U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-229)

Summary of Security Items from August 10 through August 16, 2005

Original release date: August 19, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

DVBBS 7.1, 7.1SP2

Multiple input validation vulnerabilities have been reported in DVBBS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

DVBBS Cross Site Scripting

CAN-2005-2588

Medium
Security Tracker, Alert ID: 1014632, August 8, 2005

McAfee

ePolicy Orchestrator 3.5

An vulnerability has been reported in ePolicy Orchestrator that could let local malicious users disclose information and obtain elevated privileges.

No workaround or patch available at time of publishing.

An exploit script has been published.

ePolicy Information Disclosure and Privilege Elevation

CAN-2005-2554

Medium
Security Focus, ID: 14549, August 11, 2005

Microsoft

Plug and Play

A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-039.mspx

Exploit scripts have been published and worm, "Worm:Win32/Zotob.A", is circulating.

Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges

CAN-2005-1983

High

Microsoft Security Bulletin MS05-039, August 9, 2005

US-CERT VU#998653

Microsoft Security Advisory, 899588, August 15, 2005

Parlando

MindAlign 5.0

Multiple vulnerabilities have been reported in MindAlign that could let local or remote malicious users perform a Denial of Service, bypass security, conduct Cross-Site Scripting, or disclose information.

Fix available through vendor: support@parlano.com

Currently we are not aware of any exploits for these vulnerabilities.

MindAlign Multiple Vulnerabilities

CAN-2005-2590
CAN-2005-2591
CAN-2005-2592
CAN-2005-2593

 

Medium
NISCC Vulnerability Advisory 356752, August 12, 2005

Novell

eDirectory 8.7.3 iMonitor

A buffer overflow vulnerability has been reported in eDirectory iMonitor that could let remote malicious users to cause a Denial of Service or execute arbitrary code.

Vendor fix available:
http://support.novell.com/
cgi-bin/search/searchtid.cgi?
/10098568.htm

An exploit script has been published.

Novell eDirectory Denial of Service or Arbitrary Code Execution

CAN-2005-2551

High

Novell, TID10098568, August 12, 2005

US-CERT VU#213165

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Apache

Spam
Assassin 3.0.1, 3.0.2, 3.0.3

A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.

A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-498.html

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Apache SpamAssassin Lets Remote Users Deny Service

CAN-2005-1266

Low

Security Tracker Alert ID: 1014219,
June 16, 2005

Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200

SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005

RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Apple

Mac OS X Server 10.4-10.4.2, 10.3.9, Mac OS X 1-.4-10.4.2, 10.3.9

Multiple security vulnerabilities have been reported: five vulnerabilities were reported ranging from buffer overflows to access validation in Apache; three vulnerabilities were reported in Appkit which could lead to the execution of arbitrary code or local account creation; an authentication bypass vulnerability was reported in Bluetooth; two vulnerabilities were reported in CoreFoundation which could result in a buffer overflow and a Denial of Service; two vulnerabilities were reported in CUPS, which could lead to a remote Denial of Service; three vulnerabilities were reported in Directory Services ranging from a buffer overflow, unauthorized account creation/deletion and and elevated privileges; a vulnerability was reported in Htoolbox that lead to information disclosure; five vulnerabilities were reported in Kerberos that could lead to a buffer overflow, arbitrary code execution and root compromise; a vulnerability was reported in 'loginwindow' which could let a malicious user obtain access to other logged in accounts; a vulnerability has been reported regarding the loss of privacy when remote images are loaded into HTML email; three security vulnerabilities have been reported in MySQL which could lead to remote arbitrary code execution; two vulnerabilities have been reported in OpenSSL which could lead to a Denial of Service; a vulnerability has been reported in ping that could lead to local privilege escalation and arbitrary code execution; a vulnerability has been reported in QuartzComposerScreen
Saver, which could let remote malicious users open pages while the RSS Visualizer screen is locked; two vulnerabilities have been reported in Safari which could lead to remote command execution or have information submitted to an incorrect site; a vulnerability has been reported in SecurityInterface which could lead to sensitive information disclosure; a buffer overflow vulnerability has been reported in 'servermgrd' which ultimately lead to the execution of arbitrary code; a vulnerability has been reported in 'servermgr_ipfilter' regarding firewall settings not always being written to the Active Rules; two vulnerabilities have been reported in SquirrelMail which could lead to Cross-Site Scripting; a vulnerability was reported in 'traceroute' which could lead to remote arbitrary code execution and privilege escalation; a vulnerability was reported in 'WebKit' that could lead to arbitrary code execution regarding a malformed PDF file; multiple Cross-Site Scripting vulnerabilities have been reported in Weblog Server; a vulnerability has been reported in 'X11' that could lead to remote arbitrary code execution; and two Denial of Service vulnerabilities were reported in zlib that potentially could lead to arbitrary code execution.

Patch information available at:
http://docs.info.apple.com/
article.html?artnum=302163

Currently we are not aware of any exploits for these vulnerabilities.

High
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005

Apple

Safari Web Browser 1.3

A remote Denial of Service vulnerability has been reported when certain JavaScript operations are performed.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple Safari Web Browser JavaScript Remote Denial of Service

CAN-2005-2594

Low
Security Focus 14528, August 9, 2005

BlueZ

BlueZ 2.18 & prior

A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.bluez.org/
redirect.php?url=
http%3A%2F%2F
bluez.sf.net%2F
down load%2F
bluez-libs-2.19.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-09.xml

There is no exploit code required.

BlueZ Arbitrary Command Execution

CAN-2005-2547

 

High

Security Focus 14572, August 16, 2005

Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005

Centericq

Centericq 4.20

A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/c/
centericq/

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

CenterICQ
Insecure
Temporary File

CAN-2005-1914

Medium

Security
Focus, 14144,
July 5, 2005

Debian
Security
Advisory,
DSA 754-1,
July 13, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Charlton

crip 3.5

A vulnerability has been reported due to the creation of temporary files in an insecure manner, which could let a malicious user overwrite files or cause a Denial of Service.

Debian:
http://security.debian.org
/pool/updates/main/c/crip/

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Crip Helper Script Insecure Temporary File Creation

CAN-2005-0393

Medium

Debian Security Advisory, DSA 733-1, June 30, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Clam AntiVirus

ClamAV 0.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'cli_scanszdd()' function in 'libclamav/scanners.c' due to a memory and file descriptor leak; and a remote Denial of Service vulnerability was reported in 'libclamav/mspack/mszipd.c' due to insufficient validation of the 'ENSURE_BITS()' macro user-supplied cabinet file header.

Upgrades available at:
http://prdownloads.source
forge.net/clamav/clamav-0.86.1.tar.gz?download

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Debian:
http://security.debian.org/
pool/updates/main/c/clamav/

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Clam Anti-Virus ClamAV Remote Denials of Service

CAN-2005-1922
CAN-2005-1923

Low

Security Tracker Alert ID: 1014332, June 29, 2005

Conectiva Linux Announce-
ment, CLSA-2005:973, July 6, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Dada Mail

Dada Mail 2.9.2

A vulnerability has been reported due to insufficient sanitization of archived messages before displayed, which could let a remote malicious user inject arbitrary script code.

Upgrade available at:
http://prdownloads.
sourceforge.net/
mojomail/dada-2_
10_0-alpha1.tar.
gz? download

There is no exploit code required.

Dada Mail Archives HTML Injection

CAN-2005-2595

Medium Secunia Advisory: SA16435, August 16, 2005

Eric Raymond

Fetchmail 6.2.5

A remote buffer overflow vulnerability has been reported in the POP3 client due to insufficient boundary checks, which could let a malicious user obtain elevated privileges.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Redhat:
http://rhn.redhat.com/errata/
RHSA-2005-640.html

Ubuntu:
http://www.ubuntulinux.org/
support/ documentation/
usn/usn-153-1

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-21.xml

Debian:
http://security.debian.org/
pool/updates/main/
f/fetchmail/

SGI:
ftp://patches.sgi.com/
support/free/
security/advisories/

Currently we are not aware of any exploits for this vulnerability.

Fetchmail POP3 Client Buffer Overflow

CAN-2005-2335

Medium

Fedora Update Notifications,
FEDORA-2005-613 & 614, July 21, 2005

Redhat Security Advisory, RHSA-2005:640-08, July 25, 2005

Ubuntu Security Notice, USN-153-1, July 26, 2005

Gentoo Security Advisory, GLSA 200507-21, July 25, 2005

Debian Security Advisory, DSA 774-1, August 12, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Ettercap

Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2

A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/ettercap/
ettercap-NG-0.7.3.
tar.gz?download

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

Ettercap Remote Format String

CAN-2005-1796

High

Secunia Advisory, SA15535, May 31, 2005

US-CERT VU#286468

Debian Security Advisory, DSA 773-1, August 11, 2005

FUSE

FUSE 2.x

A vulnerability has been reported because certain memory is not correctly cleared before returned to users, which could let a malicious user obtain sensitive information.

Update available at:
http://sourceforge.net/project/
showfiles.php?
group_id=121684

Debian:
http://security.debian.org/
pool/updates/main/

A Proof of Concept exploit script has been published.

FUSE Information Disclosure

CAN-2005-1858

Medium

Secunia Advisory, SA15561, June 3, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Gallery

Gallery 1.5 1.4 -1.4.4 -pl5

A vulnerability has been reported in 'classes/postnuke0.7.1/user.php' when determining the gallery name due to incorrect use of the global '$name' variable, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
7130&package_id=
7239&release_id=348064

There is no exploit code required.

Gallery PostNuke Access Validation

CAN-2005-2596

 

Medium
Secunia Advisory: SA16389, August 11, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gedit/

Debian:
http://security.debian.org/
pool/updates/main/

An exploit has been published.

Gedit Filename Format String

CAN-2005-1686

High

Securiteam,
May 22, 2005

Ubuntu Security Notice,
USN-138-1,
June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09,
June 11, 2005

RedHat Security Advisory,
RHSA-2005:499-05, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:102,
June 16, 2005

Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005

SGI Security Advisory, 20050603-
01-U, June 23, 2005

Debian Security Advisory,
DSA 753-1,
July 12, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Hewlett Packard Company

Ignite-UX B.3.x, C.6.x

Several vulnerabilities have been reported: a vulnerability was reported in 'add_new_client' command, which could let a malicious user obtain access to the file system or cause a Denial of Service; and a vulnerability was reported in the 'make_recovery' command, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.hp.com/
go/softwaredepot

There is no exploit code required; however, a Proof of Concept exploit has been published.

HP Ignite-UX TFTP Service Vulnerabilities

CAN-2004-0951
CAN-2004-0952

Medium
HP Security Bulletin,
HPSBUX01219, August 16, 2005

High Availability
Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/

Conectiva:
ftp://atualizacoes.
conectiva.com.br

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-05.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
h/heartbeat/

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium

Secunia Advisory: SA16039,
July 12, 2005

Debian Security Advisory,
DSA 761-1,
July 19, 2005

Conectiva Linux Announce-
ment,
CLSA-2005:
991, August 4, 2005

Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:132, August 10, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Ubuntu Security Notice, USN-165-1, August 11, 2005

Debian Security Advisory DSA 761-2 , August 15, 2005

HT Editor

HT Editor 0.8

Several vulnerabilities have been reported: a vulnerability was reported in the Executable and Linking Format (ELF) parser due to a heap overflow, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the Portable Executable (PE) parser due to a boundary error, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-08.xml

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

HT Editor ELF & PE Parser Remote Code Execution

CAN-2005-1545
CAN-2005-1546

High

Gentoo Linux Security Advisory, GLSA 200505-08, May 10, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Kadu

Kadu 0.4.0

An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service.

Upgrade to version 0.4.1:
http://www.kadu.net/wiki/
index.php/English:
Main_Page

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-26.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

Kadu Denial of Service

CAN-2005-1852

Low

Secunia, Advisory: SA16238, July 27, 2005

Gentoo Security Advisory, GLSA 200507-26, July 27, 2005

Conectiva Linux Announce-
ment, CLSA-2005:989, August 4, 2005

Ubuntu Security Notice,
USN-162-1, August 08, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Kaspersky Labs

Antivirus for Linux Servers 5.5 -2

A vulnerability have been reported in '/var/log/kav/5.5/kav4unix' due to insecure default directory permissions, which could let a malicious user overwrite arbitrary files with privileges of the root user.

Users of affected packages are urged to contact the vendor for further information on obtaining fixes.

There is no exploit code required; however, an exploit script has been published.

Kaspersky Anti-Virus Insecure Log Directory

CAN-2005-2582

Medium
Secunia Advisory: SA16425, August 15, 2005

KDE

KDE 3.0 - 3.4.2

A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.

Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

There is no exploit code required.

KDE langen2kvtml Insecure Temporary File Creation

CAN-2005-2101

Medium

KDE Security Advisory, August 15, 2005

Fedora Update Notification,
FEDORA-2005-745, August 15, 2005

Mozilla.org

Firefox 1.0

A vulnerability exists when a predictable name is issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.

Update available at:
http://www.mozilla.org/
products/firefox/all.html

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org/
glsa/glsa-200503-32.xml

FedoraLegacy:
http://download.fedoralegacy.org/\
redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

An exploit has been published.

Mozilla Firefox Predictable Plugin Temporary
Directory

CAN-2005-0578

Medium

Mozilla Foundation Security Advisory, 2005-28, February 25, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-247
2005-03-23

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1

A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-670.html

http://rhn.redhat.com/errata/
RHSA-2005-671.html

http://rhn.redhat.com/errata/
RHSA-2005-708.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xpdf/

KDE:
http://www.kde.org/info/
security/advisory-
20050809-1.txt

Mandriva:
http://www.mandriva.com/
security/advisories

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-08.xml

Currently we are not aware of any exploits for this vulnerability.

XPDF Loca Table Verification Remote Denial of Service

CAN-2005-2097

 

Low

RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005

Ubuntu Security Notice, USN-163-1, August 09, 2005

KDE Security Advisory, 20050809-1, August 9, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 200-5

Multiple Vendors

dhcpcd 1.3.22

A vulnerability has been reported in dhcpcd that could let a remote user perform a Denial of Service.

Debian:
http://security.debian.org/
pool/updates/main/d/dhcpcd/

Mandriva:
http://www.mandriva.com/
security/advisories

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-16.xml

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/ index.php
?id=a&
anuncio=000983

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-603.html

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

dhcpcd Denial of Service

CAN-2005-1848

Low

Secunia, Advisory: SA15982, July 11, 2005

Debian Security Advisory, DSA 750-1, July 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:117, July 13, 2005

Gentoo Linux Security Advisory, GLSA 200507-16, July 15, 2005

Conectiva, CLSA-2005:983, July 25, 2005

RedHat Security Advisory, RHSA-2005:603-07, July 27, 2005

Debian Security Advisor, DSA 773-1, August 11, 2005

Multiple Vendors

Qpopper 4.x; Gentoo Linux

Several vulnerabilities have been reported: a vulnerability was reported because user supplied config and trace files are processed with elevated privileges, which could let a malicious user create/overwrite arbitrary files; and a vulnerability was reported due to an unspecified error which could let a malicious user create group or world-writable files.

Upgrades available at:
ftp://ftp.qualcomm.com/eudora/
servers/unix/popper/
old/qpopper4.0.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-17.xml

Debian:
http://security.debian.org/
pool/updates/main/q/qpopper/

SuSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Qpopper Multiple Insecure File Handling

CAN-2005-1151
CAN-2005-1152

Medium

Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005

Secunia Advisory, SA15475, May 24, 2005

Debian Security Advisories, DSA 728-1 & 728-2, May 25 & 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Debian Security Advisor, DSA 773-1, August 11, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; Easy Software Products CUPS 1.1.19
- 1.1.23

A remote Denial of Service vulnerability has been reported when the application fails to do proper bounds checking when handling malformed PDF files.

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-706.html

Currently we are not aware of any exploits for this vulnerability.

Easy Software Products CUPS Remote Denial of Service

CAN-2005-2097

Low
RedHat Security Advisory, RHSA-2005:706-04, August 9, 2005

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64,
4.1 ppc, ia64, ia32;
Rob Flynn Gaim 1.3.1, 1.3 .0, 1.2.1, 1.2 , 1.1.1 -1.1.4, 1.0-1.0.2; RedHat Enterprise Linux WS 2.1, IA64, ES 2.1, IA64, AS 2.1, IA64, Desktop 4.0, Advanced Workstation for the Itanium Processor 2.1, IA64

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to the way away messages are handled, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability has been reported due to an error when handling file transfers.

Updates available at: http://gaim.sourceforge.net/
downloads.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-589.html

http://rhn.redhat.com/errata/
RHSA-2005-627.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-06.xml

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

A Proof of Concept exploit has been published for the buffer overflow vulnerability.

Gaim AIM/ICQ Protocols Buffer Overflow & Denial of Service

CAN-2005-2102
CAN-2005-2103

High

RedHat Security Advisories, RHSA-2005:589-16 & RHSA-2005:627-11, August 9, 2005

Ubuntu Security Notice, USN-168-1, August 12, 2005

Gentoo Linux Security Advisory, GLSA 200508-06, August 15, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:139, August 16, 2005

Multiple Vendors

UbuntuLinux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5

 

Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://ftp.gnome.org/pub/
gnome/sources/evolution/2.3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/evolution/

Currently we are not aware of any exploits for these vulnerabilities.

GNOME Evolution Multiple Format String

CAN-2005-2549
CAN-2005-2550

High

Secunia Advisory: SA16394, August 11, 2005

Ubuntu Security Notice, USN-166-1, August 11, 2005

MySQL AB

MySQL 3.x, 4.x

 

Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'

Updates available at:
http://dev.mysql.com/
downloads/mysql/

Debian:
http://security.debian.org/
pool/updates/main/
m/mysql

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Mandrake:
http://www.mandrakesoft.com
/security/advisories

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
m/mysql-dfsg/

SuSE:
ftp://ftp.suse.com/
pub/suse

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101864-1

We are not aware of any exploits for these vulnerabilities.

MySQL Security Restriction Bypass &
Remote
Denial of
Service

CAN-2004-0835
CAN-2004-0837

Medium

 

Secunia Advisory, SA12783, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Ubuntu Security Notice, USN-32-1, November 25, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101864, August 11, 2005

MySQL

MySQL 4.x

A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges.

Update available at:
http://lists.mysql.com/
internals/20600

Ubuntu:
http://www.ubuntulinux.org/
support/documentation/
usn/usn-63-1

Debian:
http://www.debian.org/
security/2005/dsa-647

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200501-33.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

FedoraLegacy:
http://download.
fedoralegacy.
org/fedora/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

OpenPKG:
ftp://ftp.openpkg.org/
release/2.2/
UPD/mysql-
4.0.21-2.2.2.src.rpm

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101864-1

Currently we are not aware of any exploits for this vulnerability.

MySQL 'mysqlaccess.sh' Unsafe Temporary Files

CAN-2005-0004

Medium

Security Tracker Alert, 1012914, January 17,2005

Ubuntu Security Notice USN-63-1 January 18, 2005

Debian Security Advisory
DSA-647-1 mysql, January 19, 2005

Gentoo GLSA 200501-33, January 23, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

Conectiva Linux Security Announcement, CLA-2005:947, April 20, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.006, April 20, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101864, August 11, 2005

Namazu Project

Namazu 2.0.13 and prior

A vulnerability exists which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Input passed to 'namazu.cgi' isn't properly sanitized before being returned to the user if the query begins from a tab ('%09'). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

Update to version 2.0.14:
http://namazu.org/#download

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.org/
pool/updates
/main/n/namazu2/

SuSE:
ftp://ftp.suse.com/
pub/suse/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBMA01212&
locale=en_US

Currently we are not aware of any exploits for this vulnerability.

Namazu Cross-Site Scripting Vulnerability

CAN-2004-1318

Medium

Namazu Security Advisory, December 15, 2004

Debian Security Advisory, DSA 627-1, January 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005

HP Security Bulletin, HPSBMA01212, August 9, 2005

 

netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-04.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/n/
netpbm-free/

There is no exploit code required.

netpbm Arbitrary Code Execution

CAN-2005-2471


High

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005

Ubuntu Security Notice, USN-164-1, August 11, 2005

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
12694&package_id =
11571&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-720.html

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial Of Service

CAN-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Nullsoft

SHOUTcast 1.9.4

A format string vulnerability exists that could allow a remote malicious user to execute arbitrary code on the target system. A remote user can supply a specially crafted request to the target server containing format string characters to cause the target service to crash or execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-04.xml

Nullsoft:
http://www.shoutcast.
com/download/
files.phtml

An exploit script has been published.

Nullsoft SHOUTcast Format String Flaw

CAN-2004-1373

High

Security Tracker Alert ID: 1012675, December 24, 2004

Gentoo GLSA 200501-04, January 5, 2005

Security Focus, 12096, February 19, 2005

Security Focus, 12096, August 14, 2005

RedHat

sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64

A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.

Updates available at:
http://rhn.redhat.com/
errata/RHSA-
2005-502.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-598.html

There is no exploit code required.

RedHat Linux SysReport Proxy Information Disclosure

CAN-2005-1760

Medium

RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

RedHat Security Advisory, RHSA-2005:598-04, August 9, 2005

Rob Flynn

Gaim prior to 1.3.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message.

Updates available at:
http://gaim.sourceforge.net
/downloads.php

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-11.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-518.html

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Gaim Multiple Remote Denial of Services

CAN-2005-1269
CAN-2005-1934

Low

Secunia Advisory, SA15648,
June 10, 2005

Ubuntu Security Notice USN-139-1, June 10, 2005

Gentoo Linux Security Advisory, GLSA 200506-
11, June 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:099,
June 14, 2005

Fedora Update Notifications,
FEDORA-2005-410, & 411,
June 17, 2005

RedHat Security Advisory, RHSA-2005:518-03,
June 16, 2005

Debian Security Advisory,
DSA 734-1,
July 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Royal Institute of Technology

Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f

Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
ftp://ftp.pdc.kth.se/
pub/heimdal/src/
heimdal-0.6.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-24.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/
h/heimdal/

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Heimdal TelnetD
Remote Buffer Overflow

CAN-2005-2040

High

Secunia Advisory, SA15718,
June 20, 2005

Gentoo Linux Security Advisory, GLSA 200506-
24, June 29, 2005

SUSE Security Announcement, SUSE-SA:2005:040,
July 6, 2005

Debian Security Advisory,
DSA 758-1,
July 18, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Sendmail Consortium

Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11

A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/
c/clamav/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Sendmail Milter
Remote Denial of
Service

CAN-2005-2070

Low

Security Focus, 14047, June 23

SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Todd Miller

Sudo 1.6-1.6.8, 1.5.6-1.5.9

A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz

OpenBSD:
http://www.openbsd.org/
errata.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/
release/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-535.html

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

OpenBSD:
http://www.openbsd.org/
errata.html

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Todd Miller Sudo
Local Race Condition

CAN-2005-1993

High

Security Focus, 13993, June 20, 2005

Ubuntu Security Notice, USN-142-1, June 21, 2005

Fedora Update Notifications,
FEDORA-2005-
472 & 473,
June 21, 2005

Slackware
Security Advisory, SSA:2005-172-01, June 22, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
103, June 22,
2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.012,
June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0030, June 24, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:036,
June 24, 2005

Turbolinux
Security Advisory,
TLSA-2005-73, June 28, 2005

RedHat Security Advisory,
RHSA-2005:
535-06,
June 29, 2005

Debian Security Advisory, 735-1, July 1, 2005

Conectiva
Linux Announce-ment, CLSA-2005:976,
July 6, 2005

Debian Security Advisory,
DSA 735-2,
July 8, 2005

SGI Security Advisory, 20050702-01-U, July 12, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

University of Minnesota

gopherd 3.0.9, 3.0.7, 3.0.3

A vulnerability has been reported in 'gopher.c' due to the failure to verify a file's existence before writing to it, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/g/gopher

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Gopher Insecure Temporary File Creation

CAN-2005-1853

Medium

Debian Security Advisory, DSA 770-1, July 29, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Vipul

Razor-agents prior to 2.72

Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.

Updates available at:
http://prdownloads.
sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Debian:
http://security.debian.org/
pool/updates/main/r/razor/

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Vipul Razor-agents Denials of Service

CAN-2005-2024

Low

Security Focus, Bugtraq ID 13984, June 17, 2005

Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0030, June 24, 2005

Debian Security Advisory, DSA 738-1, July 5,2 005

Debian Security Advisory, DSA 773-1, August 11, 2005

Wojtek Kaniewski

ekg 2005-
06-05 22:03

A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Wojtek Kaniewski
EKG Insecure
Temporary File
Creation

CAN-2005-1916

Medium

Secunia Advisory: SA15889,
July 5, 2005

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Wojtek Kaniewski

Ekspery-mentalny
Klient Gadu-Gadu (ekg) 2005-04-11

Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection

CAN-2005-1850
CAN-2005-1851

Medium

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/

Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml

Mandriva:
http://www.mandriva.
com/security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-543.html

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005

Debian Security Advisory, DSA 748-1, July 11, 2005

Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005

RedHat Security Advisory, RHSA-2005:
543-08, August 5, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat 5.1-7.0.2 , Acrobat Reader 5.1-7.0.2

A buffer overflow vulnerability has been reported in the core application plug-in due to an unspecified boundary error, which could let a remote malicious user execute arbitrary code.

Update information available at:
http://www.adobe.com/
support/techdocs/
321644.html

There is no exploit code required.

Adobe Acrobat / Reader Plug-in Buffer Overflow

CAN-2005-2470

High

Adobe Security Advisory, August 16, 2005

US-CERT VU#896220

America OnLine

AOL Client Software 9.0

A vulnerability has been reported due to a failure to secure the installation path from modifications, which could let a malicious user execute arbitrary code with SYSTEM privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

AOL Client Software Arbitrary Code Execution

CAN-2005-2597

High
Security Focus, 14530, August 9, 2005

BONA Computech Co. Ltd.

ADSL-FR4II

 

Multiple vulnerabilities have been reported: a vulnerability was reported because an undocumented open port on 5678/tcp allows web management access; a Denial of Service vulnerability was reported when port scanning all ports; and a vulnerability was reported in the backup configuration file because the administrative password is in clear text.

No workaround or patch available at time of publishing.

There is no exploit code required.

BONA ADSL-FR4II Multiple Vulnerabilities

CAN-2005-2583
CAN-2005-2584
CAN-2005-2585
CAN-2005-2586

Medium
Secunia Advisory: SA16445, August 15, 2005

Clam AntiVirus

ClamAV 0.x

A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.

Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml

Trustix:
http://http.trustix.org/pub/
trustix/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.
debian.org/pool/
updates/main/c/clamav/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.
debian.org/pool/
updates/main/

Currently we are not aware of any exploits for this vulnerability.

ClamAV Quantum Decompressor Denial of Service

CAN-2005-2056

Low

Secunia
Advisory, SA15811,
June 24, 2005

Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005

SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Conectiva Linux Announcement, CLSA-2005:973, July 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:113, July 12, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

CPAINT

CPAINT 1.3

A vulnerability has been reported due to an unspecified error, which could let a remote malicious user execute arbitrary ASP/PHP commands or obtain sensitive information.

Upgrade available at:
http://prdownloads.
sourceforge.net/cpaint/
cpaint-v1.3-SP.
tar.gz?download

There is no exploit code required.

CPaint Arbitrary Command Execution & Information Disclosure

CAN-2005-2613

High
Security Focus, 14565, August 15, 2005

Discuz!

Discuz! 4.0 rc4 & prior

A vulnerability has been reported due to insufficient validation of user-supplied filenames on uploaded files, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Discuz! Board Input Validation

CAN-2005-2614

High
STG Security Advisory: [SSA-20050812-27, August 15, 2005

Dokeos

Open Source Learning & Knowledge Management Tool 1.6 RC, 1.5.3-1.5.5, 1.5 , 1.4

Multiple Directory Traversal vulnerabilities have been reported: a vulnerability was reported in '/claroline/scorm/
scormdocument.php' due to insufficient sanitization of the 'delete' parameter before used to delete directories, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in '/claroline/document/
document.php' due to insufficient sanitization of the 'move_file' and 'move_to' parameters before used to move files, which could let a remote malicious user obtain sensitive information; and a vulnerability has been reported in 'claroline/scorm/
showinframes.php' and '/claroline/scorm/
contents.php' because generated error messages can be used to determine the existence of a file.

No workaround or patch available at time of publishing.

There is no exploit code required.

Dokeos Multiple Directory Traversal

CAN-2005-2598

Medium
Secunia Advisory: SA16407, August 15, 2005

EMC Software

NetWorker 6.x, 7.1.3, 7.2; Sun StorEdge Enterprise Backup Software 7.0-7.2, Solstice Backup Software 6.0, 6.1

 

 

Several vulnerabilities have been reported: a vulnerability was been reported in 'AUTH_UNIX' due to weak authentication, which could let a remote malicious user execute arbitrary commands, view/modify configuration, cause a Denial of Service, or obtain sensitive information; a vulnerability was reported due to insufficient authentication of tokens, which could let a remote malicious user execute arbitrary commands as ROOT; and a vulnerability was reported in the Legato PortMapper because any host can call 'pmap_set' and 'pmap_unset,' which could let a remote malicious user cause a Denial of Service or eavesdrop on NetWorker process communications.

Patch information available at:
http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
authentication.htm

http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
token_authentication.htm

http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
port_mapper.htm

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101886-1

There is no exploit code required.

EMC Legato NetWorker Multiple Vulnerabilities

CAN-2005-0357
CAN-2005-0358
CAN-2005-0359

High

US-CERT VU#606857

US-CERT VU#407641

US-CERT VU#801089

Sun(sm) Alert Notification
Sun Alert ID: 101886, August 17, 2005

EQdkp

EQdkp 1.2 .0, 1.1 .0

A vulnerability has been reported in 'session.php' due to a handling error, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://eqdkp.com/
download.php?file
=eqdkp-1.3.0.tar.gz

There is no exploit code required.

EQDKP
'session.php' Authorization Bypass

CAN-2005-2615

Medium
Secunia Advisory: SA16285, August 10, 2005

Ethereal

Ethereal
V0.10.11

Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade to version 0.10.12:
http://www.ethereal.com/
download.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-687.html

Currently we are not aware of any exploits for these vulnerabilities.

High

Secunia, Advisory: SA16225, July 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005

RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005

 

ezUpload

ezUpload 2.2

Multiple file include vulnerabilities have been reported due to insufficient of user-supplied input, which could let a remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

EZUpload Multiple Remote File Include

CAN-2005-2616

Medium
Security Focus 14534, August 10, 2005

Grandstream Networks

Grandstream BudgeTone 100 Series SIP Phones

A Denial of Service vulnerability has been reported due to an error when processing large UDP datagrams.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script has been published.

Grandstream BudgeTone Denial of Service

CAN-2005-2581

Low Security Tracker Alert ID: 1014665, August 13, 2005

Hewlett Packard Company

Proliant DL585 Server, Integrated Lights Out 1.80

A vulnerability has been reported because when the server is powered down a remote malicious user can obtain unauthorized access.

Updates available at:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBMA01220

Currently we are not aware of any exploits for this vulnerability.

HP Proliant DL585 Server Unauthorized Remote Access

CAN-2005-2552

Medium
HP Security Bulletin,
HPSBMA01220, August 11, 2005

Hummingbird Ltd.

Hummingbird FTP 2006,
Hummingbird Connectivity 10.0

A vulnerability has been reported due to a weak encryption algorithm when encrypting the user's password stored in the FTP profile, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Hummingbird FTP User Weak Password Encrypting

CAN-2005-2599

Medium
Secunia Advisory: SA16430, August 15, 2005

Ilia Alshanetsky

FUDForum 2.6.15

A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

FUDForum Security Restriction Bypass

CAN-2005-2600

Medium
Secunia Advisory: SA16414, August 12, 2005

Linksys

WRT54GS Firmware 4.50.6

A vulnerability has been reported in WRT54GS Firmware that could allow remote malicious users to bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required.

Linksys WRT54GS Firmware Authentication Bypassing

CAN-2005-2589

Medium
Security Focus, ID: 14566, August 15, 2005

MidiCart Software

MidiCart ASP

A vulnerability has been reported in the 'Item_Show.asp' and 'search_list.asp' scripts due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MidiCart ASP Input Validation

CAN-2005-2601

Medium
Security Tracker Alert ID: 1014660, August 12, 2005

Mozilla.org

Firefox 0.x, 1.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://www.mozilla.org/
products/firefox/

Gentoo:
ftp://security.gentoo.org/
glsa/

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
586.html

Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security
&y=2005& m=
slackware-security
.418880

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/epiphany-browser/

http://security.ubuntu.com/
ubuntu/pool/main/e/
enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.
org/pool/updates/
main/m
/mozilla-firefox/

http://security.debian.
org/pool/updates/
main/m/mozilla/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Exploits have been published.

Firefox Multiple Vulnerabilities

CAN-2005-2260
CAN-2005-2261
CAN-2005-2262
CAN-2005-2263
CAN-2005-2264
CAN-2005-2265
CAN-2005-2267
CAN-2005-2269
CAN-2005-2270

High

Secunia Advisory: SA16043, July 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005

Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Fedora Update Notifications,
FEDORA-2005-603 & 605, July 20, 2005

RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005

Slackware Security Advisory, SSA:2005-203-01, July 22, 2005

US-CERT VU#652366

US-CERT VU#996798

Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005

Debian Security Advisory, DSA 775-1, August 15, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Debian Security Advisory, DSA 777-1, August 17, 2005

Mozilla.org

Mozilla
Browser 1.0-1.0.2, 1.1-1.7.6;
Firefox 0.8-0.10.1, 1.0.1, 1.0.2; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2

Multiple vulnerabilities have been reported: a vulnerability was reported in the 'EMBED' tag for non-installed plugins when processing the 'PLUGINSPAGE' attribute due to an input validation error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because blocked popups that are opened through the GUI incorrectly run with 'chrome' privileges, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the global scope of a window or tab are not cleaned properly before navigating to a new web site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the URL of a 'favicons' icon for a web site isn't verified before changed via JavaScript, which could let a remote malicious user execute arbitrary code with elevated privileges; a vulnerability was reported because the search plugin action URL is not properly verified before used to perform a search, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to the way links are opened in a sidebar when using the '_search' target, which could let a remote malicious user execute arbitrary code; several input validation vulnerabilities were reported when handling invalid type parameters passed to 'InstallTrigger' and 'XPInstall' related objects, which could let a remote malicious user execute arbitrary code; and vulnerabilities were reported due to insufficient validation of DOM nodes in certain privileged UI code, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.mozilla.org/
products/firefox/

http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-383.html

http://rhn.redhat.com/
errata/RHSA-2005
-386.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.
fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

An exploit script has been published.

Mozilla Suite / Firefox Multiple Vulnerabilities

CAN-2005-0752
CAN-2005-1153
CAN-2005-1154
CAN-2005-1155
CAN-2005-1156
CAN-2005-1157
CAN-2005-1158
CAN-2005-1159
CAN-2005-1160

 

High

Mozilla Foundation Security Advisories, 2005-35 -
2005-41,
April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005

Turbolinux Security Advisory,
TLSA-2005-49, April 21, 2005

US-CERT VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

PacketStorm, May 23, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Fedora Update Notifications,
FEDORA-2005-604 & 605, July 20, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Browser prior to 1.7.8;
Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7

A vulnerability was reported due to a failure in the application to properly verify Document Object Model (DOM) property values, which could let a remote malicious user execute arbitrary code.

Firefox:
http://www.mozilla.org/
products/firefox/

Mozilla Browser Suite:
http://www.mozilla.org/
products/mozilla1.x/

TurboLinux::
ftp://ftp.turbolinux.co.jp/
pub/ TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
434.html

http://rhn.redhat.com/
errata/RHSA-2005-
435.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
ftp://patches.sgi.com/
support/ free/security
/advisories/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main
/e/enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

Currently we are not aware of any exploits for this vulnerability.

Mozilla Suite And Firefox DOM Property Overrides

CAN-2005-1532

High

Mozilla Foundation Security Advisory,
2005-44,
May 12, 2005

Turbolinux Security Advisory,
TLSA-2005
-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005

Ubuntu Security Notice, USN-134-1, May 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

SUSE Security Announcement, SUSE-SA:2005:030, June 9, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Browser Suite prior to 1.7.6 ; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2

A buffer overflow vulnerability has been reported due to a boundary error in the GIF image processing of Netscape extension 2 blocks, which could let a remote malicious user execute arbitrary code.

Mozilla Browser Suite;
http://www.mozilla.org/
products/mozilla1.x/

Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2&
os=win〈=en-US

Firefox:
http://www.mozilla.org/
products/firefox/

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/

Slackware:
http://slackware.com/
security/viewer.php?l
=slackware-security
&y=2005&m=
slackware-security.
000123

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

An exploit script has been published.

Mozilla Suite/ Firefox/ Thunderbird GIF Image Processing Remote
Buffer Overflow

CAN-2005-0399

High

Mozilla Foundation Security Advisory 2005-30, March 23, 2005

US-CERT VU#557948

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Security Focus, 12881, July 5, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2

A vulnerability has been reported when processing drag and drop operations due to insecure XUL script loading, which could let a remote malicious user execute arbitrary code.

Mozilla Browser:
http://www.mozilla.org/
products/mozilla1.x/

Firefox:
http://www.mozilla.org/
products/firefox/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org
/glsa/glsa-200503-31.xml

Slackware:
http://slackware.com/
security/viewer.php?
El=slackware-
security&ay=2005&m=
slackware-security.000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Suite/ Firefox
Drag and Drop
Arbitrary Code
Execution

CAN-2005-0401

High

Mozilla Foundation Security Advisory 2005-32, March 23, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Thunderbird 1.0, Firefox 1.0.6

A vulnerability has been reported when overly long URIs are submitted, which could let a remote malicious user obfuscate the URI of a link.

No workaround or patch available at time of publishing.

There is no exploit code required.

Mozilla Firefox And Thunderbird Long URI Obfuscation

CAN-2005-2602

Medium
Security Focus, 14526, August 9, 2005

Mozilla

Firefox 1.0

A vulnerability exists in the XPCOM implementation that could let a remote malicious user execute arbitrary code. The exploit can be automated in conjunction with other reported vulnerabilities so no user interaction is required.

A fixed version (1.0.1) is available at: http://www.mozilla.org/
products/firefox/all.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Firefox Remote Code Execution Vulnerability

CAN-2005-0527

High

Security Tracker Alert ID: 1013301, February 25, 2005

Gentoo Linux Security Advisory GLSA 200503-30. March 25, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x

Mozilla Firefox 0.x

Mozilla Thunderbird 0.x

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that can permit users to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.

Mozilla: Update to version 1.7.5:
http://www.mozilla.org/
products/mozilla1.x/

Firefox: Update to version 1.0:
http://www.mozilla.org/
products/firefox/

Thunderbird: Update to version 1.0:
http://www.mozilla.org/
products/thunderbird/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
http://slackware.com/
security/viewer.php?
El=slackware-security
&y=2005&m=slackware
-security.000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

Currently we are not aware of any exploits for these vulnerabilities.

High

 

Mozilla Foundation Security Advisory 2005-01, 03, 04, 07, 08, 09, 10, 11, 12

Fedora Update Notification,
FEDORA-
2005-248, 249, 251, 253,
March 23 & 25, 2005

Slackware Security Advisory, SSA:2005-
085-01,
March 27,
2005

RedHat
Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U,
May 5, 2005

Mandriva Linux
Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux
Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla 1.7.3

A heap overflow vulnerability exists in the processing of NNTP URLs. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted 'news://' URL that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The flaw resides in the *MSG_UnEscapeSearchUrl() function in 'nsNNTPProtocol.cpp'.

The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-03.xml

SGI:
http://support.sgi.com
/browse_request/
linux_patches_by_os

SuSE:
ftp://ftp.suse.com/
pub/suse/

HP:
http://itrc.hp.com/service/
cki/docDisplay.do?
docId=HPSBTU01114

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Buffer Overflow in Processing NNTP URLs

CAN-2004-1316

High

iSEC Security ResearchAdvisory, December 29, 2004

Gentoo Linux Security Advisor, GLSA 200501-03, January 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

HP Security Advisory, HPSBTU01114, February 4, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla 1.7.x and prior

Mozilla Firefox 1.x and prior

Mozilla Thunderbird 1.x and prior

Netscape Netscape 7.2

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system.

Firefox: Update to version 1.0.1:
http://www.mozilla.org/
products/firefox/

Mozilla:
The vulnerabilities have been fixed in the CVS repository and will be included in the upcoming 1.7.6 version.

Thunderbird:
The vulnerabilities have been fixed in the CVS repository and will be included in the upcoming 1.0.1 version.

Fedora update for Firefox:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2005-176.html

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200503-10.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org/
glsa/glsa-200503-32.xml

Slackware:
http://slackware.com/
security/viewer.php?l
=slackware-security
&y=2005&m=slackware-
security.000123

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

Currently we are not aware of any exploits for these vulnerabilities.

Mozilla / Firefox / Thunderbird Multiple Vulnerabilities

CAN-2005-0255
CAN-2005-0584
CAN-2005-0585
CAN-2005-0587
CAN-2005-0588
CAN-2005-0589
CAN-2005-0590
CAN-2005-0592
CAN-2005-0593

High

Mozilla Foundation Security Advisories 2005-14, 15, 17, 18, 19, 20, 21, 24, 28

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-248, 249, 251, & 253, March 23 & 25, 2005

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005

Slackware Security Advisory, SSA:2005-085-01, March 27, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla Firefox 1.0 and 1.0.1

A vulnerability exists that could let remote malicious users conduct Cross-Site Scripting attacks. This is due to missing URI handler validation when dragging an image with a "javascript:" URL to the address bar.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting Vulnerability

CAN-2005-0591

Medium

Secunia SA14406, March 1, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update, MDKSA-2005:088-1, Advisory, May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

Mozilla Firefox 1.0; Gentoo Linux; Thunderbird 0.6, 0.7- 0.7.3, 0.8, 0.9, 1.0, 1.0.1;
Netscape Netscape 7.2

There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows.

A fix is available via the CVS repository

Fedora:
ftp://aix.software.ibm.com/
aix/efixes/security/
perl58x.tar.Z

Red Hat:
http://rhn.redhat.com/
errata/RHSA-2005-176.html

Gentoo:
http://www.gentoo.org/
security/en/
glsa/glsa-200503-10.xml

Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2
&os=win<=en-US

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Firefox Multiple Vulnerabilities

CAN-2005-0230
CAN-2005-0231
CAN-2005-0232

High

Security Tracker Alert ID: 1013108, February 8, 2005

Fedora Update Notification,
FEDORA-2005-182, February 26, 2005

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

Security Focus, 12468, March 22, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon 0.9; Netscape 7.2

A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information.

The vendor has issued a fix, available via CVS.

RedHat:
http://rhn.redhat.com/
errata/ RHSA-2005-
383.html

http://rhn.redhat.com/
errata/RHSA-
2005-386.html

Slackware:
http://www.mozilla.org
/projects/security/known-
vulnerabilities.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/ TurboLinux/
TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
384.html

SGI:
ftp://patches.sgi.com/
support/ free/security
/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.
fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/
updates/ UnixWare/
SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e
/enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mozilla Suite/Firefox JavaScript Lambda Information Disclosure

CAN-2005-0989

Medium

Security Tracker Alert, 1013635, April 4, 2005

Security Focus, 12988, April 16, 2005

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08,
April 21 & 26, 2005

Turbolinux
Security Advisory, TLSA-2005-49, April 21, 2005

Slackware Security Advisory, SSA:2005-111-04, April 22, 2005

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Fedora Update Notifications,
FEDORA-2005-604 & 605, July 20, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

ALT Linux
Compact 2.3,
Junior 2.3;
Apple Mac OS X 10.0-10.0.4,
10.1-10.1.5,
10.2-10.2.8,
10.3-10.3.8,
Mac OS X Server 10.0, 10.1-10.1.5, 10.2-10.2.8,
10.3-10.3.8; MIT Kerberos 5 1.0, 5 1.0.6, 5 1.0.8,
51.1-5 1.4; Netkit Linux Netkit
0.9-0.12,
0.14-0.17,
0.17.17; Openwall
GNU/*/Linux
(Owl)-current,
1.0, 1.1; FreeBSD 4.10-
PRERELEASE,
2.0, 4.0 .x,
-RELENG,
alpha, 4.0, 4.1,
4.1.1 -STABLE, -RELEASE, 4.1.1,
4.2, -STABLE
pre122300, -STABLE
pre050201, 4.2 -STABLE,
-RELEASE,
4.2, 4.3 -
STABLE,
-RELENG, 4.3 -RELEASE
-p38, 4.3 -RELEASE, 4.3, 4.4
-STABLE,
-RELENG,
-RELEASE-p42,
4.4, 4.5
-STABLE
pre2002-
03-07, 4.5 -STABLE,
-RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, -RELENG, 4.6 -RELEASE
-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7 -RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG,
4.8 -RELEASE-p7, 4.8 -PRE
RELEASE,
4.8, 4.9 -RELENG, 4.9 -PRE
RELEASE, 4.9, 4.10 -RELENG, 4.10 -RELEASE,
4.10, 4.11 -STABLE, 5.0 -RELENG, 5.0, 5.1 -RELENG, 5.1 -RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2,
5.2.1 -RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3, 5.4 -PRE
RELEASE; SuSE Linux 7.0, sparc, ppc, i386, alpha, 7.1, x86, sparc, ppc, alpha, 7.2, i386; SGI IRIX 6.5.24-6.5.27

Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code.

ALTLinux:
http://lists.altlinux.ru/
pipermail /security
-announce/2005-
March/000287.html

Apple:
http://wsidecar.apple.com/
cgi-bin/ nph-reg3rdpty1.pl/
product=05529& platform=
osx&method=sa/
SecUpd 2005-003Pan.dmg

Debian:
http://security.debian.
org/pool/ updates/main
/n/netkit-telnet/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:01/

MIT Kerberos:
http://web.mit.edu/kerberos/
advisories/2005-001-patch
_1.4.txt

Netkit:
ftp://ftp.uk.linux.org/
pub/linux/
Networking/netkit/

Openwall:
http://www.openwall.com/
Owl/ CHANGES-
current.shtml

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-327.html

Sun:
http://sunsolve.sun.com/
search/ document.do?
assetkey= 1-26-57755-1

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Ubuntu:
http://security.ubuntu.com/
ubuntu/ pool/main/n/
netkit-telnet/

OpenBSD:
http://www.openbsd.org/
errata.html#telnet

Mandrake:
http://www.mandrakesecure
.net/ en/ftp.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-36.xml

http://security.gentoo.org/
glsa/glsa-200504-01.xml

Debian:
http://security.debian.org/
pool/updates/main/k/krb5/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-04.xml

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

SCO:
ftp://ftp.sco.com/pub/
updates/ UnixWare/
SCOSA-2005.21

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57761-1

Openwall:
http://www.openwall.com/
Owl/CHANGES-
current.shtml

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-088_
RHSA-2005-330.pdf

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-28.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/

Sun:
http://sunsolve.sun.com/
search/ document.do?
assetkey=1-26-57761-1

OpenWall:
http://www.openwall.com/
Owl/CHANGES-
current.shtml

SCO:
ftp://ftp.sco.com/pub/
updates/ OpenServer/
SCOSA-2005.23

SGI IRIX:
Apply patch 5892 for IRIX 6.5.24-6.5.27:
ftp://patches.sgi.com/
support/free/security/
patches/

Debian:
http://security.debian.org/
pool/updates/main/k/krb4/

Conectiva:
http://distro.conectiva.com
.br/ atualizacoes/
index.php?id=
a&anuncio=000962

Trustix:
ftp://ftp.trustix.org/pub/
trustix/ updates/

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-132_
RHSA-2005-327.pdf

FedoraLegacy:
http://download.
fedoralegacy.
org/redhat/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Telnet Client 'slc_add_reply()' & 'env_opt_add()'
Buffer Overflows

CAN-2005-0468
CAN-2005-0469

High

iDEFENSE Security Advisory,
March 28, 2005

US-CERT VU#291924

Mandrakelinux Security Update Advisory, MDKSA-2005:061,
March 30, 2005

Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 &
April 1, 2005

Debian Security Advisory, DSA 703-1, April 1, 2005

US-CERT VU#341908

Gentoo Linux Security Advisory, GLSA 200504-04,
April 6, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Sun(sm) Alert Notification, 57761,
April 7, 2005

SCO Security Advisory, SCOSA-2005.21,
April 8, 2005

Avaya Security Advisory, ASA-2005-088, April 27, 2005

Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005

Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005

Sun(sm) Alert Notification, 57761, April 29, 2005

SCO Security Advisory, SCOSA-2005.23, May 17, 2005

SGI Security Advisory, 20050405-01-P, May 26, 2005

Debian Security Advisory, DSA 731-1, June 2, 2005

Conectiva Security Advisory, CLSA-2005:962, June 6, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Avaya Security Advisory, ASA-2005-132, June 14, 2005

Fedora Legacy Update Advisory, FLSA:152583, July 11, 2005

Slackware Security Advisory, SSA:2005-210-01, August 1, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Multiple Vendors

Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code.

Update available at:
https://ccvs.cvshome.org/
servlets/Project
DocumentList

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-16.xml

SuSE:
ftp://ftp.suse.com/
pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/3/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Trustix:
http://http.trustix.org/pub/
trustix/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/

Peachtree:
http://peachtree.burdell.org/
updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-387.html

OpenBSD:
http://www.openbsd.org/
errata.html#cvs

TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/
TurboLinux/ia32/

OpenBSD:
http://www.openbsd.org/
errata35.html#

Ubuntu:
http://security.ubuntu.com/
Subunit/pool/main/c/cvs/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

OpenBSD:
http://www.openbsd.org/
errata.html#cvs

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000966

Debian:
http://security.debian.
org/pool/ updates/main

Currently we are not aware of any exploits for these vulnerabilities.

CVS Multiple Vulnerabilities

CAN-2005-0753

High

 

Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005

SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005

Secunia Advisory, SA14976, April 19, 2005

Fedora Update Notification,
FEDORA-2005-330, April 20, 2006

Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005

Peachtree Linux Security Notice, PLSN-0005, April 22, 2005

RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005

Turbolinux Security Advisory, TLSA-2005-51, April 28, 2005

Ubuntu Security Notice, USN-117-1 May 04, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Conectiva Security Advisory, CLSA-2005:966, June 13, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Multiple Vendors

IETF RFC 2406: IPSEC; Hitachi GR2000-1B, GR2000-2B, GR2000-2B+, GR2000-BH

A vulnerability has been reported that affects certain configurations of IPSec when configured to employ Encapsulating Security Payload (ESP) in tunnel mode with only confidentiality and systems that use Authentication Header (AH) for integrity protection, which could let a remote malicious user obtain plaintext IP datagrams and potentially sensitive information.

Hitachi advises affected users to use the AH protocol workaround to mitigate this issue.

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBTU01217&
locale=en_US

Currently we are not aware of any exploits for this vulnerability.

IPSec ESP Packet Modification

CAN-2005-0039

Medium

NISCC Vulnerability Advisory, IPSEC - 004033,
May 9, 2005

US-CERT VU#302220

Security Focus, 13562, May 11, 2005


HP Security Bulletin, HPSBTU01217, August 9, 2005

Multiple Vendors

PHPXMLRPC 1.1.1;
PEAR XML_RPC 1.3.3; Drupal 4.6-4.6.2, 4.5- 4.5.4

A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.

PHPXMLRPC :
http://prdownloads.
sourceforge.net/
phpxmlrpc/xmlrpc.
1.2.tgz?download

Pear:
http://pear.php.net/
get/XML_RPC-1.4.0.tgz

Drupal:
http://drupal.org/files/
projects/drupal-4.5.5.tar.gz

There is no exploit code required.

PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution

CAN-2005-2498

High
Security Focus, 14560, August 15, 2005

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64; AWStats 6.4 & prior

A vulnerability has been reported due to insufficient sanitization of the 'url' parameter before using in an 'eval()' function when Referer field statistics are generated, which could let a remote malicious user execute arbitrary code. Note: The system is only vulnerable if at least one URLPlugin is enabled.

Updates available at:
http://awstats.sourceforge.
net/files/awstats-6.4.tgz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-07.xml

There is no exploit code required.

AWStats Arbitrary Command Execution

CAN-2005-1527

High

iDEFENSE Security Advisory, August 9, 2005

Ubuntu Security Notice, USN-167-1, August 11, 2005

Gentoo Linux Security Advisory, GLSA 200508-07, August 16, 2005

My Image Gallery

My Image Gallery 1.4.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in the 'currDIR' and 'image' parameters due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and it is also possible to obtain path information.

Upgrade available at:
http://prdownloads.
sourceforge.net/mig/
mig-1.5.0.tar.gz?download

There is no exploit code required; however, Proofs of Concept exploits have been published.

My Image Gallery Multiple Cross Site Scripting & Path Disclosure

CAN-2005-2603
CAN-2005-2604

Medium Secunia Advisory: SA16405, August 16, 2005

MyBB Group

MyBulletinBoard RC4

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Reports indicate that administrative access can be obtained through at least one of these vulnerabilities.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

MyBulletinBoard Multiple SQL Injection

CAN-2005-2580

High
Security Focus, 14553, August 12, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.

Vendor patch available:
Affix_320_sec.patch
http://affix.sourceforge.net/
affix_320_sec.patch

Affix_212_sec.patch
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/
a/affix/affix

An exploit has been published.

Nokia Affix BTFTP Arbitrary Code Execution

CAN-2005-2250

High

Security Focus, 14230, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/
a/affix/affix

There is no exploit code required; however, a Proof of Concept exploit has been published.

Nokia Affix BTSRV/BTOBEX Remote Command Execution

CAN-2005-2277

High

Security Focus, 14232, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

OmniPilot Software

Lasso Professional Server 8.0.5, 8.0.4

A vulnerability has been reported due to a failure to enforce security constraints, which could let a remote malicious user bypass authentication.

Patches available at:
http://support.omnipilot.com/
article_files/Security%
20Fix%20804-805.zip

There is no exploit code required.

Lasso Professional Server Remote Authentication Bypass

CAN-2005-2605

Medium
Security Focus, 14543, August 10, 2005

phlyLabs

PHlyMail Lite 3.x, MessageCenter 3.x, Personal Edition 3.x

A vulnerability has been reported when authenticating users due to an unspecified error, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://phlymail.de/download/
PHlyMail_Lite/
phmmc_lite_30201.zip

There is no exploit code required.

PHlyMail Unspecified Authentication Bypass

CAN-2005-2606

Medium
Secunia Advisory: SA16388, August 10, 2005

PHP Group

PHP 4.3.6-4.3.9, 5.0 candidate 1-canidate 3, 5.0 .0-5.0.2

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'pack()' function, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability exists in the 'unpack()' function, which could let a remote malicious user obtain sensitive information; a vulnerability exists in 'safe_mode' when executing commands, which could let a remote malicious user bypass the security restrictions; a vulnerability exists in 'safe_mode' combined with certain implementations of 'realpath(),' which could let a remote malicious user bypass security restrictions; a vulnerability exists in 'realpath()' because filenames are truncated; a vulnerability exists in the 'unserialize()' function, which could let a remote malicious user obtain sensitive information or execute arbitrary code; a vulnerability exists in the 'shmop_write()' function, which may result in an attempt to write to an out-of-bounds memory location; a vulnerability exists in the 'addslashes()' function because '\0' is not escaped correctly; a vulnerability exists in the 'exif_read_data()' function when a long sectionname is used, which could let a remote malicious user obtain sensitive information; and a vulnerability exists in 'magic_quotes_gpc,' which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.php.net/
downloads.php

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-031.html

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Apple:
http://www.apple.com/
support/downloads/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBMA01212&
locale=en_US

There is no exploit code required; however, a Proof of Concept exploit script has been published.

PHP Multiple Remote Vulnerabilities

CAN-2004-1018
CAN-2004-1063
CAN-2004-1064
CAN-2004-1019
CAN-2004-1020
CAN-2004-1065

High

 

Bugtraq, December 16, 2004

Conectiva Linux Security Announcement, CLA-2005:915, January 13, 2005

Red Hat, Advisory: RHSA-2005:031-08, January 19, 2005

SUSE Security Announcement, SUSE-SA:2005:002, January 17, 2005

Ubuntu Security Notice, USN-66-1, January 20, 2005

Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005

Fedora Legacy Update Advisory, FLSA:2344, March 7, 2005

Ubuntu Security Notice, USN-99-1 March 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

HP Security Advisory, HPSBMA01212. August 9, 2005

 

PHPSimplicity

Simplicity oF Upload 1.3

A vulnerability has been reported in Simplicity oF Upload that could let remote malicious users execute arbitrary code.

Update available at:
http://www.phpsimplicity.
com/downloads.php?
scriptID=3

There is no exploit code required; however, Proof of Concept exploits have been published.

Simplicity oF Upload Arbitrary Code Execution

CAN-2005-2607

High

Security Tracker, Alert ID: 1014591, July 29, 2005

Security Focus, 14424, August 10, 2005

PowerDNS

PowerDNS 2.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the LDAP backend due to insufficient validation of user-supplied queries; and a remote Denial of Service vulnerability was reported due to an error when handling requests that are denied recursion.

Update available at:
http://www.powerdns.com/
downloads/

Debian:
http://security.debian.org/
pool/updates/main/p/pdns/

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

PowerDNS Denials of Service

CAN-2005-2301
CAN-2005-2302

 

Low

Secunia Advisory: SA16111, July 18, 2005

Debian Security Advisory, DSA 771-1, August 1, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

SafeHTML

SafeHTML 1.3.2

A Cross-Site Scripting vulnerability has been reported when handling script encoded in UTF-7 and in CSS comments, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://pixel-apes.com/
safehtml/

There is no exploit code required.

SafeHTML UTF-7 And CSS Comment Tag Cross Site Scripting

CAN-2005-2608

Medium Security Focus, 14574, August 16, 2005

Topic Board

PHPTB Topic Board 2.0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPTB Topic Board Multiple SQL Injection

CAN-2005-2587

Medium
Security Focus, 14535, August 10, 2005

VegaDNS

VegaDNS 0.9.9, 0.9.8, 0.8.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'index.php' script due to insufficient sanitization of the 'message' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'VDNS_Sessid' parameter because it is possible to obtain path information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

VegaDNS Index.PHP Cross-Site Scripting & Path Disclosure

CAN-2005-2609
CAN-2005-2610

Medium
Secunia Advisory: SA16370, August 10, 2005

Veritas Software

NetBackup for NetWare Media Servers 5.1, MP1-MP3, 5.0, MP1-MP5, 4.5, MP1-MP8, FP1- FP8, Backup Exec Remote Agent for Windows Server, Backup Exec Remote Agent for Unix/Linux Server, Backup Exec Remote Agent for NetWare Server, Backup Exec for NetWare Servers 9.1.1156, 9.1.1154, 9.1.1152 .4, 9.1.1152, 9.1.1151 .1, 9.1.1127 .1, 9.1.1067 .3, 9.1.1067 .2, 9.1.307, 9.1.306, Backup Exec 10.0 rev. 5520, rev. 5484, SP1, 9.1, rev 4691, SP2, 9.0, rev. 4454, SP1, rev. 4367, SP1, 4367

A vulnerability has been reported because a static password is used when authenticating to the remote agent, which could let a remote malicious user bypass certain security restrictions and download arbitrary files.

Update information available at:
http://securityresponse.
symantec.com/
avcenter/security/
Content/2005.08.12b.html

An exploit script has been published.

Veritas Backup Exec Remote Agent Arbitrary File DIsclosure

CAN-2005-2611

Medium

Symantec Security Advisory, SYM05-011, August 12, 2005

US-CERT VU#378957

WordPress

WordPress 1.5.3 & prior

A vulnerability has been reported in the 'cache_lastpostdata' parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

WordPress PHP Code Execution

CAN-2005-2612

High
Secunia Advisory: SA16386, August 10, 2005

Wyse

Winterm 1125SE 4.4.061f,
4.2.09f

A remote Denial of Service vulnerability has been reported when a malicious user submits a specially crafted packet with the IP option length field set to zero.

No workaround or patch available at time of publishing.

An exploit script has been published.

Wyse Winterm 1125SE Remote Denial of Service

CAN-2005-2577

Low
Security Tracker Alert ID: 1014659, August 11, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

Wireless Vulnerabilities

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
August 16, 2005 ezupload-2.2.0.pl
No
Exploit for the EZUpload Multiple Remote File Include vulnerability.
August 16, 2005 lynn-cisco.zip
N/A
Mike Lynn's DefCon Presentation which explains how to remotely exploit cisco routers.
August 15, 2005 mdaemon_imap.pm.txt
Yes
Exploit for the Alt-N MDaemon Remote Buffer Overflow vulnerability.
August 15, 2005 WebRoot.txt
N/A
A bruteforce directory/file scanner that looks for files and directories on a website which might contain interesting data, but which are not referenced anywhere on the site.
August 15, 2005 zenworks_desktop_agent.pm.txt
Yes
Exploit for the Novell ZENworks Remote Management Buffer Overflows vulnerabilities.
August 14, 2005 backupexec_dump.pm
Yes
Exploit script for the Veritas Backup Exec Remote Agent Arbitrary File DIsclosure vulnerability.
August 14, 2005 shoutcast_format_win32.pm
Yes
Exploit for the Nullsoft SHOUTcast Format String Flaw.
August 13, 2005 edirectory_imonitor.pm
edirectory_imonitor.pm.txt
Yes
Exploit for the Novell eDirectory Server iMonitor Buffer Overflow vulnerability.
August 13, 2005 grandstream-DoS.pl.txt
No
Exploit for the Grandstream BudgeTone Denial of Service vulnerability.
August 13, 2005 kavLocalRoot.txt
Yes
Exploit details for the Kaspersky Anti-Virus Insecure Log Directory vulnerability.
August 12, 2005 backupexec_dump.pm
No
Exploit for the Veritas Backup Exec Remote Agent for Windows Servers Arbitrary File Download vulnerability.
August 12, 2005 ms05039.c
HOD-ms05039-pnp-expl.c
Yes
Exploits for the Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges vulnerability.
August 12, 2005 NAePolicy.txt
No
Exploit details for the ePolicy Information Disclosure and Privilege Elevation vulnerability.
August 12, 2005 TheftOfLinkKey.txt
N/A
Paper entitled "Theft of Bluetooth Link Keys for Fun and Profit?"
August 11, 2005 FreznoShopSQL.txt
No
Sample exploitation for the FreznoShop SQL Injection Vulnerability.
August 10, 2005 isec-options.c
No
Script that exploits the Wyse Winterm 1125SE Remote Denial of Service vulnerability.

[back to top]

Trends
  • NIST creates online treasure trove of security woes: The National Institute of Standards and Technology has launched a comprehensive cybersecurity database that is updated daily with the latest information on vulnerabilities in popular products. Source: http://www.fcw.com/article89911-08-15-05-Print.
  • Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT is aware of a public exploit for a vulnerability in VERITAS Backup Exec Remote Agent for Windows Servers. This exploit may allow a remote attacker to retrieve arbitrary files on a system. The VERITAS Backup Exec Remote Agent listens on network port 10000/tcp. Source: http://www.us-cert.gov/current/.
  • Tools drive point-and-click crime: According to the security firm, Websense, new software tools make stealing data from users as easy as browsing the web. These easy-to-use tools are being created by malicious and criminal hackers to run the networks of compromised home computers they control. Source: http://news.bbc.co.uk/2/hi/technology/4152626.stm.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files.
2 Mytob.C Win32 Worm Slight Increase March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
3 Zafi-D Win32 Worm Slight Decrease December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
4 Netsky-Q Win32 Worm Stable March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
5 Mytob-BE Win32 Worm Slight Decrease June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Zafi-B Win32 Worm Increase June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
8 Netsky-D Win32 Worm Slight Increase March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
9 Netsky-Z Win32 Worm Decrease April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
10 Lovgate.w Win32 Worm Decrease April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.

Table Updated August 13, 2005

  • Worm spreading through Microsoft Plug-and-Play flaw: According to two security groups, a worm is spreading using a flaw in the Windows operating system's Plug-and-Play functionality. Users are advised to update systems using a patch released by Microsoft. The worm, known as Zotob by antivirus firm F-Secure, compromises systems by sending data on port 445. If a computer is infected with the program, the worm starts a file-transfer protocol (FTP) server and attempts to spread further. Source: http://www.securityfocus.com/news/11281.
  • Chain attack Trojan nets 3m email addresses: A sophisticated global 'chain' attack has been discovered by security experts at Panda Software that uses the pamNet.A Trojan to infect victim PCs with up to 19 malicious malware programs. The infection chain begins when a user visits the first infected page. This web page uses the Iframe tag to try to open two new pages. This initiates two parallel processes, each one associated to one of the two pages. Source: http://www.vnunet.com/vnunet/news/2141148/chain-attack-trojan-nets-3m.

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

DVBBS 7.1, 7.1SP2

Multiple input validation vulnerabilities have been reported in DVBBS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

DVBBS Cross Site Scripting

CAN-2005-2588

Medium
Security Tracker, Alert ID: 1014632, August 8, 2005

McAfee

ePolicy Orchestrator 3.5

An vulnerability has been reported in ePolicy Orchestrator that could let local malicious users disclose information and obtain elevated privileges.

No workaround or patch available at time of publishing.

An exploit script has been published.

ePolicy Information Disclosure and Privilege Elevation

CAN-2005-2554

Medium
Security Focus, ID: 14549, August 11, 2005

Microsoft

Plug and Play

A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-039.mspx

Exploit scripts have been published and worm, "Worm:Win32/Zotob.A", is circulating.

Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges

CAN-2005-1983

High

Microsoft Security Bulletin MS05-039, August 9, 2005

US-CERT VU#998653

Microsoft Security Advisory, 899588, August 15, 2005

Parlando

MindAlign 5.0

Multiple vulnerabilities have been reported in MindAlign that could let local or remote malicious users perform a Denial of Service, bypass security, conduct Cross-Site Scripting, or disclose information.

Fix available through vendor: support@parlano.com

Currently we are not aware of any exploits for these vulnerabilities.

MindAlign Multiple Vulnerabilities

CAN-2005-2590
CAN-2005-2591
CAN-2005-2592
CAN-2005-2593

 

Medium
NISCC Vulnerability Advisory 356752, August 12, 2005

Novell

eDirectory 8.7.3 iMonitor

A buffer overflow vulnerability has been reported in eDirectory iMonitor that could let remote malicious users to cause a Denial of Service or execute arbitrary code.

Vendor fix available:
http://support.novell.com/
cgi-bin/search/searchtid.cgi?
/10098568.htm

An exploit script has been published.

Novell eDirectory Denial of Service or Arbitrary Code Execution

CAN-2005-2551

High

Novell, TID10098568, August 12, 2005

US-CERT VU#213165

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Apache

Spam
Assassin 3.0.1, 3.0.2, 3.0.3

A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.

A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-498.html

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Apache SpamAssassin Lets Remote Users Deny Service

CAN-2005-1266

Low

Security Tracker Alert ID: 1014219,
June 16, 2005

Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200

SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005

RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Apple

Mac OS X Server 10.4-10.4.2, 10.3.9, Mac OS X 1-.4-10.4.2, 10.3.9

Multiple security vulnerabilities have been reported: five vulnerabilities were reported ranging from buffer overflows to access validation in Apache; three vulnerabilities were reported in Appkit which could lead to the execution of arbitrary code or local account creation; an authentication bypass vulnerability was reported in Bluetooth; two vulnerabilities were reported in CoreFoundation which could result in a buffer overflow and a Denial of Service; two vulnerabilities were reported in CUPS, which could lead to a remote Denial of Service; three vulnerabilities were reported in Directory Services ranging from a buffer overflow, unauthorized account creation/deletion and and elevated privileges; a vulnerability was reported in Htoolbox that lead to information disclosure; five vulnerabilities were reported in Kerberos that could lead to a buffer overflow, arbitrary code execution and root compromise; a vulnerability was reported in 'loginwindow' which could let a malicious user obtain access to other logged in accounts; a vulnerability has been reported regarding the loss of privacy when remote images are loaded into HTML email; three security vulnerabilities have been reported in MySQL which could lead to remote arbitrary code execution; two vulnerabilities have been reported in OpenSSL which could lead to a Denial of Service; a vulnerability has been reported in ping that could lead to local privilege escalation and arbitrary code execution; a vulnerability has been reported in QuartzComposerScreen
Saver, which could let remote malicious users open pages while the RSS Visualizer screen is locked; two vulnerabilities have been reported in Safari which could lead to remote command execution or have information submitted to an incorrect site; a vulnerability has been reported in SecurityInterface which could lead to sensitive information disclosure; a buffer overflow vulnerability has been reported in 'servermgrd' which ultimately lead to the execution of arbitrary code; a vulnerability has been reported in 'servermgr_ipfilter' regarding firewall settings not always being written to the Active Rules; two vulnerabilities have been reported in SquirrelMail which could lead to Cross-Site Scripting; a vulnerability was reported in 'traceroute' which could lead to remote arbitrary code execution and privilege escalation; a vulnerability was reported in 'WebKit' that could lead to arbitrary code execution regarding a malformed PDF file; multiple Cross-Site Scripting vulnerabilities have been reported in Weblog Server; a vulnerability has been reported in 'X11' that could lead to remote arbitrary code execution; and two Denial of Service vulnerabilities were reported in zlib that potentially could lead to arbitrary code execution.

Patch information available at:
http://docs.info.apple.com/
article.html?artnum=302163

Currently we are not aware of any exploits for these vulnerabilities.

High
Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005

Apple

Safari Web Browser 1.3

A remote Denial of Service vulnerability has been reported when certain JavaScript operations are performed.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple Safari Web Browser JavaScript Remote Denial of Service

CAN-2005-2594

Low
Security Focus 14528, August 9, 2005

BlueZ

BlueZ 2.18 & prior

A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.bluez.org/
redirect.php?url=
http%3A%2F%2F
bluez.sf.net%2F
down load%2F
bluez-libs-2.19.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-09.xml

There is no exploit code required.

BlueZ Arbitrary Command Execution

CAN-2005-2547

 

High

Security Focus 14572, August 16, 2005

Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005

Centericq

Centericq 4.20

A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/c/
centericq/

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

CenterICQ
Insecure
Temporary File

CAN-2005-1914

Medium

Security
Focus, 14144,
July 5, 2005

Debian
Security
Advisory,
DSA 754-1,
July 13, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Charlton

crip 3.5

A vulnerability has been reported due to the creation of temporary files in an insecure manner, which could let a malicious user overwrite files or cause a Denial of Service.

Debian:
http://security.debian.org
/pool/updates/main/c/crip/

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Crip Helper Script Insecure Temporary File Creation

CAN-2005-0393

Medium

Debian Security Advisory, DSA 733-1, June 30, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Clam AntiVirus

ClamAV 0.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'cli_scanszdd()' function in 'libclamav/scanners.c' due to a memory and file descriptor leak; and a remote Denial of Service vulnerability was reported in 'libclamav/mspack/mszipd.c' due to insufficient validation of the 'ENSURE_BITS()' macro user-supplied cabinet file header.

Upgrades available at:
http://prdownloads.source
forge.net/clamav/clamav-0.86.1.tar.gz?download

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Debian:
http://security.debian.org/
pool/updates/main/c/clamav/

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Clam Anti-Virus ClamAV Remote Denials of Service

CAN-2005-1922
CAN-2005-1923

Low

Security Tracker Alert ID: 1014332, June 29, 2005

Conectiva Linux Announce-
ment, CLSA-2005:973, July 6, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Dada Mail

Dada Mail 2.9.2

A vulnerability has been reported due to insufficient sanitization of archived messages before displayed, which could let a remote malicious user inject arbitrary script code.

Upgrade available at:
http://prdownloads.
sourceforge.net/
mojomail/dada-2_
10_0-alpha1.tar.
gz? download

There is no exploit code required.

Dada Mail Archives HTML Injection

CAN-2005-2595

Medium Secunia Advisory: SA16435, August 16, 2005

Eric Raymond

Fetchmail 6.2.5

A remote buffer overflow vulnerability has been reported in the POP3 client due to insufficient boundary checks, which could let a malicious user obtain elevated privileges.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Redhat:
http://rhn.redhat.com/errata/
RHSA-2005-640.html

Ubuntu:
http://www.ubuntulinux.org/
support/ documentation/
usn/usn-153-1

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-21.xml

Debian:
http://security.debian.org/
pool/updates/main/
f/fetchmail/

SGI:
ftp://patches.sgi.com/
support/free/
security/advisories/

Currently we are not aware of any exploits for this vulnerability.

Fetchmail POP3 Client Buffer Overflow

CAN-2005-2335

Medium

Fedora Update Notifications,
FEDORA-2005-613 & 614, July 21, 2005

Redhat Security Advisory, RHSA-2005:640-08, July 25, 2005

Ubuntu Security Notice, USN-153-1, July 26, 2005

Gentoo Security Advisory, GLSA 200507-21, July 25, 2005

Debian Security Advisory, DSA 774-1, August 12, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Ettercap

Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2

A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/ettercap/
ettercap-NG-0.7.3.
tar.gz?download

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

Ettercap Remote Format String

CAN-2005-1796

High

Secunia Advisory, SA15535, May 31, 2005

US-CERT VU#286468

Debian Security Advisory, DSA 773-1, August 11, 2005

FUSE

FUSE 2.x

A vulnerability has been reported because certain memory is not correctly cleared before returned to users, which could let a malicious user obtain sensitive information.

Update available at:
http://sourceforge.net/project/
showfiles.php?
group_id=121684

Debian:
http://security.debian.org/
pool/updates/main/

A Proof of Concept exploit script has been published.

FUSE Information Disclosure

CAN-2005-1858

Medium

Secunia Advisory, SA15561, June 3, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Gallery

Gallery 1.5 1.4 -1.4.4 -pl5

A vulnerability has been reported in 'classes/postnuke0.7.1/user.php' when determining the gallery name due to incorrect use of the global '$name' variable, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
7130&package_id=
7239&release_id=348064

There is no exploit code required.

Gallery PostNuke Access Validation

CAN-2005-2596

 

Medium
Secunia Advisory: SA16389, August 11, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gedit/

Debian:
http://security.debian.org/
pool/updates/main/

An exploit has been published.

Gedit Filename Format String

CAN-2005-1686

High

Securiteam,
May 22, 2005

Ubuntu Security Notice,
USN-138-1,
June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09,
June 11, 2005

RedHat Security Advisory,
RHSA-2005:499-05, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:102,
June 16, 2005

Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005

SGI Security Advisory, 20050603-
01-U, June 23, 2005

Debian Security Advisory,
DSA 753-1,
July 12, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Hewlett Packard Company

Ignite-UX B.3.x, C.6.x

Several vulnerabilities have been reported: a vulnerability was reported in 'add_new_client' command, which could let a malicious user obtain access to the file system or cause a Denial of Service; and a vulnerability was reported in the 'make_recovery' command, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.hp.com/
go/softwaredepot

There is no exploit code required; however, a Proof of Concept exploit has been published.

HP Ignite-UX TFTP Service Vulnerabilities

CAN-2004-0951
CAN-2004-0952

Medium
HP Security Bulletin,
HPSBUX01219, August 16, 2005

High Availability
Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/

Conectiva:
ftp://atualizacoes.
conectiva.com.br

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-05.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
h/heartbeat/

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium

Secunia Advisory: SA16039,
July 12, 2005

Debian Security Advisory,
DSA 761-1,
July 19, 2005

Conectiva Linux Announce-
ment,
CLSA-2005:
991, August 4, 2005

Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:132, August 10, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Ubuntu Security Notice, USN-165-1, August 11, 2005

Debian Security Advisory DSA 761-2 , August 15, 2005

HT Editor

HT Editor 0.8

Several vulnerabilities have been reported: a vulnerability was reported in the Executable and Linking Format (ELF) parser due to a heap overflow, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the Portable Executable (PE) parser due to a boundary error, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-08.xml

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

HT Editor ELF & PE Parser Remote Code Execution

CAN-2005-1545
CAN-2005-1546

High

Gentoo Linux Security Advisory, GLSA 200505-08, May 10, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Kadu

Kadu 0.4.0

An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service.

Upgrade to version 0.4.1:
http://www.kadu.net/wiki/
index.php/English:
Main_Page

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-26.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

Kadu Denial of Service

CAN-2005-1852

Low

Secunia, Advisory: SA16238, July 27, 2005

Gentoo Security Advisory, GLSA 200507-26, July 27, 2005

Conectiva Linux Announce-
ment, CLSA-2005:989, August 4, 2005

Ubuntu Security Notice,
USN-162-1, August 08, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Kaspersky Labs

Antivirus for Linux Servers 5.5 -2

A vulnerability have been reported in '/var/log/kav/5.5/kav4unix' due to insecure default directory permissions, which could let a malicious user overwrite arbitrary files with privileges of the root user.

Users of affected packages are urged to contact the vendor for further information on obtaining fixes.

There is no exploit code required; however, an exploit script has been published.

Kaspersky Anti-Virus Insecure Log Directory

CAN-2005-2582

Medium
Secunia Advisory: SA16425, August 15, 2005

KDE

KDE 3.0 - 3.4.2

A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.

Patches available at:
ftp://ftp.kde.org/pub/
kde/security_patches

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

There is no exploit code required.

KDE langen2kvtml Insecure Temporary File Creation

CAN-2005-2101

Medium

KDE Security Advisory, August 15, 2005

Fedora Update Notification,
FEDORA-2005-745, August 15, 2005

Mozilla.org

Firefox 1.0

A vulnerability exists when a predictable name is issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.

Update available at:
http://www.mozilla.org/
products/firefox/all.html

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org/
glsa/glsa-200503-32.xml

FedoraLegacy:
http://download.fedoralegacy.org/\
redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

An exploit has been published.

Mozilla Firefox Predictable Plugin Temporary
Directory

CAN-2005-0578

Medium

Mozilla Foundation Security Advisory, 2005-28, February 25, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-247
2005-03-23

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1

A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-670.html

http://rhn.redhat.com/errata/
RHSA-2005-671.html

http://rhn.redhat.com/errata/
RHSA-2005-708.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xpdf/

KDE:
http://www.kde.org/info/
security/advisory-
20050809-1.txt

Mandriva:
http://www.mandriva.com/
security/advisories

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-08.xml

Currently we are not aware of any exploits for this vulnerability.

XPDF Loca Table Verification Remote Denial of Service

CAN-2005-2097

 

Low

RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005

Ubuntu Security Notice, USN-163-1, August 09, 2005

KDE Security Advisory, 20050809-1, August 9, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 200-5

Multiple Vendors

dhcpcd 1.3.22

A vulnerability has been reported in dhcpcd that could let a remote user perform a Denial of Service.

Debian:
http://security.debian.org/
pool/updates/main/d/dhcpcd/

Mandriva:
http://www.mandriva.com/
security/advisories

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-16.xml

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/ index.php
?id=a&
anuncio=000983

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-603.html

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

dhcpcd Denial of Service

CAN-2005-1848

Low

Secunia, Advisory: SA15982, July 11, 2005

Debian Security Advisory, DSA 750-1, July 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:117, July 13, 2005

Gentoo Linux Security Advisory, GLSA 200507-16, July 15, 2005

Conectiva, CLSA-2005:983, July 25, 2005

RedHat Security Advisory, RHSA-2005:603-07, July 27, 2005

Debian Security Advisor, DSA 773-1, August 11, 2005

Multiple Vendors

Qpopper 4.x; Gentoo Linux

Several vulnerabilities have been reported: a vulnerability was reported because user supplied config and trace files are processed with elevated privileges, which could let a malicious user create/overwrite arbitrary files; and a vulnerability was reported due to an unspecified error which could let a malicious user create group or world-writable files.

Upgrades available at:
ftp://ftp.qualcomm.com/eudora/
servers/unix/popper/
old/qpopper4.0.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-17.xml

Debian:
http://security.debian.org/
pool/updates/main/q/qpopper/

SuSE:
ftp://ftp.suse.com/pub/suse/

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Qpopper Multiple Insecure File Handling

CAN-2005-1151
CAN-2005-1152

Medium

Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005

Secunia Advisory, SA15475, May 24, 2005

Debian Security Advisories, DSA 728-1 & 728-2, May 25 & 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Debian Security Advisor, DSA 773-1, August 11, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; Easy Software Products CUPS 1.1.19
- 1.1.23

A remote Denial of Service vulnerability has been reported when the application fails to do proper bounds checking when handling malformed PDF files.

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-706.html

Currently we are not aware of any exploits for this vulnerability.

Easy Software Products CUPS Remote Denial of Service

CAN-2005-2097

Low
RedHat Security Advisory, RHSA-2005:706-04, August 9, 2005

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64,
4.1 ppc, ia64, ia32;
Rob Flynn Gaim 1.3.1, 1.3 .0, 1.2.1, 1.2 , 1.1.1 -1.1.4, 1.0-1.0.2; RedHat Enterprise Linux WS 2.1, IA64, ES 2.1, IA64, AS 2.1, IA64, Desktop 4.0, Advanced Workstation for the Itanium Processor 2.1, IA64

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to the way away messages are handled, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability has been reported due to an error when handling file transfers.

Updates available at: http://gaim.sourceforge.net/
downloads.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-589.html

http://rhn.redhat.com/errata/
RHSA-2005-627.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-06.xml

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

A Proof of Concept exploit has been published for the buffer overflow vulnerability.

Gaim AIM/ICQ Protocols Buffer Overflow & Denial of Service

CAN-2005-2102
CAN-2005-2103

High

RedHat Security Advisories, RHSA-2005:589-16 & RHSA-2005:627-11, August 9, 2005

Ubuntu Security Notice, USN-168-1, August 12, 2005

Gentoo Linux Security Advisory, GLSA 200508-06, August 15, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:139, August 16, 2005

Multiple Vendors

UbuntuLinux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5

 

Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://ftp.gnome.org/pub/
gnome/sources/evolution/2.3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/evolution/

Currently we are not aware of any exploits for these vulnerabilities.

GNOME Evolution Multiple Format String

CAN-2005-2549
CAN-2005-2550

High

Secunia Advisory: SA16394, August 11, 2005

Ubuntu Security Notice, USN-166-1, August 11, 2005

MySQL AB

MySQL 3.x, 4.x

 

Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.'

Updates available at:
http://dev.mysql.com/
downloads/mysql/

Debian:
http://security.debian.org/
pool/updates/main/
m/mysql

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Mandrake:
http://www.mandrakesoft.com
/security/advisories

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
m/mysql-dfsg/

SuSE:
ftp://ftp.suse.com/
pub/suse

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101864-1

We are not aware of any exploits for these vulnerabilities.

MySQL Security Restriction Bypass &
Remote
Denial of
Service

CAN-2004-0835
CAN-2004-0837

Medium

 

Secunia Advisory, SA12783, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004

Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004

Ubuntu Security Notice, USN-32-1, November 25, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004

Fedora Update Notification,
FEDORA-2004-530, December 8, 2004

Turbolinux Security Announcement, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101864, August 11, 2005

MySQL

MySQL 4.x

A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges.

Update available at:
http://lists.mysql.com/
internals/20600

Ubuntu:
http://www.ubuntulinux.org/
support/documentation/
usn/usn-63-1

Debian:
http://www.debian.org/
security/2005/dsa-647

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200501-33.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

FedoraLegacy:
http://download.
fedoralegacy.
org/fedora/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

OpenPKG:
ftp://ftp.openpkg.org/
release/2.2/
UPD/mysql-
4.0.21-2.2.2.src.rpm

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101864-1

Currently we are not aware of any exploits for this vulnerability.

MySQL 'mysqlaccess.sh' Unsafe Temporary Files

CAN-2005-0004

Medium

Security Tracker Alert, 1012914, January 17,2005

Ubuntu Security Notice USN-63-1 January 18, 2005

Debian Security Advisory
DSA-647-1 mysql, January 19, 2005

Gentoo GLSA 200501-33, January 23, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005

Conectiva Linux Security Announcement, CLA-2005:947, April 20, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.006, April 20, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101864, August 11, 2005

Namazu Project

Namazu 2.0.13 and prior

A vulnerability exists which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Input passed to 'namazu.cgi' isn't properly sanitized before being returned to the user if the query begins from a tab ('%09'). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

Update to version 2.0.14:
http://namazu.org/#download

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.org/
pool/updates
/main/n/namazu2/

SuSE:
ftp://ftp.suse.com/
pub/suse/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBMA01212&
locale=en_US

Currently we are not aware of any exploits for this vulnerability.

Namazu Cross-Site Scripting Vulnerability

CAN-2004-1318

Medium

Namazu Security Advisory, December 15, 2004

Debian Security Advisory, DSA 627-1, January 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005

HP Security Bulletin, HPSBMA01212, August 9, 2005

 

netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-04.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/n/
netpbm-free/

There is no exploit code required.

netpbm Arbitrary Code Execution

CAN-2005-2471


High

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005

Ubuntu Security Notice, USN-164-1, August 11, 2005

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=
12694&package_id =
11571&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-720.html

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial Of Service

CAN-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Nullsoft

SHOUTcast 1.9.4

A format string vulnerability exists that could allow a remote malicious user to execute arbitrary code on the target system. A remote user can supply a specially crafted request to the target server containing format string characters to cause the target service to crash or execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-04.xml

Nullsoft:
http://www.shoutcast.
com/download/
files.phtml

An exploit script has been published.

Nullsoft SHOUTcast Format String Flaw

CAN-2004-1373

High

Security Tracker Alert ID: 1012675, December 24, 2004

Gentoo GLSA 200501-04, January 5, 2005

Security Focus, 12096, February 19, 2005

Security Focus, 12096, August 14, 2005

RedHat

sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64

A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.

Updates available at:
http://rhn.redhat.com/
errata/RHSA-
2005-502.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-598.html

There is no exploit code required.

RedHat Linux SysReport Proxy Information Disclosure

CAN-2005-1760

Medium

RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

RedHat Security Advisory, RHSA-2005:598-04, August 9, 2005

Rob Flynn

Gaim prior to 1.3.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message.

Updates available at:
http://gaim.sourceforge.net
/downloads.php

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-11.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-518.html

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Gaim Multiple Remote Denial of Services

CAN-2005-1269
CAN-2005-1934

Low

Secunia Advisory, SA15648,
June 10, 2005

Ubuntu Security Notice USN-139-1, June 10, 2005

Gentoo Linux Security Advisory, GLSA 200506-
11, June 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:099,
June 14, 2005

Fedora Update Notifications,
FEDORA-2005-410, & 411,
June 17, 2005

RedHat Security Advisory, RHSA-2005:518-03,
June 16, 2005

Debian Security Advisory,
DSA 734-1,
July 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:017,
July 13, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Royal Institute of Technology

Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f

Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
ftp://ftp.pdc.kth.se/
pub/heimdal/src/
heimdal-0.6.5.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-24.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/
h/heimdal/

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Heimdal TelnetD
Remote Buffer Overflow

CAN-2005-2040

High

Secunia Advisory, SA15718,
June 20, 2005

Gentoo Linux Security Advisory, GLSA 200506-
24, June 29, 2005

SUSE Security Announcement, SUSE-SA:2005:040,
July 6, 2005

Debian Security Advisory,
DSA 758-1,
July 18, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Sendmail Consortium

Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11

A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.org/
pool/updates/main/
c/clamav/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Sendmail Milter
Remote Denial of
Service

CAN-2005-2070

Low

Security Focus, 14047, June 23

SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Todd Miller

Sudo 1.6-1.6.8, 1.5.6-1.5.9

A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz

OpenBSD:
http://www.openbsd.org/
errata.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/
release/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-535.html

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.org/
pool/updates/main/s/sudo/

OpenBSD:
http://www.openbsd.org/
errata.html

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Todd Miller Sudo
Local Race Condition

CAN-2005-1993

High

Security Focus, 13993, June 20, 2005

Ubuntu Security Notice, USN-142-1, June 21, 2005

Fedora Update Notifications,
FEDORA-2005-
472 & 473,
June 21, 2005

Slackware
Security Advisory, SSA:2005-172-01, June 22, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
103, June 22,
2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.012,
June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0030, June 24, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:036,
June 24, 2005

Turbolinux
Security Advisory,
TLSA-2005-73, June 28, 2005

RedHat Security Advisory,
RHSA-2005:
535-06,
June 29, 2005

Debian Security Advisory, 735-1, July 1, 2005

Conectiva
Linux Announce-ment, CLSA-2005:976,
July 6, 2005

Debian Security Advisory,
DSA 735-2,
July 8, 2005

SGI Security Advisory, 20050702-01-U, July 12, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

University of Minnesota

gopherd 3.0.9, 3.0.7, 3.0.3

A vulnerability has been reported in 'gopher.c' due to the failure to verify a file's existence before writing to it, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/g/gopher

Debian:
http://security.debian.org/
pool/updates/main/

There is no exploit code required.

Gopher Insecure Temporary File Creation

CAN-2005-1853

Medium

Debian Security Advisory, DSA 770-1, July 29, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Vipul

Razor-agents prior to 2.72

Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.

Updates available at:
http://prdownloads.
sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Debian:
http://security.debian.org/
pool/updates/main/r/razor/

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Vipul Razor-agents Denials of Service

CAN-2005-2024

Low

Security Focus, Bugtraq ID 13984, June 17, 2005

Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0030, June 24, 2005

Debian Security Advisory, DSA 738-1, July 5,2 005

Debian Security Advisory, DSA 773-1, August 11, 2005

Wojtek Kaniewski

ekg 2005-
06-05 22:03

A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Wojtek Kaniewski
EKG Insecure
Temporary File
Creation

CAN-2005-1916

Medium

Secunia Advisory: SA15889,
July 5, 2005

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Wojtek Kaniewski

Ekspery-mentalny
Klient Gadu-Gadu (ekg) 2005-04-11

Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Debian:
http://security.debian.
org/pool/updates/main/

There is no exploit code required.

Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection

CAN-2005-1850
CAN-2005-1851

Medium

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/

Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml

Mandriva:
http://www.mandriva.
com/security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-543.html

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005

Debian Security Advisory, DSA 748-1, July 11, 2005

Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005

RedHat Security Advisory, RHSA-2005:
543-08, August 5, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat 5.1-7.0.2 , Acrobat Reader 5.1-7.0.2

A buffer overflow vulnerability has been reported in the core application plug-in due to an unspecified boundary error, which could let a remote malicious user execute arbitrary code.

Update information available at:
http://www.adobe.com/
support/techdocs/
321644.html

There is no exploit code required.

Adobe Acrobat / Reader Plug-in Buffer Overflow

CAN-2005-2470

High

Adobe Security Advisory, August 16, 2005

US-CERT VU#896220

America OnLine

AOL Client Software 9.0

A vulnerability has been reported due to a failure to secure the installation path from modifications, which could let a malicious user execute arbitrary code with SYSTEM privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

AOL Client Software Arbitrary Code Execution

CAN-2005-2597

High
Security Focus, 14530, August 9, 2005

BONA Computech Co. Ltd.

ADSL-FR4II

 

Multiple vulnerabilities have been reported: a vulnerability was reported because an undocumented open port on 5678/tcp allows web management access; a Denial of Service vulnerability was reported when port scanning all ports; and a vulnerability was reported in the backup configuration file because the administrative password is in clear text.

No workaround or patch available at time of publishing.

There is no exploit code required.

BONA ADSL-FR4II Multiple Vulnerabilities

CAN-2005-2583
CAN-2005-2584
CAN-2005-2585
CAN-2005-2586

Medium
Secunia Advisory: SA16445, August 15, 2005

Clam AntiVirus

ClamAV 0.x

A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.

Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml

Trustix:
http://http.trustix.org/pub/
trustix/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.
debian.org/pool/
updates/main/c/clamav/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.
debian.org/pool/
updates/main/

Currently we are not aware of any exploits for this vulnerability.

ClamAV Quantum Decompressor Denial of Service

CAN-2005-2056

Low

Secunia
Advisory, SA15811,
June 24, 2005

Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005

SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005

Debian Security Advisory, DSA 737-1, July 6, 2005

Conectiva Linux Announcement, CLSA-2005:973, July 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:113, July 12, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

CPAINT

CPAINT 1.3

A vulnerability has been reported due to an unspecified error, which could let a remote malicious user execute arbitrary ASP/PHP commands or obtain sensitive information.

Upgrade available at:
http://prdownloads.
sourceforge.net/cpaint/
cpaint-v1.3-SP.
tar.gz?download

There is no exploit code required.

CPaint Arbitrary Command Execution & Information Disclosure

CAN-2005-2613

High
Security Focus, 14565, August 15, 2005

Discuz!

Discuz! 4.0 rc4 & prior

A vulnerability has been reported due to insufficient validation of user-supplied filenames on uploaded files, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Discuz! Board Input Validation

CAN-2005-2614

High
STG Security Advisory: [SSA-20050812-27, August 15, 2005

Dokeos

Open Source Learning & Knowledge Management Tool 1.6 RC, 1.5.3-1.5.5, 1.5 , 1.4

Multiple Directory Traversal vulnerabilities have been reported: a vulnerability was reported in '/claroline/scorm/
scormdocument.php' due to insufficient sanitization of the 'delete' parameter before used to delete directories, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in '/claroline/document/
document.php' due to insufficient sanitization of the 'move_file' and 'move_to' parameters before used to move files, which could let a remote malicious user obtain sensitive information; and a vulnerability has been reported in 'claroline/scorm/
showinframes.php' and '/claroline/scorm/
contents.php' because generated error messages can be used to determine the existence of a file.

No workaround or patch available at time of publishing.

There is no exploit code required.

Dokeos Multiple Directory Traversal

CAN-2005-2598

Medium
Secunia Advisory: SA16407, August 15, 2005

EMC Software

NetWorker 6.x, 7.1.3, 7.2; Sun StorEdge Enterprise Backup Software 7.0-7.2, Solstice Backup Software 6.0, 6.1

 

 

Several vulnerabilities have been reported: a vulnerability was been reported in 'AUTH_UNIX' due to weak authentication, which could let a remote malicious user execute arbitrary commands, view/modify configuration, cause a Denial of Service, or obtain sensitive information; a vulnerability was reported due to insufficient authentication of tokens, which could let a remote malicious user execute arbitrary commands as ROOT; and a vulnerability was reported in the Legato PortMapper because any host can call 'pmap_set' and 'pmap_unset,' which could let a remote malicious user cause a Denial of Service or eavesdrop on NetWorker process communications.

Patch information available at:
http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
authentication.htm

http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
token_authentication.htm

http://www.legato.com/
support/websupport/
product_alerts/
081605_NW_
port_mapper.htm

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101886-1

There is no exploit code required.

EMC Legato NetWorker Multiple Vulnerabilities

CAN-2005-0357
CAN-2005-0358
CAN-2005-0359

High

US-CERT VU#606857

US-CERT VU#407641

US-CERT VU#801089

Sun(sm) Alert Notification
Sun Alert ID: 101886, August 17, 2005

EQdkp

EQdkp 1.2 .0, 1.1 .0

A vulnerability has been reported in 'session.php' due to a handling error, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://eqdkp.com/
download.php?file
=eqdkp-1.3.0.tar.gz

There is no exploit code required.

EQDKP
'session.php' Authorization Bypass

CAN-2005-2615

Medium
Secunia Advisory: SA16285, August 10, 2005

Ethereal

Ethereal
V0.10.11

Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade to version 0.10.12:
http://www.ethereal.com/
download.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-687.html

Currently we are not aware of any exploits for these vulnerabilities.

High

Secunia, Advisory: SA16225, July 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005

RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005

 

ezUpload

ezUpload 2.2

Multiple file include vulnerabilities have been reported due to insufficient of user-supplied input, which could let a remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

EZUpload Multiple Remote File Include

CAN-2005-2616

Medium
Security Focus 14534, August 10, 2005

Grandstream Networks

Grandstream BudgeTone 100 Series SIP Phones

A Denial of Service vulnerability has been reported due to an error when processing large UDP datagrams.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script has been published.

Grandstream BudgeTone Denial of Service

CAN-2005-2581

Low Security Tracker Alert ID: 1014665, August 13, 2005

Hewlett Packard Company

Proliant DL585 Server, Integrated Lights Out 1.80

A vulnerability has been reported because when the server is powered down a remote malicious user can obtain unauthorized access.

Updates available at:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBMA01220

Currently we are not aware of any exploits for this vulnerability.

HP Proliant DL585 Server Unauthorized Remote Access

CAN-2005-2552

Medium
HP Security Bulletin,
HPSBMA01220, August 11, 2005

Hummingbird Ltd.

Hummingbird FTP 2006,
Hummingbird Connectivity 10.0

A vulnerability has been reported due to a weak encryption algorithm when encrypting the user's password stored in the FTP profile, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Hummingbird FTP User Weak Password Encrypting

CAN-2005-2599

Medium
Secunia Advisory: SA16430, August 15, 2005

Ilia Alshanetsky

FUDForum 2.6.15

A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

FUDForum Security Restriction Bypass

CAN-2005-2600

Medium
Secunia Advisory: SA16414, August 12, 2005

Linksys

WRT54GS Firmware 4.50.6

A vulnerability has been reported in WRT54GS Firmware that could allow remote malicious users to bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required.

Linksys WRT54GS Firmware Authentication Bypassing

CAN-2005-2589

Medium
Security Focus, ID: 14566, August 15, 2005

MidiCart Software

MidiCart ASP

A vulnerability has been reported in the 'Item_Show.asp' and 'search_list.asp' scripts due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MidiCart ASP Input Validation

CAN-2005-2601

Medium
Security Tracker Alert ID: 1014660, August 12, 2005

Mozilla.org

Firefox 0.x, 1.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://www.mozilla.org/
products/firefox/

Gentoo:
ftp://security.gentoo.org/
glsa/

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
586.html

Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security
&y=2005& m=
slackware-security
.418880

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/epiphany-browser/

http://security.ubuntu.com/
ubuntu/pool/main/e/
enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Debian:
http://security.debian.
org/pool/updates/
main/m
/mozilla-firefox/

http://security.debian.
org/pool/updates/
main/m/mozilla/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Exploits have been published.

Firefox Multiple Vulnerabilities

CAN-2005-2260
CAN-2005-2261
CAN-2005-2262
CAN-2005-2263
CAN-2005-2264
CAN-2005-2265
CAN-2005-2267
CAN-2005-2269
CAN-2005-2270

High

Secunia Advisory: SA16043, July 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005

Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Fedora Update Notifications,
FEDORA-2005-603 & 605, July 20, 2005

RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005

Slackware Security Advisory, SSA:2005-203-01, July 22, 2005

US-CERT VU#652366

US-CERT VU#996798

Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005

Debian Security Advisory, DSA 775-1, August 15, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Debian Security Advisory, DSA 777-1, August 17, 2005

Mozilla.org

Mozilla
Browser 1.0-1.0.2, 1.1-1.7.6;
Firefox 0.8-0.10.1, 1.0.1, 1.0.2; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2

Multiple vulnerabilities have been reported: a vulnerability was reported in the 'EMBED' tag for non-installed plugins when processing the 'PLUGINSPAGE' attribute due to an input validation error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because blocked popups that are opened through the GUI incorrectly run with 'chrome' privileges, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the global scope of a window or tab are not cleaned properly before navigating to a new web site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the URL of a 'favicons' icon for a web site isn't verified before changed via JavaScript, which could let a remote malicious user execute arbitrary code with elevated privileges; a vulnerability was reported because the search plugin action URL is not properly verified before used to perform a search, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to the way links are opened in a sidebar when using the '_search' target, which could let a remote malicious user execute arbitrary code; several input validation vulnerabilities were reported when handling invalid type parameters passed to 'InstallTrigger' and 'XPInstall' related objects, which could let a remote malicious user execute arbitrary code; and vulnerabilities were reported due to insufficient validation of DOM nodes in certain privileged UI code, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.mozilla.org/
products/firefox/

http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-383.html

http://rhn.redhat.com/
errata/RHSA-2005
-386.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.
fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
e/enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

An exploit script has been published.

Mozilla Suite / Firefox Multiple Vulnerabilities

CAN-2005-0752
CAN-2005-1153
CAN-2005-1154
CAN-2005-1155
CAN-2005-1156
CAN-2005-1157
CAN-2005-1158
CAN-2005-1159
CAN-2005-1160

 

High

Mozilla Foundation Security Advisories, 2005-35 -
2005-41,
April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005

Turbolinux Security Advisory,
TLSA-2005-49, April 21, 2005

US-CERT VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

PacketStorm, May 23, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Fedora Update Notifications,
FEDORA-2005-604 & 605, July 20, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Browser prior to 1.7.8;
Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7

A vulnerability was reported due to a failure in the application to properly verify Document Object Model (DOM) property values, which could let a remote malicious user execute arbitrary code.

Firefox:
http://www.mozilla.org/
products/firefox/

Mozilla Browser Suite:
http://www.mozilla.org/
products/mozilla1.x/

TurboLinux::
ftp://ftp.turbolinux.co.jp/
pub/ TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
434.html

http://rhn.redhat.com/
errata/RHSA-2005-
435.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
ftp://patches.sgi.com/
support/ free/security
/advisories/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main
/e/enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

Currently we are not aware of any exploits for this vulnerability.

Mozilla Suite And Firefox DOM Property Overrides

CAN-2005-1532

High

Mozilla Foundation Security Advisory,
2005-44,
May 12, 2005

Turbolinux Security Advisory,
TLSA-2005
-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005

Ubuntu Security Notice, USN-134-1, May 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

SUSE Security Announcement, SUSE-SA:2005:030, June 9, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Browser Suite prior to 1.7.6 ; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2

A buffer overflow vulnerability has been reported due to a boundary error in the GIF image processing of Netscape extension 2 blocks, which could let a remote malicious user execute arbitrary code.

Mozilla Browser Suite;
http://www.mozilla.org/
products/mozilla1.x/

Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2&
os=win〈=en-US

Firefox:
http://www.mozilla.org/
products/firefox/

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/

Slackware:
http://slackware.com/
security/viewer.php?l
=slackware-security
&y=2005&m=
slackware-security.
000123

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

An exploit script has been published.

Mozilla Suite/ Firefox/ Thunderbird GIF Image Processing Remote
Buffer Overflow

CAN-2005-0399

High

Mozilla Foundation Security Advisory 2005-30, March 23, 2005

US-CERT VU#557948

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Security Focus, 12881, July 5, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2

A vulnerability has been reported when processing drag and drop operations due to insecure XUL script loading, which could let a remote malicious user execute arbitrary code.

Mozilla Browser:
http://www.mozilla.org/
products/mozilla1.x/

Firefox:
http://www.mozilla.org/
products/firefox/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org
/glsa/glsa-200503-31.xml

Slackware:
http://slackware.com/
security/viewer.php?
El=slackware-
security&ay=2005&m=
slackware-security.000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Suite/ Firefox
Drag and Drop
Arbitrary Code
Execution

CAN-2005-0401

High

Mozilla Foundation Security Advisory 2005-32, March 23, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla.org

Mozilla Thunderbird 1.0, Firefox 1.0.6

A vulnerability has been reported when overly long URIs are submitted, which could let a remote malicious user obfuscate the URI of a link.

No workaround or patch available at time of publishing.

There is no exploit code required.

Mozilla Firefox And Thunderbird Long URI Obfuscation

CAN-2005-2602

Medium
Security Focus, 14526, August 9, 2005

Mozilla

Firefox 1.0

A vulnerability exists in the XPCOM implementation that could let a remote malicious user execute arbitrary code. The exploit can be automated in conjunction with other reported vulnerabilities so no user interaction is required.

A fixed version (1.0.1) is available at: http://www.mozilla.org/
products/firefox/all.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Firefox Remote Code Execution Vulnerability

CAN-2005-0527

High

Security Tracker Alert ID: 1013301, February 25, 2005

Gentoo Linux Security Advisory GLSA 200503-30. March 25, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x

Mozilla Firefox 0.x

Mozilla Thunderbird 0.x

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that can permit users to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.

Mozilla: Update to version 1.7.5:
http://www.mozilla.org/
products/mozilla1.x/

Firefox: Update to version 1.0:
http://www.mozilla.org/
products/firefox/

Thunderbird: Update to version 1.0:
http://www.mozilla.org/
products/thunderbird/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
http://slackware.com/
security/viewer.php?
El=slackware-security
&y=2005&m=slackware
-security.000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

Currently we are not aware of any exploits for these vulnerabilities.

High

 

Mozilla Foundation Security Advisory 2005-01, 03, 04, 07, 08, 09, 10, 11, 12

Fedora Update Notification,
FEDORA-
2005-248, 249, 251, 253,
March 23 & 25, 2005

Slackware Security Advisory, SSA:2005-
085-01,
March 27,
2005

RedHat
Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U,
May 5, 2005

Mandriva Linux
Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux
Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla 1.7.3

A heap overflow vulnerability exists in the processing of NNTP URLs. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted 'news://' URL that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The flaw resides in the *MSG_UnEscapeSearchUrl() function in 'nsNNTPProtocol.cpp'.

The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-03.xml

SGI:
http://support.sgi.com
/browse_request/
linux_patches_by_os

SuSE:
ftp://ftp.suse.com/
pub/suse/

HP:
http://itrc.hp.com/service/
cki/docDisplay.do?
docId=HPSBTU01114

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Buffer Overflow in Processing NNTP URLs

CAN-2004-1316

High

iSEC Security ResearchAdvisory, December 29, 2004

Gentoo Linux Security Advisor, GLSA 200501-03, January 5, 2005

SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005

HP Security Advisory, HPSBTU01114, February 4, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla 1.7.x and prior

Mozilla Firefox 1.x and prior

Mozilla Thunderbird 1.x and prior

Netscape Netscape 7.2

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system.

Firefox: Update to version 1.0.1:
http://www.mozilla.org/
products/firefox/

Mozilla:
The vulnerabilities have been fixed in the CVS repository and will be included in the upcoming 1.7.6 version.

Thunderbird:
The vulnerabilities have been fixed in the CVS repository and will be included in the upcoming 1.0.1 version.

Fedora update for Firefox:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2005-176.html

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200503-10.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/
core/updates/3/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

http://security.gentoo.org/
glsa/glsa-200503-32.xml

Slackware:
http://slackware.com/
security/viewer.php?l
=slackware-security
&y=2005&m=slackware-
security.000123

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

Currently we are not aware of any exploits for these vulnerabilities.

Mozilla / Firefox / Thunderbird Multiple Vulnerabilities

CAN-2005-0255
CAN-2005-0584
CAN-2005-0585
CAN-2005-0587
CAN-2005-0588
CAN-2005-0589
CAN-2005-0590
CAN-2005-0592
CAN-2005-0593

High

Mozilla Foundation Security Advisories 2005-14, 15, 17, 18, 19, 20, 21, 24, 28

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-248, 249, 251, & 253, March 23 & 25, 2005

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005

Slackware Security Advisory, SSA:2005-085-01, March 27, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Mozilla

Mozilla Firefox 1.0 and 1.0.1

A vulnerability exists that could let remote malicious users conduct Cross-Site Scripting attacks. This is due to missing URI handler validation when dragging an image with a "javascript:" URL to the address bar.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting Vulnerability

CAN-2005-0591

Medium

Secunia SA14406, March 1, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update, MDKSA-2005:088-1, Advisory, May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

Mozilla Firefox 1.0; Gentoo Linux; Thunderbird 0.6, 0.7- 0.7.3, 0.8, 0.9, 1.0, 1.0.1;
Netscape Netscape 7.2

There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows.

A fix is available via the CVS repository

Fedora:
ftp://aix.software.ibm.com/
aix/efixes/security/
perl58x.tar.Z

Red Hat:
http://rhn.redhat.com/
errata/RHSA-2005-176.html

Gentoo:
http://www.gentoo.org/
security/en/
glsa/glsa-200503-10.xml

Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2
&os=win<=en-US

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-384.html

SGI:
ftp://patches.sgi.com/support/
free/security/advisories/

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

A Proof of Concept exploit has been published.

Mozilla Firefox Multiple Vulnerabilities

CAN-2005-0230
CAN-2005-0231
CAN-2005-0232

High

Security Tracker Alert ID: 1013108, February 8, 2005

Fedora Update Notification,
FEDORA-2005-182, February 26, 2005

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

Security Focus, 12468, March 22, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon 0.9; Netscape 7.2

A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information.

The vendor has issued a fix, available via CVS.

RedHat:
http://rhn.redhat.com/
errata/ RHSA-2005-
383.html

http://rhn.redhat.com/
errata/RHSA-
2005-386.html

Slackware:
http://www.mozilla.org
/projects/security/known-
vulnerabilities.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/ TurboLinux/
TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-
384.html

SGI:
ftp://patches.sgi.com/
support/ free/security
/advisories/

Mandriva:
http://www.mandriva.com/
security/advisories

FedoraLegacy:
http://download.
fedoralegacy.
org/redhat/

SCO:
ftp://ftp.sco.com/pub/
updates/ UnixWare/
SCOSA-2005.29

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-17.xml

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e
/enigmail/

http://security.ubuntu.com/
ubuntu/pool/main/
m/mozilla-thunderbird/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.jsp?objectID=
PSD_HPSBUX01133

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mozilla Suite/Firefox JavaScript Lambda Information Disclosure

CAN-2005-0989

Medium

Security Tracker Alert, 1013635, April 4, 2005

Security Focus, 12988, April 16, 2005

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08,
April 21 & 26, 2005

Turbolinux
Security Advisory, TLSA-2005-49, April 21, 2005

Slackware Security Advisory, SSA:2005-111-04, April 22, 2005

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

SCO Security Advisory, SCOSA-2005.29, July 1, 2005

Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005

Fedora Update Notifications,
FEDORA-2005-604 & 605, July 20, 2005

Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005

HP Security Bulletin,
HPSBUX01133, August 8, 2005

Multiple Vendors

ALT Linux
Compact 2.3,
Junior 2.3;
Apple Mac OS X 10.0-10.0.4,
10.1-10.1.5,
10.2-10.2.8,
10.3-10.3.8,
Mac OS X Server 10.0, 10.1-10.1.5, 10.2-10.2.8,
10.3-10.3.8; MIT Kerberos 5 1.0, 5 1.0.6, 5 1.0.8,
51.1-5 1.4; Netkit Linux Netkit
0.9-0.12,
0.14-0.17,
0.17.17; Openwall
GNU/*/Linux
(Owl)-current,
1.0, 1.1; FreeBSD 4.10-
PRERELEASE,
2.0, 4.0 .x,
-RELENG,
alpha, 4.0, 4.1,
4.1.1 -STABLE, -RELEASE, 4.1.1,
4.2, -STABLE
pre122300, -STABLE
pre050201, 4.2 -STABLE,
-RELEASE,
4.2, 4.3 -
STABLE,
-RELENG, 4.3 -RELEASE
-p38, 4.3 -RELEASE, 4.3, 4.4
-STABLE,
-RELENG,
-RELEASE-p42,
4.4, 4.5
-STABLE
pre2002-
03-07, 4.5 -STABLE,
-RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, -RELENG, 4.6 -RELEASE
-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7 -RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG,
4.8 -RELEASE-p7, 4.8 -PRE
RELEASE,
4.8, 4.9 -RELENG, 4.9 -PRE
RELEASE, 4.9, 4.10 -RELENG, 4.10 -RELEASE,
4.10, 4.11 -STABLE, 5.0 -RELENG, 5.0, 5.1 -RELENG, 5.1 -RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2,
5.2.1 -RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3, 5.4 -PRE
RELEASE; SuSE Linux 7.0, sparc, ppc, i386, alpha, 7.1, x86, sparc, ppc, alpha, 7.2, i386; SGI IRIX 6.5.24-6.5.27

Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code.

ALTLinux:
http://lists.altlinux.ru/
pipermail /security
-announce/2005-
March/000287.html

Apple:
http://wsidecar.apple.com/
cgi-bin/ nph-reg3rdpty1.pl/
product=05529& platform=
osx&method=sa/
SecUpd 2005-003Pan.dmg

Debian:
http://security.debian.
org/pool/ updates/main
/n/netkit-telnet/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:01/

MIT Kerberos:
http://web.mit.edu/kerberos/
advisories/2005-001-patch
_1.4.txt

Netkit:
ftp://ftp.uk.linux.org/
pub/linux/
Networking/netkit/

Openwall:
http://www.openwall.com/
Owl/ CHANGES-
current.shtml

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-327.html

Sun:
http://sunsolve.sun.com/
search/ document.do?
assetkey= 1-26-57755-1

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Ubuntu:
http://security.ubuntu.com/
ubuntu/ pool/main/n/
netkit-telnet/

OpenBSD:
http://www.openbsd.org/
errata.html#telnet

Mandrake:
http://www.mandrakesecure
.net/ en/ftp.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-36.xml

http://security.gentoo.org/
glsa/glsa-200504-01.xml

Debian:
http://security.debian.org/
pool/updates/main/k/krb5/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-04.xml

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

SCO:
ftp://ftp.sco.com/pub/
updates/ UnixWare/
SCOSA-2005.21

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57761-1

Openwall:
http://www.openwall.com/
Owl/CHANGES-
current.shtml

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-088_
RHSA-2005-330.pdf

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-28.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
ia32/

Sun:
http://sunsolve.sun.com/
search/ document.do?
assetkey=1-26-57761-1

OpenWall:
http://www.openwall.com/
Owl/CHANGES-
current.shtml

SCO:
ftp://ftp.sco.com/pub/
updates/ OpenServer/
SCOSA-2005.23

SGI IRIX:
Apply patch 5892 for IRIX 6.5.24-6.5.27:
ftp://patches.sgi.com/
support/free/security/
patches/

Debian:
http://security.debian.org/
pool/updates/main/k/krb4/

Conectiva:
http://distro.conectiva.com
.br/ atualizacoes/
index.php?id=
a&anuncio=000962

Trustix:
ftp://ftp.trustix.org/pub/
trustix/ updates/

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-132_
RHSA-2005-327.pdf

FedoraLegacy:
http://download.
fedoralegacy.
org/redhat/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Debian:
http://security.debian.
org/pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

Telnet Client 'slc_add_reply()' & 'env_opt_add()'
Buffer Overflows

CAN-2005-0468
CAN-2005-0469

High

iDEFENSE Security Advisory,
March 28, 2005

US-CERT VU#291924

Mandrakelinux Security Update Advisory, MDKSA-2005:061,
March 30, 2005

Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 &
April 1, 2005

Debian Security Advisory, DSA 703-1, April 1, 2005

US-CERT VU#341908

Gentoo Linux Security Advisory, GLSA 200504-04,
April 6, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Sun(sm) Alert Notification, 57761,
April 7, 2005

SCO Security Advisory, SCOSA-2005.21,
April 8, 2005

Avaya Security Advisory, ASA-2005-088, April 27, 2005

Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005

Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005

Sun(sm) Alert Notification, 57761, April 29, 2005

SCO Security Advisory, SCOSA-2005.23, May 17, 2005

SGI Security Advisory, 20050405-01-P, May 26, 2005

Debian Security Advisory, DSA 731-1, June 2, 2005

Conectiva Security Advisory, CLSA-2005:962, June 6, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Avaya Security Advisory, ASA-2005-132, June 14, 2005

Fedora Legacy Update Advisory, FLSA:152583, July 11, 2005

Slackware Security Advisory, SSA:2005-210-01, August 1, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Multiple Vendors

Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code.

Update available at:
https://ccvs.cvshome.org/
servlets/Project
DocumentList

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-16.xml

SuSE:
ftp://ftp.suse.com/
pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/3/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Trustix:
http://http.trustix.org/pub/
trustix/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/

Peachtree:
http://peachtree.burdell.org/
updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-387.html

OpenBSD:
http://www.openbsd.org/
errata.html#cvs

TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/
TurboLinux/ia32/

OpenBSD:
http://www.openbsd.org/
errata35.html#

Ubuntu:
http://security.ubuntu.com/
Subunit/pool/main/c/cvs/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

OpenBSD:
http://www.openbsd.org/
errata.html#cvs

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000966

Debian:
http://security.debian.
org/pool/ updates/main

Currently we are not aware of any exploits for these vulnerabilities.

CVS Multiple Vulnerabilities

CAN-2005-0753

High

 

Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005

SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005

Secunia Advisory, SA14976, April 19, 2005

Fedora Update Notification,
FEDORA-2005-330, April 20, 2006

Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005

Peachtree Linux Security Notice, PLSN-0005, April 22, 2005

RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005

Turbolinux Security Advisory, TLSA-2005-51, April 28, 2005

Ubuntu Security Notice, USN-117-1 May 04, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Conectiva Security Advisory, CLSA-2005:966, June 13, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Multiple Vendors

IETF RFC 2406: IPSEC; Hitachi GR2000-1B, GR2000-2B, GR2000-2B+, GR2000-BH

A vulnerability has been reported that affects certain configurations of IPSec when configured to employ Encapsulating Security Payload (ESP) in tunnel mode with only confidentiality and systems that use Authentication Header (AH) for integrity protection, which could let a remote malicious user obtain plaintext IP datagrams and potentially sensitive information.

Hitachi advises affected users to use the AH protocol workaround to mitigate this issue.

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBTU01217&
locale=en_US

Currently we are not aware of any exploits for this vulnerability.

IPSec ESP Packet Modification

CAN-2005-0039

Medium

NISCC Vulnerability Advisory, IPSEC - 004033,
May 9, 2005

US-CERT VU#302220

Security Focus, 13562, May 11, 2005


HP Security Bulletin, HPSBTU01217, August 9, 2005

Multiple Vendors

PHPXMLRPC 1.1.1;
PEAR XML_RPC 1.3.3; Drupal 4.6-4.6.2, 4.5- 4.5.4

A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.

PHPXMLRPC :
http://prdownloads.
sourceforge.net/
phpxmlrpc/xmlrpc.
1.2.tgz?download

Pear:
http://pear.php.net/
get/XML_RPC-1.4.0.tgz

Drupal:
http://drupal.org/files/
projects/drupal-4.5.5.tar.gz

There is no exploit code required.

PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution

CAN-2005-2498

High
Security Focus, 14560, August 15, 2005

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64; AWStats 6.4 & prior

A vulnerability has been reported due to insufficient sanitization of the 'url' parameter before using in an 'eval()' function when Referer field statistics are generated, which could let a remote malicious user execute arbitrary code. Note: The system is only vulnerable if at least one URLPlugin is enabled.

Updates available at:
http://awstats.sourceforge.
net/files/awstats-6.4.tgz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-07.xml

There is no exploit code required.

AWStats Arbitrary Command Execution

CAN-2005-1527

High

iDEFENSE Security Advisory, August 9, 2005

Ubuntu Security Notice, USN-167-1, August 11, 2005

Gentoo Linux Security Advisory, GLSA 200508-07, August 16, 2005

My Image Gallery

My Image Gallery 1.4.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in the 'currDIR' and 'image' parameters due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and it is also possible to obtain path information.

Upgrade available at:
http://prdownloads.
sourceforge.net/mig/
mig-1.5.0.tar.gz?download

There is no exploit code required; however, Proofs of Concept exploits have been published.

My Image Gallery Multiple Cross Site Scripting & Path Disclosure

CAN-2005-2603
CAN-2005-2604

Medium Secunia Advisory: SA16405, August 16, 2005

MyBB Group

MyBulletinBoard RC4

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Reports indicate that administrative access can be obtained through at least one of these vulnerabilities.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

MyBulletinBoard Multiple SQL Injection

CAN-2005-2580

High
Security Focus, 14553, August 12, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.

Vendor patch available:
Affix_320_sec.patch
http://affix.sourceforge.net/
affix_320_sec.patch

Affix_212_sec.patch
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/
a/affix/affix

An exploit has been published.

Nokia Affix BTFTP Arbitrary Code Execution

CAN-2005-2250

High

Security Focus, 14230, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

Nokia

Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2

A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://affix.sourceforge.net/
affix_212_sec.patch

Debian:
http://security.debian.org/
pool/updates/main/
a/affix/affix

There is no exploit code required; however, a Proof of Concept exploit has been published.

Nokia Affix BTSRV/BTOBEX Remote Command Execution

CAN-2005-2277

High

Security Focus, 14232, July 12, 2005

Debian Security Advisory, DSA 762-1, July 19, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

OmniPilot Software

Lasso Professional Server 8.0.5, 8.0.4

A vulnerability has been reported due to a failure to enforce security constraints, which could let a remote malicious user bypass authentication.

Patches available at:
http://support.omnipilot.com/
article_files/Security%
20Fix%20804-805.zip

There is no exploit code required.

Lasso Professional Server Remote Authentication Bypass

CAN-2005-2605

Medium
Security Focus, 14543, August 10, 2005

phlyLabs

PHlyMail Lite 3.x, MessageCenter 3.x, Personal Edition 3.x

A vulnerability has been reported when authenticating users due to an unspecified error, which could let a remote malicious user bypass security restrictions.

Upgrades available at:
http://phlymail.de/download/
PHlyMail_Lite/
phmmc_lite_30201.zip

There is no exploit code required.

PHlyMail Unspecified Authentication Bypass

CAN-2005-2606

Medium
Secunia Advisory: SA16388, August 10, 2005

PHP Group

PHP 4.3.6-4.3.9, 5.0 candidate 1-canidate 3, 5.0 .0-5.0.2

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'pack()' function, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability exists in the 'unpack()' function, which could let a remote malicious user obtain sensitive information; a vulnerability exists in 'safe_mode' when executing commands, which could let a remote malicious user bypass the security restrictions; a vulnerability exists in 'safe_mode' combined with certain implementations of 'realpath(),' which could let a remote malicious user bypass security restrictions; a vulnerability exists in 'realpath()' because filenames are truncated; a vulnerability exists in the 'unserialize()' function, which could let a remote malicious user obtain sensitive information or execute arbitrary code; a vulnerability exists in the 'shmop_write()' function, which may result in an attempt to write to an out-of-bounds memory location; a vulnerability exists in the 'addslashes()' function because '\0' is not escaped correctly; a vulnerability exists in the 'exif_read_data()' function when a long sectionname is used, which could let a remote malicious user obtain sensitive information; and a vulnerability exists in 'magic_quotes_gpc,' which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.php.net/
downloads.php

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-031.html

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Apple:
http://www.apple.com/
support/downloads/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

HP:
http://h20000.www2.hp.com/
bizsupport/TechSupport/
Document.
jsp?objectID=PSD_
HPSBMA01212&
locale=en_US

There is no exploit code required; however, a Proof of Concept exploit script has been published.

PHP Multiple Remote Vulnerabilities

CAN-2004-1018
CAN-2004-1063
CAN-2004-1064
CAN-2004-1019
CAN-2004-1020
CAN-2004-1065

High

 

Bugtraq, December 16, 2004

Conectiva Linux Security Announcement, CLA-2005:915, January 13, 2005

Red Hat, Advisory: RHSA-2005:031-08, January 19, 2005

SUSE Security Announcement, SUSE-SA:2005:002, January 17, 2005

Ubuntu Security Notice, USN-66-1, January 20, 2005

Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005

Fedora Legacy Update Advisory, FLSA:2344, March 7, 2005

Ubuntu Security Notice, USN-99-1 March 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

HP Security Advisory, HPSBMA01212. August 9, 2005

 

PHPSimplicity

Simplicity oF Upload 1.3

A vulnerability has been reported in Simplicity oF Upload that could let remote malicious users execute arbitrary code.

Update available at:
http://www.phpsimplicity.
com/downloads.php?
scriptID=3

There is no exploit code required; however, Proof of Concept exploits have been published.

Simplicity oF Upload Arbitrary Code Execution

CAN-2005-2607

High

Security Tracker, Alert ID: 1014591, July 29, 2005

Security Focus, 14424, August 10, 2005

PowerDNS

PowerDNS 2.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the LDAP backend due to insufficient validation of user-supplied queries; and a remote Denial of Service vulnerability was reported due to an error when handling requests that are denied recursion.

Update available at:
http://www.powerdns.com/
downloads/

Debian:
http://security.debian.org/
pool/updates/main/p/pdns/

Debian:
http://security.debian.org/
pool/updates/main/

Currently we are not aware of any exploits for these vulnerabilities.

PowerDNS Denials of Service

CAN-2005-2301
CAN-2005-2302

 

Low

Secunia Advisory: SA16111, July 18, 2005

Debian Security Advisory, DSA 771-1, August 1, 2005

Debian Security Advisory, DSA 773-1, August 11, 2005

SafeHTML

SafeHTML 1.3.2

A Cross-Site Scripting vulnerability has been reported when handling script encoded in UTF-7 and in CSS comments, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://pixel-apes.com/
safehtml/

There is no exploit code required.

SafeHTML UTF-7 And CSS Comment Tag Cross Site Scripting

CAN-2005-2608

Medium Security Focus, 14574, August 16, 2005

Topic Board

PHPTB Topic Board 2.0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPTB Topic Board Multiple SQL Injection

CAN-2005-2587

Medium
Security Focus, 14535, August 10, 2005

VegaDNS

VegaDNS 0.9.9, 0.9.8, 0.8.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'index.php' script due to insufficient sanitization of the 'message' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'VDNS_Sessid' parameter because it is possible to obtain path information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

VegaDNS Index.PHP Cross-Site Scripting & Path Disclosure

CAN-2005-2609
CAN-2005-2610

Medium
Secunia Advisory: SA16370, August 10, 2005

Veritas Software

NetBackup for NetWare Media Servers 5.1, MP1-MP3, 5.0, MP1-MP5, 4.5, MP1-MP8, FP1- FP8, Backup Exec Remote Agent for Windows Server, Backup Exec Remote Agent for Unix/Linux Server, Backup Exec Remote Agent for NetWare Server, Backup Exec for NetWare Servers 9.1.1156, 9.1.1154, 9.1.1152 .4, 9.1.1152, 9.1.1151 .1, 9.1.1127 .1, 9.1.1067 .3, 9.1.1067 .2, 9.1.307, 9.1.306, Backup Exec 10.0 rev. 5520, rev. 5484, SP1, 9.1, rev 4691, SP2, 9.0, rev. 4454, SP1, rev. 4367, SP1, 4367

A vulnerability has been reported because a static password is used when authenticating to the remote agent, which could let a remote malicious user bypass certain security restrictions and download arbitrary files.

Update information available at:
http://securityresponse.
symantec.com/
avcenter/security/
Content/2005.08.12b.html

An exploit script has been published.

Veritas Backup Exec Remote Agent Arbitrary File DIsclosure

CAN-2005-2611

Medium

Symantec Security Advisory, SYM05-011, August 12, 2005

US-CERT VU#378957

WordPress

WordPress 1.5.3 & prior

A vulnerability has been reported in the 'cache_lastpostdata' parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

WordPress PHP Code Execution

CAN-2005-2612

High
Secunia Advisory: SA16386, August 10, 2005

Wyse

Winterm 1125SE 4.4.061f,
4.2.09f

A remote Denial of Service vulnerability has been reported when a malicious user submits a specially crafted packet with the IP option length field set to zero.

No workaround or patch available at time of publishing.

An exploit script has been published.

Wyse Winterm 1125SE Remote Denial of Service

CAN-2005-2577

Low
Security Tracker Alert ID: 1014659, August 11, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

Wireless Vulnerabilities

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
August 16, 2005 ezupload-2.2.0.pl
No
Exploit for the EZUpload Multiple Remote File Include vulnerability.
August 16, 2005 lynn-cisco.zip
N/A
Mike Lynn's DefCon Presentation which explains how to remotely exploit cisco routers.
August 15, 2005 mdaemon_imap.pm.txt
Yes
Exploit for the Alt-N MDaemon Remote Buffer Overflow vulnerability.
August 15, 2005 WebRoot.txt
N/A
A bruteforce directory/file scanner that looks for files and directories on a website which might contain interesting data, but which are not referenced anywhere on the site.
August 15, 2005 zenworks_desktop_agent.pm.txt
Yes
Exploit for the Novell ZENworks Remote Management Buffer Overflows vulnerabilities.
August 14, 2005 backupexec_dump.pm
Yes
Exploit script for the Veritas Backup Exec Remote Agent Arbitrary File DIsclosure vulnerability.
August 14, 2005 shoutcast_format_win32.pm
Yes
Exploit for the Nullsoft SHOUTcast Format String Flaw.
August 13, 2005 edirectory_imonitor.pm
edirectory_imonitor.pm.txt
Yes
Exploit for the Novell eDirectory Server iMonitor Buffer Overflow vulnerability.
August 13, 2005 grandstream-DoS.pl.txt
No
Exploit for the Grandstream BudgeTone Denial of Service vulnerability.
August 13, 2005 kavLocalRoot.txt
Yes
Exploit details for the Kaspersky Anti-Virus Insecure Log Directory vulnerability.
August 12, 2005 backupexec_dump.pm
No
Exploit for the Veritas Backup Exec Remote Agent for Windows Servers Arbitrary File Download vulnerability.
August 12, 2005 ms05039.c
HOD-ms05039-pnp-expl.c
Yes
Exploits for the Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges vulnerability.
August 12, 2005 NAePolicy.txt
No
Exploit details for the ePolicy Information Disclosure and Privilege Elevation vulnerability.
August 12, 2005 TheftOfLinkKey.txt
N/A
Paper entitled "Theft of Bluetooth Link Keys for Fun and Profit?"
August 11, 2005 FreznoShopSQL.txt
No
Sample exploitation for the FreznoShop SQL Injection Vulnerability.
August 10, 2005 isec-options.c
No
Script that exploits the Wyse Winterm 1125SE Remote Denial of Service vulnerability.

[back to top]

Trends
  • NIST creates online treasure trove of security woes: The National Institute of Standards and Technology has launched a comprehensive cybersecurity database that is updated daily with the latest information on vulnerabilities in popular products. Source: http://www.fcw.com/article89911-08-15-05-Print.
  • Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT is aware of a public exploit for a vulnerability in VERITAS Backup Exec Remote Agent for Windows Servers. This exploit may allow a remote attacker to retrieve arbitrary files on a system. The VERITAS Backup Exec Remote Agent listens on network port 10000/tcp. Source: http://www.us-cert.gov/current/.
  • Tools drive point-and-click crime: According to the security firm, Websense, new software tools make stealing data from users as easy as browsing the web. These easy-to-use tools are being created by malicious and criminal hackers to run the networks of compromised home computers they control. Source: http://news.bbc.co.uk/2/hi/technology/4152626.stm.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files.
2 Mytob.C Win32 Worm Slight Increase March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
3 Zafi-D Win32 Worm Slight Decrease December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
4 Netsky-Q Win32 Worm Stable March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
5 Mytob-BE Win32 Worm Slight Decrease June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Zafi-B Win32 Worm Increase June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
8 Netsky-D Win32 Worm Slight Increase March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
9 Netsky-Z Win32 Worm Decrease April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
10 Lovgate.w Win32 Worm Decrease April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.

Table Updated August 13, 2005

  • Worm spreading through Microsoft Plug-and-Play flaw: According to two security groups, a worm is spreading using a flaw in the Windows operating system's Plug-and-Play functionality. Users are advised to update systems using a patch released by Microsoft. The worm, known as Zotob by antivirus firm F-Secure, compromises systems by sending data on port 445. If a computer is infected with the program, the worm starts a file-transfer protocol (FTP) server and attempts to spread further. Source: http://www.securityfocus.com/news/11281.
  • Chain attack Trojan nets 3m email addresses: A sophisticated global 'chain' attack has been discovered by security experts at Panda Software that uses the pamNet.A Trojan to infect victim PCs with up to 19 malicious malware programs. The infection chain begins when a user visits the first infected page. This web page uses the Iframe tag to try to open two new pages. This initiates two parallel processes, each one associated to one of the two pages. Source: http://www.vnunet.com/vnunet/news/2141148/chain-attack-trojan-nets-3m.

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top