23.49, 4.0.20

A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/m/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-02.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata
/RHSA-2004-569.html

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrake:
http://www.mandrakesoft.com/
security/advisories

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

There is no exploit code required.

MySQL
'Mysqlhotcopy' Script Elevated Privileges

CVE Name:
CAN-2004-0457

Medium

Debian Security Advisory, DSA 540-1, August 18, 2004

Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004

SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004

RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

MySQL AB

MySQL 3.x, 4.x

 

Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'

Updates available at:
http://dev.mysql.com/downloads/mysql/

Debian:
http://security.debian.org/pool/
updates/main/m/mysql

Trustix:
http://http.trustix.org/pub/trustix/updates/

Mandrake:
http://www.mandrakesoft.com
/security/advisories

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/m/mysql-dfsg/

SuSE:
ftp://ftp.suse.com/pub/suse

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

We are not aware of any exploits for these vulnerabilities.

MySQL Security Restriction Bypass & Remote Denial of Service

CVE Names:
CAN-2004-0835
CAN-2004-0837

Low/ Medium

(Low if a DoS; and Medium if security restrictions can be bypassed)

Secunia Advisory, SA12783, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Ubuntu Security Notice, USN-32-1, November 25, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Netkit

Linux Netkit 0.17

A Denial of Service vulnerability exists when processing malformed size packets.

Debian:
http://security.debian.org/pool/updates/
main/n/netkit-rwho/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

Netkit RWho Malformed Packet Size Denial of Service

CVE Name:
CAN-2004-1180

Low

Debian Security Advisory DSA 678-1, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:039, February 17, 2005

NewsBruiser

NewsBruiser 2.0-2.3, 2.4, 2.4.1, 2.5, 2.6

A vulnerability exists in the comment system due to an error, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://newsbruiser.tigris.org/files/
documents/158/20687/NewsBruiser
-2.6.1.tar.gz

There is no exploit script required.

NewsBruiser Security Restrictions Bypass

CVE Name:
CAN-2005-0461

Medium
Secunia Advisory,
SA14262, February 17, 2005

Novell

Mono 1.0.5

Several Cross-Site Scripting vulnerabilities exist when converting Unicode characters ranging from U+ff00-U+ff60 to ASCII, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mono Multiple Cross-Site Scripting

CVE Name:
CAN-2005-0509

High
Secunia Advisory,
SA14325, February 22, 2005

Nullsoft

SHOUTcast 1.9.4

A format string vulnerability exists that could allow a remote malicious user to execute arbitrary code on the target system. A remote user can supply a specially crafted request to the target server containing format string characters to cause the target service to crash or execute arbitrary code.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-04.xml

An exploit script has been published.

Nullsoft SHOUTcast Format String Flaw

CVE Name:
CAN-2004-1373

High

SecurityTracker Alert ID: 1012675, December 24, 2004

Gentoo GLSA 200501-04, January 5, 2005

SecurityFocus, 12096, February 19, 2005

 

PHP Arena

paFaq Beta4

Multiple vulnerabilities exist in the 'question.php,' 'answer.php,' 'search.php,' and 'comment.php' scripts due to insufficient validation of user-supplied input, which could let a remote malicious user obtain sensitive information or unauthorized network access.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

PaFaq Input Validation

CVE Name:
CAN-2005-0475

Medium
PersianHacker.NET 200505-07, February 15, 2005

PostgreSQL

PostgreSQL 7.4.5; Avaya CVLAN, Integrated Management, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0

A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.

Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-16.xml

Debian:
http://security.debian.org/pool/updates/
main/p/postgresql/

OpenPKG:
ftp://ftp.openpkg.org/release/

Mandrakesoft:
http://www.mandrakesoft.com/security
/advisories?name=MDKSA-2004:149

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-489.html

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-024_
RHSA-2004-489.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/

There is no exploit code required.

PostgreSQL Insecure Temporary File Creation

CVE Name:
CAN-2004-0977

Medium

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200410-16, October 18, 2004

Debian Security Advisory, DSA 577-1, October 29, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.046, October 29, 2004

Mandrakesoft Security Advisory, MDKSA-2004:149, December 13, 2004

Red Hat Advisory RHSA-2004:489-17, December 20, 2004

Avaya Security Advisory, ASA-2005-024, January 25, 2005

Turbolinux Security Announcement, February 17, 2005

RedHat

Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: two Denial of Service vulnerabilities exist; and a vulnerability exists in the Linux 4 kernel 4GB/4GB split patch, which could let a malicious user obtain sensitive information.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Currently we are not aware of any exploits for these vulnerabilities.

Red Hat Enterprise Linux Kernel Multiple Vulnerabilities

CVE Names:
CAN-2005-0090
CAN-2005-0091
CAN-2005-0092

Low/Medium

(Low if a DoS)

RedHat Security Advisory, RHSA-2005:092-14, February 18,2005

Redhat

GNOME VFS

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64;
Red Hat Linux Advanced Workstation 2.1 - ia64;
Red Hat Enterprise Linux ES version 2.1 - i386;
Red Hat Enterprise Linux WS version 2.1 - i386;
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64;
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64;
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Multiple vulnerabilities exist in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. A malicious user who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts.

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/
manuals/enterprise/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
http://www.suse.com/en/private
/download/updates/92_i386.html

Avaya:
http://support.avaya.com/japple/css/
japple?temp.groupID=128450&temp.
selectedFamily=128451&temp.selected
Product=154235&temp.selectedBucket
=126655&temp.feedbackState=askFor
Feedback&temp.documentID=198525&PAGE=
avaya.css.CSSLvl1Detail&execute
Transaction= avaya.css.UsageUpdate()

SGI:
ftp://patches.sgi.com/support/free/
security/patches/ProPack/3/

Fedora:
http://download.fedoralegacy.org/redhat/

We are not aware of any exploits for these vulnerabilities.

Red Hat GNOME VFS updates address extfs vulnerability

CVE Name:
CAN-2004-0494

High

Red Hat Security Advisory ID: RHSA-2004:373-01, August 4, 2004

Fedora Update Notification
FEDORA-2004-272 & 273, September 1, 2004

SecurityFocus, Bugtraq ID: 10864, December 7, 2004

Fedora Legacy Update Advisory, FLSA:1944, February 20, 2005

Rob Flynn

Gaim 1.0-1.0.2, 1.1.1, 1.1.2

Multiple remote Denial of Service vulnerabilities exist: a vulnerability exists when a remote malicious ICQ or AIM user submits certain malformed SNAC packets; and a vulnerability exists when parsing malformed HTML data.

Upgrades available at:
http://gaim.sourceforge.net/downloads.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

There is no exploit code required.

Gaim Multiple Remote Denials of Service

CVE Names:
CAN-2005-0472
CAN-2005-0473

Low

Gaim Advisory, February 17, 2005

Fedora Update Notifications,
FEDORA-2005-159 & 160, February 21, 2005

US-CERT Vulnerability Note VU#839280

US-CERT Vulnerability Note VU#523888

Simon Tatham

PSCP 0.54, 0.55, PSFTP 0.55, PuTTY 0.48-0.56

Several vulnerabilities exist: a vulnerability exists in 'sftp.c' due to an integer overflow in the 'fxp_readdir_recv()' function, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in 'sftp.c' due to an integer overflow in the 'sftp_pkt_getstring()' function, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.chiark.greenend.org.uk/
~sgtatham/putty/download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-28.xml

Currently we are not aware of any exploits for these vulnerabilities.

Simon Tatham PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow

CVE Name:
CAN-2005-0467

High
Secunia Advisory,
SA14333, February 21, 2005

sox.sourceforge
.net
  Fedora
  Mandrakesoft
  Gentoo
  Conectiva
  RedHat

SoX 12.17.4, 12.17.3,
and 12.17.2

Multiple vulnerabilities exist that could allow a remote malicious user to execute arbitrary code This is due to boundary errors within the "st_wavstartread()" function when processing ".WAV" file headers and can be exploited to cause stack-based buffer overflows. Successful exploitation requires that a user is tricked into playing a malicious ".WAV" file with a large value in a length field.

Fedora:
http://download.fedora.redhat.com/pub/f
edora/linux/core/updates/1/

http://download.fedora.redhat.com
/pub/fedora/linux/core/updates/2/

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:076

Gentoo:
http://security.gentoo.org/glsa/
glsa-200407-23.xml

Conectiva:
ftp://atualizacoes.conectiva.com.br

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-409.html

Slackware:
ftp://ftp.slackware.com/pub/slackware/

SGI:
ftp://patches.sgi.com/support/
free/security/patches/ProPack/3/

Debian:
http://security.debian.org/pool
/updates/main/s/sox/

Fedora:
http://download.fedoralegacy.
org/redhat/

An exploit script has been published.

SoX ".WAV" File Processing Buffer Overflow Vulnerabilities

CVE Name:
CAN-2004-0557

High

Secunia, SA12175, 12176, 12180, July 29, 2004

SecurityTracker Alerts 1010800 and 1010801, July 28/29, 2004

Mandrakesoft Security Advisory MDKSA-2004:076, July 28, 2004

PacketStorm, August 5, 2004

Slackware Security Advisory, SSA:2004-223-03, august 10, 2004

SGI Security Advisory, 20040802-01-U, August 14, 2004

Debian Security Advisory, DSA 565-1, October 13, 2004

Fedora Legacy Update Advisory, FLSA:1945, February 20, 2005

Squid-cache.org

Squid Web Proxy Cache 2.5 .STABLE5-STABLE8

A remote Denial of Service vulnerability exists when performing a Fully Qualify Domain Name (FQDN) lookup and and unexpected response is received.

Patches available at:
http://downloads.securityfocus.com/
vulnerabilities/patches/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-25.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy FQDN Remote Denial of Service

CVE Name:
CAN-2005-0446

Low

Secunia Advisory,
SA14271, February 14, 2005

Gentoo Linux Security Advisory GLSA, 200502-25, February 18, 2005

Ubuntu Security Notice, USN-84-1, February 21, 2005

Fedora Update Notifications,
FEDORA-2005-153 & 154,
February 21, 2005

SUSE Security Announcement, SUSE-SA:2005:008, February 21, 2005

Sun Microsystems, Inc.

Solaris 7.0, 7.0 _x86, 8.0, 8.0 _x86, 9.0, 9.0 _x86

A vulnerability exists in the 'kcms_configure(1)' command, which could let a malicious user cause a Denial or Service or possibly obtain elevated privileges.

Patches available at:
http://classic.sunsolve.sun.com/
pub-cgi/retrieve.pl?doc=fsalert
%2F57706&zone
_32=category%3Asecurity

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris 'kcms_configure(1)' Command

CVE Name:
CAN-2004-0481

Low/Medium

(Medium if elevated privileges can be obtained)

Sun(sm) Alert Notification, 57706, February 18, 2005

Tarantella Inc.

Enterprise 3 3.30, 3.40, Secure Global Desktop Enterprise Edition 3.42, 4.0

A vulnerability exists due to a design error, which could let a remote malicious user obtain sensitive information.

Workaround available at:
http://www.tarantella.com/security/
bulletin-11.html

There is no exploit code required.

Tarantella Enterprise/Secure Global Desktop Remote Information Disclosure

CVE Name:
CAN-2005-0486

Medium
Tarantella Security Bulletin #11, February 18, 2005

Typespeed

Typespeed 0.4.1

A local format string vulnerability exists which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/pool/
updates/main/t/typespeed/

Currently we are not aware of any exploits for this vulnerability.

Typespeed Format String

CVE Name:
CAN-2005-0105

Medium
Debian Security Advisory DSA 684-1, February 16, 2005

Uim

Uim 4.5

A vulnerability exists in the Uim library because environment variables contents are always trusted, which could let a malicious user obtain elevated privileges.

Upgrade available at:
http://uim.freedesktop.org/releases/
uim-0.4.5.1.tar.gz

Currently we are not aware of any exploits for this vulnerability.

UIM LibUIM Elevated Privileges

CVE Name:
CAN-2005-0503

Medium
SecurityFocus, 12604, February 21, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name
Risk
Source

Apache Software Foundation

Batik Squiggle Browser 1.5

A vulnerability exists that could permit a user to bypass certain security restrictions due to an unspecified error in the Squiggle browser script code.

Update to version 1.5.1:
http://www.apache.org/dyn/closer.cgi/
xml/batik

Currently we are not aware of any exploits for this vulnerability.

Batik Squiggle Browser Access

CVE Name:
CAN-2005-0508

Medium
SecurityFocus, Bugtraq ID 12619, February 22, 2005

Craig Knudsen

WebCalendar 0.9.45

 

A vulnerability exists in 'user_valid_crypt function()' due to insufficient validation of the user-supplied login name parameter, which could let a remote malicious user obtain sensitive information or unauthorized network access.

Update available at: http://www.k5n.us/webcalendar.php?topic=Download

A Proof of Concept exploit has been published.

Craig Knudsen WebCalendar 'user_valid_crypt function()' Input Validation

CVE Name:
CAN-2005-0474

Medium
Scovetta Labs Security Advisory, SCL-2005.001, February 17, 2005

GigaFast

EE400-R Broadband Router

Two vulnerabilities exist that be exploited by a local malicious user to cause a Denial of Service and disclose some sensitive information. This is due to errors in the 'backup.cfg' configuration file and an error in the handling of DNS queries.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

GigaFast EE400-R Broadband Router Two Vulnerabilities

CVE Name:
CAN-2005-0498
CAN-2005-0499

Low/Medium

(Medium if sensitive information can be obtained)

Secunia
SA14366, February 22, 2005

GNU

AWStats 5.0-5.9, 6.0-6.2

Several vulnerabilities exist: a vulnerability exists in the 'awstats.pl' script due to insufficient validation of the 'configdir' parameter, which could let a remote malicious user execute arbitrary code; and an unspecified input validation vulnerability exists.

Upgrades available at:
http://awstats.sourceforge.net/files/awstats-6.3.tgz

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-36.xml

Exploit scripts have been published.

GNU AWStats Multiple Remote Input Validation

CVE Name:
CAN-2005-0116

High

Securiteam, January 18, 2005

Gentoo Linux Security Advisory [UPDATE] GLSA 200501-36:03, February 14, 2005

US-CERT Vulnerability Note VU#272296

SecurityFocus, February 16, 2005

GNU

BibORB version 1.3.2 and prior

Multiple input validation vulnerabilities exist that could permit a remote malicious user to conduct Cross-Site Scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.

Upgrade:
http://biborb.glymn.net/doku.php?id=
download&DokuWiki=
396024aefb12a718f8336c07de2160e9

A Proof of Concept exploit has been published.

GNU BibORB Multiple Vulnerabilities

CVE Name:
CAN-2005-0251
CAN-2005-0252
CAN-2005-0253
CAN-2005-0254

High
SecurityFocus, Bugtraq ID 12583, February 17, 2005

GPL

MercuryBoard 1.0.x and 1.1.x

A Cross-Site Scripting vulnerability exists due to input validation errors in the input passed to the 'f' parameter in 'forum.php.'

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

GPL MercuryBoard 'f' Cross-Site Scripting Vulnerability

CVE Name:
CAN-2005-0462

High
SecurityTracker Alert ID: 1013223, February 17, 2005

GPL

MercuryBoard 1.1.0

Multiple vulnerabilities exists that could permit users to conduct Cross-Site Scripting SQL injection attacks. Input in multiple variables in 'index.php' is not properly validated.

Update to version 1.1.2:
http://www.mercuryboard.com/index.
php?a=downloads

A Proof of Concept exploit has been published.

GPL MercuryBoard Multiple Vulnerabilities

CVE Name:
CAN-2005-0306
CAN-2005-0307
CAN-2005-0414

 

High
Secunia, SA13870, February 17, 2005

GPL

MercuryBoard 1.1.2. Version 1.0.x and
1.1.x

A vulnerability exists that could permit system information disclosure. This is due to a design error that exposes debug information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

GPL Mercuryboard Debug Information Disclosure Vulnerability

CVE Name:
CAN-2005-0460

Low
Secunia SA14284, February 15, 2005

Invision Power Services

Invision Power Board 1.3.1

An input validation vulnerability exists which could permit users to conduct script insertion attacks. Input passed in some nested SML codes in a forum post or signature is not properly validated.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Invision Power Board Script Insertion Vulnerability

CVE Name:
CAN-2005-0477

High

Secunia, SA14329, February 21, 2005

Jelsoft Enterprises

vBulletin 3.0.6 and prior

An input validation vulnerability exists that could let remote malicious users inject and execute arbitrary PHP code. Nested input passed to the 'template' parameter in 'misc.php' is not properly verified.

Update to version 3.0.7: http://www.vbulletin.com/download.php

A Proof of Concept exploit has been published.

Jelsoft Enterprises vBulletin PHP Code Injection Vulnerability

CVE Name:
CAN-2005-0511

High
Secunia
SA14326, February 22, 2005

Jelsoft Enterprises

VBulletin VBulletin 3.0 Gamma, beta 2-beta7. 3.0-3.0.4

A vulnerability exists in the 'forumdisplay.php' script due to insufficient sanitization when the 'showforumusers' option is enabled, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Jelsoft VBulletin 'Forumdisplay.PHP' Script Remote Command Execution

CVE Name:
CAN-2005-0429

High

SecurityFocus, February 14, 2005

SecurityFocus, 12542, February 16, 2005

Kayako

eSupport 2.3.1

A Cross-Site Scripting vulnerability exists due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Kayako ESupport Cross-Site Scripting

CVE Name:
CAN-2005-0487

High
SecurityFocus, 12563, February 15, 2005

Knox Software

Arkeia 4.0-4.2, 5.2, 5.3

A buffer overflow vulnerability exists when handling data that is contained in a type 77 request packet due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
ftp://ftp.arkeia.com/

Exploit scripts have been published.

Knox Arkeia Type 77 Request Remote Buffer Overflow

CVE Name:
CAN-2005-0491

High
Secunia Advisory, SA14327, February 22, 2005

Mark Burgess

Cfengine 2.0.0 to 2.1.7p1.

Input validation and buffer overflow vulnerabilities exist in Cfengine which could allow a remote malicious user to execute arbitrary code or cause a DoS (Denial of Service). The vulnerabilities are caused due to insufficient input validation and a boundary error in the cfservd daemon when processing authentication requests. The problems lies in the AuthenticationDialogue()" function, which is responsible for performing RSA authentication and key agreement.

Update to version 2.1.8 available at: http://www.cfengine.org/mirrors.html

Gentoo:
http://security.gentoo.org/glsa/
glsa-200408-08.xml

An exploit script has been published.

Cfengine RSA Authentication Heap Corruption

CVE Names:
CAN-2004-1701
CAN-2004-1702

High

Core Security Technologies Advisory, Advisory ID: CORE-2004-0714, August 9, 2004

SecurityFocus, 10899, February 19, 2005

Miro International

Mambo 4.5.2

A vulnerability exists in 'Tar.php' that could permit a remote malicious user to execute arbitrary commands on the target system.

A fixed version (4.5.2.1) is available at: http://mamboforge.net/frs/?group_id=5

A Proof of Concept exploit has been published.

Miro International Mambo Remote Code Vulnerability

CVE Name:
CAN-2005-0512

High
Mambo Help Reference 20050219, February 18, 2005

osCommerce

osCommerce 2.2 ms2

A Cross-Site Scripting vulnerability exists in 'Contact_us.php' which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

osCommerce 'Contact_us.PHP' Cross-Site Scripting

CVE Name:
CAN-2005-0458

High
SecurityFocus, 12568, February 15, 2005

PHP Arena

paNews 2.0b4

An input validation vulnerability exists that could permit a remote user to conduct Cross-Site Scripting attacks. The 'comment.php' script does not properly validate user-supplied input in the 'showpost' parameter.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

PHP Arena paNews 'comment.php' Cross-Site Scripting Vulnerability

CVE Name:
CAN-2005-0485

High
SecurityTracker Alert ID: 1013224, February 17, 2005

phpBB Team

phpBB 2.0.11

Multiple vulnerabilities exist which remote users could exploit to disclose and delete sensitive information. This is due to errors in the avatar handling functions.

Update to version 2.0.12: http://www.phpbb.com/downloads.php

Currently we are not aware of any exploits for this vulnerability.

 

phpBB Information Disclosure Vulnerability

CVE Name:
CAN-2005-0258
CAN-2005-0259

Medium
phpBB Advisory 265423, February 21, 2005

PHP Group

PHP 4.0-4.0.7, 4.0.7 RC1-RC3, 4.1 .0-4.1.2, 4.2 .0-4.2.3, 4.3-4.3.8, 5.0 candidate 1-3, 5.0 .0-5.0.2

A vulnerability exists in the 'open_basedir' directory setting due to a failure of the cURL module to properly enforce restrictions, which could let a malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP cURL Open_Basedir Restriction Bypass

CVE Name:
CAN-2004-1392

Medium

SecurityTracker Alert ID, 1011984, October 28, 2004

Ubuntu Security Notice, USN-66-1, January 20, 2005

Ubuntu Security Notice, USN-66-2, February 17, 2005

phpMyAdmin

phpMyAdmin 2.6.2-dev

A vulnerability exists that could permit a remote user to directly access the '\libraries\select_lang.lib.php' file to cause the system to display an error message that discloses the installation path.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

phpMyAdmin Information Disclosure Vulnerability

CVE Name:
CAN-2005-0459

Low

SecurityTracker Alert ID: 1013210, February 16, 2005

pMachine, Inc.

pMachine 2.4

An input validation vulnerability exists that could permit a remote user to execute arbitrary commands on the target system. The 'pm/add_ons/mail_this_entry/mail_autocheck.php' script does not properly validate user-supplied input.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

pMachine Remote Code Execution Vulnerability

CVE Name:
CAN-2005-0513

High
SecurityFocus, Bugtraq ID 12597, February 19, 2005

Python

SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4

A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected.

Patches for Python 2.2, 2.3, and 2.4, available at:
http://python.org/security/
PSF-2005-001/patch-2.2.txt
(Python 2.2)

http://python.org/security/
PSF-2005-001/patch.txt
(Python 2.3, 2.4)

The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1.

Debian:
http://www.debian.org/security/
2005/dsa-666

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-09.xml

Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:035

Trustix:
http://www.trustix.org/errata/2005/0003/

Red Hat:
http://rhn.redhat.com/errata
/RHSA-2005-109.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Python SimpleXMLRPCServer Remote Code

CVE Name:
CAN-2005-0089
CAN-2005-0088

High

Python Security Advisory: PSF-2005-001, February 3, 2005

Gentoo, GLSA 200502-09, February 08, 2005

Mandrakesoft, MDKSA-2005:035, February 10, 2005

Trustix #2005-0003, February 11, 2005

RedHat Security Advisory, RHSA-2005:109-04, February 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

US-CERT Vulnerability Note VU#356409

Seth M. Knorr

Biz Mail Form 2.1

An input validation vulnerability exists that could permit remote malicious users to use the program as an open mail relay. Input passed to the 'email' parameter is not properly validated .

Update to version 2.2:
http://www.bizmailform.com/
downloadnew.html

Currently we are not aware of any exploits for this vulnerability.

Seth M. Knorr Biz Mail Form Access Vulnerability

CVE Name:
CAN-2005-0493

Medium
Secunia
SA14351, February 22, 2005

Squid-cache.org

Squid 2.5

A vulnerability exists that could permit a remote malicious user to send multiple Content-length headers with special HTTP requests to corrupt the cache on the Squid server.

A patch (squid-2.5.STABLE7-header_parsing.patch) is available at: http://www.squid-cache.org/Versions/v2/2.5/bugs/
squid-2.5.STABLE7-header_parsing.patch

Conectiva:
http://distro.conectiva.com.br/atualizacoes/
index.php?id=a&anuncio=000923

Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200502-04.xml

Debian:
http://www.debian.org/
security/2005/dsa-667

Ubuntu:
http://www.ubuntulinux.org/support/
documentation/usn/usn-77-1

SuSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/errata/2005/0003/

Mandrake:
http://www.mandrakesecure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html

SuSE:
ftp://ftp.suse.com/pub/suse/

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/s/squid/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Squid Error in Parsing HTTP Headers

CVE Name:
CAN-2005-0174
CAN-2005-0175

Medium

SecurityTracker Alert ID, 1012992, January 25, 2005

Gentoo GLSA 200502-04, February 2, 2005

Debian DSA-667-1, February 4, 2005

SUSE, SUSE-SR:2005:003, February 4, 2005

US-CERT Vulnerability Note, VU#924198

US-CERT Vulnerability Note, VU#625878

Trustix #2005-0003, February 11, 2005

Ubuntu Security Notice, USN-77-1, February 7, 2005

SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:034, February 11, 2005

RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005

Turbolinux Security Announcement, February 17, 2005

Symantec

Norton AntiVirus for Microsoft Exchange 2.1, prior to build 2.18.85;
Symantec Norton Antivirus 2004 for Windows;
Symantec Norton Antivirus 2004 for Macintosh;
Symantec Norton Antivirus 9.0 for Macintosh

A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target system. The DEC2EXE engine does not properly parse UPX compressed files when inspecting them for viruses.

A fix is available via LiveUpdate and at: http://www.symantec.com/techsupp

Symantec Response Updated 2/17/2005
Further breakout to clarify vulnerable and non-vulnerable builds
.

Currently we are not aware of any exploits for this vulnerability.

Symantec Norton Anti-Virus Buffer Overflow

CVE Name:
CAN-2005-0249

High

Symantec Security Response, SYM05-003, February 8, 2005

US-CERT Vulnerability Note VU#107822

Symantec Security Response, SYM05-003, Updated February 17, 2005

Thomson

TCW690 Cable Modem Software version ST42.03.0a

Two vulnerabilities exist that could permit users to cause a Denial of Service and security restriction bypass. This is due to a boundary error in the HTTP interface and an error in the authorization process.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Thomson TCW690 Cable Modem Two Vulnerabilities

CVE Name:
CAN-2005-0494
CAN-2003-1085

Low/Medium

(Medium if security restrictions can be bypassed)

SecurityFocus, Bugtraq ID 12595, February 19, 2005

University of California (BSD License)

PostgreSQL 7.x, 8.x

 

Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration.

Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7: http://wwwmaster.postgresql.
org/download/mirrors-ftp

Ubuntu:
http://www.ubuntulinux.org/
support/
documentation/usn/usn-71-1

Debian:
http://www.debian.org/
security/2005/dsa-668

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-08.xml

Fedora:
http://download.fedora.redhat.com/
pub
/fedora/linux/core/updates/

Trustix:
http://http.trustix.org/pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/postgresql/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-141.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-19.xml

Debian:
http://security.debian.org/
pool/updates/main/p/postgresql/

Mandrakesoft:
http://www.mandrakesoft.com/
security/ advisories?name=
MDKSA-2005:040

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

University of California PostgreSQL Multiple Vulnerabilities

CVE Name:
CAN-2005-0227
CAN-2005-0246
CAN-2005-0244
CAN-2005-0245
CAN-2005-0247

Medium/ High

(High if arbitrary code can be executed)

PostgreSQL Security Release, February 1, 2005

Ubuntu Security Notice USN-71-1 February 01, 2005

Debian Security Advisory
DSA-668-1, February 4, 2005

Gentoo GLSA 200502-08, February 7, 2005

Fedora Update Notifications,
FEDORA-2005-124 & 125, February 7, 2005

Ubuntu Security Notic,e USN-79-1 , February 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-19, February 14, 2005

RedHat Security Advisory, RHSA-2005:141-06, February 14, 2005

Debian Security Advisory, DSA 683-1, February 15, 2005

Mandrakesoft, MDKSA-2005:040, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Verity

Ultraseek 5.x

An input validation vulnerability exists processing search requests could permit remote users to conduct Cross-Site Scripting attacks.

Update to version 5.3.3.

Currently we are not aware of any exploits for this vulnerability.

Verity Ultraseek Cross-Site Scripting Vulnerability

CVE Name:
CAN-2005-0514

High

Secunia,
SA14367, February 22, 2005

US-CERT VU#716144

Yann Ramin

IRM 1.x

A vulnerability exists which could permit malicious users to bypass certain security restrictions.This is due to an error in the LDAP login code.

Update to version 1.5.2.1:
http://sourceforge.net/project/
showfiles.php?group_id=14522

A Proof of Concept exploit has been published.

Yann Ramin IRM LDAP Login Security Bypass Vulnerability

CVE Name:
CAN-2005-0505

Medium

SecurityFocus, Bugtraq ID 12614, February 22, 2005

Zeroboard

Multiple input validation vulnerabilities exist that could permit a remote user to conduct Cross-Site Scripting attacks. Functions affected are: 'gallery,' 'union_schedule,' 'view_image.php,' and 'id.'

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Zeroboard Cross-Site Scripting Vulnerabilities

CVE Name:
CAN-2005-0495

High
SecurityFocus, Bugtraq ID 12596, February 19, 2005

[back to top] 

Recent Exploit Scripts/Techniques

The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
February 21, 2005 bontagobof.zip
No
Exploit for the Bontago Game Server Nickname Remote Buffer Overflow vulnerability.
February 21, 2005 IE-POPUP.txt
No
Exploit for the Microsoft Internet Explorer Pop-up Window Title Bar Spoofing vulnerability.
February 19, 2005 3cdaemon_exp.c
No
Script that exploits the 3Com 3CDaemon Multiple Remote Vulnerabilities.
February 19, 2005 arksink2.c
arkeia_type77_win32.pm
arkeia_type77_macos.pm
arkeia_agent_access.pm
Yes
Exploits for the Knox Arkeia Type 77 Request Remote Buffer Overflow vulnerability.
February 19, 2005 cfengine_hof.c
Yes
Script that exploits the Cfengine RSA Authentication Heap Corruption vulnerability.
February 19, 2005 shoutcast-fmt-exp.c
shoutcast194_exp.c
Yes
Exploits for the Nullsoft SHOUTcast File Request Format String vulnerability.
February 19, 2005 TCW690_POST.c
No
Script that exploits the Thomson TCW690 Cable Modem Multiple vulnerabilities.
February 18, 2005 cabrightstor_disco.pm
cabrightstor_disco_servicepc.pm
Yes
Exploit for the BrightStor ARCserve Backup Discovery Service Buffer Overflow vulnerability.
February 18, 2005 chipmunk.forum.txt
No
Exploit for the Chipmunk Forum SQL Injection Vulnerabilities
February 18, 2005 cms.core.txt
No
Exploit for the CMScore Multiple SQL Injection Vulnerabilities.
February 18, 2005 ecl-eximspa.c
Yes
Exploit for the GNU Exim
Buffer Overflows vulnerability.
February 18, 2005 elog_unix_win.c
Yes
Exploit for the GNU ELOG Disclosure and Code Execution Vulnerabilities.
February 18, 2005 linux-2.6.10.c
Yes
Linux v2.6.10 and below kernel exploit which allows nonpriveleged users to read kernel memory.
February 18, 2005
mercuryboard.1.1.1.txt
Yes
Exploit for the GPL MercuryBoard Multiple Vulnerabilities.
February 18, 2005 my.phpforum.1.0.txt
No
Exploit for the GPL MyPHP Forum SQL Injection Vulnerability.
February 18, 2005 SInAR-0.2.tar.bz2
N/A
An Invisible kernel based rootkit for Solaris 8, 9, and 10.
February 18, 2005 tcambof.zip
No
Exploit for the TrackerCam Multiple Remote Vulnerabilities.
February 18, 2005 vbulletin-3.0.4.txt
vbulletin304-xp.pl
No
Script that exploits the Jelsoft VBulletin 'Forumdisplay.PHP' Script Remote Command Execution vulnerability.
February 16, 2005 GHCaws.pl
awexpl.c
Yes
Scripts that exploit the GNU AWStats Multiple Remote Input Validation vulnerabilities.

[back to top]

Trends
  • Phishers twisted a long-standing scam tactic, the Nigerian scam, into their newest technique to fake consumers out of their bank account information and the money in those accounts. The new scheme starts with an e-mail from a phony bank, claiming that a large amount of money has been placed into a new account opened in the recipient's name and a link to the bogus bank is included, along with an account number and a PIN. For more information, see "New Phishing Tactic Dangles Millions As Bait" located at: http://www.techweb.com/wire/security/60402291.
  • Most companies that suffer intrusions are afraid of negative publicity and don't report intrusions which leave consumers unaware when their identities may have been compromised. For more information, see "Hacking Attacks Rarely Made Public, Experts Say" locate at: http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=7690556.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trends
Date
1
Netsky-P Win32 Worm Stable March 2004
2
Zafi-D Win32 Worm Stable December 2004
3
Zafi-B Win32 Worm Slight Increase June 2004
4
Netsky-Q Win32 Worm Slight Decrease March 2004
5
Netsky-D Win32 Worm Stable March 2004
6
Sober-I Win32 Worm Stable November 2004
7
Bagle.bj Win32 Worm Stable January 2005
8
Netsky-B Win32 Worm Stable February 2004
9
Bagle.z Win32 Worm Stable April 2004
10
Bagle-AU Win32 Worm Stable October 2004

Table Updated February 22, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • MyDoom: Another variant of the MyDoom worm, which spreads by sending copies of itself using its own SMTP engine and harvesting potential e-mail targets from search engines such as Google and Yahoo. For more information, see: http://software.silicon.com/malware/0,3800003100,39127940,00.htm
  • Sober: MessageLabs said that it has intercepted 1,400 copies of W32.Sober-K-mm in Germany, France, the US and the UK. Sober-K-mm sends itself as an attachment and creates random subject lines and body texts in either English or German, depending on the email addresses harvested by the worm. For more information, see: http://www.vnunet.com/news/1161399
  • FBI Hoax: The FBI warned Tuesday, February 22, that a computer virus is being spread through unsolicited e-mails that purport to come from the FBI. The e-mails appear to come from an fbi.gov address. They tell recipients that they have accessed illegal Web sites and that their Internet use has been monitored by the FBI's "Internet Fraud Complaint Center," the FBI said. For more information, see: http://www.washingtonpost.com/wp-dyn/articles/A45131-2005Feb22.html

The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.

NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.

Name
Aliases
Type
AdClicker-BW   Trojan
Backdoor.Spyboter.A Backdoor.Win32.Spyboter.gen Trojan
Backdoor.Wortbot   Trojan
BackDoor-CKB   Trojan
BKDR_SURILA.O BackDoor-CEB
Backdoor.Nemog.D
Backdoor:Win32/Surila.O
Troj/Surila-P
Win32.Gavvo
Trojan
Bropia.G IM-Worm.Win32.Bropia.g Win32 Worm
Downloader-VA   Trojan
PWS-Bancban.gen.b PWSteal.Bancos.Q
Trojan-Spy.Win32.Banbra.bd
Trojan
PWS-Lineage   Trojan
Rishp Spyware.Apropos
Trojan-Downloader.Win32.Agent.ji
TROJ_AGENT.OZ
Trojan
Sober.K Email-Worm.Win32.Sober.k
Sober.M
W32.Sober.K@mm
W32/Sober
W32/Sober-K
W32/Sober.K@mm
W32/Sober.l@MM
W32/Sober.M.worm
W32/Sober.M@mm
Win32.Sober.K
Win32/Sober.K.Worm
WORM_SOBER.K
Win32 Worm
Troj/Lineage-D   Trojan
Troj/PurScan-V   Trojan
Troj/Surila-P
  Trojan
Troj_DlDer DlDer
Trojan.Win32.DlDer
Trojan
Trojan.Anicmoo   Trojan
Trojan.Anicmoo.B   Trojan
Trojan.Goldun PWS-Goldun
Troj/Agent-BR
Trojan-Spy.Win32.Goldun.d
TROJ_GOLDUN.F
W32/Goldun.A@pws
Win32.Grams.I
Win32/Grams.I!Trojan
Trojan
Trojan.Goldun.B PWS-Banker.k.dll
Trojan-Spy.Win32.Goldun.m
Trojan
Trojan.Goldun.C   Trojan
Trojan.Startpage.I   Trojan
Trojan.Tabela.A   Trojan
Trojan-Proxy.Win32.Agent.ci Proxy-Sambe
Win32.Reigndar.C
Win32/Sambe.A.12800.Trojan
Trojan
W32.Ahker.D@mm Email-Worm.Win32.Anker.d
W32/Generic.worm!p2p
WORM_AHKER.D
Win32 Worm
W32.Bropia.R IM-Worm.Win32.Bropia.i
Win32 Worm
W32.Derdero.B@mm   Win32 Worm
W32.Derdero.C@mm   Win32 Worm
W32.Doxpar W32/Doxpar.worm Win32 Worm
W32.Jumpred.A   Win32 Worm
W32.Kipis.L@mm   Win32 Worm
W32.Mydoom.AZ@mm W32/Mydoom.bc@MM Win32 Worm
W32.Mydoom.BA@mm Email-Worm.Win32.Mydoom.am
MyDoom.AT@mm
MyDoom.BC
MyDoom.M
W32.Mydoom.AZ@mm
W32/Mydoom
W32/MyDoom-BC
W32/Mydoom.Am@mm
W32/Mydoom.AZ@mm
W32/Mydoom.BB@mm
W32/Mydoom.bc@MM
Win32.Mydoom.AY
Win32.Mydoom.AZ
Win32.Mydoom.AZ!ZIP
Win32/Mydoom.AZ!Worm
WORM_MYDOOM.BA
WORM_MYDOOM.BC
Win32 Worm
W32.Spybot.JPB   Win32 Worm
W32/Assiral-A WORM_ASSIRAL.A Win32 Worm
W32/Assiral-A
  Win32 Worm
W32/Bropia.worm.p   Win32 Worm
W32/Bropia-P WORM_BROPIA.S
W32/Bropia.worm.q
Win32 Worm
W32/Codbot-C W32/Sdbot.worm.gen.j Win32 Worm
W32/Derdero.a@MM Email-Worm.Win32.Bloored.a
PE_DERDERO.A
W32.Derdero.A@mm
W32/Derdero
W32/Derdero-A
Win32.Derdool.B
Win32.HLLP.Dermedo
Win32 Worm
W32/Derdero-A Email-Worm.Win32.Bloored.a
PE_DERDERO.A
W32.Derdero.A@mm
W32/Derdero
W32/Derdero.a@MM
Win32.Derdool.B
Win32.HLLP.Dermedo
Win32 Worm
W32/Forbot-EC Backdoor.Win32.PdPinch.gen
WORM_WOOTBOT.GEN
Win32 Worm
W32/Forbot-EG Backdoor.Win32.PdPinch.gen Win32 Worm
W32/Gaobot.DAC.worm Gaobot.DAC
Rbot
Sdbot
Win32 Worm
W32/Kipis-I Email-Worm.Win32.Kipis.k
W32.Kipis.K@mm
Win32 Worm
W32/Mydoom.bb@MM Email-Worm.Win32.Mydoom.am
Email-Worm.Win32.Mydoom.m
Mydoom.AO
Mydoom.AU
MyDoom.BB
MyDoom.BF
MyDoom.M
W32.Mydoom.AX@mm
W32/Downloader
W32/Mydoom
W32/MyDoom-O
W32/Mydoom.AO.worm
W32/Mydoom.AY@mm
W32/Mydoom.bf@MM
Win32.Mydoom.AU
Win32.Mydoom.AU!ZIP
Win32/Mydoom.AU!Worm
Win32/Mydoom.BB@mm
WORM_MYDOOM.BB
WORM_MYDOOM.BF
WORM_MYDOOM.M
Win32 Worm
W32/Mydoom.bc@MM Email-Worm.Win32.Mydoom.am
MyDoom.BC
MyDoom.M
W32.Mydoom.AZ@mm
W32/Mydoom
W32/MyDoom-BC
W32/Mydoom.Am@mm
W32/Mydoom.AZ@mm
Win32.Mydoom.AY
Win32.Mydoom.BC
Win32/MyDoom.O!Worm
WORM_MYDOOM.BC
Win32 Worm
W32/Mydoom.bd@MM Email-Worm.Win32.Mydoom.am
MyDoom.BD
Mydoom.m
W32.Mydoom.AZ@mm
W32/Mydoom
W32/MyDoom-BC
W32/Mydoom.Am@mm
W32/Mydoom.BA@mm
Win32.Mydoom.AX
WORM_MYDOOM.BD
WORM_MYDOOM_BD
Win32 Worm
W32/Mydoom.BE@mm Email-Worm.Win32.Mydoom.am
MyDoom.BE
Mydoom.m
W32.MyDoom.BA@mm
W32.Mydoom.BB@mm
W32.Mydoom.gen@mm
W32/Mydoom
W32/MyDoom-BC
W32/MyDoom-BE
W32/Mydoom.Am@mm
W32/Mydoom.bf@MM
Win32.Mydoom.BA
Win32.Mydoom.BB
Win32/Mydoom.BA!Worm
Win32/MyDoom.O!Worm
WORM_MYDOOM.BE
Win32 Worm
W32/MyDoom-AS
W32/Mydoom.ba@MM Win32 Worm
W32/MyDoom-O WORM_MYDOOM.M
I-Worm.Mydoom.m
Win32 Worm
W32/Poebot-A Backdoor.Win32.PoeBot.a Win32 Worm
W32/Poebot-H Backdoor.Win32.PoeBot.a
Win32 Worm
W32/Rbot-WB   Win32 Worm
W32/Rbot-WF   Win32 Worm
W32/Sdbot-SB
  Win32 Worm
W32/Sdbot-VH
  Win32 Worm
W32/Sdbot-VL
  Win32 Worm
W32/Sober-K Email-Worm.VBS.Sober.k
W32/Sober.M@mm
WORM_SOBER.GEN
Win32 Worm
W32/Spybot.GPU BackDoor-COD
Backdoor.Win32.Rbot.iv
Win32.ForBot.ME
Win32 Worm
Win32.Banker.M PWS-Banker!sys
PWSteal.Banker.B
Troj/Haxdor-Fam
Trojan-Spy.Win32.Banker.ds
W32/Banker.GQ
Win32.Banker
Win32 Worm
Win32.Bropia.J W32/Bropia.worm.l
Win32 Worm
Win32.Bropia.K IM-Worm.Win32.Bropia.f
W32.Bropia.M
W32.Bropia.N
W32/Bropia.worm.n
WORM_BROPIA.O
Win32 Worm
Win32.Bropia.N BackDoor-COD
IM-Worm.Win32.Bropia.g
Troj/Manacle-A
W32.Bropia.N
WORM_BROPIA.R
Win32 Worm
Win32.Bropia.R IM-Worm.Win32.Bropia.i
IM-Worm.Win32.Bropia.j
W32.Bropia.Q
W32/Bropia.worm
W32/Bropia.worm.q
Win32.Bropia.Q
Win32/Bropia.Q!Worm
WORM_BROPIA.Q
Win32 Worm
Win32.Rbot.BSM Backdoor.Win32.Rbot.iv
W32/Spybot.GPV
Win32 Worm
Win32.Rbot.BTK Backdoor.Win32.Rbot.je
W32/Bropia.worm.q
Win32/Rbot.BTK!Worm
Win32 Worm
WORM_AIMDES.B IM-Worm.Win32.Aimes.b
Malware-d
W32.Aimdes.B
Win32.Aimdes.B
Win32 Worm
WORM_AIMDES.C IM-Worm.Win32.Aimes.b
Malware-d
W32.Aimdes.C@mm
Win32.Aimdes.D
Win32 Worm
WORM_AIMDES.D   Win32 Worm
WORM_BROPIA.O W32/Bropia.worm
Win32 Worm
WORM_BROPIA.Q Bropia.M
IM-Worm.Win32.Bropia.j
W32.Bropia.P
W32.Bropia.Q
W32/Bropia-P
W32/Bropia.worm
W32/Bropia.worm.q
Win32.Bropia.P
Win32.Bropia.Q
Win32.Bropia.R
Win32/Bropia.O1!Worm
Win32/Bropia.Q!Worm
WORM_BROPIA.P
WORM_BROPIA.S
Win32 Worm
WORM_INFORYOU.A W32/Inforyou-A
W32/Inforyou.dll
Win32 Worm
WORM_MYDOOM.M W32.Mydoom.gen@mm
W32/Mydoom
W32/MyDoom-BC
Trojan

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top