U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-201)

Summary of Security Items From July 13 through July 19, 2005

Original release date: July 20, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Alt-N Technologies

MDaemon 8.0.3

An IMAP authentication vulnerability has been reported in MDaemon that could let remote malicious user cause a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Alt-N Technologies MDaemon Denial of Service Low Secunia Advisory: SA16097
July 19, 2005

Apple

Darwin Streaming Server 5.5

A vulnerability has been reported in Darwin Streaming Server that could let remote malicious users cause a Denial of Service. Note: Only windows 2000/ 2003 should be effected.

Upgrade to version 5.5.1:
http://developer.apple.com/
darwin/projects/streaming/

There is no exploit code required.

Apple Darwin Streaming Server Denial of Service

CAN-2005-2195

Low
Security Tracker Alert ID: 1014474, July 13, 2005

ASPNuke

ASPNuke 0.80

A vulnerability has been reported in ASPNuke ('Comment_Post.asp') that could let remote malicious users perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASPNuke Cross-Site Scripting High Security Focus, 14226, July 12, 2005

DG Remote Control Server

DG Remote Control Server 1.6.2

A vulnerability has been reported in DG Remote Control Server that could let a remote malicious user perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DG Remote Control Server Denial of Service

CAN-2005-2305

Low
Security Focus, 14263, July 14, 2005

DZSoft

DZPhp Editor 3.1.2.8

A buffer overflow vulnerability has been reported in DZPhp Editor that could let remote malicious users to cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

DzSoft PHP Editor Denial of Service
Low Security Tracker Alert ID: 1014507, July 18, 2005

ESi

WebEOC

Multiple vulnerabilities have been reported in WebEOC that could let remote malicious users perform a Denial of Service or obtain elevated privileges.

Upgrade to version 6.0.2:
http://www.esi911.com/esi/
products/webeoc.shtml

There is no exploit code required.

WebEOC Multiple Vulnerabilities

CAN-2005-2281
CAN-2005-2282
CAN-2005-2283
CAN-2005-2284
CAN-2005-2285
CAN-2005-2286

Medium

Security Focus, 14249, July 13, 2005

US CERT Vulnerability Notes,VU#
170394, 388282,
258834, 165290,
372797, 138538,
491770, 956762

Hosting Controller

Hosting Controller 6.1

Multiple vulnerabilities have been reported in Hosting Controller that could let remote malicious users inject SQL commands or execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hosting Controller Multiple Vulnerabilities

High

Security Tracker Alert ID: 1014468, July 13, 2005, 1014477,
July 14, 2005, 1014496,
July 16, 2005, 1014501,
July 17, 2005

MailEnable

MailEnable Professional 1.5

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.

Vendor Hotfix available:
http://www.mailenable.com/
hotfix/

There is no exploit code required; however, a Proof of Concept exploit has been published.

MailEnable Arbitrary Code Execution

CAN-2005-2278

High
Secunia Advisory: SA15986, July 13, 2005

Microsoft

Internet Explorer 6.0SP2

Multiple vulnerabilities have been reported in Internet Explorer, JPEG Rendering, that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft Internet Explorer Denial of Service

CAN-2005-2308

Low
Security Focus, 14284, 14285, 14286, July 15, 2005

Microsoft

MSN Messenger 9.0, Internet Explorer 6.0

An image ICC profile processing vulnerability has been reported in MSN Messenger/ Internet Explorer that could let malicious users crash applications.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft MSN Messenger / Internet Explorer Application Crash

CAN-2005-2304

Low
Security Focus, 14288, July 16, 2005

Microsoft

Window Kernel

A vulnerability has been reported in the Windows Kernel that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Kernel Denial Of Service

CAN-2005-2303

Low
Security Focus, 14259, July 12, 2005

Microsoft

Windows (2000, Server 2003, XP)

A vulnerability has been reported in Windows Remote Desktop Protocol that could let a remote malicious user cause a Denial of Service.

Workarounds available:
http://www.microsoft.com/
technet/security/advisory/
904797.mspx

No exploit code required.

Microsoft Windows Remote Desktop Denial of Service

CAN-2005-2303

Low
Microsoft Security Advisory 904797, July 16, 2005

Microsoft

Windows Connections Manager Library

A vulnerability has been reported in Windows Connections Manager Library that could let local malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

Microsoft Windows Network Connections Manager Library Denial of Service

CAN-2005-2307

Low
Security Focus, 14260, July 14, 2005

Nullsoft

Winamp 5.091

A buffer overflow vulnerability has been reported in Winamp (ID3V2 tag processing) that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Winamp Arbitrary Code Execution

CAN-2005-2310

High
Security Tracker Alert ID: 1014483, July 14, 2005

Small HTTP Server

Small HTTP Server 3.05.28

An FTP Service vulnerability has been reported in Small Http Server that could let remote malicious users write to arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Small HTTP Server Arbitrary File Writing
Medium Security Tracker Alert ID: 1014506, July 18, 2005

SSH Communications Security

SSH Secure Shell and Tectia Server 4.3.1

A host key disclosure vulnerability has been reported in SSH Secure Shell and SSH Tectia Server that could let local/ remote malicious users pretend to be other servers.

Update to version 4.3.2,
http://www.ssh.com/support/
downloads/tectia-server/
updates-and-packages-4-3.html

There is no exploit code required.

SSH Secure Shell and Tectia Server Key Disclosure

CAN-2005-2146

Medium

SSH Vulnerability Notification, RQ #11775, June 30, 2005

US CERT VU#973635

ToCA

Race Driver 1.2

A buffer overflow vulnerability has been reported in Race Driver that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ToCA Race Driver Arbitrary Code Execution
High Security Focus, 14304, July 18, 2005

Virtual Programming

VP-ASP 4.0, 4.5, 5.0

Multiple vulnerabilities have been reported in VP-ASP that could let remote malicious users perform SQL injection attacks.

Vendor fix available:
http://www.vpasp.com
/virtprog/info/faq_
securityfixes.htm

There is no exploit code required.

VP-ASP SQL Injection
High Security Focus, 14295, 14305, 14306, July 18, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat Reader (UNIX) 5.0.10, 5.0.9

A buffer overflow vulnerability has been reported in the 'UnixAppOpenFilePerform()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
www.adobe.com/products/
acrobat/readstep2.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-575.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-09.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Adobe Acrobat Reader UnixAppOpen
FilePerform
Buffer Overflow

CAN-2005-1625

High

Adobe Security Advisory,
July 5, 2005

RedHat Security Advisory,
RHSA-2005:
575-11,
July 8, 2005

Gentoo Linux Security
Advisory,
GLSA 200507
-09, July 11,
2005

SUSE
Security Announce-
ment, SUSE-SA:2005:042,
July 14, 2005

Apple

Mac OS X 10.4.1, 10.4, 10.3.3 -10.3.9

A vulnerability has been reported because mobile users with the original AirPort card enabled could automatically connect to a malicious network. Note: This issue does not affect AirPort Extreme.

Updates available at:
http://www.apple.com/
support/downloads/

There is no exploit code required.

Apple Mac OS X AirPort Card Automatic
Network Association

CAN-2005-2196

High
Apple Security Advisory,
APPLE-SA-
2005-07-19,
July 19, 2005

Apple

Mac OS X Server 10.4.1, 10.4, Mac OS X 10.4.1, 10.4

Several vulnerabilities have been reported: a vulnerability was reported due to an error in the Dashboard, which could let a remote malicious user install widgets with the same internal identifier (CFBundleIdentifier) as an Apple-supplied widgets thereby replacing it; and a remote Denial of Service vulnerability has been reported due to a NULL pointer dereference error in the TCP/IP implementation.

Upgrades available at:
http://www.apple.com/support/
downloads/macosxserver
1042combo.html

Currently we are not aware of any exploits for these vulnerabilities.

Apple Mac
OS X Vulnerabilities

CAN-2005-1933
CAN-2005-2194

Medium
Apple Security Advisory,
APPLE-SA-
2005-07-12,
July 12, 2005

bzip2

bzip2 1.0.2

A remote Denial of Service vulnerability has been reported when the application processes malformed archives.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.008
-openpkg.html

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-474.html

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:14/bzip2.patch

Conectiva:
ftp://atualizacoes.
conectiva. com.br/

Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/

SGI:
http://www.sgi.com/
support/security/

Currently we are not aware of any exploits for this vulnerability.

bzip2 Remote Denial of Service

CAN-2005-1260

Low

Ubuntu Security Notice,
USN-127-1,
May 17, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
091, May 19,
2005

Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005

SUSE Security Summary
Report, SUSE-SR:2005:015,
June 7, 2005

OpenPKG
Security
Advisory, OpenPKG-
SA-2005.008,
June 10, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

FreeBSD
Security
Advisory,
FreeBSD-SA-05:14, June 29, 2005

Conectiva
Linux Announce
-ment, CLSA-2005:972,
July 6, 2005

Debian
Security Advisory,
DSA 741-1,
July 7, 2005

SGI Security Advisory, 20050605
-01-U,
July 12, 2005

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.008-
openpkg.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:14/bzip2.patch

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

BZip2 File Permission Modification

CAN-2005-0953

Medium

Security
Focus,
12954,
March 31, 2005

Ubuntu Security Notice,
USN-127-1,
May 17, 2005

Mandriva Linux Security
Update
Advisory,
MDKSA-2005:
091, May 19,
2005

Debian Security Advisory,
DSA 730-1,
May 27, 2005

Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005

OpenPKG
Security
Advisory, OpenPKG-SA-2005.008,
June 10, 2005

RedHat
Security Advisory,
RHSA-2005
:474-15,
June 16, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:14, June 29, 2005

Conectiva Linux Announce
-ment, CLSA-2005:972,
July 6, 2005

SGI Security Advisory, 20050605-
01-U, July 12, 2005

Centericq

Centericq 4.20

A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/c/
centericq/

There is no exploit code required.

CenterICQ
Insecure
Temporary File

CAN-2005-1914

Medium

Security
Focus, 14144,
July 5, 2005

Debian
Security
Advisory,
DSA 754-1,
July 13, 2005

Easy Software Products

CUPS prior to 1.1.21rc1

A vulnerability has been reported in incoming print jobs due to a failure to properly apply ACLs (Access Control List), which could let a remote malicious user bypass ACLs.

Upgrades available at: http://www.cups.org/
software.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-571.html

There is no exploit code required.

Easy Software Products CUPS Access Control
List Bypass

CAN-2004-2154

Medium

Security
Tracker Alert ID: 1014482,
July 14, 2005

RedHat
Security Advisory,
RHSA-2005:
571-06,
July 14, 2005

FreeRADIUS Server
Project

FreeRADIUS 1.0.2

Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

FreeRadius 'rlm_sql.c' SQL Injection & Buffer Overflow

CAN-2005-1454
CAN-2005-1455

High

Security
Tracker Alert ID: 1013909,
May 6, 2005

Gentoo Linux Security
Advisory,
GLSA
200505-13,
May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Security Focus, 13541,
June 10, 2005

RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005

SGI Security Advisory, 20050606-
01-U, J
uly 12, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gedit/

An exploit has been published.

Gedit Filename Format String

CAN-2005-1686

High

Securiteam,
May 22, 2005

Ubuntu Security Notice,
USN-138-1,
June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09,
June 11, 2005

RedHat Security Advisory,
RHSA-2005:499-05, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:102,
June 16, 2005

Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005

SGI Security Advisory, 20050603-
01-U, June 23, 2005

Debian Security Advisory,
DSA 753-1,
July 12, 2005

GNU

cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6

A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

CPIO CHMod File Permission Modification

CAN-2005-1111

Medium

Bugtraq, 395703,
April 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005

GNU

cpio 2.6

A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Mandriva:
http://www.mandriva.com/
security/advisories

A Proof of Concept exploit has been published.

CPIO Directory Traversal

CAN-2005-1229

 

Medium

Bugtraq,
396429, April 20, 2005

Gentoo Linux Security Advisory, GLSA
200506-16, June 20, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-
0030, June 24, 2005

Mandriva Linux Security Update Advisory, MDKSA2005:
116, July 12, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml

OpenPKG:
ftp://ftp.openpkg.org/
release/2.3

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-564.html

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

GNU shtool Insecure
Temporary File Creation

CAN-2005-1751

Medium

Secunia Advisory, SA15496,
May 25, 2005

Gentoo Linux Security Advisory, GLSA 200506
-08, June 11, 200

OpenPKG
Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

GNU

Gaim prior to 1.1.4

A vulnerability exists in the processing of HTML that could let a remote malicious user crash the Gaim client. This is due to a NULL pointer dereference.

Update to version 1.1.4:
http://gaim.sourceforge.net/
downloads.php

Ubuntu:
http://www.ubuntulinux.org/
support/
documentation/
usn/usn-85-1

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-03.xml

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-215.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Peachtree:
http://peachtree.burdell.org/
updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

GNU Gaim
Denial of Service Vulnerability

CAN-2005-0208

Low

Sourceforge.net Gaim
Vulnerability Note, February 24,
2005

US-CERT VU#795812

Gentoo, GLSA 200503-03,
March 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:049, March 4, 2005

RedHat Security Advisory,
RHSA-2005:215-11, March 10, 2005

Conectiva Linux Security Announce-ment, CLA-2005:933,
March 14, 2005

Peachtree
Linux Security Notice,
PLSN-0002,
April 21, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CAN-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Hewlett Packard Company

HP-UX B.11.23, B.11.22, B.11.11, B.11.04, B.11.00

A remote Denial of Service vulnerability has been reported in the Path MTU Discovery (PMTUD) functionality that is supported in the ICMP protocol.

Patches available at:
http://www1.itrc.hp.com/service/
cki/docDisplay.do?docId= HPSBUX01137

Revision 2: The binary files of HPSBUX01164 will resolve the issue for the core TCP/IP in B.11.11, B.11.22, and B.11.23. The binary files of HPSBUX01164 will resolve NOT resolve the issue for IPSec. B.11.00 and B.11.04 are NOT vulnerable. The recommended workaround is to modify /etc/rc.config.d/nddconf and reboot.

Rev 3: PHNE_33159 is available for B.11.11.

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-160.pdf

Rev 4: PHNE_32606 is available for B.11.23.

Currently we are not aware of any exploits for this vulnerability.

HP-UX ICMP
PMTUD Remote Denial of Service

CAN-2005-1192

Low

Hewlett Packard Company
Security Advisory, HPSBUX
01137,
April 24, 2005

Hewlett Packard Company
Security
Advisory,
HPSBUX
01137:
SSRT5954 rev.1, May 25, 2005

Hewlett Packard Company
Security Advisory,
HPSBUX
01137:
SSRT5954 rev.2, June 1, 2005

Avaya Security Bulletin,
ASA-2005-160, July 15, 2005

HP Security Bulletin, HPSBUX0
1137 rev 4,
July 19, 2005

High Availability Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium

Secunia Advisory: SA16039,
July 12, 2005

Debian Security Advisory,
DSA 761-1,
July 19, 2005

ImageMagick

ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0 , 5.4.8, 5.5.3 .2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0, 6.0.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported in the decoder due to a failure to handle malformed TIFF tags; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed TIFF images; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed PSD files; and a buffer overflow vulnerability has been reported in the SGI parser, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.imagemagick.org/
script/download.php?

SuSE:
ftp://ftp.suse.com/pub/suse

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-070.html

Debian:
http://security.debian.org/
pool/updates/main/i/
imagemagick/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

ImageMagick
Multiple Remote Vulnerabilities

CAN-2005-0759
CAN-2005-0760
CAN-2005-0761
CAN-2005-0762

High

Security Tracker
Alert, 1013550,
March 24, 2005

Debian Security Advisory,
DSA 702-1,
April 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:
065, April 3, 2005

Turbolinux Security Advisory,
TLSA-2005-47, April 19, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

ImageMagick

ImageMagick 6.x

A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code.

Update available at:
http://www.imagemagick.org/
www/download.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-26.xml

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-37.xm
l

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick Photoshop Document Buffer Overflow

CAN-2005-0005

High

iDEFENSE
Security Advisory, January 17,
2005

Ubuntu Security Notice, USN-62-1, January 18,
2005

Debian Security Advisory,
DSA 646-1,
January 19, 2005

Gentoo Linux Security Advisory, GLSA 200501-26, January 20, 2005

Gentoo Linux Security
Advisory,
GLSA 200501-37,
January 26,
2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:
065, April 3,
2005

Turbolinux
Security Advisory,
TLSA-2005-47, April 19, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

ImageMagick

ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8

A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://sourceforge.net
/project/showfiles.
php?group_id=24099

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-11.xml

Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/

SUSE:
ftp://ftp.SUSE.com/pub
/SUSE/i386/update/

Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:143

(Red Hat has re-issued it's update.)
http://rhn.redhat.com/
errata/RHSA-2004-480.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick Remote EXIF Parsing Buffer Overflow

CAN-2004-0827
CAN-2004-0981

High

Security Tracker Alert ID,
1011946,
October 26, 2004

Gentoo Linux Security Advisory, GLSA 200411-11:01,
November 6,
2004

Debian Security Advisory
DSA 593-1, November 16, 2004

SUSE Security Announcement, SUSE-SA:2004:041, November
17, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November
24, 2004

Mandrakesoft Security Advisory, MDKSA-2004:
143, December 6, 2004

Red Hat Security Advisory,
RHSA-2004:636-03, December 8,
2004

Turbolinux
Security Advisory, TLSA-2005-7, January 26,
2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

John Bradley

XV 3.10 a

Multiple vulnerabilities have been reported:a buffer overflow vulnerability was reported in the PDS image decoder when processing comments, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the TIFF and PDS image decoders due to format string errors, which could let a remote malicious execute arbitrary code; a vulnerability was reported due to an input validation error when handling filenames, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-17.xml

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

There is no exploit code required.

John Bradley XV Multiple
Vulnerabilities
High

Secunia Advisory,
SA14977,
April 19, 2005

Gentoo Linux Security Advisory, GLSA 200504-
17, April 19, 2005

Slackware Security
Advisory, SSA:2005-
195-02,
July 15, 2005

John Bradley

XV 3.10 a

A format string vulnerability exists in a formatted printing function due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-09.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Currently we are not aware of any exploits for this vulnerability.

XV File Name Handling Remote Format String

CAN-2005-0665

High

Gentoo Linux Security
Advisory, GLSA
200503-09,
March 4, 2005

SUSE Security Summary
Report, SUSE-SR:2005:008, March 18, 2005

Slackware Security
Advisory, SSA:2005-
195-02,
July 15, 2005

KDE

KDE 3.4, 3.3-3.3.2, 3.2-3.2.3

A vulnerability has been reported in KDE Kate and KWrite because backup files are created with default permissions even if the original file had more restrictive permissions set, which could let a local/remote malicious user obtain sensitive information.

Patches available at: ftp://ftp.kde.org/pub/kde/
security_patches/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

There is no exploit code required.

KDE Kate,
KWrite Local Backup File Information Disclosure

CAN-2005-1920

Medium

Security Tracker Alert ID: 1014512, July 18, 2005

Fedora Update Notification,
FEDORA-2005-594, July 19, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-06.xml

Mandriva:
http://www.mandriva.com/
security/advisories

IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:10/tcpdump.patch

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Exploit scripts have been published.

LBL TCPDump Remote Denials of Service

CAN-2005-1278
CAN-2005-1279

CAN-2005-1280

Low

Bugtraq,
396932,
April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3,
2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005

Ubuntu Security Notice,
USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005

Avaya Security Advisory,
ASA-2005-137, June 13, 2005

Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Leafnode

Leafnode 1.11.2, 1.11.1, 1.9.47-1.9.29-1.9.31, 1.9.19-1.9.27

A remote Denial of Service vulnerability has been reported in the fetchnews program (the NNTP client) due to a failure to handle network delays.

Upgrades available at:
http://sourceforge.net
/project/showfiles.php?
group_id=57767

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Leafnode Remote Denial of Service

CAN-2005-1911

Low

leafnode-SA-2005:02,
June 8, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
114, July 12,
2005

Leafnode

Leafnode 1.9.48- 1.9.50, 1.11.1

A remote Denial of Service vulnerability has been reported in the fetchnews program when reading an article header or an article body.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=57767
&package_id=53446&
release_id=325112

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Leafnode fetchnews Remote Denial of Service

CAN-2005-1453

Low

Securiteam,
May 5, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
114, July 12, 2005

LibTIFF

LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1

A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/

SuSE:
ftp://ftp.suse.com/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/main/t/tiff/

Currently we are not aware of any exploits for this vulnerability.

LibTIFF TIFFOpen Remote Buffer Overflow

CAN-2005-1544
CAN-2005-1472

High

Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005

Ubuntu Security Notice,
USN-130-1, May 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:014,
June 7, 2005

Turbolinux
Security Advisory, TLSA-2005-72, June 28, 2005

Debian Security Advisory, DSA 755-1, July 13, 2005

Mozilla

Bugzilla 2.18.2

 

A vulnerability has been reported in Bugzilla that could let remote malicious users disclose private summaries or modify flags.

Vendor fix available:
http://www.bugzilla.org/
download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-12.xml

There is no exploit code required.

Bugzilla Private Summary Disclosure or Flag Modification

CAN-2005-2173
CAN-2005-2174

Medium

Security Tracker, Alert ID: 1014428, July 8, 2005

Gentoo Linux Security
Advisory, GLSA 200507-12,
July 13, 2005

Multiple Vendors

OpenLDAP 2.1.25; Padl Software pam_ldap Builds 166, 85, 202, 199, 198, 194, 183-192, 181, 180, 173, 172, 122, 121, 113, 107, 105

A vulnerability has been reported in OpenLDAP, 'pam_ldap,' and 'nss_ldap' when a connection to a slave is established using TLS and the client is referred to a master, which could let a remote malicious user obtain sensitive information.

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-13.xml

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Multiple Vendors TLS Plaintext Password

CAN-2005-2069

Medium

Trustix Secure
Linux Advisory, TSLSA-2005-
0031, July 1, 2005

Gentoo Linux Security
Advisory, GLSA 200507-13,
July 14, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
121, July 19, 2005

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

A buffer overflow vulnerability has been reported due to a failure to properly validate user-supplied string lengths before copying into static process buffers, which could let a remote malicious user cause a Denial of Service.

Upgrades available at:
http://www.imagemagick.org/
script/binary-releases.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
i/imagemagick/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-413.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/Server/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

A Proof of Concept exploit has been published.

ImageMagick
Remote Buffer Overflow

CAN-2005-1275

Low

Security Focus, 13351, April 25, 2005

Fedora Update Notification
FEDORA-2005-344,
April 28, 2005

Ubuntu Security Notice,
USN-132-1, May 23, 2005,

RedHat Security Advisory,
RHSA-2005:413-04, May 25, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Trustix Secure
Linux Advisory,
TSLSA-2005-
0031, July 1, 2005

Turbolinux Security Advisory, TLSA-2005-75, July 6, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6

A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.

Update available at:
http://cvs.tcpdump.org/
cgi-bin/cvsweb/
tcpdump/print-bgp.c

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

Slackware:
ftp://ftp.slackware.com/
pub/slackware

A Proof of Concept exploit script has been published.

TCPDump BGP Decoding Routines Denial of Service

CAN-2005-1267

Low

Security Tracker Alert, 1014133, June 8, 2005

Fedora Update Notification,
FEDORA-2005-406, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:101, June 15, 2005

Fedora Update Notification,
FEDORA-2005-407, June 16, 2005

Ubuntu Security Notice,
USN-141-1,
June 21, 2005

Turbolinux
Security Advisory, TLSA-2005-69,
June 22, 2005

Slackware Security
Advisory, SSA:2005-
195-10,
July 15, 2005

Multiple Vendors

Squid Web
Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7

A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
setcookie.patch

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Squid Proxy
Set-Cookie Headers Information Disclosure

CAN-2005-0626

Medium

Secunia Advisory, SA14451,
March 3, 2005

Ubuntu Security
Notice,
USN-93-1
March 08, 2005

Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005

Conectiva Linux Security Announce-
ment, CLA-2005:948,
April 27, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:078, April 29, 2005

RedHat Security Advisory,
RHSA-2005:415-16, June 14, 2005

Turbolinux
Security Advisory, TLSA-2005-71, June 28, 2005

SGI Security Advisory, 20050605-01-U, July 12, 2005

Multiple Vendors

zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.

Debian:
tp://security.debian.org/pool/
updates/main/z/zlib/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:16/zlib.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-05.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenBSD:
http://www.openbsd.org/
errata.html

OpenPKG:
ftp.openpkg.org

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-569.html

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Server/10

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Currently we are not aware of any exploits for this vulnerability.

Zlib Compression Library Buffer Overflow

CAN-2005-2096

High

Debian Security Advisory
DSA 740-1,
July 6, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:16, J
uly 6, 2005

Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005

SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005

Ubuntu Security Notice,
USN-148-1, July 06, 2005

RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005

Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005

Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005

Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005

Fedora Update Notification, FEDORA-2005-565, July 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005


Multiple Vendors

dhcpcd 1.3.22

A vulnerability has been reported in dchpcd that could let a remote user perform a Denial of Service.

Debian:
http://security.debian.org/
pool/updates/main/d/dhcpcd/

Mandriva:
http://www.mandriva.com/
security/advisories

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-16.xml

Currently we are not aware of any exploits for this vulnerability.

dhcpcd Denial of Service

CAN-2005-1848

Low

Secunia, Advisory: SA15982, July 11, 2005

Debian Security Advisory,
DSA 750-1,
July 11, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:117, July 13, 2005

Gentoo Linux Security
Advisory, GLSA 200507-16,
July 15, 2005

Multiple Vendors

Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14

Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

lmlib:
http://cvs.sourceforge.net/
viewcvs.py/enlightenment/
e17/

ImageMagick:
http://www.imagemagick.org/
www/download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-12.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.org/
pool/updates/main/i/
imagemagick/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-465.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE/

TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/
ia32/Desktop/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57648-1
&searchclause=

http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57645-
1&searchclause=

TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-480.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/i

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-636.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows

CAN-2004-0817
CAN-2004-0802

High

Security Focus, September 1, 2004

Gentoo Linux Security Advisory, GLSA 200409-12,
September
8, 2004

Mandrakelinux Security Update Advisory,
MDKSA-2004:089, September
8, 2004

Fedora Update Notifications,
FEDORA-
2004-300 &301, September
9, 2004

Turbolinux Security Advisory,
TLSA-2004-27, September 15, 2004

RedHat Security Advisory,
RHSA-2004:465-08, September
15, 2004

Debian Security Advisories,
DSA 547-1 & 548-1, September 16, 2004

Conectiva Linux Security
Announcement,
CLA-2004:870, September 28, 2004

Sun(sm) Alert Notifications,
57645 & 57648,
September 20, 2004

Turbolinux Security Announcement,
October 5, 2004

RedHat Security Update, RHSA-2004:480-05,
October 20, 2004

Ubuntu Security
Notice USN-35-1, November
30, 2004

RedHat Security Advisory, RHSA-2004:636-03, December
8, 2004

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

glibc 2.2

A buffer overflow vulnerability exists in the resolver libraries of glibc 2.2.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-586.html

Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:159

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-011_
RHSA-2004-586.pdf

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-155.pdf

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors glibc Buffer Overflow

CAN-2002-0029
CAN-2004-0968

 

Low

SUSE Security Summary Report, SUSE-SR:2004:002, November
30, 2004

Red Hat
RHSA-2004:586-15, December 20, 2004

Mandrakesoft, MDKSA-2004:
159, December
29, 2004

Avaya Security Advisory, ASA-2005-011,
January 14, 2005

Avaya Security Advisory,
ASA-2005-155, July 14, 2005

Multiple Vendors

GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8

Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.

Debian:
http://security.debian.org/
pool/updates/main/
g/gdk-pixbuf/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-28.xml

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedoralegacy
.org/redhat/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101776-1

We are not aware of any exploits for these vulnerabilities.

gdk-pixbug BMP, ICO, and XPM Image Processing Errors

CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788

High

Security Tracker Alert ID,
1011285, September 17, 2004

Gentoo Linux Security Advisory, GLSA 200409-
28, September 21, 2004

US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004

Conectiva
Linux Security Announce-
ment, CLA-2004:875,
October 18, 2004

Fedora Legacy Update Advisory, FLSA:2005, February 24,
2005

Sun(sm) Alert Notification, 101776, June 23, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101776,
Updated
July 13, 2005

Multiple Vendors

Graphics
Magick Graphics
Magick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/Server/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick & GraphicsMagick XWD Decoder Remote Denial of Service

CAN-2005-1739

Low

Gentoo Linux Security Advisory, GLSA 200505-
16, May 21, 2005

Ubuntu Security Notice,
USN-132-1, May 23, 2005

Fedora Update Notification,
FEDORA-2005-395, May 26, 2005

RedHat Security Advisory,
RHSA-2005:480-03, June 2, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:107, June 28, 2005

Turbolinux
Security Advisory, TLSA-2005-75,
July 6, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2

A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available at:
http://www.imagemagick.org/
script/downloads.php

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/i/
imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-11.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-320.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.org/
pool/updates/main/
i/imagemagick/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick File Name Handling Remote Format String

CAN-2005-0397

High

Secunia Advisory,
SA14466,
March 4, 2005

Ubuntu Security
Notice,
USN-90-1, March 3, 2004

SUSE Security Announcement,
SUSE-SA:2005:017, March 23, 2005

RedHat Security Advisory,
RHSA-2005:320-10, March 23,
2005

Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005

Debian Security Advisory,
DSA 702-1 ,
April 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-
2005:065, April 3, 2005

Fedora Legacy Update Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

Linux Kernel 2.4, 2.6

A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow.

Patch Available:
http://kernel.org/pub/linux/
kernel/v2.4/testing/
patch-2.4.32-pre1.bz2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Race Condition and Buffer Overflow

CAN-2005-1768

High

Security Focus, 14205, July 11, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

Multiple Vendors

MandrakeSoft Linux Mandrake 10.2 X86_64, 10.2; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0-1.0.2, 1.1.1-1.1.4, 1.2, 1.2.1; Ubuntu Linux 4.1 ppc, ia64, ia32, 5.0 4 powerpc, i386, amd64

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported when handling long URIs due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereference error when handling MSN messages.

Rob Flynn:
http://prdownloads.
sourceforge.net/gaim/
gaim-1.3.0.tar.gz?download

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-429.html

Fedora:
http://download.fedora.
redhat.com/
pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-09.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000964

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

A Proof of Concept exploit script has been published.

Gaim Remote Buffer Overflow & Denial of Service

CAN-2005-1261
CAN-2005-1262

High

 

Fedora Update Notification,
FEDORA-
2005-369,
May 11, 2005

RedHat Security Advisory,
RHSA-2005:429-06, May 11, 2005

Gentoo Linux Security
Advisory, GLSA 200505-09,
May 12, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
086, May 12,
2005

Ubuntu Security Notice,
USN-125-1,
May 12, 2005

Conectiva
Security Advisory, CLSA-2005:964, June 7, 2005

SUSE Security Report, SUSE-SR:2005:015,
June 7,2005

SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005

Multiple Vendors

RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Peachtree Linux release 1

A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled.

Upgrade available at:
http://gaim.sourceforge.net/
downloads.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SGI:
http://www.sgi.com/support/
security/

Peachtree:
http://peachtree.burdell.org/
updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Gaim Jabber File Request Remote Denial of Service

CAN-2005-0967

 

Low

Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005

Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005

RedHat Security Advisory,
RHSA-2005:365-06, April 12, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005
:071, April 14,
2005

SGI Security Advisory, 20050404-01-U, April 20, 2005

Peachtree Linux Security Notice, PLSN-0001,
April 21, 2005

Conectiva Linux Security Announce-ment, CLA-2005:949,
April 27, 2005

Ubuntu Security Notice,
USN-125-1,
May 12, 2005

Slackware
Security Advisory, SSA:2005-
133-01, May 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Multiple Vendors

RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32; Peachtree Linux release 1

Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the
'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code.

Update available at:
http://gaim.sourceforge.net
/downloads.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/
security/

Peachtree:
http://peachtree.burdell.org/
updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of Service & IRC Protocol
Plug-in Arbitrary Code Execution

CAN-2005-0965
CAN-2005-0966

High

Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005

Ubuntu Security
Notice,
USN-106-1
April 05, 2005

Gentoo Linux Security
Advisory, GLSA
200504-05,
April 06, 2005

RedHat Security Advisory,
RHSA-2005:
365-06,
April 12, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
071, April 14,
2005

SGI Security Advisory, 20050404-
01-U, April 20,
2005

Peachtree Linux Security Notice, PLSN-0001,
April 21, 2005

Conectiva Linux Security
Announce-
ment, CLA-2005:949,
April 27, 2005

Slackware
Security Advisory, SSA:2005-
133-01,
May 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Multiple Vendors

Turbolinux Turbolinux Server 10.0, 8.0, Desktop 10.0, Turbolinux Home, Appliance Server 1.0 Workgroup Edition, Hosting Edition; Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0; Sun Solaris 10.0 _x86, 10.0, 9.0 _x86 Update 2, 9.0 _x86, 9.0,
Sun SEAM 1.0-1.0.2; SuSE Linux Professional 9.3 x86_64, 9.3, Linux Personal 9.3 x86_64, 9.3;
RedHat Fedora Core3 & 4, Advanced Workstation for the Itanium Processor 2.1; MIT Kerberos 5 5.0 -1.4.1 & prior; Gentoo Linux

 

Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code.

MIT:
http://web.mit.edu/
kerberos/advisories/
2005-002-patch_
1.4.1.txt.asc

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com
/errata/RHSA-2005-
567.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101809-1

SuSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://www.debian.org/
security/2005/dsa-757

Currently we are not aware of any exploits for these vulnerabilities.

Kerberos V5 Multiple Vulnerabilities

CAN-2005-1174
CAN-2005-1175
CAN-2005-1689

High

MIT krb5 Security Advisory,
2005-002,
July 12, 2005

RedHat Security Advisory,
RHSA-2005:567-08, July 12, 2005

Sun(sm) Alert Notification, 101809, July 12, 2005

Fedora Update Notifications,
FEDORA-2005-
552 & 553,
July 12, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Turbolinux
Security Advisory TLSA-2005-78,
July 13, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
119, July 14,
2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0036,
July, 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Debian Security Advisory,
DSA-757-1,
July 17, 2005

US-CERT VU#885830

US-CERT VU#623332

US-CERT VU#259798

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
12694&package_id =
11571&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial Of Service

CAN-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

Net-snmp

Net-snmp 5.x

A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-18.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

There is no exploit code required.

Net-SNMP
Fixprox Insecure Temporary File Creation

CAN-2005-1740

High

Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562,
July 13, 2005

Paul Vixie

Vixie Cron 4.1

A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Vixie Cron
Crontab
Information Disclosure

CAN-2005-1038

Medium

Security Focus, 13024, April 6, 2005

Fedora Update Notification,
FEDORA-2005-320, April 15, 2005

Fedora Update Notifications,
FEDORA-2005-
550 & 551,
July 12, 2005

phpPgAdmin

phpPgAdmin 3.5.3, 3.4.1, 3.1-3.4

A Directory Traversal vulnerability has been reported due to a failure to filter directory traversal sequences from requests to the login form, which could let a remote malicious user obtain sensitive information.

Debian:
http://security.debian.
org/pool/updates/
main/p/phppgadmin/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPPGAdmin Login Form Directory
Traversal

CAN-2005-2256

Medium

Security Focus, 14142,
July 5, 2005

Debian Security Advisory, DSA 759-1, July 18, 2005

Postgrey

Postgrey 1.16-1.18, 0.84-9.87

A format string vulnerability has been reported in the 'server.pm' module in the 'log' subroutine, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Upgrades available at:
http://isg.ee.ethz.ch/tools/
postgrey/pub/
postgrey-1.21.tar.gz

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently, we are not aware of any exploits for this vulnerability.

Postgrey Format String

CAN-2005-1127

High

Secunia Advisory,
SA14958,
April 15, 2005

SUSE Security Summary Report, SUSE-SR:2005:012,
April 29, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Raxnet

Cacti 0.x

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.cacti.net/
download_cacti.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-20.xml

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000978

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

An exploit script has been published.

RaXnet Cacti Multiple Input Validation

CAN-2005-1524
CAN-2005-1525
CAN-2005-1526

High

Secunia
Advisory:
SA15490,
June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-
20, June 22,
2005

Conectiva
Security Advisory, CLSA-2005:978, July 7, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Realnode

Emilda 1.2-1.2.2, 1.1

A vulnerability has been reported in 'management.php' due to insufficient validation of the 'user_id' parameter, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://ftp.realnode.com/pub/
emilda/releases/
emilda-1.2.3.tar.gz

There is no exploit code required.

Emilda 'Management.PHP' Input Validation

CAN-2005-2312

Medium
Security Focus, 14244, July 13, 2005

Rob Flynn

Gaim 1.0-1.0.2, 1.1.1, 1.1.2

Multiple remote Denial of Service vulnerabilities have been reported when a remote malicious ICQ or AIM user submits certain malformed SNAC packets; and a vulnerability exists when parsing malformed HTML data.

Upgrades available at:
http://gaim.sourceforge.net/
downloads.php

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-03.xml

Mandrake:
Http://www.mandrakesecure.
net/en/advisories/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-215.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Peachtree:
http://peachtree.burdell.org/
updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Gaim Multiple Remote Denials of Service

CAN-2005-0472
CAN-2005-0473

Low

Gaim Advisory, February 17,
2005

Fedora Update Notifications,
FEDORA-2005-
159 & 160,
February 21, 2005

US-CERT VU#839280

US-CERT VU#523888

Ubuntu Security Notice, USN-85-1 February 25,
2005

Gentoo Linux Security Advisory, GLSA 200503-
03, March 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:
049,
March 4, 2005

RedHat Security Advisory, RHSA-2005:215-11,
March 10, 2005

Conectiva Linux Security Announcement, CLA-2005:933, March 14, 2005

Peachtree Linux Security Notice, PLSN-0002,
April 21, 2005

Debian Security Advisory,
DSA 716-1,
April 27, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Rob Flynn

Gaim prior to 1.3.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message.

Updates available at:
http://gaim.sourceforge.net
/downloads.php

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-11.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-518.html

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Gaim Remote Denial of Services

CAN-2005-1269
CAN-2005-1934

Low

Secunia Advisory, SA15648,
June 10, 2005

Ubuntu Security Notice USN-139-1, June 10, 2005

Gentoo Linux Security Advisory, GLSA 200506-
11, June 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:099,
June 14, 2005

Fedora Update Notifications,
FEDORA-2005-410, & 411,
June 17, 2005

RedHat Security Advisory, RHSA-2005:518-03,
June 16, 2005

Debian Security Advisory,
DSA 734-1,
July 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005

Royal Institute of Technology

Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f

Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
ftp://ftp.pdc.kth.se/
pub/heimdal/src/
heimdal-0.6.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-24.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/
h/heimdal/

Currently we are not aware of any exploits for this vulnerability.

Heimdal TelnetD
Remote Buffer Overflow

CAN-2005-2040

High

Secunia Advisory, SA15718,
June 20, 2005

Gentoo Linux Security Advisory, GLSA 200506-
24, June 29, 2005

SUSE Security Announcement, SUSE-SA:2005:040,
July 6, 2005

Debian Security Advisory,
DSA 758-1,
July 18, 2005

Shorewall

Shorewall 2.0.x, 2.2.x, 2.4.x

A vulnerability has been reported due to a failure to properly implement expected firewall rules for MAC address-based filtering, which could let a remote malicious user bypass firewall rules.

Hotfixes available at:
http://www.shorewall.net/

There is no exploit code required.

Shorewall MACLIST Firewall Rules Bypass

CAN-2005-2317

Medium
Secunia Advisory: SA16087,
July 18, 2005

Skype Technologies

Skype (Linux) 1.1.0.20, 1.0.0.7, 1.0.0.1, 0.93.0.3, 0.92.0.12

A vulnerability has been reported in '/tmp/skype_profile.jpg' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files to obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Skype Technologies Skype Insecure Temporary File Creation

CAN-2005-2300

Medium
ZH2005-16SA Advisory,
July 16, 2005

SMS

SMS 1.9.2 m & prior

A vulnerability has been reported in 'contrib/miastoplusa/mpl.sh' due to the insecure creation of 'tmp/request1' and '/tmp/request2,' which could let a malicious user create/overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

SMS Insecure Temporary File Creation

CAN-2005-2311

Medium
Secunia Advisory: SA16038,
July 12, 2005

Softwin

BitDefender Antivirus & Antispam for Linux 1.6.1 & prior

 

A vulnerability has been reported when parsing attachments due to an error, which could let a remote malicious user user bypass certain scanning functions.

The vendor has reportedly issued a patch that is downloaded automatically

There is no exploit code required.

BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers Scanning Bypass

CAN-2005-2298

Medium
Security Tracker Alert ID: 1014495, July 15, 2005

SquirrelMail

SquirrelMail 1.4.0-1.4.5-RC1.

A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/manipulate sensitive information.

Upgrades available at:
http://www.squirrelmail.org/
download.php

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

There is no exploit code required.

SquirrelMail Variable Handling

CAN-2005-2095

High

GulfTech Security Research
Advisory, July 13, 2005

Debian Security Advisory,
DSA 756-1,
July 13, 2005

Sun Micro-systems, Inc.

Solaris 10.0, 9.0 _x86, 9.0

A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges.

Workaround and patch information available at:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101794-1

An exploit script has been published.

Sun Solaris Runtime Linker 'LD_AUDIT' Elevated
Privileges

CAN-2005-2072

High

Security Focus, 14074, June 28, 2005

Sun(sm) Alert Notification, 101794, June 28, 2005

Sun(sm) Alert Notification, 101794, Updated July 12, 13, 15, 2005

Todd Miller

Sudo 1.6-1.6.8, 1.5.6-1.5.9

A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz

OpenBSD:
http://www.openbsd.org/
errata.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/
release/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-535.html

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

OpenBSD:
http://www.openbsd.org/
errata.html

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Todd Miller Sudo
Local Race Condition

CAN-2005-1993

High

Security Focus, 13993, June 20, 2005

Ubuntu Security Notice, USN-142-1, June 21, 2005

Fedora Update Notifications,
FEDORA-2005-
472 & 473,
June 21, 2005

Slackware
Security Advisory, SSA:2005-172-01, June 22, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
103, June 22,
2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.012,
June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0030, June 24, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:036,
June 24, 2005

Turbolinux
Security Advisory,
TLSA-2005-73, June 28, 2005

RedHat Security Advisory,
RHSA-2005:
535-06,
June 29, 2005

Debian Security Advisory, 735-1, July 1, 2005

Conectiva
Linux Announce-ment, CLSA-2005:976,
July 6, 2005

Debian Security Advisory,
DSA 735-2,
July 8, 2005

SGI Security Advisory, 20050702-01-U, July 12, 2005

Wojtek Kaniewski

ekg 2005-06-05 22:03

A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski
EKG Insecure
Temporary File
Creation

CAN-2005-1916

Medium

Secunia Advisory: SA15889,
July 5, 2005

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Wojtek Kaniewski

Eksperymentalny Klient Gadu-Gadu (ekg) 2005-04-11

Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection

CAN-2005-1850
CAN-2005-1851

High
Debian Security Advisory,
DSA 760-1,
July 18, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/

Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml

Mandriva:
http://www.mandriva.
com/security/advisories

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005

Debian Security Advisory, DSA 748-1, July 11, 2005

Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

CaLogic

CaLogic 1.2.2

Multiple remote file include vulnerabilities have been reported due to insufficient sanitization of the 'CLPATH' parameter in various scripts, which could let a remote malicious user include arbitrary files from local/external resources.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CaLogic Multiple Remote File Include

CAN-2005-2321

High Albania Security Clan Advisory, July 18, 2005

Check Point Software

SecuRemote NG with Application Intelligence R54

A vulnerability has been reported which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Check Point SecuRemote NG Local Information Disclosure

CAN-2005-2313

Medium
Security Focus, 14221, July 12, 2005

Cisco Systems

ONS 15216 OADM 2.2.2, 2.0

A remote Denial of Service vulnerability has been reported when specially crafted data is submitted to the telnet management interface.

Update information available at:
www.cisco.com/warp/
public/707/cisco-sa-
20050713-ons.shtml

Currently we are not aware of any exploits for this vulnerability.

Cisco ONS 15216 OADM Telnet Processing Remote Denial of Service

CAN-2005-2279

Low
Cisco Security Advisory, cisco-sa-20050713, July 13, 2005

Clam AntiVirus

ClamaAV 0.x

A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.

Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml

Trustix:
http://http.trustix.org/pub/
trustix/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.
debian.org/pool/
updates/main/c/clamav/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

ClamAV Quantum Decompressor Denial of Service

CAN-2005-2056

Low

Secunia
Advisory, SA15811,
June 24, 2005

Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005

SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Conectiva Linux Announcement, CLSA-2005:973, July 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:113, July 12, 2005

class-1 Web Design

forum 0.24.4, 0.23.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'users.php' due to insufficient sanitization of the 'group' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'viewattach.php' due to insufficient sanitization of the 'id' parameter and in 'viewforum.php' due to insufficient sanitization of the 'id' and 'forum' parameters, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Class-1 Forum Cross Site Scripting &SQL Injection

CAN-2005-2322
CAN-2005-2323

High
Secunia Advisory: SA16078, July 14, 2005

Clever Copy

Clever Copy 2.0 a, 2.0

Several vulnerabilities have been reported: Cross-Site Scripting vulnerability has been reported in the 'users.php' script due to insufficient sanitization of the 'viewuser_id' and 'group' variables, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability has been reported due to insufficient validation of user-supplied input to various variables, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Clever Copy Cross-Site Scripting & SQL Injection

CAN-2005-2322
CAN-2005-2323

High
Security Tracker Alert ID: 1014485, July 14, 2005

Dvbbs

Dvbbs 7.1, SP2

A Cross-Site Scripting vulnerability has been reported in 'ShowErr.asp' due to insufficient satiation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DVBBS ShowErr.ASP Cross-Site Scripting

CAN-2005-2318

High
Security Focus, 14223, July 12, 2005

e107.org

e107 website system 0.6 10-0.617

A Cross-Site Scripting vulnerability has been reported due to insufficient filtering of HTML code from BBCode URL tags, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

e107 BBCode URL Tag Input Validation

CAN-2005-2327

High Security Tracker Alert ID: 1014513, July 18, 2005

IBM

IBM Lotus Notes 6.5-6.5.4, 6.0-6.0.5, 5.0.12, 5.0.3

An input validation vulnerability has been reported because HTML and JavaScript attached to received email messages is executed automatically when viewing the email, which could let a remote malicious user execute arbitrary code.

Update information available at:
http://www-1.ibm.com/
support/docview.wss?
uid=swg21211783

A Proof of Concept exploit script has been published.

IBM Lotus Notes Script Execution

CAN-2005-2175

High

Security Focus, 14164, July 6, 2005

Security Focus, 14164, July 14, 2005

 

Invision Power Services

Invision Board 2.1 Alpha2, 2.0-2.0.4, 1.3.1 Final, 1.3, 1.3 Final

An SQL injection vulnerability has been reported in the 'Login.php' script due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary SQL commands to obtain administrative access.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Invision PowerBoard 'login.php' SQL Injection
High
Hackers Center Security Group
Zinho's Security Advisory, July 16, 2005

Laffer

Laffer 0.3.2 .7, 0.3.2 .6

 

A vulnerability has been reported in the 'IM.PHP' file due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

Upgrades available at:
http://laffer.sourceforge.net/
cgi-bin/g.pl?http://
prdownloads.sourcefo rge.net/
laffer/laffer-0.3.2.8.tgz?download

There is no exploit code required.

Laffer
'IM.PHP' File Include

CAN-2005-2328

High
Security Focus, 14264, July 14, 2005

Macromedia

JRun 4.0, SP1 & 1a, build 61650, ColdFusion MX Enterprise with JRun 6.1, ColdFusion MX Enterprise Multi-Server Edition 7.0

A vulnerability has been reported because the same authentication token may be assigned to two different sessions under high load situations, which could let a remote malicious user access another user's session.

Patches available at:
http://download.macromedia.
com/pub/security/
mpsb05-05.zip

There is no exploit code required.

Macromedia JRun Duplicate Authentication Tokens

CAN-2005-2306

Medium
Macromedia Security Advisory, MPSB05-05, July 14, 2005

Man And Machine Ltd.

Simple Message Board 2.0 beta1

A Cross-Site Scripting vulnerability has been reported in the 'forum.cfm,' 'user.cfm,' 'thread.cfm,' and 'search.cfm' scripts due to insufficient filtering of HTML code from user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Simple Message Cross-Site Scripting

CAN-2005-2299

High
Security Tracker Alert ID: 101449, July 15, 2005

Mozilla

Firefox 0.x, 1.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://www.mozilla.org/
products/firefox/

Gentoo:
tp://security.gentoo.org/
glsa/glsa-200507-14.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Exploits have been published.

High

Secunia Advisory: SA16043, July 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005

Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005

Mozilla.org

Mozilla Browser 1.0-1.0.2, 1.1-1.7.6, Firefox 0.8-0.10.1, 1.0.1, 1.0.2; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2

Multiple vulnerabilities have been reported: a vulnerability was reported in the 'EMBED' tag for non-installed plugins when processing the 'PLUGINSPAGE' attribute due to an input validation error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because blocked popups that are opened through the GUI incorrectly run with 'chrome' privileges, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the global scope of a window or tab are not cleaned properly before navigating to a new web site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the URL of a 'favicons' icon for a web site isn't verified before changed via JavaScript, which could let a remote malicious user execute arbitrary code with elevated privileges; a vulnerability was reported because the search plugin action URL is not properly verified before used to perform a search, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to the way links are opened in a sidebar when using the '_search' target, which could let a remote malicious user execute arbitrary code; several input validation vulnerabilities were reported when handling invalid type parameters passed to 'InstallTrigger' and 'XPInstall' related objects, which could let a remote malicious user execute arbitrary code; and vulnerabilities were reported due to insufficient validation of DOM nodes in certain privileged UI code, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.mozilla.org/
products/firefox/

http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

An exploit script has been published.

High

Mozilla Foundation Security Advisories, 2005-35 -
2005-41,
April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005

Turbolinux Security Advisory,
TLSA-2005-49, April 21, 2005

US-CERT VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

PacketStorm, May 23, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Mozilla

Mozilla 0.x, 1.0-1.6, 1.7.x


Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported in the 'InstallTrigger.install()' function because the callback function is not properly cleared before navigating to a new site, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.mozilla.org/
products/

Currently we are not aware of any exploits for these vulnerabilities.

High
Secunia Advisory: SA16059, July 13, 2005

MRV Communications

In-Reach LX-8000S 3.5 , LX-4000S 3.5, LX-1000S 3.5

A vulnerability has been reported because under certain circumstances the devices fail to verify port-based access controls, which could let a remote malicious user bypass server access controls.

No workaround or patch available at time of publishing.

There is no exploit code required.

MRV Communications In-Reach Console Servers Access Control Bypass

CAN-2005-2329

Medium

Security Focus, 14300, July 18, 2005

Multiple Vendors

Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon K-Meleon 0.9; Netscape 7.2; K-Meleon 0.9

A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information.

The vendor has issued a fix, available via CVS.

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

Slackware:
http://www.mozilla.org
/projects/security/known-
vulnerabilities.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mozilla Suite/Firefox JavaScript Lambda Information Disclosure

CAN-2005-0989

Medium

Security Tracker Alert, 1013635, April 4, 2005

Security Focus, 12988, April 16, 2005

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08,
April 21 & 26, 2005

Turbolinux
Security Advisory, TLSA-2005-49, April 21, 2005

Slackware Security Advisory, SSA:2005-111-04, April 22, 2005

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Multiple Vendors

Squid Web Proxy Cache2.5.
STABLE9 & prior

A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups.

Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
dns_query-4.patch

Trustix:
http://www.trustix.org/
errata/2005/0022/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy DNS Spoofing

CAN-2005-1519

Medium

Security Focus, 13592,
May 11, 2005

Trustix Secure Linux Security Advisory,
2005-0022,
May 13, 2005

Fedora Update Notification,
FEDORA-
2005-373,
May 17, 2005

Ubuntu Security Notice,
USN-129-1
May 18, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

Turbolinux Security Advisory,
TLSA-2005-71, June 28, 2005

SGI Security Advisory, 20050605-01-U, July 12, 2005

Multiple Vendors

Windows XP, Server 2003

Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000

Berbers V5 Release 1.3.6

AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers

An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server.

Updates available: http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

RedHat:
ftp://updates.redhat.com/
enterprise

Microsoft:
http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

AAA:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-145_
RHSA-2005-504.pdf

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-567.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/
updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Microsoft: Bulletin revised to communicate the availability of security updates for Services for UNIX 2.0 and Services for UNIX 2.1. The “Security Update Information” section has also be revised with updated information related to the additional security updates.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Telnet Client Information Disclosure

CAN-2005-1205
CAN-2005-0488

Medium

Microsoft,
MS05-033,
June 14, 2004

US-CERT VU#800829

iD EFENSE Security Advisory, June 14, 2005

Red Hat Security Advisory,
RHSA-2005:
504-00,
June 14, 2005

Microsoft Security Bulletin,
MS05-033 & V1.1,
June 14 & 15, 2005

SUSE Security Summary
Report,
SUSE-SR:2005:016, June 17, 2005

AAA Security Advisory, ASA-2005-145,
June 17, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030,
June 24, 2005

RedHat Security Advisory, RHSA-2005:567-08, July 12, 2005

SGI Security Advisories, 20050605-01-U, 20050702-01-U, & 20050703-01-U, July 12 & 15, 2005

Microsoft Security Bulletin,
MS05-033 V2.0
July 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:119, July 14, 2005

Multiple Vendors

MPlayer 1.0pre6 & prior; Xine 0.9.9-1.0; Peachtree Linux release 1

Several vulnerabilities have been reported: a buffer overflow vulnerability has been reported due to a boundary error when processing lines from RealMedia RTSP streams, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported due to a boundary error when processing stream IDs from Microsoft Media Services MMST streams, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.mplayerhq.hu/
MPlayer/patches/rtsp_
fix_20050415.diff

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-19.xml

Patches available at:
http://cvs.sourceforge.
net/viewcvs.py/xine/
xinelib/src/input/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-27.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for these vulnerabilities.

MPlayer RTSP & MMST Streams Buffer Overflow

CAN-2005-1195

High

Security Tracker Alert,1013771, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-19, April 20, 200

Peachtree Linux Security Notice, PLSN-0003, April 21, 2005

Xine Security Announcement, XSA-2004-8, April 21, 2005

Gentoo Linux Security Advisory, GLSA 200504-27, April 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Slackware Security Advisory, SSA:2005-121-02, May 3, 2005

SUSE Security Summary Report, SUSE-SR:2005:013, May 18, 2005

Turbolinux Security Advisory, TLSA-2005-65, June 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:115, July 12, 2005

Multiple Vendors

See US-CERT VU#222750 for complete list

Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) do not adequately validate ICMP error messages, which could let a remote malicious user cause a Denial of Service.

Cisco:
http://www.cisco.com/warp/
public/707/cisco-sa-
20050412-icmp.shtml

IBM:
ftp://aix.software.ibm.com/
aix/efixes/security/
icmp_efix.tar.Z

RedHat:
http://rhn.redhat.com/errata/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57746-1

ALAXALA: Customers are advised to contact the vendor in regards to obtaining and applying the appropriate update.

HP:
www2.itrc.hp.com/service/
cki/docDisplay.do?docId=
HPSBTU01210

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendor TCP/IP Implementation ICMP Remote Denial of Service

CAN-2004-1060
CAN-2004-0790
CAN-2004-0791

Low

US-CERT VU#222750

Sun(sm) Alert Notification, 57746, April 29, 2005

US-CERT VU#415294

Security Focus, 13124, May 21, 2005

HP Security Bulletin,
HPSBTU01210, July 17, 2005

Multiple Vendors

Squid Web Proxy Cache 2.3, STABLE2, STABLE4-STABLE7, 2.5, STABLE1, STABLE3-STABLE9

A remote Denial of Service vulnerability has been reported when a malicious user prematurely aborts a connection during a PUT or POST request.

Patches available at:
http://www1.uk.squid-
cache.org/Versions/
v2/2.5/bugs/squid-2.5.
STABLE7-post.patch

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.
com/ubuntu/
pool/main/s/squid/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Squid Proxy Aborted Connection Remote Denial of Service

CAN-2005-0718

Low

Security Focus, 13166, April 14, 2005

Turbolinux Security Advisory, TLSA-2005-53, April 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

SGI Security Advisory, 20050605-01-U, July 12, 2005

Multiple Vendors

Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3;
XML-RPC for PHP XML-RPC for PHP 1.1, 1.0.99 .2, 1.0.99, 1.0-1.02; WordPress 1.5-1.5.1 .2, 1.2-1.2.2, 0.71,0.7;
S9Y Serendipity 0.8.1, 0.8 -beta6 Snapshot, 0.8 -beta5 & beta6, 0.8;
PostNuke Development Team PostNuke 0.76 RC4a&b, RC4, 0.75; phpMyFAQ 1.5 RC1-RC4, 1.5 beta1-beta3, 1.5 alpha1&2, 1.4-1.4.8, 1.4;
PEAR XML_RPC 1.3 RC1-RC3, 1.3;
MandrakeSoft Linux Mandrake 10.2 x86_64, 10.2, 10.1 x86_64, 10.1 , 10.0 amd64, 10.0, Corporate Server 3.0 x86_64, 3.0;
Drupal 4.6.1, 4.6, 4.5- 4.5.3

A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.

Drupal:
http://drupal.org/files/
projects/drupal-
4.5.4.tar.gz

Mandriva:
http://www.mandriva.com/
security/advisories

Pear:
http://pear.php.net/get/
XML_RPC-1.3.1.tgz

PhpMyFaq:
http://freshmeat.net/redir/
phpmyfaq/38789/url_zip/
download.php

S9Y Serendipity:
http://prdownloads.
sourceforge.net/php-
blog/serendipity-
0.8.2.tar.gz?d ownload

Trustix:
http://http.trustix.org/
pub/trustix/updates/

WordPress:
http://wordpress.org/
latest.zip

XML-RPC:
http://prdownloads.
sourceforge.net/
phpxmlrpc/
xmlrpc-1.1.1.tgz?download

Xoops:
http://www.xoops.org/
modules/core/
visit.php?cid=3&lid=62

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-01.xml

http://security.gentoo.org/
glsa/glsa-200507-06.xml

http://security.gentoo.org/
glsa/glsa-200507-07.xml

http://security.gentoo.org/
glsa/glsa-200507-15.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Debian:
http://security.debian.org/
pool/updates/main/
d/drupal/

http://security.debian.org/
pool/updates/main/p/
phpgroupware/

http://security.debian.org/
pool/updates/main/e/
egroupware/

SGI:
http://www.sgi.com/
support/security/

SuSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Exploit scripts have been published.

Multiple Vendors XML-RPC for PHP Remote Code Injection

CAN-2005-1921

High

Security Focus, 14088, June 29, 2005

Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005

Fedora Update Notifications,
FEDORA-2005-517 & 518, July 5, 2006

Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005

US-CERT VU#442845

Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005

Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005

SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005

Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005

netPanzer

netPanzer 0.8

A remote Denial of Service vulnerability has been reported due to an error in the network code.

Update available at: http://netpanzer.berlios.de/

A Proof of Concept exploit script has been published.

NetPanzer Remote Denial of Service

CAN-2005-2295

Low
Security Focus, 14257, July 13, 2005

Netscape

Netscape 8.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set as Background' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function because the callback function is not properly cleared before navigating to a new site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the "Set As Wallpaper' option due to insufficient verification of the image URL, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

High
Secunia Advisory: SA16044, July 14, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.

Vendor patch available:
Affix_320_sec.patch
http://affix.sourceforge.net/
affix_320_sec.patch

Affix_212_sec.patch
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/
a/affix/affix

An exploit has been published.

Nokia Affix BTFTP Arbitrary Code Execution

CAN-2005-2250

High

Security Focus, 14230, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/a/affix/affix

There is no exploit code required; however, a Proof of Concept exploit has been published.

Nokia Affix BTSRV/BTOBEX Remote Command Execution

CAN-2005-2277

High

Security Focus, 14232, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Novell

Groupwise 6.5, SP1-SP4

A Cross-Site Scripting vulnerability has been reported in emails due to insufficient sanitization of input passed in <IMG> HTML tags before displaying, which could let a remote malicious user execute arbitrary script code.

The vendor has announced that GroupWise releases dated after July 11, 2005 are not affected.

A Proof of Concept exploit has been published.

Novell GroupWise WebAccess Cross-Site Scripting

CAN-2005-2276

High
Novell Technical Information Document, TID10098301, July 18, 2005

Oracle Corporation

Oracle Application Server 10g,
Oracle Applications 11.x, 11i, Collaboration Suite Release 2, Database 8.x, Database Server 10g, E-Business Suite 11i, Enterprise Manager 10.x, 9.x,
Oracle9i Application Server,
Oracle9i Database Enterprise Edition,
Oracle9i Database Standard Edition

Several vulnerabilities were reported in Oracle Database which could let a remote malicious user cause a Denial of Service or obtain access to the database.

Patch information available at:
http://www.oracle.com/
technology/deploy/
security/pdf/cpujul2005.html

Currently we are not aware of any exploits for these vulnerabilities.

Oracle Products Multiple Unspecified Vulnerabilities
Medium

Oracle Critical Patch Update, July 2005

US-CERT VU#613562

Oracle Corporation

Oracle Reports 10g 9.0.2

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Oracle Reports Server Multiple Cross-Site Scripting
High
Red Base Security Advisory, July 19, 2005

Oracle Corporation

Oracle Reports6i 6.0.8.19, 6.0.8, Reports 9i, Reports 6, Reports 10g 9.0-9.0.4 .3.3

Multiple vulnerabilities have been reported: a vulnerability was reported in 'DESNAME' which could let a malicious user execute arbitrary code; a vulnerability was reported when handling HTTP GET requests due to a failure to restrict access to arbitrary XML files, which could let a malicious user obtain sensitive information; a vulnerability was reported in HTTP GET requests due to a failure to restrict access to parts arbitrary files, which could let a malicious user obtain sensitive information; a vulnerability was reported when a report file is placed in a globally accessible location, which could let a malicious user execute arbitrary commands; and an unauthorized form execution vulnerability was reported, which could let a malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Oracle Reports Multiple Vulnerabilities
High
Red Base Security Advisory, July 19, 2005

osCommerce

osCommerce 2.2 ms2

An information disclosure vulnerability has been reported in 'Update.php,' which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

OSCommerce Update.PHP Information Disclosure

CAN-2005-2330

Medium Security Focus, 14294, July 18, 2005

pample
moose.co.uk

MooseGallery 1.0.2, 1.0.1

A vulnerability has been reported in the 'display.php' script due to insufficient validation of the 'type' parameter, malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MooseGallery 'display.php' Include File

CAN-2005-2331

High
Security Tracker Alert ID: 1014487, July 14, 2005

PHPCounter

PHPCounter 7.2

 

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'EpochPrefix' parameter, which could let a remote malicious user execute arbitrary HTML and script code. It is also possible to obtain the full path to 'prelims.php' by accessing it directly.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPCounter EpochPrefix Cross-Site Scripting & Path Disclosure

CAN-2005-2288

High
Secunia Advisory: SA15816, July 14, 2005

PHPPage
Protect

PHPPage
Protect 1.0 a, 1.0

A Cross-Site Scripting vulnerability has been reported in 'admin.php' and 'login.php' due to insufficient sanitization of the 'username' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

PHPPageProtect Cross-Site Scripting

CAN-2005-2332

High
Secunia Advisory: SA16110, July 19, 2005

PHPsFTPd

PHPsFTPd 0.4, 0.2

A vulnerability has been reported in 'Inc.Login.php' due to an error in the authentication process, which could let a remote malicious user obtain administrative access.

Upgrades available at:
http://prdownloads.
sourceforge.net/phpsftpd/
phpsftpd0.5.zip?download

There is no exploit code required; however, an exploit script has been published.

PHPsFTPd 'Inc.Login.PHP' Elevated Privileges

CAN-2005-2314

High
Secunia Advisory: SA15879, July 14, 2005

PhpXMail

PhpXMail 1.1

A vulnerability has been reported in PhpXMail that could allow a remote malicious user to bypass authentication.

Upgrade available at:
http://prdownloads.
sourceforge.net/phpxmail/
phpxmail1.2.zip?download

There is no exploit code required.

PhpXmail Authentication Bypassing

CAN-2005-2183

Medium

Secunia, Advisory: SA15951, July 7, 2005

Security Focus, 14175, July 14, 2005

PowerDNS

PowerDNS 2.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the LDAP backend due to insufficient validation of user-supplied queries; and a remote Denial of Service vulnerability was reported due to an error when handling requests that are denied recursion.

Update available at:
http://www.powerdns.com/
downloads/

Currently we are not aware of any exploits for these vulnerabilities.

PowerDNS Denials of Service

CAN-2005-2301
CAN-2005-2302

 

Low
Secunia Advisory: SA16111, July 18, 2005

SEO-Board

SEO-Board 1.0

A Cross-SIte Scripting vulnerability has been reported in the 'smilies_popup.php' script due to insufficient sanitization of the 'doc' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SEO-Board
Cross-Site Scripting

CAN-2005-2333

High
Security Tracker Alert ID: 1014509, July 18, 2005

Sophos

Small Business Suite 1.0, PureMessage Anti-Virus 4.6, MailMonitor for SMTP 2.1, 2.0 , MailMonitor for Notes/Domino, Anti-Virus 5.0.1, 3.91, 3.90, 3.78-3.86, 3.4.6

A remote Denial of Service vulnerability has been reported in the 'Extra field length' parameter value in BZIP2 archives due to insufficient validation.

Updates available at:
http://www.sophos.com/
support/updates

Updates may also be automatically applied by customers that are using the EM Library.

A Proof of Concept exploit script has been published.

Sophos Anti-Virus ZIP Archive Remote Denial of Service

CAN-2005-1530

Low
iDEFENSE Security Advisory, July 14, 2005

SPiD

SPiD 1.3.0

A vulnerability has been reported in SPiD that could let remote malicious users include arbitrary files to execute arbitrary code.

Upgrade available at:
http://spid.adnx.net/
spid-1.3.1.zip

There is no exploit code required; however, a Proof of Concept exploit has been published.

SPiD Arbitrary File Inclusion

CAN-2005-2198

High

Security Focus, 14208, July 11, 2005

Security Focus, 14208, July 13, 2005

SquirrelMail

SquirrelMail 1.4.0 through 1.4.4

Multiple vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting attacks.

Upgrade to 1.4.4 and apply patch: http://prdownloads.
sourceforge.net/
squirrelmail/sqm-
144-xss.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-19.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

There is no exploit code required.

SquirrelMail Cross-Site Scripting Vulnerabilities

CAN-2005-1769

High

SquirrelMail Advisory, June 15, 2005

Gentoo Linux Security Advisory, GLSA 200506-19, June 21, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:108, July 1, 2005

Debian Security Advisory , DSA 756-1, July 13, 2005

Sybase Enterprise

eApplication Server 5.2
Sybase Enterprise Application Server 5.0, 5.1, 4.2.5 , 4.2.2, 4.2

A buffer overflow vulnerability has been reported when an overly large JavaScript parameter is submitted to 'TreeAction.do' in '/WebConsole/,' which could let a remote malicious user execute arbitrary code.

Patch information available at:
http://www.sybase.com/
detail?id=1036742

Currently we are not aware of any exploits for this vulnerability.

Sybase EAServer Remote Buffer Overflow

CAN-2005-2297

High
SPI Dynamics Advisory, July 15, 2005

Web Site Engineering GmbH

Web-Portal-System 0.7

A vulnerability was reported in 'wps_shop.cgi' due to insufficient sanitization of the 'art' parameter before using in an 'open()' call, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

WPS 'Wps_shop.CGI' Remote Command Execution

CAN-2005-2290

High
Secunia Advisory: SA15780,July 14, 2005

Y.SAK

Y.SAK scripts

 

A vulnerability has been reported in the 'w_s3mbfm.cgi,' 'w_s3adix.cgi,' and 'w_s3sbfm.cgi' scripts due to insufficient validation of the 'no' parameter before using in an open() function call, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Y.SAK Scripts Input Validation

CAN-2005-2334

High
Security Tracker Alert ID: 1014502, July 17, 2005

Yawp

Yawp 1.0.6

A vulnerability has been reported in the '_Yawp[conf_path]' parameter due to insufficient verification before used to include files, which could let a local/remote malicious user include arbitrary files.

Upgrade available at:
http://phpyawp.com/
Yawp-1.1.0.tgz

There is no exploit code required.

Yawp '_Yawp[conf_
path]' Remote File Include

CAN-2005-2319

High
Security Focus, 14237, July 13, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Nothing significant to report.

Wireless Vulnerabilities

  • Belkin Wireless Router Grants Administrative Access: A vulnerability has been reported in the belkin54g series because a telnet management access port is enabled by default, which could let a remote malicious user obtain administrative access.
  • bluetest.pl.txt: A hacking bluetooth utility. See Script/Technique Table entry below.
  • Nokia Affix BTFTP Arbitrary Code Execution: A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.
  • Nokia Affix BTSRV/BTOBEX Remote Command Execution: A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.
  • weplab-0.1.5.tar.gz: A tool that can review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are included. See Script/Technique Table entry below.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
July 19, 2006 MDAEMON_bof.pl
No
Proof of Concept exploit for the Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow vulnerability.
July 19, 2006 MDAEMON_CREATE_bof.pl
No
Proof of Concept exploit for the Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow vulnerability.
July 19, 2006 weplab-0.1.5.tar.gz
N/A
A tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available, so it can measure the effectiveness and minimum requirements of each one. Currently, weplab supports several methods, and it is able to crack the WEP key from 600,000 encrypted packets.
July 19, 2005 nessuswc-v1.2.tar.gz
N/A
A simple HTTP Web interface to the Nessus Security Scanner that connects to local or remote Nessus version 2 daemons via SSL (using OpenSSL libraries), retrieves the plugins, configures a scan for a single target host, and saves the results in HTML format.
July 18, 2005 SIP_NOTIFY_POC.pl
No
Exploit for the Cisco 7940/7960 SIP Packet Spoofing vulnerability.
July 17, 2005 invpb-cookie.pl
No
Proof of Concept exploit for the Invision PowerBoard 'login.php' SQL Injection vulnerability.
July 15, 2005 bluetest.pl.txt
N/A
Small data extraction utility that is designed for bluetooth hacking.
July 15, 2005 browserRender.txt
N/A
A write-up regarding possible code execution vulnerabilities in Microsoft Internet Explorer due to problems with image decompression and parsing.
July 15, 2005 cmp_fencepost.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial of Service vulnerability.
July 15, 2005 demo.mp3
No
Proof of Concept exploit for the Winamp MP3 ID3v2 Tag Buffer Overflow vulnerability.
July 15, 2005 mfsa2005-49exploit.txt
Yes
Exploit for the Mozilla Firefox data: URLs remote script injection vulnerability.
July 15, 2005 mfsa2005-55exploit.txt
mfsa2005-47exploit.txt
Yes
Exploits for the Mozilla Firefox and Suite setWallpaper() remote code execution vulnerability.
July 15, 2005 mov_fencepost.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering Buffer Overflow vulnerability.
July 15, 2005 oom_dos.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial of Service vulnerability.
July 15, 2005 oom_dos.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial of Service vulnerability.
July 15, 2005 tcprst.c
Yes
Exploit for the TCP/IP Remote Code Execution and Denial of Service Vulnerabilities.
July 14, 2005 CORE-2005-0629.txt
Yes
Proof of Concept python exploit for the MailEnable IMAP SELECT Request Buffer Overflow vulnerability.
July 14, 2005 hexbzip2.txt
Yes
Proof of Concept exploit for the Sophos Anti-Virus ZIP Archive Remote Denial of Service vulnerability.
July 14, 2005 netman_dos.c
netmandos.cpp
No
Exploits for the Microsoft Windows Network Connections Manager Library Local Denial of Service vulnerability.
July 14, 2005 remote_contorl_dos.pl
No
Proof of Concept exploit for the DG Remote Control Server Remote Denial of Service vulnerability.
July 13, 2005 mailenable.py
Yes
Proof of Concept Denial of Service exploit for the MailEnable IMAP SELECT Request Buffer Overflow vulnerability.
July 13, 2005 panzone.zip
Yes
Proof of Concept exploit for the NetPanzer Remote Denial of Service vulnerability.
July 13, 2005 PHPsFTPd_exp.c
No
Exploit for the PHPsFTPd Inc.Login.PHP Elevated Privileges vulnerability.
July 13, 2005 wms_poc.pl.txt No Proof of Concept exploit for SoftiaCom's WMailserver Information Disclosure vulnerability.
July 13, 2005 xmlrpc.py.txt Yes Exploit for the Pear XML-RPC Library PHP Remote Code Injection vulnerability.
July 13, 2005 xmlrpcGeneric.txt Yes Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.

[back to top]

Trends
  • Phishers Up Ante With 5x Spike In Trojans: According to Websense, a security vendor, a massive increase in the number of Trojan horses and Trojan horse downloaders, as well as a corresponding jump in the number of malicious sites, over the last three weeks means that a new, large-scale, coordinated phishing campaign is being waged by criminals. In July alone, there have been more than a thousand different sites that are hosting this malicious code, and more than 100 unique Trojans. Source: http://www.securitypipeline.com/showArticle.jhtml?articleId=166400034.
  • VoIPong - VOIP Sniffer: This is a utility that detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to separate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. On a 45 Mbit/sec actual network traffic, it's been verified that VoIPong successfully detected all VoIP gateways and the VoIP calls. Source: http://www.cwalsh.org/isnd/archives/000741.html.
  • Exploits for Vulnerabilities in Mozilla: US-CERT is aware of several new Mozilla Suite and Mozilla Firefox vulnerabilities, some of which have public exploits available. US-CERT encourages Firefox users to upgrade to version 1.0.5 as soon as possible and Mozilla Suite users to upgrade to version 1.7.9 when available. Source: http://www.us-cert.gov/current/.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P
Win 32 Worm Slight Increase March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Zafi-D Win 32 Worm Increase December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
3 Mytob.c Win 32 Worm Decrease March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
4 Netsky-Q Win 32 Worm Slight Decrease March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
4 Mytob-BE Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Lovgate.w Win 32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
6 Netsky-Z Win 32 Worm Increase April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
6 Mytob-AS Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
9 Netsky-D Win 32 Worm Decrease March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
10 Mytob-EP Win 32 Worm New June 2005 Another slight variant of the mass-mailing worm that utilizes an IRC backdoor and LSASS vulnerability to propagate. Also propagates by email, harvesting addresses from the Windows address book.

Table Updated July 16, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • Nothing significant to report.

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Alt-N Technologies

MDaemon 8.0.3

An IMAP authentication vulnerability has been reported in MDaemon that could let remote malicious user cause a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Alt-N Technologies MDaemon Denial of Service Low Secunia Advisory: SA16097
July 19, 2005

Apple

Darwin Streaming Server 5.5

A vulnerability has been reported in Darwin Streaming Server that could let remote malicious users cause a Denial of Service. Note: Only windows 2000/ 2003 should be effected.

Upgrade to version 5.5.1:
http://developer.apple.com/
darwin/projects/streaming/

There is no exploit code required.

Apple Darwin Streaming Server Denial of Service

CAN-2005-2195

Low
Security Tracker Alert ID: 1014474, July 13, 2005

ASPNuke

ASPNuke 0.80

A vulnerability has been reported in ASPNuke ('Comment_Post.asp') that could let remote malicious users perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASPNuke Cross-Site Scripting High Security Focus, 14226, July 12, 2005

DG Remote Control Server

DG Remote Control Server 1.6.2

A vulnerability has been reported in DG Remote Control Server that could let a remote malicious user perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DG Remote Control Server Denial of Service

CAN-2005-2305

Low
Security Focus, 14263, July 14, 2005

DZSoft

DZPhp Editor 3.1.2.8

A buffer overflow vulnerability has been reported in DZPhp Editor that could let remote malicious users to cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

DzSoft PHP Editor Denial of Service
Low Security Tracker Alert ID: 1014507, July 18, 2005

ESi

WebEOC

Multiple vulnerabilities have been reported in WebEOC that could let remote malicious users perform a Denial of Service or obtain elevated privileges.

Upgrade to version 6.0.2:
http://www.esi911.com/esi/
products/webeoc.shtml

There is no exploit code required.

WebEOC Multiple Vulnerabilities

CAN-2005-2281
CAN-2005-2282
CAN-2005-2283
CAN-2005-2284
CAN-2005-2285
CAN-2005-2286

Medium

Security Focus, 14249, July 13, 2005

US CERT Vulnerability Notes,VU#
170394, 388282,
258834, 165290,
372797, 138538,
491770, 956762

Hosting Controller

Hosting Controller 6.1

Multiple vulnerabilities have been reported in Hosting Controller that could let remote malicious users inject SQL commands or execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hosting Controller Multiple Vulnerabilities

High

Security Tracker Alert ID: 1014468, July 13, 2005, 1014477,
July 14, 2005, 1014496,
July 16, 2005, 1014501,
July 17, 2005

MailEnable

MailEnable Professional 1.5

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.

Vendor Hotfix available:
http://www.mailenable.com/
hotfix/

There is no exploit code required; however, a Proof of Concept exploit has been published.

MailEnable Arbitrary Code Execution

CAN-2005-2278

High
Secunia Advisory: SA15986, July 13, 2005

Microsoft

Internet Explorer 6.0SP2

Multiple vulnerabilities have been reported in Internet Explorer, JPEG Rendering, that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft Internet Explorer Denial of Service

CAN-2005-2308

Low
Security Focus, 14284, 14285, 14286, July 15, 2005

Microsoft

MSN Messenger 9.0, Internet Explorer 6.0

An image ICC profile processing vulnerability has been reported in MSN Messenger/ Internet Explorer that could let malicious users crash applications.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft MSN Messenger / Internet Explorer Application Crash

CAN-2005-2304

Low
Security Focus, 14288, July 16, 2005

Microsoft

Window Kernel

A vulnerability has been reported in the Windows Kernel that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Kernel Denial Of Service

CAN-2005-2303

Low
Security Focus, 14259, July 12, 2005

Microsoft

Windows (2000, Server 2003, XP)

A vulnerability has been reported in Windows Remote Desktop Protocol that could let a remote malicious user cause a Denial of Service.

Workarounds available:
http://www.microsoft.com/
technet/security/advisory/
904797.mspx

No exploit code required.

Microsoft Windows Remote Desktop Denial of Service

CAN-2005-2303

Low
Microsoft Security Advisory 904797, July 16, 2005

Microsoft

Windows Connections Manager Library

A vulnerability has been reported in Windows Connections Manager Library that could let local malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

Microsoft Windows Network Connections Manager Library Denial of Service

CAN-2005-2307

Low
Security Focus, 14260, July 14, 2005

Nullsoft

Winamp 5.091

A buffer overflow vulnerability has been reported in Winamp (ID3V2 tag processing) that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Winamp Arbitrary Code Execution

CAN-2005-2310

High
Security Tracker Alert ID: 1014483, July 14, 2005

Small HTTP Server

Small HTTP Server 3.05.28

An FTP Service vulnerability has been reported in Small Http Server that could let remote malicious users write to arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Small HTTP Server Arbitrary File Writing
Medium Security Tracker Alert ID: 1014506, July 18, 2005

SSH Communications Security

SSH Secure Shell and Tectia Server 4.3.1

A host key disclosure vulnerability has been reported in SSH Secure Shell and SSH Tectia Server that could let local/ remote malicious users pretend to be other servers.

Update to version 4.3.2,
http://www.ssh.com/support/
downloads/tectia-server/
updates-and-packages-4-3.html

There is no exploit code required.

SSH Secure Shell and Tectia Server Key Disclosure

CAN-2005-2146

Medium

SSH Vulnerability Notification, RQ #11775, June 30, 2005

US CERT VU#973635

ToCA

Race Driver 1.2

A buffer overflow vulnerability has been reported in Race Driver that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ToCA Race Driver Arbitrary Code Execution
High Security Focus, 14304, July 18, 2005

Virtual Programming

VP-ASP 4.0, 4.5, 5.0

Multiple vulnerabilities have been reported in VP-ASP that could let remote malicious users perform SQL injection attacks.

Vendor fix available:
http://www.vpasp.com
/virtprog/info/faq_
securityfixes.htm

There is no exploit code required.

VP-ASP SQL Injection
High Security Focus, 14295, 14305, 14306, July 18, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat Reader (UNIX) 5.0.10, 5.0.9

A buffer overflow vulnerability has been reported in the 'UnixAppOpenFilePerform()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
www.adobe.com/products/
acrobat/readstep2.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-575.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-09.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Adobe Acrobat Reader UnixAppOpen
FilePerform
Buffer Overflow

CAN-2005-1625

High

Adobe Security Advisory,
July 5, 2005

RedHat Security Advisory,
RHSA-2005:
575-11,
July 8, 2005

Gentoo Linux Security
Advisory,
GLSA 200507
-09, July 11,
2005

SUSE
Security Announce-
ment, SUSE-SA:2005:042,
July 14, 2005

Apple

Mac OS X 10.4.1, 10.4, 10.3.3 -10.3.9

A vulnerability has been reported because mobile users with the original AirPort card enabled could automatically connect to a malicious network. Note: This issue does not affect AirPort Extreme.

Updates available at:
http://www.apple.com/
support/downloads/

There is no exploit code required.

Apple Mac OS X AirPort Card Automatic
Network Association

CAN-2005-2196

High
Apple Security Advisory,
APPLE-SA-
2005-07-19,
July 19, 2005

Apple

Mac OS X Server 10.4.1, 10.4, Mac OS X 10.4.1, 10.4

Several vulnerabilities have been reported: a vulnerability was reported due to an error in the Dashboard, which could let a remote malicious user install widgets with the same internal identifier (CFBundleIdentifier) as an Apple-supplied widgets thereby replacing it; and a remote Denial of Service vulnerability has been reported due to a NULL pointer dereference error in the TCP/IP implementation.

Upgrades available at:
http://www.apple.com/support/
downloads/macosxserver
1042combo.html

Currently we are not aware of any exploits for these vulnerabilities.

Apple Mac
OS X Vulnerabilities

CAN-2005-1933
CAN-2005-2194

Medium
Apple Security Advisory,
APPLE-SA-
2005-07-12,
July 12, 2005

bzip2

bzip2 1.0.2

A remote Denial of Service vulnerability has been reported when the application processes malformed archives.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.008
-openpkg.html

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-474.html

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:14/bzip2.patch

Conectiva:
ftp://atualizacoes.
conectiva. com.br/

Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/

SGI:
http://www.sgi.com/
support/security/

Currently we are not aware of any exploits for this vulnerability.

bzip2 Remote Denial of Service

CAN-2005-1260

Low

Ubuntu Security Notice,
USN-127-1,
May 17, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
091, May 19,
2005

Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005

SUSE Security Summary
Report, SUSE-SR:2005:015,
June 7, 2005

OpenPKG
Security
Advisory, OpenPKG-
SA-2005.008,
June 10, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

FreeBSD
Security
Advisory,
FreeBSD-SA-05:14, June 29, 2005

Conectiva
Linux Announce
-ment, CLSA-2005:972,
July 6, 2005

Debian
Security Advisory,
DSA 741-1,
July 7, 2005

SGI Security Advisory, 20050605
-01-U,
July 12, 2005

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.008-
openpkg.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:14/bzip2.patch

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

BZip2 File Permission Modification

CAN-2005-0953

Medium

Security
Focus,
12954,
March 31, 2005

Ubuntu Security Notice,
USN-127-1,
May 17, 2005

Mandriva Linux Security
Update
Advisory,
MDKSA-2005:
091, May 19,
2005

Debian Security Advisory,
DSA 730-1,
May 27, 2005

Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005

OpenPKG
Security
Advisory, OpenPKG-SA-2005.008,
June 10, 2005

RedHat
Security Advisory,
RHSA-2005
:474-15,
June 16, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:14, June 29, 2005

Conectiva Linux Announce
-ment, CLSA-2005:972,
July 6, 2005

SGI Security Advisory, 20050605-
01-U, July 12, 2005

Centericq

Centericq 4.20

A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/c/
centericq/

There is no exploit code required.

CenterICQ
Insecure
Temporary File

CAN-2005-1914

Medium

Security
Focus, 14144,
July 5, 2005

Debian
Security
Advisory,
DSA 754-1,
July 13, 2005

Easy Software Products

CUPS prior to 1.1.21rc1

A vulnerability has been reported in incoming print jobs due to a failure to properly apply ACLs (Access Control List), which could let a remote malicious user bypass ACLs.

Upgrades available at: http://www.cups.org/
software.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-571.html

There is no exploit code required.

Easy Software Products CUPS Access Control
List Bypass

CAN-2004-2154

Medium

Security
Tracker Alert ID: 1014482,
July 14, 2005

RedHat
Security Advisory,
RHSA-2005:
571-06,
July 14, 2005

FreeRADIUS Server
Project

FreeRADIUS 1.0.2

Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

FreeRadius 'rlm_sql.c' SQL Injection & Buffer Overflow

CAN-2005-1454
CAN-2005-1455

High

Security
Tracker Alert ID: 1013909,
May 6, 2005

Gentoo Linux Security
Advisory,
GLSA
200505-13,
May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Security Focus, 13541,
June 10, 2005

RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005

SGI Security Advisory, 20050606-
01-U, J
uly 12, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gedit/

An exploit has been published.

Gedit Filename Format String

CAN-2005-1686

High

Securiteam,
May 22, 2005

Ubuntu Security Notice,
USN-138-1,
June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09,
June 11, 2005

RedHat Security Advisory,
RHSA-2005:499-05, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:102,
June 16, 2005

Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005

SGI Security Advisory, 20050603-
01-U, June 23, 2005

Debian Security Advisory,
DSA 753-1,
July 12, 2005

GNU

cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6

A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

CPIO CHMod File Permission Modification

CAN-2005-1111

Medium

Bugtraq, 395703,
April 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005

GNU

cpio 2.6

A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Mandriva:
http://www.mandriva.com/
security/advisories

A Proof of Concept exploit has been published.

CPIO Directory Traversal

CAN-2005-1229

 

Medium

Bugtraq,
396429, April 20, 2005

Gentoo Linux Security Advisory, GLSA
200506-16, June 20, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-
0030, June 24, 2005

Mandriva Linux Security Update Advisory, MDKSA2005:
116, July 12, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml

OpenPKG:
ftp://ftp.openpkg.org/
release/2.3

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-564.html

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

GNU shtool Insecure
Temporary File Creation

CAN-2005-1751

Medium

Secunia Advisory, SA15496,
May 25, 2005

Gentoo Linux Security Advisory, GLSA 200506
-08, June 11, 200

OpenPKG
Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

GNU

Gaim prior to 1.1.4

A vulnerability exists in the processing of HTML that could let a remote malicious user crash the Gaim client. This is due to a NULL pointer dereference.

Update to version 1.1.4:
http://gaim.sourceforge.net/
downloads.php

Ubuntu:
http://www.ubuntulinux.org/
support/
documentation/
usn/usn-85-1

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-03.xml

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-215.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Peachtree:
http://peachtree.burdell.org/
updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

GNU Gaim
Denial of Service Vulnerability

CAN-2005-0208

Low

Sourceforge.net Gaim
Vulnerability Note, February 24,
2005

US-CERT VU#795812

Gentoo, GLSA 200503-03,
March 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:049, March 4, 2005

RedHat Security Advisory,
RHSA-2005:215-11, March 10, 2005

Conectiva Linux Security Announce-ment, CLA-2005:933,
March 14, 2005

Peachtree
Linux Security Notice,
PLSN-0002,
April 21, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CAN-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Hewlett Packard Company

HP-UX B.11.23, B.11.22, B.11.11, B.11.04, B.11.00

A remote Denial of Service vulnerability has been reported in the Path MTU Discovery (PMTUD) functionality that is supported in the ICMP protocol.

Patches available at:
http://www1.itrc.hp.com/service/
cki/docDisplay.do?docId= HPSBUX01137

Revision 2: The binary files of HPSBUX01164 will resolve the issue for the core TCP/IP in B.11.11, B.11.22, and B.11.23. The binary files of HPSBUX01164 will resolve NOT resolve the issue for IPSec. B.11.00 and B.11.04 are NOT vulnerable. The recommended workaround is to modify /etc/rc.config.d/nddconf and reboot.

Rev 3: PHNE_33159 is available for B.11.11.

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-160.pdf

Rev 4: PHNE_32606 is available for B.11.23.

Currently we are not aware of any exploits for this vulnerability.

HP-UX ICMP
PMTUD Remote Denial of Service

CAN-2005-1192

Low

Hewlett Packard Company
Security Advisory, HPSBUX
01137,
April 24, 2005

Hewlett Packard Company
Security
Advisory,
HPSBUX
01137:
SSRT5954 rev.1, May 25, 2005

Hewlett Packard Company
Security Advisory,
HPSBUX
01137:
SSRT5954 rev.2, June 1, 2005

Avaya Security Bulletin,
ASA-2005-160, July 15, 2005

HP Security Bulletin, HPSBUX0
1137 rev 4,
July 19, 2005

High Availability Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium

Secunia Advisory: SA16039,
July 12, 2005

Debian Security Advisory,
DSA 761-1,
July 19, 2005

ImageMagick

ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0 , 5.4.8, 5.5.3 .2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0, 6.0.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported in the decoder due to a failure to handle malformed TIFF tags; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed TIFF images; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed PSD files; and a buffer overflow vulnerability has been reported in the SGI parser, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.imagemagick.org/
script/download.php?

SuSE:
ftp://ftp.suse.com/pub/suse

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-070.html

Debian:
http://security.debian.org/
pool/updates/main/i/
imagemagick/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

ImageMagick
Multiple Remote Vulnerabilities

CAN-2005-0759
CAN-2005-0760
CAN-2005-0761
CAN-2005-0762

High

Security Tracker
Alert, 1013550,
March 24, 2005

Debian Security Advisory,
DSA 702-1,
April 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:
065, April 3, 2005

Turbolinux Security Advisory,
TLSA-2005-47, April 19, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

ImageMagick

ImageMagick 6.x

A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code.

Update available at:
http://www.imagemagick.org/
www/download.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-26.xml

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-37.xm
l

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick Photoshop Document Buffer Overflow

CAN-2005-0005

High

iDEFENSE
Security Advisory, January 17,
2005

Ubuntu Security Notice, USN-62-1, January 18,
2005

Debian Security Advisory,
DSA 646-1,
January 19, 2005

Gentoo Linux Security Advisory, GLSA 200501-26, January 20, 2005

Gentoo Linux Security
Advisory,
GLSA 200501-37,
January 26,
2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:
065, April 3,
2005

Turbolinux
Security Advisory,
TLSA-2005-47, April 19, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

ImageMagick

ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8

A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://sourceforge.net
/project/showfiles.
php?group_id=24099

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-11.xml

Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/

SUSE:
ftp://ftp.SUSE.com/pub
/SUSE/i386/update/

Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:143

(Red Hat has re-issued it's update.)
http://rhn.redhat.com/
errata/RHSA-2004-480.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick Remote EXIF Parsing Buffer Overflow

CAN-2004-0827
CAN-2004-0981

High

Security Tracker Alert ID,
1011946,
October 26, 2004

Gentoo Linux Security Advisory, GLSA 200411-11:01,
November 6,
2004

Debian Security Advisory
DSA 593-1, November 16, 2004

SUSE Security Announcement, SUSE-SA:2004:041, November
17, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November
24, 2004

Mandrakesoft Security Advisory, MDKSA-2004:
143, December 6, 2004

Red Hat Security Advisory,
RHSA-2004:636-03, December 8,
2004

Turbolinux
Security Advisory, TLSA-2005-7, January 26,
2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

John Bradley

XV 3.10 a

Multiple vulnerabilities have been reported:a buffer overflow vulnerability was reported in the PDS image decoder when processing comments, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the TIFF and PDS image decoders due to format string errors, which could let a remote malicious execute arbitrary code; a vulnerability was reported due to an input validation error when handling filenames, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-17.xml

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

There is no exploit code required.

John Bradley XV Multiple
Vulnerabilities
High

Secunia Advisory,
SA14977,
April 19, 2005

Gentoo Linux Security Advisory, GLSA 200504-
17, April 19, 2005

Slackware Security
Advisory, SSA:2005-
195-02,
July 15, 2005

John Bradley

XV 3.10 a

A format string vulnerability exists in a formatted printing function due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-09.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Currently we are not aware of any exploits for this vulnerability.

XV File Name Handling Remote Format String

CAN-2005-0665

High

Gentoo Linux Security
Advisory, GLSA
200503-09,
March 4, 2005

SUSE Security Summary
Report, SUSE-SR:2005:008, March 18, 2005

Slackware Security
Advisory, SSA:2005-
195-02,
July 15, 2005

KDE

KDE 3.4, 3.3-3.3.2, 3.2-3.2.3

A vulnerability has been reported in KDE Kate and KWrite because backup files are created with default permissions even if the original file had more restrictive permissions set, which could let a local/remote malicious user obtain sensitive information.

Patches available at: ftp://ftp.kde.org/pub/kde/
security_patches/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

There is no exploit code required.

KDE Kate,
KWrite Local Backup File Information Disclosure

CAN-2005-1920

Medium

Security Tracker Alert ID: 1014512, July 18, 2005

Fedora Update Notification,
FEDORA-2005-594, July 19, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-06.xml

Mandriva:
http://www.mandriva.com/
security/advisories

IPCop:
http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:10/tcpdump.patch

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Exploit scripts have been published.

LBL TCPDump Remote Denials of Service

CAN-2005-1278
CAN-2005-1279

CAN-2005-1280

Low

Bugtraq,
396932,
April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3,
2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005

Ubuntu Security Notice,
USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005

Avaya Security Advisory,
ASA-2005-137, June 13, 2005

Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Leafnode

Leafnode 1.11.2, 1.11.1, 1.9.47-1.9.29-1.9.31, 1.9.19-1.9.27

A remote Denial of Service vulnerability has been reported in the fetchnews program (the NNTP client) due to a failure to handle network delays.

Upgrades available at:
http://sourceforge.net
/project/showfiles.php?
group_id=57767

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Leafnode Remote Denial of Service

CAN-2005-1911

Low

leafnode-SA-2005:02,
June 8, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
114, July 12,
2005

Leafnode

Leafnode 1.9.48- 1.9.50, 1.11.1

A remote Denial of Service vulnerability has been reported in the fetchnews program when reading an article header or an article body.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=57767
&package_id=53446&
release_id=325112

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Leafnode fetchnews Remote Denial of Service

CAN-2005-1453

Low

Securiteam,
May 5, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
114, July 12, 2005

LibTIFF

LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1

A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/

SuSE:
ftp://ftp.suse.com/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/main/t/tiff/

Currently we are not aware of any exploits for this vulnerability.

LibTIFF TIFFOpen Remote Buffer Overflow

CAN-2005-1544
CAN-2005-1472

High

Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005

Ubuntu Security Notice,
USN-130-1, May 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:014,
June 7, 2005

Turbolinux
Security Advisory, TLSA-2005-72, June 28, 2005

Debian Security Advisory, DSA 755-1, July 13, 2005

Mozilla

Bugzilla 2.18.2

 

A vulnerability has been reported in Bugzilla that could let remote malicious users disclose private summaries or modify flags.

Vendor fix available:
http://www.bugzilla.org/
download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-12.xml

There is no exploit code required.

Bugzilla Private Summary Disclosure or Flag Modification

CAN-2005-2173
CAN-2005-2174

Medium

Security Tracker, Alert ID: 1014428, July 8, 2005

Gentoo Linux Security
Advisory, GLSA 200507-12,
July 13, 2005

Multiple Vendors

OpenLDAP 2.1.25; Padl Software pam_ldap Builds 166, 85, 202, 199, 198, 194, 183-192, 181, 180, 173, 172, 122, 121, 113, 107, 105

A vulnerability has been reported in OpenLDAP, 'pam_ldap,' and 'nss_ldap' when a connection to a slave is established using TLS and the client is referred to a master, which could let a remote malicious user obtain sensitive information.

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-13.xml

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Multiple Vendors TLS Plaintext Password

CAN-2005-2069

Medium

Trustix Secure
Linux Advisory, TSLSA-2005-
0031, July 1, 2005

Gentoo Linux Security
Advisory, GLSA 200507-13,
July 14, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
121, July 19, 2005

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

A buffer overflow vulnerability has been reported due to a failure to properly validate user-supplied string lengths before copying into static process buffers, which could let a remote malicious user cause a Denial of Service.

Upgrades available at:
http://www.imagemagick.org/
script/binary-releases.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
i/imagemagick/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-413.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/Server/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

A Proof of Concept exploit has been published.

ImageMagick
Remote Buffer Overflow

CAN-2005-1275

Low

Security Focus, 13351, April 25, 2005

Fedora Update Notification
FEDORA-2005-344,
April 28, 2005

Ubuntu Security Notice,
USN-132-1, May 23, 2005,

RedHat Security Advisory,
RHSA-2005:413-04, May 25, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Trustix Secure
Linux Advisory,
TSLSA-2005-
0031, July 1, 2005

Turbolinux Security Advisory, TLSA-2005-75, July 6, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6

A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.

Update available at:
http://cvs.tcpdump.org/
cgi-bin/cvsweb/
tcpdump/print-bgp.c

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

Slackware:
ftp://ftp.slackware.com/
pub/slackware

A Proof of Concept exploit script has been published.

TCPDump BGP Decoding Routines Denial of Service

CAN-2005-1267

Low

Security Tracker Alert, 1014133, June 8, 2005

Fedora Update Notification,
FEDORA-2005-406, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:101, June 15, 2005

Fedora Update Notification,
FEDORA-2005-407, June 16, 2005

Ubuntu Security Notice,
USN-141-1,
June 21, 2005

Turbolinux
Security Advisory, TLSA-2005-69,
June 22, 2005

Slackware Security
Advisory, SSA:2005-
195-10,
July 15, 2005

Multiple Vendors

Squid Web
Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7

A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
setcookie.patch

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Squid Proxy
Set-Cookie Headers Information Disclosure

CAN-2005-0626

Medium

Secunia Advisory, SA14451,
March 3, 2005

Ubuntu Security
Notice,
USN-93-1
March 08, 2005

Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005

Conectiva Linux Security Announce-
ment, CLA-2005:948,
April 27, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:078, April 29, 2005

RedHat Security Advisory,
RHSA-2005:415-16, June 14, 2005

Turbolinux
Security Advisory, TLSA-2005-71, June 28, 2005

SGI Security Advisory, 20050605-01-U, July 12, 2005

Multiple Vendors

zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.

Debian:
tp://security.debian.org/pool/
updates/main/z/zlib/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:16/zlib.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-05.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenBSD:
http://www.openbsd.org/
errata.html

OpenPKG:
ftp.openpkg.org

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-569.html

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Server/10

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Currently we are not aware of any exploits for this vulnerability.

Zlib Compression Library Buffer Overflow

CAN-2005-2096

High

Debian Security Advisory
DSA 740-1,
July 6, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:16, J
uly 6, 2005

Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005

SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005

Ubuntu Security Notice,
USN-148-1, July 06, 2005

RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005

Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005

Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005

Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005

Fedora Update Notification, FEDORA-2005-565, July 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005


Multiple Vendors

dhcpcd 1.3.22

A vulnerability has been reported in dchpcd that could let a remote user perform a Denial of Service.

Debian:
http://security.debian.org/
pool/updates/main/d/dhcpcd/

Mandriva:
http://www.mandriva.com/
security/advisories

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-16.xml

Currently we are not aware of any exploits for this vulnerability.

dhcpcd Denial of Service

CAN-2005-1848

Low

Secunia, Advisory: SA15982, July 11, 2005

Debian Security Advisory,
DSA 750-1,
July 11, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:117, July 13, 2005

Gentoo Linux Security
Advisory, GLSA 200507-16,
July 15, 2005

Multiple Vendors

Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14

Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

lmlib:
http://cvs.sourceforge.net/
viewcvs.py/enlightenment/
e17/

ImageMagick:
http://www.imagemagick.org/
www/download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-12.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.org/
pool/updates/main/i/
imagemagick/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-465.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE/

TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/
ia32/Desktop/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57648-1
&searchclause=

http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57645-
1&searchclause=

TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-480.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/i

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-636.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for these vulnerabilities.

IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows

CAN-2004-0817
CAN-2004-0802

High

Security Focus, September 1, 2004

Gentoo Linux Security Advisory, GLSA 200409-12,
September
8, 2004

Mandrakelinux Security Update Advisory,
MDKSA-2004:089, September
8, 2004

Fedora Update Notifications,
FEDORA-
2004-300 &301, September
9, 2004

Turbolinux Security Advisory,
TLSA-2004-27, September 15, 2004

RedHat Security Advisory,
RHSA-2004:465-08, September
15, 2004

Debian Security Advisories,
DSA 547-1 & 548-1, September 16, 2004

Conectiva Linux Security
Announcement,
CLA-2004:870, September 28, 2004

Sun(sm) Alert Notifications,
57645 & 57648,
September 20, 2004

Turbolinux Security Announcement,
October 5, 2004

RedHat Security Update, RHSA-2004:480-05,
October 20, 2004

Ubuntu Security
Notice USN-35-1, November
30, 2004

RedHat Security Advisory, RHSA-2004:636-03, December
8, 2004

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

glibc 2.2

A buffer overflow vulnerability exists in the resolver libraries of glibc 2.2.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-586.html

Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:159

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-011_
RHSA-2004-586.pdf

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-155.pdf

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors glibc Buffer Overflow

CAN-2002-0029
CAN-2004-0968

 

Low

SUSE Security Summary Report, SUSE-SR:2004:002, November
30, 2004

Red Hat
RHSA-2004:586-15, December 20, 2004

Mandrakesoft, MDKSA-2004:
159, December
29, 2004

Avaya Security Advisory, ASA-2005-011,
January 14, 2005

Avaya Security Advisory,
ASA-2005-155, July 14, 2005

Multiple Vendors

GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8

Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.

Debian:
http://security.debian.org/
pool/updates/main/
g/gdk-pixbuf/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-28.xml

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedoralegacy
.org/redhat/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101776-1

We are not aware of any exploits for these vulnerabilities.

gdk-pixbug BMP, ICO, and XPM Image Processing Errors

CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788

High

Security Tracker Alert ID,
1011285, September 17, 2004

Gentoo Linux Security Advisory, GLSA 200409-
28, September 21, 2004

US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004

Conectiva
Linux Security Announce-
ment, CLA-2004:875,
October 18, 2004

Fedora Legacy Update Advisory, FLSA:2005, February 24,
2005

Sun(sm) Alert Notification, 101776, June 23, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101776,
Updated
July 13, 2005

Multiple Vendors

Graphics
Magick Graphics
Magick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/Server/

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick & GraphicsMagick XWD Decoder Remote Denial of Service

CAN-2005-1739

Low

Gentoo Linux Security Advisory, GLSA 200505-
16, May 21, 2005

Ubuntu Security Notice,
USN-132-1, May 23, 2005

Fedora Update Notification,
FEDORA-2005-395, May 26, 2005

RedHat Security Advisory,
RHSA-2005:480-03, June 2, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:107, June 28, 2005

Turbolinux
Security Advisory, TLSA-2005-75,
July 6, 2005

Fedora Legacy Update
Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2

A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available at:
http://www.imagemagick.org/
script/downloads.php

Ubuntu:
http://security.ubuntu.com
/ubuntu/pool/main/i/
imagemagick/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-11.xml

SUSE:
ftp://ftp.suse.com/pub/suse/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-320.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.org/
pool/updates/main/
i/imagemagick/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

FedoraLegacy:
http://download.
fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

ImageMagick File Name Handling Remote Format String

CAN-2005-0397

High

Secunia Advisory,
SA14466,
March 4, 2005

Ubuntu Security
Notice,
USN-90-1, March 3, 2004

SUSE Security Announcement,
SUSE-SA:2005:017, March 23, 2005

RedHat Security Advisory,
RHSA-2005:320-10, March 23,
2005

Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005

Debian Security Advisory,
DSA 702-1 ,
April 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-
2005:065, April 3, 2005

Fedora Legacy Update Advisory, FLSA:152777, July 13, 2005

Multiple Vendors

Linux Kernel 2.4, 2.6

A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow.

Patch Available:
http://kernel.org/pub/linux/
kernel/v2.4/testing/
patch-2.4.32-pre1.bz2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Race Condition and Buffer Overflow

CAN-2005-1768

High

Security Focus, 14205, July 11, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

Multiple Vendors

MandrakeSoft Linux Mandrake 10.2 X86_64, 10.2; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0-1.0.2, 1.1.1-1.1.4, 1.2, 1.2.1; Ubuntu Linux 4.1 ppc, ia64, ia32, 5.0 4 powerpc, i386, amd64

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported when handling long URIs due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereference error when handling MSN messages.

Rob Flynn:
http://prdownloads.
sourceforge.net/gaim/
gaim-1.3.0.tar.gz?download

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-429.html

Fedora:
http://download.fedora.
redhat.com/
pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-09.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000964

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

A Proof of Concept exploit script has been published.

Gaim Remote Buffer Overflow & Denial of Service

CAN-2005-1261
CAN-2005-1262

High

 

Fedora Update Notification,
FEDORA-
2005-369,
May 11, 2005

RedHat Security Advisory,
RHSA-2005:429-06, May 11, 2005

Gentoo Linux Security
Advisory, GLSA 200505-09,
May 12, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
086, May 12,
2005

Ubuntu Security Notice,
USN-125-1,
May 12, 2005

Conectiva
Security Advisory, CLSA-2005:964, June 7, 2005

SUSE Security Report, SUSE-SR:2005:015,
June 7,2005

SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005

Multiple Vendors

RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Peachtree Linux release 1

A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled.

Upgrade available at:
http://gaim.sourceforge.net/
downloads.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SGI:
http://www.sgi.com/support/
security/

Peachtree:
http://peachtree.burdell.org/
updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Gaim Jabber File Request Remote Denial of Service

CAN-2005-0967

 

Low

Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005

Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005

RedHat Security Advisory,
RHSA-2005:365-06, April 12, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005
:071, April 14,
2005

SGI Security Advisory, 20050404-01-U, April 20, 2005

Peachtree Linux Security Notice, PLSN-0001,
April 21, 2005

Conectiva Linux Security Announce-ment, CLA-2005:949,
April 27, 2005

Ubuntu Security Notice,
USN-125-1,
May 12, 2005

Slackware
Security Advisory, SSA:2005-
133-01, May 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Multiple Vendors

RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32; Peachtree Linux release 1

Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the
'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code.

Update available at:
http://gaim.sourceforge.net
/downloads.php

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/
security/

Peachtree:
http://peachtree.burdell.org/
updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of Service & IRC Protocol
Plug-in Arbitrary Code Execution

CAN-2005-0965
CAN-2005-0966

High

Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005

Ubuntu Security
Notice,
USN-106-1
April 05, 2005

Gentoo Linux Security
Advisory, GLSA
200504-05,
April 06, 2005

RedHat Security Advisory,
RHSA-2005:
365-06,
April 12, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
071, April 14,
2005

SGI Security Advisory, 20050404-
01-U, April 20,
2005

Peachtree Linux Security Notice, PLSN-0001,
April 21, 2005

Conectiva Linux Security
Announce-
ment, CLA-2005:949,
April 27, 2005

Slackware
Security Advisory, SSA:2005-
133-01,
May 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Multiple Vendors

Turbolinux Turbolinux Server 10.0, 8.0, Desktop 10.0, Turbolinux Home, Appliance Server 1.0 Workgroup Edition, Hosting Edition; Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0; Sun Solaris 10.0 _x86, 10.0, 9.0 _x86 Update 2, 9.0 _x86, 9.0,
Sun SEAM 1.0-1.0.2; SuSE Linux Professional 9.3 x86_64, 9.3, Linux Personal 9.3 x86_64, 9.3;
RedHat Fedora Core3 & 4, Advanced Workstation for the Itanium Processor 2.1; MIT Kerberos 5 5.0 -1.4.1 & prior; Gentoo Linux

 

Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code.

MIT:
http://web.mit.edu/
kerberos/advisories/
2005-002-patch_
1.4.1.txt.asc

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com
/errata/RHSA-2005-
567.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101809-1

SuSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://www.debian.org/
security/2005/dsa-757

Currently we are not aware of any exploits for these vulnerabilities.

Kerberos V5 Multiple Vulnerabilities

CAN-2005-1174
CAN-2005-1175
CAN-2005-1689

High

MIT krb5 Security Advisory,
2005-002,
July 12, 2005

RedHat Security Advisory,
RHSA-2005:567-08, July 12, 2005

Sun(sm) Alert Notification, 101809, July 12, 2005

Fedora Update Notifications,
FEDORA-2005-
552 & 553,
July 12, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Turbolinux
Security Advisory TLSA-2005-78,
July 13, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
119, July 14,
2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0036,
July, 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Debian Security Advisory,
DSA-757-1,
July 17, 2005

US-CERT VU#885830

US-CERT VU#623332

US-CERT VU#259798

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
12694&package_id =
11571&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial Of Service

CAN-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

Net-snmp

Net-snmp 5.x

A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-18.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

There is no exploit code required.

Net-SNMP
Fixprox Insecure Temporary File Creation

CAN-2005-1740

High

Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562,
July 13, 2005

Paul Vixie

Vixie Cron 4.1

A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Vixie Cron
Crontab
Information Disclosure

CAN-2005-1038

Medium

Security Focus, 13024, April 6, 2005

Fedora Update Notification,
FEDORA-2005-320, April 15, 2005

Fedora Update Notifications,
FEDORA-2005-
550 & 551,
July 12, 2005

phpPgAdmin

phpPgAdmin 3.5.3, 3.4.1, 3.1-3.4

A Directory Traversal vulnerability has been reported due to a failure to filter directory traversal sequences from requests to the login form, which could let a remote malicious user obtain sensitive information.

Debian:
http://security.debian.
org/pool/updates/
main/p/phppgadmin/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPPGAdmin Login Form Directory
Traversal

CAN-2005-2256

Medium

Security Focus, 14142,
July 5, 2005

Debian Security Advisory, DSA 759-1, July 18, 2005

Postgrey

Postgrey 1.16-1.18, 0.84-9.87

A format string vulnerability has been reported in the 'server.pm' module in the 'log' subroutine, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Upgrades available at:
http://isg.ee.ethz.ch/tools/
postgrey/pub/
postgrey-1.21.tar.gz

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently, we are not aware of any exploits for this vulnerability.

Postgrey Format String

CAN-2005-1127

High

Secunia Advisory,
SA14958,
April 15, 2005

SUSE Security Summary Report, SUSE-SR:2005:012,
April 29, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Raxnet

Cacti 0.x

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.cacti.net/
download_cacti.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-20.xml

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000978

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

An exploit script has been published.

RaXnet Cacti Multiple Input Validation

CAN-2005-1524
CAN-2005-1525
CAN-2005-1526

High

Secunia
Advisory:
SA15490,
June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-
20, June 22,
2005

Conectiva
Security Advisory, CLSA-2005:978, July 7, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Realnode

Emilda 1.2-1.2.2, 1.1

A vulnerability has been reported in 'management.php' due to insufficient validation of the 'user_id' parameter, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://ftp.realnode.com/pub/
emilda/releases/
emilda-1.2.3.tar.gz

There is no exploit code required.

Emilda 'Management.PHP' Input Validation

CAN-2005-2312

Medium
Security Focus, 14244, July 13, 2005

Rob Flynn

Gaim 1.0-1.0.2, 1.1.1, 1.1.2

Multiple remote Denial of Service vulnerabilities have been reported when a remote malicious ICQ or AIM user submits certain malformed SNAC packets; and a vulnerability exists when parsing malformed HTML data.

Upgrades available at:
http://gaim.sourceforge.net/
downloads.php

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-03.xml

Mandrake:
Http://www.mandrakesecure.
net/en/advisories/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-215.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Peachtree:
http://peachtree.burdell.org/
updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Gaim Multiple Remote Denials of Service

CAN-2005-0472
CAN-2005-0473

Low

Gaim Advisory, February 17,
2005

Fedora Update Notifications,
FEDORA-2005-
159 & 160,
February 21, 2005

US-CERT VU#839280

US-CERT VU#523888

Ubuntu Security Notice, USN-85-1 February 25,
2005

Gentoo Linux Security Advisory, GLSA 200503-
03, March 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:
049,
March 4, 2005

RedHat Security Advisory, RHSA-2005:215-11,
March 10, 2005

Conectiva Linux Security Announcement, CLA-2005:933, March 14, 2005

Peachtree Linux Security Notice, PLSN-0002,
April 21, 2005

Debian Security Advisory,
DSA 716-1,
April 27, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Rob Flynn

Gaim prior to 1.3.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message.

Updates available at:
http://gaim.sourceforge.net
/downloads.php

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-11.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-518.html

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Gaim Remote Denial of Services

CAN-2005-1269
CAN-2005-1934

Low

Secunia Advisory, SA15648,
June 10, 2005

Ubuntu Security Notice USN-139-1, June 10, 2005

Gentoo Linux Security Advisory, GLSA 200506-
11, June 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:099,
June 14, 2005

Fedora Update Notifications,
FEDORA-2005-410, & 411,
June 17, 2005

RedHat Security Advisory, RHSA-2005:518-03,
June 16, 2005

Debian Security Advisory,
DSA 734-1,
July 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005

Royal Institute of Technology

Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f

Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
ftp://ftp.pdc.kth.se/
pub/heimdal/src/
heimdal-0.6.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-24.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/
h/heimdal/

Currently we are not aware of any exploits for this vulnerability.

Heimdal TelnetD
Remote Buffer Overflow

CAN-2005-2040

High

Secunia Advisory, SA15718,
June 20, 2005

Gentoo Linux Security Advisory, GLSA 200506-
24, June 29, 2005

SUSE Security Announcement, SUSE-SA:2005:040,
July 6, 2005

Debian Security Advisory,
DSA 758-1,
July 18, 2005

Shorewall

Shorewall 2.0.x, 2.2.x, 2.4.x

A vulnerability has been reported due to a failure to properly implement expected firewall rules for MAC address-based filtering, which could let a remote malicious user bypass firewall rules.

Hotfixes available at:
http://www.shorewall.net/

There is no exploit code required.

Shorewall MACLIST Firewall Rules Bypass

CAN-2005-2317

Medium
Secunia Advisory: SA16087,
July 18, 2005

Skype Technologies

Skype (Linux) 1.1.0.20, 1.0.0.7, 1.0.0.1, 0.93.0.3, 0.92.0.12

A vulnerability has been reported in '/tmp/skype_profile.jpg' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files to obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Skype Technologies Skype Insecure Temporary File Creation

CAN-2005-2300

Medium
ZH2005-16SA Advisory,
July 16, 2005

SMS

SMS 1.9.2 m & prior

A vulnerability has been reported in 'contrib/miastoplusa/mpl.sh' due to the insecure creation of 'tmp/request1' and '/tmp/request2,' which could let a malicious user create/overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

SMS Insecure Temporary File Creation

CAN-2005-2311

Medium
Secunia Advisory: SA16038,
July 12, 2005

Softwin

BitDefender Antivirus & Antispam for Linux 1.6.1 & prior

 

A vulnerability has been reported when parsing attachments due to an error, which could let a remote malicious user user bypass certain scanning functions.

The vendor has reportedly issued a patch that is downloaded automatically

There is no exploit code required.

BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers Scanning Bypass

CAN-2005-2298

Medium
Security Tracker Alert ID: 1014495, July 15, 2005

SquirrelMail

SquirrelMail 1.4.0-1.4.5-RC1.

A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/manipulate sensitive information.

Upgrades available at:
http://www.squirrelmail.org/
download.php

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

There is no exploit code required.

SquirrelMail Variable Handling

CAN-2005-2095

High

GulfTech Security Research
Advisory, July 13, 2005

Debian Security Advisory,
DSA 756-1,
July 13, 2005

Sun Micro-systems, Inc.

Solaris 10.0, 9.0 _x86, 9.0

A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges.

Workaround and patch information available at:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101794-1

An exploit script has been published.

Sun Solaris Runtime Linker 'LD_AUDIT' Elevated
Privileges

CAN-2005-2072

High

Security Focus, 14074, June 28, 2005

Sun(sm) Alert Notification, 101794, June 28, 2005

Sun(sm) Alert Notification, 101794, Updated July 12, 13, 15, 2005

Todd Miller

Sudo 1.6-1.6.8, 1.5.6-1.5.9

A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz

OpenBSD:
http://www.openbsd.org/
errata.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/
release/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-535.html

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

OpenBSD:
http://www.openbsd.org/
errata.html

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Todd Miller Sudo
Local Race Condition

CAN-2005-1993

High

Security Focus, 13993, June 20, 2005

Ubuntu Security Notice, USN-142-1, June 21, 2005

Fedora Update Notifications,
FEDORA-2005-
472 & 473,
June 21, 2005

Slackware
Security Advisory, SSA:2005-172-01, June 22, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
103, June 22,
2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.012,
June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0030, June 24, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:036,
June 24, 2005

Turbolinux
Security Advisory,
TLSA-2005-73, June 28, 2005

RedHat Security Advisory,
RHSA-2005:
535-06,
June 29, 2005

Debian Security Advisory, 735-1, July 1, 2005

Conectiva
Linux Announce-ment, CLSA-2005:976,
July 6, 2005

Debian Security Advisory,
DSA 735-2,
July 8, 2005

SGI Security Advisory, 20050702-01-U, July 12, 2005

Wojtek Kaniewski

ekg 2005-06-05 22:03

A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski
EKG Insecure
Temporary File
Creation

CAN-2005-1916

Medium

Secunia Advisory: SA15889,
July 5, 2005

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Wojtek Kaniewski

Eksperymentalny Klient Gadu-Gadu (ekg) 2005-04-11

Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection

CAN-2005-1850
CAN-2005-1851

High
Debian Security Advisory,
DSA 760-1,
July 18, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/

Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml

Mandriva:
http://www.mandriva.
com/security/advisories

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005

Debian Security Advisory, DSA 748-1, July 11, 2005

Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

CaLogic

CaLogic 1.2.2

Multiple remote file include vulnerabilities have been reported due to insufficient sanitization of the 'CLPATH' parameter in various scripts, which could let a remote malicious user include arbitrary files from local/external resources.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CaLogic Multiple Remote File Include

CAN-2005-2321

High Albania Security Clan Advisory, July 18, 2005

Check Point Software

SecuRemote NG with Application Intelligence R54

A vulnerability has been reported which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Check Point SecuRemote NG Local Information Disclosure

CAN-2005-2313

Medium
Security Focus, 14221, July 12, 2005

Cisco Systems

ONS 15216 OADM 2.2.2, 2.0

A remote Denial of Service vulnerability has been reported when specially crafted data is submitted to the telnet management interface.

Update information available at:
www.cisco.com/warp/
public/707/cisco-sa-
20050713-ons.shtml

Currently we are not aware of any exploits for this vulnerability.

Cisco ONS 15216 OADM Telnet Processing Remote Denial of Service

CAN-2005-2279

Low
Cisco Security Advisory, cisco-sa-20050713, July 13, 2005

Clam AntiVirus

ClamaAV 0.x

A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.

Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml

Trustix:
http://http.trustix.org/pub/
trustix/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.
debian.org/pool/
updates/main/c/clamav/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

ClamAV Quantum Decompressor Denial of Service

CAN-2005-2056

Low

Secunia
Advisory, SA15811,
June 24, 2005

Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005

SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Conectiva Linux Announcement, CLSA-2005:973, July 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:113, July 12, 2005

class-1 Web Design

forum 0.24.4, 0.23.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'users.php' due to insufficient sanitization of the 'group' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'viewattach.php' due to insufficient sanitization of the 'id' parameter and in 'viewforum.php' due to insufficient sanitization of the 'id' and 'forum' parameters, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Class-1 Forum Cross Site Scripting &SQL Injection

CAN-2005-2322
CAN-2005-2323

High
Secunia Advisory: SA16078, July 14, 2005

Clever Copy

Clever Copy 2.0 a, 2.0

Several vulnerabilities have been reported: Cross-Site Scripting vulnerability has been reported in the 'users.php' script due to insufficient sanitization of the 'viewuser_id' and 'group' variables, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability has been reported due to insufficient validation of user-supplied input to various variables, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Clever Copy Cross-Site Scripting & SQL Injection

CAN-2005-2322
CAN-2005-2323

High
Security Tracker Alert ID: 1014485, July 14, 2005

Dvbbs

Dvbbs 7.1, SP2

A Cross-Site Scripting vulnerability has been reported in 'ShowErr.asp' due to insufficient satiation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DVBBS ShowErr.ASP Cross-Site Scripting

CAN-2005-2318

High
Security Focus, 14223, July 12, 2005

e107.org

e107 website system 0.6 10-0.617

A Cross-Site Scripting vulnerability has been reported due to insufficient filtering of HTML code from BBCode URL tags, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

e107 BBCode URL Tag Input Validation

CAN-2005-2327

High Security Tracker Alert ID: 1014513, July 18, 2005

IBM

IBM Lotus Notes 6.5-6.5.4, 6.0-6.0.5, 5.0.12, 5.0.3

An input validation vulnerability has been reported because HTML and JavaScript attached to received email messages is executed automatically when viewing the email, which could let a remote malicious user execute arbitrary code.

Update information available at:
http://www-1.ibm.com/
support/docview.wss?
uid=swg21211783

A Proof of Concept exploit script has been published.

IBM Lotus Notes Script Execution

CAN-2005-2175

High

Security Focus, 14164, July 6, 2005

Security Focus, 14164, July 14, 2005

 

Invision Power Services

Invision Board 2.1 Alpha2, 2.0-2.0.4, 1.3.1 Final, 1.3, 1.3 Final

An SQL injection vulnerability has been reported in the 'Login.php' script due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary SQL commands to obtain administrative access.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Invision PowerBoard 'login.php' SQL Injection
High
Hackers Center Security Group
Zinho's Security Advisory, July 16, 2005

Laffer

Laffer 0.3.2 .7, 0.3.2 .6

 

A vulnerability has been reported in the 'IM.PHP' file due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

Upgrades available at:
http://laffer.sourceforge.net/
cgi-bin/g.pl?http://
prdownloads.sourcefo rge.net/
laffer/laffer-0.3.2.8.tgz?download

There is no exploit code required.

Laffer
'IM.PHP' File Include

CAN-2005-2328

High
Security Focus, 14264, July 14, 2005

Macromedia

JRun 4.0, SP1 & 1a, build 61650, ColdFusion MX Enterprise with JRun 6.1, ColdFusion MX Enterprise Multi-Server Edition 7.0

A vulnerability has been reported because the same authentication token may be assigned to two different sessions under high load situations, which could let a remote malicious user access another user's session.

Patches available at:
http://download.macromedia.
com/pub/security/
mpsb05-05.zip

There is no exploit code required.

Macromedia JRun Duplicate Authentication Tokens

CAN-2005-2306

Medium
Macromedia Security Advisory, MPSB05-05, July 14, 2005

Man And Machine Ltd.

Simple Message Board 2.0 beta1

A Cross-Site Scripting vulnerability has been reported in the 'forum.cfm,' 'user.cfm,' 'thread.cfm,' and 'search.cfm' scripts due to insufficient filtering of HTML code from user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Simple Message Cross-Site Scripting

CAN-2005-2299

High
Security Tracker Alert ID: 101449, July 15, 2005

Mozilla

Firefox 0.x, 1.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://www.mozilla.org/
products/firefox/

Gentoo:
tp://security.gentoo.org/
glsa/glsa-200507-14.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Exploits have been published.

High

Secunia Advisory: SA16043, July 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005

Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005

Mozilla.org

Mozilla Browser 1.0-1.0.2, 1.1-1.7.6, Firefox 0.8-0.10.1, 1.0.1, 1.0.2; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2

Multiple vulnerabilities have been reported: a vulnerability was reported in the 'EMBED' tag for non-installed plugins when processing the 'PLUGINSPAGE' attribute due to an input validation error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because blocked popups that are opened through the GUI incorrectly run with 'chrome' privileges, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the global scope of a window or tab are not cleaned properly before navigating to a new web site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the URL of a 'favicons' icon for a web site isn't verified before changed via JavaScript, which could let a remote malicious user execute arbitrary code with elevated privileges; a vulnerability was reported because the search plugin action URL is not properly verified before used to perform a search, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to the way links are opened in a sidebar when using the '_search' target, which could let a remote malicious user execute arbitrary code; several input validation vulnerabilities were reported when handling invalid type parameters passed to 'InstallTrigger' and 'XPInstall' related objects, which could let a remote malicious user execute arbitrary code; and vulnerabilities were reported due to insufficient validation of DOM nodes in certain privileged UI code, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.mozilla.org/
products/firefox/

http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

An exploit script has been published.

High

Mozilla Foundation Security Advisories, 2005-35 -
2005-41,
April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005

Turbolinux Security Advisory,
TLSA-2005-49, April 21, 2005

US-CERT VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

PacketStorm, May 23, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Mozilla

Mozilla 0.x, 1.0-1.6, 1.7.x


Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported in the 'InstallTrigger.install()' function because the callback function is not properly cleared before navigating to a new site, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.mozilla.org/
products/

Currently we are not aware of any exploits for these vulnerabilities.

High
Secunia Advisory: SA16059, July 13, 2005

MRV Communications

In-Reach LX-8000S 3.5 , LX-4000S 3.5, LX-1000S 3.5

A vulnerability has been reported because under certain circumstances the devices fail to verify port-based access controls, which could let a remote malicious user bypass server access controls.

No workaround or patch available at time of publishing.

There is no exploit code required.

MRV Communications In-Reach Console Servers Access Control Bypass

CAN-2005-2329

Medium

Security Focus, 14300, July 18, 2005

Multiple Vendors

Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon K-Meleon 0.9; Netscape 7.2; K-Meleon 0.9

A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information.

The vendor has issued a fix, available via CVS.

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

Slackware:
http://www.mozilla.org
/projects/security/known-
vulnerabilities.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mozilla Suite/Firefox JavaScript Lambda Information Disclosure

CAN-2005-0989

Medium

Security Tracker Alert, 1013635, April 4, 2005

Security Focus, 12988, April 16, 2005

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08,
April 21 & 26, 2005

Turbolinux
Security Advisory, TLSA-2005-49, April 21, 2005

Slackware Security Advisory, SSA:2005-111-04, April 22, 2005

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Multiple Vendors

Squid Web Proxy Cache2.5.
STABLE9 & prior

A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups.

Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
dns_query-4.patch

Trustix:
http://www.trustix.org/
errata/2005/0022/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy DNS Spoofing

CAN-2005-1519

Medium

Security Focus, 13592,
May 11, 2005

Trustix Secure Linux Security Advisory,
2005-0022,
May 13, 2005

Fedora Update Notification,
FEDORA-
2005-373,
May 17, 2005

Ubuntu Security Notice,
USN-129-1
May 18, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

Turbolinux Security Advisory,
TLSA-2005-71, June 28, 2005

SGI Security Advisory, 20050605-01-U, July 12, 2005

Multiple Vendors

Windows XP, Server 2003

Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000

Berbers V5 Release 1.3.6

AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers

An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server.

Updates available: http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

RedHat:
ftp://updates.redhat.com/
enterprise

Microsoft:
http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

AAA:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-145_
RHSA-2005-504.pdf

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-567.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/
updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Microsoft: Bulletin revised to communicate the availability of security updates for Services for UNIX 2.0 and Services for UNIX 2.1. The “Security Update Information” section has also be revised with updated information related to the additional security updates.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Telnet Client Information Disclosure

CAN-2005-1205
CAN-2005-0488

Medium

Microsoft,
MS05-033,
June 14, 2004

US-CERT VU#800829

iD EFENSE Security Advisory, June 14, 2005

Red Hat Security Advisory,
RHSA-2005:
504-00,
June 14, 2005

Microsoft Security Bulletin,
MS05-033 & V1.1,
June 14 & 15, 2005

SUSE Security Summary
Report,
SUSE-SR:2005:016, June 17, 2005

AAA Security Advisory, ASA-2005-145,
June 17, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030,
June 24, 2005

RedHat Security Advisory, RHSA-2005:567-08, July 12, 2005

SGI Security Advisories, 20050605-01-U, 20050702-01-U, & 20050703-01-U, July 12 & 15, 2005

Microsoft Security Bulletin,
MS05-033 V2.0
July 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:119, July 14, 2005

Multiple Vendors

MPlayer 1.0pre6 & prior; Xine 0.9.9-1.0; Peachtree Linux release 1

Several vulnerabilities have been reported: a buffer overflow vulnerability has been reported due to a boundary error when processing lines from RealMedia RTSP streams, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported due to a boundary error when processing stream IDs from Microsoft Media Services MMST streams, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.mplayerhq.hu/
MPlayer/patches/rtsp_
fix_20050415.diff

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-19.xml

Patches available at:
http://cvs.sourceforge.
net/viewcvs.py/xine/
xinelib/src/input/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-27.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for these vulnerabilities.

MPlayer RTSP & MMST Streams Buffer Overflow

CAN-2005-1195

High

Security Tracker Alert,1013771, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-19, April 20, 200

Peachtree Linux Security Notice, PLSN-0003, April 21, 2005

Xine Security Announcement, XSA-2004-8, April 21, 2005

Gentoo Linux Security Advisory, GLSA 200504-27, April 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Slackware Security Advisory, SSA:2005-121-02, May 3, 2005

SUSE Security Summary Report, SUSE-SR:2005:013, May 18, 2005

Turbolinux Security Advisory, TLSA-2005-65, June 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:115, July 12, 2005

Multiple Vendors

See US-CERT VU#222750 for complete list

Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) do not adequately validate ICMP error messages, which could let a remote malicious user cause a Denial of Service.

Cisco:
http://www.cisco.com/warp/
public/707/cisco-sa-
20050412-icmp.shtml

IBM:
ftp://aix.software.ibm.com/
aix/efixes/security/
icmp_efix.tar.Z

RedHat:
http://rhn.redhat.com/errata/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57746-1

ALAXALA: Customers are advised to contact the vendor in regards to obtaining and applying the appropriate update.

HP:
www2.itrc.hp.com/service/
cki/docDisplay.do?docId=
HPSBTU01210

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendor TCP/IP Implementation ICMP Remote Denial of Service

CAN-2004-1060
CAN-2004-0790
CAN-2004-0791

Low

US-CERT VU#222750

Sun(sm) Alert Notification, 57746, April 29, 2005

US-CERT VU#415294

Security Focus, 13124, May 21, 2005

HP Security Bulletin,
HPSBTU01210, July 17, 2005

Multiple Vendors

Squid Web Proxy Cache 2.3, STABLE2, STABLE4-STABLE7, 2.5, STABLE1, STABLE3-STABLE9

A remote Denial of Service vulnerability has been reported when a malicious user prematurely aborts a connection during a PUT or POST request.

Patches available at:
http://www1.uk.squid-
cache.org/Versions/
v2/2.5/bugs/squid-2.5.
STABLE7-post.patch

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.
com/ubuntu/
pool/main/s/squid/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

SGI:
http://www.sgi.com/
support/security/

There is no exploit code required.

Squid Proxy Aborted Connection Remote Denial of Service

CAN-2005-0718

Low

Security Focus, 13166, April 14, 2005

Turbolinux Security Advisory, TLSA-2005-53, April 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

SGI Security Advisory, 20050605-01-U, July 12, 2005

Multiple Vendors

Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3;
XML-RPC for PHP XML-RPC for PHP 1.1, 1.0.99 .2, 1.0.99, 1.0-1.02; WordPress 1.5-1.5.1 .2, 1.2-1.2.2, 0.71,0.7;
S9Y Serendipity 0.8.1, 0.8 -beta6 Snapshot, 0.8 -beta5 & beta6, 0.8;
PostNuke Development Team PostNuke 0.76 RC4a&b, RC4, 0.75; phpMyFAQ 1.5 RC1-RC4, 1.5 beta1-beta3, 1.5 alpha1&2, 1.4-1.4.8, 1.4;
PEAR XML_RPC 1.3 RC1-RC3, 1.3;
MandrakeSoft Linux Mandrake 10.2 x86_64, 10.2, 10.1 x86_64, 10.1 , 10.0 amd64, 10.0, Corporate Server 3.0 x86_64, 3.0;
Drupal 4.6.1, 4.6, 4.5- 4.5.3

A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.

Drupal:
http://drupal.org/files/
projects/drupal-
4.5.4.tar.gz

Mandriva:
http://www.mandriva.com/
security/advisories

Pear:
http://pear.php.net/get/
XML_RPC-1.3.1.tgz

PhpMyFaq:
http://freshmeat.net/redir/
phpmyfaq/38789/url_zip/
download.php

S9Y Serendipity:
http://prdownloads.
sourceforge.net/php-
blog/serendipity-
0.8.2.tar.gz?d ownload

Trustix:
http://http.trustix.org/
pub/trustix/updates/

WordPress:
http://wordpress.org/
latest.zip

XML-RPC:
http://prdownloads.
sourceforge.net/
phpxmlrpc/
xmlrpc-1.1.1.tgz?download

Xoops:
http://www.xoops.org/
modules/core/
visit.php?cid=3&lid=62

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-01.xml

http://security.gentoo.org/
glsa/glsa-200507-06.xml

http://security.gentoo.org/
glsa/glsa-200507-07.xml

http://security.gentoo.org/
glsa/glsa-200507-15.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Debian:
http://security.debian.org/
pool/updates/main/
d/drupal/

http://security.debian.org/
pool/updates/main/p/
phpgroupware/

http://security.debian.org/
pool/updates/main/e/
egroupware/

SGI:
http://www.sgi.com/
support/security/

SuSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Exploit scripts have been published.

Multiple Vendors XML-RPC for PHP Remote Code Injection

CAN-2005-1921

High

Security Focus, 14088, June 29, 2005

Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005

Fedora Update Notifications,
FEDORA-2005-517 & 518, July 5, 2006

Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005

US-CERT VU#442845

Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005

Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005

SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005

Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005

netPanzer

netPanzer 0.8

A remote Denial of Service vulnerability has been reported due to an error in the network code.

Update available at: http://netpanzer.berlios.de/

A Proof of Concept exploit script has been published.

NetPanzer Remote Denial of Service

CAN-2005-2295

Low
Security Focus, 14257, July 13, 2005

Netscape

Netscape 8.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set as Background' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function because the callback function is not properly cleared before navigating to a new site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the "Set As Wallpaper' option due to insufficient verification of the image URL, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

High
Secunia Advisory: SA16044, July 14, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.

Vendor patch available:
Affix_320_sec.patch
http://affix.sourceforge.net/
affix_320_sec.patch

Affix_212_sec.patch
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/
a/affix/affix

An exploit has been published.

Nokia Affix BTFTP Arbitrary Code Execution

CAN-2005-2250

High

Security Focus, 14230, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/a/affix/affix

There is no exploit code required; however, a Proof of Concept exploit has been published.

Nokia Affix BTSRV/BTOBEX Remote Command Execution

CAN-2005-2277

High

Security Focus, 14232, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Novell

Groupwise 6.5, SP1-SP4

A Cross-Site Scripting vulnerability has been reported in emails due to insufficient sanitization of input passed in <IMG> HTML tags before displaying, which could let a remote malicious user execute arbitrary script code.

The vendor has announced that GroupWise releases dated after July 11, 2005 are not affected.

A Proof of Concept exploit has been published.

Novell GroupWise WebAccess Cross-Site Scripting

CAN-2005-2276

High
Novell Technical Information Document, TID10098301, July 18, 2005

Oracle Corporation

Oracle Application Server 10g,
Oracle Applications 11.x, 11i, Collaboration Suite Release 2, Database 8.x, Database Server 10g, E-Business Suite 11i, Enterprise Manager 10.x, 9.x,
Oracle9i Application Server,
Oracle9i Database Enterprise Edition,
Oracle9i Database Standard Edition

Several vulnerabilities were reported in Oracle Database which could let a remote malicious user cause a Denial of Service or obtain access to the database.

Patch information available at:
http://www.oracle.com/
technology/deploy/
security/pdf/cpujul2005.html

Currently we are not aware of any exploits for these vulnerabilities.

Oracle Products Multiple Unspecified Vulnerabilities
Medium

Oracle Critical Patch Update, July 2005

US-CERT VU#613562

Oracle Corporation

Oracle Reports 10g 9.0.2

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Oracle Reports Server Multiple Cross-Site Scripting
High
Red Base Security Advisory, July 19, 2005

Oracle Corporation

Oracle Reports6i 6.0.8.19, 6.0.8, Reports 9i, Reports 6, Reports 10g 9.0-9.0.4 .3.3

Multiple vulnerabilities have been reported: a vulnerability was reported in 'DESNAME' which could let a malicious user execute arbitrary code; a vulnerability was reported when handling HTTP GET requests due to a failure to restrict access to arbitrary XML files, which could let a malicious user obtain sensitive information; a vulnerability was reported in HTTP GET requests due to a failure to restrict access to parts arbitrary files, which could let a malicious user obtain sensitive information; a vulnerability was reported when a report file is placed in a globally accessible location, which could let a malicious user execute arbitrary commands; and an unauthorized form execution vulnerability was reported, which could let a malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Oracle Reports Multiple Vulnerabilities
High
Red Base Security Advisory, July 19, 2005

osCommerce

osCommerce 2.2 ms2

An information disclosure vulnerability has been reported in 'Update.php,' which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

OSCommerce Update.PHP Information Disclosure

CAN-2005-2330

Medium Security Focus, 14294, July 18, 2005

pample
moose.co.uk

MooseGallery 1.0.2, 1.0.1

A vulnerability has been reported in the 'display.php' script due to insufficient validation of the 'type' parameter, malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MooseGallery 'display.php' Include File

CAN-2005-2331

High
Security Tracker Alert ID: 1014487, July 14, 2005

PHPCounter

PHPCounter 7.2

 

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'EpochPrefix' parameter, which could let a remote malicious user execute arbitrary HTML and script code. It is also possible to obtain the full path to 'prelims.php' by accessing it directly.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPCounter EpochPrefix Cross-Site Scripting & Path Disclosure

CAN-2005-2288

High
Secunia Advisory: SA15816, July 14, 2005

PHPPage
Protect

PHPPage
Protect 1.0 a, 1.0

A Cross-Site Scripting vulnerability has been reported in 'admin.php' and 'login.php' due to insufficient sanitization of the 'username' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

PHPPageProtect Cross-Site Scripting

CAN-2005-2332

High
Secunia Advisory: SA16110, July 19, 2005

PHPsFTPd

PHPsFTPd 0.4, 0.2

A vulnerability has been reported in 'Inc.Login.php' due to an error in the authentication process, which could let a remote malicious user obtain administrative access.

Upgrades available at:
http://prdownloads.
sourceforge.net/phpsftpd/
phpsftpd0.5.zip?download

There is no exploit code required; however, an exploit script has been published.

PHPsFTPd 'Inc.Login.PHP' Elevated Privileges

CAN-2005-2314

High
Secunia Advisory: SA15879, July 14, 2005

PhpXMail

PhpXMail 1.1

A vulnerability has been reported in PhpXMail that could allow a remote malicious user to bypass authentication.

Upgrade available at:
http://prdownloads.
sourceforge.net/phpxmail/
phpxmail1.2.zip?download

There is no exploit code required.

PhpXmail Authentication Bypassing

CAN-2005-2183

Medium

Secunia, Advisory: SA15951, July 7, 2005

Security Focus, 14175, July 14, 2005

PowerDNS

PowerDNS 2.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the LDAP backend due to insufficient validation of user-supplied queries; and a remote Denial of Service vulnerability was reported due to an error when handling requests that are denied recursion.

Update available at:
http://www.powerdns.com/
downloads/

Currently we are not aware of any exploits for these vulnerabilities.

PowerDNS Denials of Service

CAN-2005-2301
CAN-2005-2302

 

Low
Secunia Advisory: SA16111, July 18, 2005

SEO-Board

SEO-Board 1.0

A Cross-SIte Scripting vulnerability has been reported in the 'smilies_popup.php' script due to insufficient sanitization of the 'doc' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SEO-Board
Cross-Site Scripting

CAN-2005-2333

High
Security Tracker Alert ID: 1014509, July 18, 2005

Sophos

Small Business Suite 1.0, PureMessage Anti-Virus 4.6, MailMonitor for SMTP 2.1, 2.0 , MailMonitor for Notes/Domino, Anti-Virus 5.0.1, 3.91, 3.90, 3.78-3.86, 3.4.6

A remote Denial of Service vulnerability has been reported in the 'Extra field length' parameter value in BZIP2 archives due to insufficient validation.

Updates available at:
http://www.sophos.com/
support/updates

Updates may also be automatically applied by customers that are using the EM Library.

A Proof of Concept exploit script has been published.

Sophos Anti-Virus ZIP Archive Remote Denial of Service

CAN-2005-1530

Low
iDEFENSE Security Advisory, July 14, 2005

SPiD

SPiD 1.3.0

A vulnerability has been reported in SPiD that could let remote malicious users include arbitrary files to execute arbitrary code.

Upgrade available at:
http://spid.adnx.net/
spid-1.3.1.zip

There is no exploit code required; however, a Proof of Concept exploit has been published.

SPiD Arbitrary File Inclusion

CAN-2005-2198

High

Security Focus, 14208, July 11, 2005

Security Focus, 14208, July 13, 2005

SquirrelMail

SquirrelMail 1.4.0 through 1.4.4

Multiple vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting attacks.

Upgrade to 1.4.4 and apply patch: http://prdownloads.
sourceforge.net/
squirrelmail/sqm-
144-xss.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-19.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

There is no exploit code required.

SquirrelMail Cross-Site Scripting Vulnerabilities

CAN-2005-1769

High

SquirrelMail Advisory, June 15, 2005

Gentoo Linux Security Advisory, GLSA 200506-19, June 21, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:108, July 1, 2005

Debian Security Advisory , DSA 756-1, July 13, 2005

Sybase Enterprise

eApplication Server 5.2
Sybase Enterprise Application Server 5.0, 5.1, 4.2.5 , 4.2.2, 4.2

A buffer overflow vulnerability has been reported when an overly large JavaScript parameter is submitted to 'TreeAction.do' in '/WebConsole/,' which could let a remote malicious user execute arbitrary code.

Patch information available at:
http://www.sybase.com/
detail?id=1036742

Currently we are not aware of any exploits for this vulnerability.

Sybase EAServer Remote Buffer Overflow

CAN-2005-2297

High
SPI Dynamics Advisory, July 15, 2005

Web Site Engineering GmbH

Web-Portal-System 0.7

A vulnerability was reported in 'wps_shop.cgi' due to insufficient sanitization of the 'art' parameter before using in an 'open()' call, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

WPS 'Wps_shop.CGI' Remote Command Execution

CAN-2005-2290

High
Secunia Advisory: SA15780,July 14, 2005

Y.SAK

Y.SAK scripts

 

A vulnerability has been reported in the 'w_s3mbfm.cgi,' 'w_s3adix.cgi,' and 'w_s3sbfm.cgi' scripts due to insufficient validation of the 'no' parameter before using in an open() function call, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Y.SAK Scripts Input Validation

CAN-2005-2334

High
Security Tracker Alert ID: 1014502, July 17, 2005

Yawp

Yawp 1.0.6

A vulnerability has been reported in the '_Yawp[conf_path]' parameter due to insufficient verification before used to include files, which could let a local/remote malicious user include arbitrary files.

Upgrade available at:
http://phpyawp.com/
Yawp-1.1.0.tgz

There is no exploit code required.

Yawp '_Yawp[conf_
path]' Remote File Include

CAN-2005-2319

High
Security Focus, 14237, July 13, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Nothing significant to report.

Wireless Vulnerabilities

  • Belkin Wireless Router Grants Administrative Access: A vulnerability has been reported in the belkin54g series because a telnet management access port is enabled by default, which could let a remote malicious user obtain administrative access.
  • bluetest.pl.txt: A hacking bluetooth utility. See Script/Technique Table entry below.
  • Nokia Affix BTFTP Arbitrary Code Execution: A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.
  • Nokia Affix BTSRV/BTOBEX Remote Command Execution: A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.
  • weplab-0.1.5.tar.gz: A tool that can review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are included. See Script/Technique Table entry below.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
July 19, 2006 MDAEMON_bof.pl
No
Proof of Concept exploit for the Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow vulnerability.
July 19, 2006 MDAEMON_CREATE_bof.pl
No
Proof of Concept exploit for the Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow vulnerability.
July 19, 2006 weplab-0.1.5.tar.gz
N/A
A tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available, so it can measure the effectiveness and minimum requirements of each one. Currently, weplab supports several methods, and it is able to crack the WEP key from 600,000 encrypted packets.
July 19, 2005 nessuswc-v1.2.tar.gz
N/A
A simple HTTP Web interface to the Nessus Security Scanner that connects to local or remote Nessus version 2 daemons via SSL (using OpenSSL libraries), retrieves the plugins, configures a scan for a single target host, and saves the results in HTML format.
July 18, 2005 SIP_NOTIFY_POC.pl
No
Exploit for the Cisco 7940/7960 SIP Packet Spoofing vulnerability.
July 17, 2005 invpb-cookie.pl
No
Proof of Concept exploit for the Invision PowerBoard 'login.php' SQL Injection vulnerability.
July 15, 2005 bluetest.pl.txt
N/A
Small data extraction utility that is designed for bluetooth hacking.
July 15, 2005 browserRender.txt
N/A
A write-up regarding possible code execution vulnerabilities in Microsoft Internet Explorer due to problems with image decompression and parsing.
July 15, 2005 cmp_fencepost.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial of Service vulnerability.
July 15, 2005 demo.mp3
No
Proof of Concept exploit for the Winamp MP3 ID3v2 Tag Buffer Overflow vulnerability.
July 15, 2005 mfsa2005-49exploit.txt
Yes
Exploit for the Mozilla Firefox data: URLs remote script injection vulnerability.
July 15, 2005 mfsa2005-55exploit.txt
mfsa2005-47exploit.txt
Yes
Exploits for the Mozilla Firefox and Suite setWallpaper() remote code execution vulnerability.
July 15, 2005 mov_fencepost.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering Buffer Overflow vulnerability.
July 15, 2005 oom_dos.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial of Service vulnerability.
July 15, 2005 oom_dos.jpg
No
Proof of Concept exploit for the Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial of Service vulnerability.
July 15, 2005 tcprst.c
Yes
Exploit for the TCP/IP Remote Code Execution and Denial of Service Vulnerabilities.
July 14, 2005 CORE-2005-0629.txt
Yes
Proof of Concept python exploit for the MailEnable IMAP SELECT Request Buffer Overflow vulnerability.
July 14, 2005 hexbzip2.txt
Yes
Proof of Concept exploit for the Sophos Anti-Virus ZIP Archive Remote Denial of Service vulnerability.
July 14, 2005 netman_dos.c
netmandos.cpp
No
Exploits for the Microsoft Windows Network Connections Manager Library Local Denial of Service vulnerability.
July 14, 2005 remote_contorl_dos.pl
No
Proof of Concept exploit for the DG Remote Control Server Remote Denial of Service vulnerability.
July 13, 2005 mailenable.py
Yes
Proof of Concept Denial of Service exploit for the MailEnable IMAP SELECT Request Buffer Overflow vulnerability.
July 13, 2005 panzone.zip
Yes
Proof of Concept exploit for the NetPanzer Remote Denial of Service vulnerability.
July 13, 2005 PHPsFTPd_exp.c
No
Exploit for the PHPsFTPd Inc.Login.PHP Elevated Privileges vulnerability.
July 13, 2005 wms_poc.pl.txt No Proof of Concept exploit for SoftiaCom's WMailserver Information Disclosure vulnerability.
July 13, 2005 xmlrpc.py.txt Yes Exploit for the Pear XML-RPC Library PHP Remote Code Injection vulnerability.
July 13, 2005 xmlrpcGeneric.txt Yes Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.

[back to top]

Trends
  • Phishers Up Ante With 5x Spike In Trojans: According to Websense, a security vendor, a massive increase in the number of Trojan horses and Trojan horse downloaders, as well as a corresponding jump in the number of malicious sites, over the last three weeks means that a new, large-scale, coordinated phishing campaign is being waged by criminals. In July alone, there have been more than a thousand different sites that are hosting this malicious code, and more than 100 unique Trojans. Source: http://www.securitypipeline.com/showArticle.jhtml?articleId=166400034.
  • VoIPong - VOIP Sniffer: This is a utility that detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to separate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. On a 45 Mbit/sec actual network traffic, it's been verified that VoIPong successfully detected all VoIP gateways and the VoIP calls. Source: http://www.cwalsh.org/isnd/archives/000741.html.
  • Exploits for Vulnerabilities in Mozilla: US-CERT is aware of several new Mozilla Suite and Mozilla Firefox vulnerabilities, some of which have public exploits available. US-CERT encourages Firefox users to upgrade to version 1.0.5 as soon as possible and Mozilla Suite users to upgrade to version 1.7.9 when available. Source: http://www.us-cert.gov/current/.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P
Win 32 Worm Slight Increase March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Zafi-D Win 32 Worm Increase December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
3 Mytob.c Win 32 Worm Decrease March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
4 Netsky-Q Win 32 Worm Slight Decrease March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
4 Mytob-BE Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Lovgate.w Win 32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
6 Netsky-Z Win 32 Worm Increase April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
6 Mytob-AS Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
9 Netsky-D Win 32 Worm Decrease March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
10 Mytob-EP Win 32 Worm New June 2005 Another slight variant of the mass-mailing worm that utilizes an IRC backdoor and LSASS vulnerability to propagate. Also propagates by email, harvesting addresses from the Windows address book.

Table Updated July 16, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • Nothing significant to report.

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top