U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-355)

Summary of Security Items from December 15 through December 21, 2005

Original release date: December 21, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source
Acidcat CMS 2.1.13

A vulnerability has been reported in Acidcat CMS that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Acidcat CMS SQL Injection Vulnerability

CVE-2005-4370
CVE-2005-4371

Medium Secunia Advisory: SA18097, December 19, 1005
Allinta 2.3.2 and prior

A vulnerability has been reported in Allinta that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Allinta Cross-Site Scripting

CVE-2005-4374

Medium Secunia, Advisory: SA18060, December 19, 2005

Citrix Systems

Citrix Program Neighborhood Client 9.1 and prior

A vulnerability has been reported in Citrix Program Neighborhood Client that could let local malicious users disclose information.

A vendor solution is available:
http://support.citrix.com/
article/CTX108108

http://support.citrix.com/
article/CTX108354

Currently we are not aware of any exploits for this vulnerability.

Citrix Program Neighborhood Client Information Disclosure

CVE-2005-3652
CVE-2005-4412

Medium Citrix Security Alert, CTX108354, CTX108108, December 16, 2005
iCMS

A vulnerability has been reported in iCMS that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

iCMS Cross-Site Scripting or SQL Injection

CVE-2005-4396
CVE-2005-4397

Medium Secunia, Advisory: SA18085, December 19, 2005
MailEnable 1.71 & prior

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.mailenable.com/
hotfix/

A Proof of Concept exploit has been published.

MailEnable Arbitrary Code Execution

CVE-2005-4402

High Security Tracker, Alert ID: 1015378, December 19, 2005
Mercury Mail 4.01b

Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Mercury Mail Arbitrary Code Execution

CVE-2005-4411

High Security Tracker, Alert ID: 1015374, December 16, 2005

Media2

Media2 CMS Shop

A vulnerability has been reported in Media2 CMS Shop that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Media2 CMS Shop SQL Injection

CVE-2005-4404

Medium Secunia, Advisory: SA18079, December 19, 2005

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer, by mismatched DOM objects, that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

An exploit has been published.

Microsoft Internet Explorer Unauthorized Access

CVE-2005-1790

Medium

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861, November 21, 2005

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, by dialog manipulation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2829

High

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, COM object Instantiation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2831

High

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

There is no exploit code required.

Microsoft Internet Explorer Information Disclosure

CVE-2005-2830

Medium

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Information Server 5.1

A vulnerability has been reported in IIS that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft IIS Denial of Service

CVE-2005-4360

Low Security Tracker, Alert ID: 1015376, December 18, 2005

Microsoft

Windows 2000 Server SP4 and prior, Professional SP4 and prior, Datacenter Server SP4 and prior, Advanced Server SP4 and prior

A vulnerability has been reported in Windows, Asynchronous Procedure Calls, that could let local malicious users obtain elevated privileges.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-055.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Privilege Elevation

CVE-2005-2827

Medium

Microsoft, Security Bulletin MS05-055, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Pegasus Mail 4.21a - 4.21c, 4.30PB1

Multiple vulnerabilities have been reported in Pegasus Mail that could let remote malicious uses execute arbitrary code.

Upgrade to newest version:
http://www.pmail.com/
downloads_de_t.htm

Currently we are not aware of any exploits for this vulnerability.

Pegasus Mail Arbitrary Code Execution

CVE-2005-4445

High Secunia, Advisory: SA17992, December 20, 2005

Soft4e

ECW-Cart 2.03 and prior

A vulnerability has been reported in ECW-Cart that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ECW-Cart Cross-Site Scripting

CVE-2005-4290

Medium Security Focus, ID: 15890, December 15, 2005

SuperFreaker Studios

UStore

A vulnerability has been reported in UStore that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

UStore Cross-Site Scripting or SQL Injection

CVE-2005-4355
CVE-2005-4356

Medium Secunia, Advisory: SA18026, December 19, 2005

The Collective

Acuity CMS 2.6.2

A vulnerability has been reported in Acuity CMS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

Acuity CMS Cross-Site Scripting

CVE-2005-4369

Medium Secunia, Advisory: SA18070, December 19, 2005

Trend Micro

PC-cillin Internet Security 2005 version 12.00 build 1244

A vulnerability has been reported in PC-cillin that could let local malicious users obtain elevated privileges.

Upgrade to version 12.4.

A Proof of Concept exploit script has been published.

Trend Micro PC-cillin Privilege Elevation

CVE-2005-3360

Medium Security Tracker, Alert ID: 1015357, December 14, 2005

Watchfire

AppScan QA 5.0.609, 5.0.134, Subscription 7

A buffer overflow vulnerability has been reported in AppScan that could let remote malicious users execute arbitrary code.

A vendor update is available via the applications update functionality.

A Proof of Concept exploit script has been published.

Watchfire AppScan Arbitrary Code Execution

CVE-2005-4270

High Security Focus, ID: 15873, December 15, 2005

Xigla Software

Absolute Image Gallery XE

An input validation vulnerability has been reported in Absolute Image Gallery XE that could let remote malicious users perform Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Absolute Image Gallery XE Cross-Site Scripting

CVE-2005-4295

Medium Secunia, Advisory: SA18065, December 15, 2005
ZixForum 1.12

An input validation vulnerability has been reported in ZixForum that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ZixForum SQL Injection

CVE-2005-4334

Medium Security Tracker, Alert ID: 1015359, December 15, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

Almond
Soft.Com

Almond Classifieds

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

AlmondSoft Almond Classifieds SQL Injection

CVE-2005-4312
CVE-2005-4313

Medium Security Focus, Bugtraq ID: 15899, December 15, 2005

Appfluent Technology

Database IDS 2.0

A buffer overflow vulnerability has been reported in the 'APPFLUENT_HOME' environment variable when handling a malformed value, which could let a malicious user execute arbitrary code.

The vulnerability has reportedly been fixed in version 2.1.0.103.

An exploit script has been published.

Appfluent Technology Database IDS Buffer Overflow

CVE-2005-4076

High

Security Focus, Bugtraq ID: 15755, December 7, 2005

Security Focus, Bugtraq ID: 15755, December 16, 2005

AtlantPro
.Com

Atlant Pro 8.0.9

A Cross-Site Scripting vulnerability has been reported in 'atl.cgi' due to insufficient sanitization of the 'before' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Atlant Pro Cross-Site Scripting

CVE-2005-4299

Medium Security Focus, Bugtraq ID: 15886, December 15, 2005

AtlantPro.
Com

AtlantForum Pro 4.0.2, AtlantForum Lite 4.0.2, AtlantForum 4.0.2

Cross-Site Scripting vulnerabilities have been reported in 'atl.cgi' due to insufficient sanitization of the 'sch_allsubct,' 'before,' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AltantForum Multiple Cross-Site Scripting

CVE-2005-4298

Medium Security Focus, Bugtraq ID: 15887, December 15, 2005

binary-concepts

binary board system 0.2.5

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'inreplyto,' 'article,' 'branch,' 'board,' 'user,' and search module parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Binary Board System Multiple Cross-Site Scripting

CVE-2005-4333

Medium
Security Focus, Bugtraq ID: 15913, December 16, 2005

Centericq

Centericq 4.20

A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages.

Debian:
http://security.debian.
org/pool/updates/
main/c/centericq/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

A Proof of Concept exploit script has been published.

Centericq Empty Packet Remote Denial of Service

CVE-2005-3694

Low

Debian Security Advisory. DSA 912-1, November 30, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Daniel Stenberg

curl 7.12-7.15, 7.11.2

 

A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.

Upgrades available at:
http://curl.haxx.se/
download/curl-
7.15.1.tar.gz

Mandriva:
http://www.mandriva.
com/security/
advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.
org/pool/updates/
main/c/curl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-09.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-875.html

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL URL Parser Buffer Overflow

CVE-2005-4077

High

Security Focus, Bugtraq ID: 15756, December 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005

Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005

Debian Security Advisory, DSA 919-1, December 12, 2005

Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005

RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005

Dick Copits

PDEstore 1.8

A Cross-Site Scripting vulnerability has been reported in 'pdestore.cgi' due to insufficient sanitization of the 'product' and 'cart_id' parameters before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Dick Copits PDEstore Cross-Site Scripting

CVE-2005-4285

Medium Secunia Advisory: SA18042, December 15, 2005

Dropbear SSH Server

Dropbear SSH Server prior to 0.47

A buffer overflow vulnerability has been reported in 'svr_chansession.c' due to a buffer allocation error, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://matt.ucc.asn.
au/dropbear/

Debian:
http://www.debian.org/
security/2005/
dsa-923

Currently we are not aware of any exploits for this vulnerability.

Dropbear SSH Server Buffer Overflow

CVE-2005-4178

High

Secunia Advisory: SA18108, December 19, 2005

Debian Security Advisory, DSA-923-1, December 19, 2005

Gentoo Linux

Gentoo Linux

Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-07.xml

There is no exploit code required.

Gentoo Linux Multiple Packages Insecure RUNPATH

CVE-2005-4278

Medium

Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005

Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-07, December 15, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

 

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.
org/pool/updates/
main/e/enscript/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-03.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-039.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com
/support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Enscript Input Validation

CVE-2004-1184
CVE-2004-1185
CVE-2004-1186

 

High

 

Security Tracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Fedora Legacy Update Advisory, FLSA:152892, December 17, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=
dateD

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.
org/security/
OpenPKG-
SA-2005.009-
openpkg.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101816-1

Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-172.pdf

Sun: Updated Relief/Workaround section.

Sun: Updated Contributing Factors, Relief/Workaround, and Resolution sections.

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

A Proof of Concept exploit has been published.

GNU GZip
Directory Traversal

CVE-2005-1228

Medium

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download
/3/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip/gzip

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

Sun: Updated Relief/Workaround section.

There is no exploit code required.

GNU GZip File Permission Modification

CVE-2005-0988

Medium

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.
org/show_bug.
cgi?id=90626

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/
projects/sgi_
propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4532.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
ftp://ftp.trustix.org0
/pub/trustix/updates/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-172.pdf

FedoraLegacy:
http://download.
fedoralegacy.org/

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CVE-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

Hewlett Packard Company

HP-UX B.11.00, B.11.11, B.11.23

 

A remote Denial of Service vulnerability has been reported due to an unspecified error in the WBEM Services.

Update information available at:
www2.itrc.hp.com
/service/cki/doc
Display.do?docId=
c00582373

Currently we are not aware of any exploits for this vulnerability.

HP WBEM Services Remote Denial of Service

CVE-2005-4350

Low
HP Security Bulletin, HPSBMA02088, December 19, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2

A vulnerability has been reported in the '/usr/lpp/diagnostics/
bin/diagela.sh' script due to the use of absolute path. The impact was not specified.

Updates available at:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/diagela_
ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

AIX 'diagela' Script

CVE-2005-3749

Not Specified

IBM Security Advisory, November 11, 2005

IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'slocal' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
slocal_ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM AIX Buffer Overflow

CVE-2005-4272

High
IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3

A buffer overflow vulnerability has been reported in the malloc debugging tools due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
dbgmalloc_ifix.tar.Z

Exploits for this vulnerability may be publicly available.

IBM AIX Debug Malloc Tools Buffer Overflow

CVE-2005-4271

High
IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3

A vulnerability has been reported in the 'getShell' and 'getCommand utilities,' which could let a malicious user corrupt data and obtain elevated privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
getshell_ifix.tar.Z

There is no exploit code required.

IBM AIX GetShell & GetCommand Arbitrary File Overwrite

CVE-2005-4273

Medium IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'muxatmd' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/libisode_ifix.tar.

Currently we are not aware of any exploits for this vulnerability.

IBM AIX MUXATMD Buffer Overflow

CVE-2005-4272

High
IBM Security Advisory, December 15, 2005

Internet Express Products

CommerceSQL 1.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'keywords' parameter in the Quick Find feature before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CommerceSQL Cross-Site Scripting

CVE-2005-4292

Medium Secunia Advisory: SA17932, December 15, 2005

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

Upgrades available at:
http://prdownloads.
sourceforge.net/
ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/ipsec-tools/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Low

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=
index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:10/
tcpdump.patch

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4809.html

Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.60

ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.61

Exploit scripts have been published.

LBL TCPDump Remote Denials of Service

CVE-2005-1278
CVE-2005-1279

CVE-2005-1280

Low

Bugtraq,
396932,
April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3,
2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005

Ubuntu Security Notice,
USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005

Avaya Security Advisory,
ASA-2005-137, June 13, 2005

Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Security Focus, 13392, July 21, 2005

Debian Security Advisory, DSA 850-1, October 9, 2005

SCO Security Advisories, SCOSA-2005.60 & SCOSA-2005.61, December 16, 2005

libpng

pnmtopng 2.38, 2.37.3-2.37.6

A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

PNMToPNG Remote Buffer Overflow

CVE-2005-3662

High

Security Focus, Bugtraq ID: 15427, November 15, 2005

Debian Security Advisory, DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1, November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Michael Arndt

WebCal 3.0 4

Multiple HTML injection and Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebCal Multiple HTML Injection & Cross-Site Scripting

CVE-2005-4327

Medium
Security Focus, Bugtraq ID: 15917, December 16, 2005

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available at:
ftp://ftp.foolabs.com/
pub/xpdf/xpdf-
3.01pl1.patch

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-840.html

KDE:
ftp://ftp.kde.org/pub/
kde/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-08.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-878.html

http://rhn.redhat.
com/errata/RHSA-
2005-868.html

http://rhn.redhat.
com/errata/RHSA-
2005-867.html

Currently we are not aware of any exploits for these vulnerabilities.

High

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Multiple Vendors

FreeBSD 5.4 & prior

A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.

Patches and updates available at:
ftp://ftp.freebsd.org/
pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-
05:09.htt.asc

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.24

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-476.html

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101739-1

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure

CVE-2005-0109

Medium

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Multiple Vendors

ktools 0.3;
Centericq 4.21, 4.20

A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

Currently we are not aware of any exploits for this vulnerability.

KTools Remote Buffer Overflow

CVE-2005-3863

High

Zone-H Research Center Security Advisory 200503, November 27, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Multiple Vendors

GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2

A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html

http://rhn.redhat.com/
errata/RHSA-
2005-343.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958

Mandriva:
http://www.mandriva.
com/security/
advisories

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service

CVE-2005-0891

Low

Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005

RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005

Ubuntu Security Notice, USN-108-1 April 05, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005

SGI Security Advisory, 20050403-01-U, April 15, 2005

Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005

Conectiva Security Advisory, CLSA-2005:958, June 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Fedora Legacy Update Advisory, FLSA:155510, December 17, 2005

Multiple Vendors

phpMyAdmin 2.7.0-pl1

A Cross-Site Request Forgery vulnerability has been reported because a remote malicious user can perform unauthorized actions as a logged-in
user via a link or IMG tag to 'server_privileges.php.'

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

phpMyAdmin Cross-Site Request Forgery

CVE-2005-4450

Medium
Advisory: SA18113, December 19, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/

OpenPKG:
ftp://ftp.openpkg.org/
release/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/

NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804

BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html

Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Cisco:
http://www.cisco.com/
warp/public/707/
cisco-response-
20051202-
openssl.shtml

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

Medium

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announce-ment, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Cisco Security Notice, Document ID: 68324, December 19, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

libpng:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

NetPBM PNMToPNG Remote Buffer Overflow

CVE-2005-3632

High

Debian Security Advisory DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1 November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Multiple Vendors

util-linux 2.8-2.13;
Andries Brouwer util-linux 2.11 d, f, h, i, k, l, n, u, 2.10 s

A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges.

Updates available at:
http://www.kernel.
org/pub/linux/utils/
util-linux/testing
/util-linux-2.
12r-pre1.tar.gz

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/util-linux/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-15.xml

Mandriva:
http://www.mandriva
.com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/util-linux/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101960-1

SGI:
http://www.sgi.com/
support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Util-Linux UMount Remounting Filesystem Elevated Privileges

CVE-2005-2876

Medium

Security Focus, Bugtraq ID: 14816, September 12, 2005

Slackware Security Advisory, SSA:2005-255-02, September 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Ubuntu Security Notice, USN-184-1, September 19, 2005

Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005

Debian Security Advisory, DSA 823-1, September 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005

Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101960, October 10, 2005

SGI Security Advisor, 20051003-01-U, October 26, 2005

Fedora Legacy Update Advisory, FLSA:168326, December 17, 2005

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

Webmin:
http://prdownloads.
sourceforge.net/
webadmin

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-01.xml

http://security.gentoo.
org/glsa/glsa-
200512-02.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-880.html

An exploit has been published.

Perl 'miniserv.pl' script Format String

CVE-2005-3912
CVE-2005-3962

Low

Security Focus, Bugtraq ID: 15629, November 29, 2005

Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005

Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005

Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005

US-CERT VU#948385

Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

Ubuntu Security Notice, USN-222-2, December 12, 2005

Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.
org/attachment.cgi
?id=1909

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-08.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lesstif1-1/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-15.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-
announce/2005-
March/000287.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-331.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-044.html

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/x/xfree86/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-412.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-473.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-198.html

Apple:
http://docs.info.apple.
com/article.html?
artnum=302163

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.57

Currently we are not aware of any exploits for this vulnerability.

LibXPM Bitmap_unit
Integer Overflow

CVE-2005-0605

 

 

High

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005

RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005

RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005

Fedora Update Notifications,
FEDORA-2005-808 & 815, August 25 & 26, 2005

SCO Security Advisory, SCOSA-2005.57, December 14, 2005

Openswan

Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets.

Upgrades available at:
http://www.openswan.
org/download/opens
wan-2.4.2.tar.gz

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028&Searchpage=
0&Limit=25&Main=
63678&Search=true
&where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite.

Openswan IKE Message Remote Denials of Service

CVE-2005-3671

Low

CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Fedora Update Notifications,
FEDORA-2005-1092 & 1093, November 21, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Opera Software

Opera Web Browser 8.5, 8.0-8.0 2

A vulnerability has been reported due to insufficient sanitization of user-supplied data passed through a URI, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.opera.com/
download/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-10.xml

There is no exploit code required.

Opera Web Browser Arbitrary Command Execution

CVE-2005-3750

High

Secunia Advisory: SA16907, November 22, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-10, December 18, 2005

PHP Arena

paFileDB Extreme Edition RC1- RC5

An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Arena PAFileDB Extreme Edition SQL Injection

CVE-2005-4329

Medium
Security Focus, Bugtraq ID: 15912, December 16, 2005

PlaySmS

PlaySmS

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'err' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PlaySMS Cross-Site Scripting

CVE-2005-4432

Medium
Security Focus, Bugtraq ID: 15928, December 19, 2005

Static Store

StaticStore 1.189 A

A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

StaticStore Cross-Site Scripting

CVE-2005-4284

Medium Security Focus, Bugtraq ID: 15895, December 15, 2005

Stefan Ritt

ELOG 2.6.0

A remote Denial of Service vulnerability has been reported in 'elogd' due to an error when handling an overly long value sent to the 'cmd' and 'mode' parameters.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ELOG Remote Denial of Service

CVE-2005-4439

Low
Security Tracker Alert ID: 1015379, December 20, 2005

Todd Miller

Sudo prior to 1.6.8p12

A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.

Upgrades available at:
http://www.sudo.ws/
sudo/download.html

Mandriva:
http://www.mandriva.
com/security/
advisories

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Todd Miller Sudo Security Bypass

CVE-2005-4158

Medium

Security Focus, Bugtraq ID: 15394, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:234, December 20, 2005

Web
Glimpse.org

WebGlimpse 2.14.1, 2.0-2.2.2

A Cross-Site Scripting vulnerability has been reported in 'webglimpse.cgi' due to insufficient sanitization of the 'ID' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebGlimpse Cross-Site Scripting

CVE-2005-4328

Medium
Secunia Advisory: SA18076, December 19, 2005

xloadimage

xloadimage 4.1

A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/x/xloadimage/

http://security.debian.
org/pool/updates/
main/x/xli/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-802.html

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com/
support/security/

Gentoo:
http://security.gentoo.
org

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.56

Currently we are not aware of any exploits for this vulnerability.

Xloadimage NIFF Image Buffer Overflow

CVE-2005-3178

High

Debian Security Advisories, DSA 858-1 & 859-1, October 10, 2005

RedHat Security Advisory, RHSA-2005:802-4, October 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005

SUSE Security Summary Report, SUSE-SR:2005:024, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Gentoo Linux Security Advisory, GLSA 200510-26, October 31, 2005

SCO Security Advisory, SCOSA-2005.56, December 14, 2005

 

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

AbleDesign

D-Man 3.x

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'title' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AbleDesign D-Man Cross-Site Scripting

CVE-2005-4435

Medium
Secunia Advisory: SA18074, December 20, 2005

bbBoard

bbBoard v2 2.56

A Cross-Site Scripting vulnerability has been reported to due to insufficient sanitization of the 'keys' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

BBBoard V2 Cross-Site Scripting

CVE-2005-4297

Medium
Security Focus, Bugtraq ID: 15884, December 15, 2005

Box UK

Amaxus CMS 3.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'change' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Amaxus CMS Cross-Site Scripting

CVE-2005-4375

Medium
Secunia Advisory: SA18004, December 19, 2005

Caravel CMS

Caravel CMS 3.0 Beta 1

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'folderviewer_attrs' and 'fileDN' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Caravel CMS Multiple Cross-Site Scripting

CVE-2005-4381

Medium Security Focus, Bugtraq ID: 15939, December 19, 2005

Cisco Systems

Cisco Catalyst Switches

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Multiple Unspecified Cisco Catalyst Switches Remote Denial of Service

CVE-2005-4248

Low
Security Focus, Bugtraq ID: 15864, December 14, 2005

Cisco Systems

Cisco Clean Access (CCA) 3.5-3.5.5, 3.4-3.4.5, 3.3-3.3.9

A vulnerability has been reported due to insufficient authentication of several scripts on the Secure Smart Manager, which could let a remote malicious cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Cisco Clean Access Multiple JSP Pages Insufficient Authentication

CVE-2005-4332

Low
Security Tracker Alert ID: 1015375, December 16, 2005

Cisco Systems

Firewall Services Module (FWSM) 1.x, 2.x, IOS 12.x, IOS R12.x, PIX 4.x, 5.x, 6.x, 7.x,
Cisco SAN-OS 1.x (MDS 9000 Switches), 2.x (MDS 9000 Switches), VPN 3000 Concentrator

A remote Denial of Service vulnerability has been reported due to errors in the processing of IKEv1 Phase 1 protocol exchange messages.

Patch information available at:
http://www.cisco.com/
warp/public/707/
cisco-sa-20051114-
ipsec.shtml

Rev 1.5: Updated Cisco IOS Products table.

Rev 1.6: Updated Additional Details for Cisco IOS section. Updated Cisco IOS section.

Rev 1.7: Updated Cisco IOS Products table and changed the availability date of 12.3(11)T9 to 27-Dec-05.

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Cisco IPSec IKE Traffic Remote Denial of Service

CVE-2005-3669

Low

Cisco Security Advisory, Document ID: 68158, November 14, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.5, November 29, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.6, December 6, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.7, December 15, 2005

Colony

Colony Gov CMS, Enterprise CMS, E-Commerce CMS, Colony 2.75

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Colony Cross-Site Scripting

CVE-2005-4386

Medium Security Focus, Bugtraq ID: 15941, December 19, 2005

contenite

contenite 0.11

A Cross-Site Scripting vulnerability has been reported in 'home.php' due to insufficient sanitization of the 'id' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Contenite Cross-Site Scripting

CVE-2005-4387

Medium Security Focus, Bugtraq ID: 15942, December 19, 2005

CONTENS Software

CONTENS 3.0

A Cross-Site Scripting vulnerability has been reported in 'search.cfm' due to insufficient sanitization of the 'near' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CONTENS Cross-Site Scripting

CVE-2005-4388

Medium Security Focus, Bugtraq ID: 15943, December 19, 2005

contentServ

contentServ 3.1

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

ContentServ SQL Injection

CVE-2005-4390

Medium Security Focus, Bugtraq ID: 15956, December 19, 2005

DC Scripts

DCForum 6.25, 6.22, 6.21, 6.0, 5.0, 4.0, 3.0, 2.0, 1.0

A Cross-Site Scripting vulnerability has been reported in 'dcboard.php' due to insufficient sanitization of the 'page' parameter and in the 'keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

DCForum DCBoard Parameter Cross-Site Scripting

CVE-2005-4311

Medium
Secunia Advisory: SA18093, December 16, 2005

ECTOOLS

Onlineshop 1.0

A Cross-Site Scripting vulnerability has been reported in 'cart.cgi' due to insufficient sanitization of the 'product,' 'category,' and 'uid' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

ECTOOLS Onlineshop Cross-Site Scripting

CVE-2005-4291

Medium
Secunia Advisory: SA18028, December 15, 2005

eDatCat

eDatCat 3.0

A Cross-Site Scripting vulnerability has been reported in 'EDCstore.pl' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

eDatCat Cross-Site Scripting

CVE-2005-4289

Medium
Security Focus, Bugtraq ID: 15889, December 15, 2005

EPiX

EPiX 3.1.2

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

EPiX Cross-Site Scripting

CVE-2005-4394

Medium Security Focus, Bugtraq ID: 15944, December 19, 2005

Esselbach Storyteller CMS System

Esselbach Storyteller CMS System 1.8 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Esselbach Storyteller CMS System Cross-Site Scripting

CVE-2005-4433

Medium
Secunia Advisory: SA18130, December 19,2005

Ethereal Group

Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.

Patch available at:
http://anonsvn.ethereal.
com/viewcvs/viewcvs.py/
trunk/epan/dissectors/
packet-ospf.c?rev=
16507&view=markup

Debian:
http://security.debian.
org/pool/updates/
main/e/ethereal/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

Currently we are not aware of any exploits for this vulnerability.

Ethereal OSPF Protocol Dissection Buffer Overflow

CVE-2005-3651

 

High

iDefense Security Advisory, December 9, 2005

Debian Security Advisory DSA 920-1, December 13, 2005

Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005

ezUpload

ezUpload 2.2

Several vulnerabilities have been reported: a file include vulnerability was reported in 'index.php' due to insufficient verification of the 'mode' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code; and an SQL injection vulnerability was reported in the search module parameters due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

EZUpload Remote File Include & SQL Injection

CVE-2005-4308
CVE-2005-4309

High
Security Focus, Bugtraq ID: 15918 & 15919 December 16, 2005

FarCry

FarCry 3.0

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

FarCry Cross-Site Scripting

CVE-2005-4395

Medium Security Focus, Bugtraq ID: 15946, December 19, 2005

FFmpeg

FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS

A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www1.mplayerhq.hu/
cgi-bin/cvsweb.cgi/
ffmpeg/libavcodec/
utils.c.diff?cvsroot=
FFMpeg&r2=1.162&
r1=1.161&f=u

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/ffmpeg/

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xine-lib/

Currently we are not aware of any exploits for this vulnerability.

FFmpeg Remote Buffer Overflow

CVE-2005-4048

High

Secunia Advisory: SA17892, December 6, 2005

Ubuntu Security Notice, USN-230-1, December 14, 2005

Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005

Ubuntu Security Notice, USN-230-2, December 16, 2005

FLIP

FLIP 0.9.0.1029 & prior

A Cross-Site Scripting vulnerability has been reported in 'text.php' due to insufficient sanitization of the 'name' parameter and in 'forum.php' due to insufficient sanitization of the 'frame' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

FLIP Cross-Site Scripting

CVE-2005-4365

Medium
Secunia Advisory: SA18128, December 19, 2005

Focal
Media.net

Sitenet BBS 2.0

A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization o f the 'cid' parameter and in'netboard.cgi' due to insufficient sanitization of the 'pg,' 'tid,' 'cid,' and 'fid' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

SiteNet BBS Cross-Site Scripting

CVE-2005-4306

Medium
Secunia Advisory: SA18090, December 16, 2005

Hot Banana

Web Content Management Suite 5.3 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.cfm' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hot Banana Web Content Management Suite Cross-Site Scripting

CVE-2005-4364

Medium
Secunia Advisory: SA18126, December 19, 2005

IBM

Websphere Application Server 6.0

Multiple HTML injection vulnerabilities have been reported in WebSphere Application Server sample scripts due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

IBM WebSphere Application Server Sample Scripts Multiple HTML Injection

CVE-2005-4413

Medium Security Tracker Alert ID: 1015360, December 15, 2005

iHTML Merchant

iHTML Merchant 2.0

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'id,' pid,' and 'step' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

IHTML Merchant SQL Injection

CVE-2005-4331

Medium
Security Focus, Bugtraq ID: 15911, December 16, 2005

iHTML Merchant

iHTML Merchant Mall

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'id,' 'store,' and 'step' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

IHTML Merchant Mall SQL Injection

CVE-2005-4330

Medium
Security Focus, Bugtraq ID: 15910, December 16, 2005

IndexCOR

ezDatabase 2.1.2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code or include arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

EZDatabase Multiple Input Validation

CVE-2005-4302
CVE-2005-4303
CVE-2005-4304

Medium
Security Focus, Bugtraq ID: 15908, December 16, 2005

Komodo CMS

Komodo CMS 2.1 & prior

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'page.php' due to insufficient sanitization of the 'page' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Komodo CMS SQL Injection & Cross-Site Scripting

CVE-2005-4362
CVE-2005-4363

Medium
Secunia Advisory: SA18120, December 19, 2005

Kryptronic

ClickCartPro 5.1

A Cross-Site Scripting vulnerability has been reported in 'cp-app.cgi' due to insufficient sanitization of the 'affl' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Kryptronic ClickCartPro Cross-Site Scripting

CVE-2005-4293

Medium
Secunia Advisory: SA17927, December 15, 2005

Libertas Solutions

Libertas ECMS 3.0 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'page_search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Libertas ECMS Cross-Site Scripting

CVE-2005-4399

Medium
Secunia Advisory: SA18117, December 19, 2005

Libremail

Libremail 1.1.0 & prior

A format string vulnerability has been reported in 'pop.c' when processing specially crafted data from a POP server, which could let a remote malicious user execute arbitrary code.

Update available at:
http://libremail.tuxfamily.org/
en/dersources.htm

Currently we are not aware of any exploits for this vulnerability.

Libremail Remote Format String

CVE-2005-4300

High
Security Focus, Bugtraq ID: 15906, December 16, 2005

Liferay

Liferay Portal Enterprise 3.6.1 & prior

A Cross-Site Scripting vulnerability has been reported in 'portal_ent' due to insufficient sanitization of the '_77_struts_action,' 'p_p_mode,' and 'p_p_state' parameters and due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Liferay Portal Enterprise Cross-Site Scripting

CVE-2005-4400

Medium
Secunia Advisory: SA18116, December 19, 2005

Limbo CMS

Limbo CMS 1.0.4 .2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code, SQL code, and include local arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Limbo CMS Multiple Input Validation

CVE-2005-4317
CVE-2005-4318
CVE-2005-4319
CVE-2005-4320

Medium
Security Focus, Bugtraq ID: 15871, December 14, 2005

Lutece

Lutece 1.2.3 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Lutece Cross-Site Scripting

CVE-2005-4401

Medium
Secunia Advisory: SA18114, December 19, 2005

Macromedia

ColdFusion Server MX 7.0, 6.1, 6.0, ColdFusion MX J2EE 6.1, ColdFusion MX Enterprise with JRun 6.1, ColdFusion MX 7.0, 6.1, 6.0

Multiple vulnerabilities have been reported: a vulnerability was reported in the Sandbox Security functionality due to a failure to throw an exception when ColdFusion is running on a JRun 4 cluster member with the Java SecurityManager disabled, which could let a remote malicious user bypass security controls; an input validation vulnerability was reported in the CFMAIL tag when handling the 'Subject' field, which could let a remote malicious user attach arbitrary files; a vulnerability was reported in the Sandbox Security functionality when enforcing the 'CFOBJECT/CreateObject(Java)' setting due to an error, which could let a remote malicious user call restricted methods through an object of a specially crafted class written to the ColdFusion library directory; and a vulnerability was reported because the password hash used to authenticate the ColdFusion Administrator can be obtained by developers.

Update and fix information available at:
http://www.macromedia.com/
devnet/security/security_zone/
mpsb05-12.html

http://www.macromedia.com/
devnet/security/security_zone/
mpsb05-14.html


Currently we are not aware of any exploits for this vulnerability.

Macromedia ColdFusion Multiple Vulnerabilities

CVE-2005-4342
CVE-2005-4343
CVE-2005-4344
CVE-2005-4345

Medium
Macromedia Security Bulletins, MPSB05-12 & MPSB05-14, December 15, 2005

Macromedia

Flash Media Server Professional Edition 2.0,
Flash Media Server Origin Edition 2.0, Flash Media Server Edge Edition 2.0, Flash Media Server Developer Edition 2.0

A Denial of Service vulnerability has been reported due to an error in the Administration Service (FMSAdmin.exe) when handling received data.

Solution available at:
http://www.macromedia.
com/devnet/security/
security_zone/mpsb05-11.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Macromedia Flash Media Server Administration Service Denial of Service

CVE-2005-4216

Low

Security Focus, Bugtraq ID: 15822, December 13, 2005

Macromedia Security Bulletin, MPSB05-11, December 15, 2005

Magnolia

Magnolia 2.1 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter in the search feature, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Magnolia Search Feature Cross-Site Scripting

CVE-2005-4361

Medium
Secunia Advisory: SA18104, December 19, 2005

Mantis

Mantis 1.x

A Cross-Site Scripting vulnerability has been reported in 'view_filters_page.php' due to insufficient sanitization of the 'target_field' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
mantisbt/mantis-
0.19.4.tar.gz

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Mantis Cross-Site Scripting

CVE-2005-4238

Medium

Secunia Advisory: SA18018, December 14, 2005

Security Focus, Bugtraq ID: 15842, December 15, 2005

Marmara
Web

E-commerce

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a remote file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploit scripts have been published.

MarmaraWeb E-Commerce Cross-Site Scripting & File Include

CVE-2005-4287
CVE-2005-4288

High
Security Focus, Bugtraq ID: 15875 & 15877, December 15, 2005

Marwel

Marwel 2.7 & prior

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'show' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Marwel SQL Injection

CVE-2005-4403

Medium
Secunia Advisory: SA18099, December 19, 2005

Mindroute Software AB

damoon

 

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

damoon Cross-Site Scripting

CVE-2005-4391

Medium
Secunia Advisory: SA18118, December 19, 2005

Mindroute Software AB

lemoon 2.0 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

lemoon Cross-Site Scripting

CVE-2005-4398

Medium
Secunia Advisory: SA18119, December 19, 2005

Miraserver

Miraserver 1.0 RC4 & prior

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'page' parameter, in 'newsitem.php' due to insufficient sanitization of the 'id' parameter, and in 'article.php' due to insufficient sanitization of the 'cat' parameter, before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Miraserver SQL Injection

CVE-2005-4408

Medium
Secunia Advisory: SA18110, December 20, 2005

MMBase

MMBase 1.7.4

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

MMBase Cross-Site Scripting

CVE-2005-4409

Medium Security Focus, Bugtraq ID: 15955, December 19, 2005

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available at:
http://lynx.isc.org/
current/lynx2.8.6
dev.15.tar.gz

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-839.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-09.xml

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

OpenPKG:
http://www.openpkg.
org/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.55

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

High

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

Multiple Vendors

University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64

A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.

University of Kansas Lynx:
http://lynx.isc.org/current/
lynx2.8.6dev.14.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200510-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/lynx/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-803.html

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.
org/pool/updates/
main/l/lynx/

http://security.debian.
org/pool/updates/
main/l/lynx-ssl/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lynx/

(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)

SUSE:
ftp://ftp.suse.com
/pub/suse/

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.47

OpenPKG:
http://www.openpkg.
org/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

A Proof of Concept Denial of Service exploit script has been published.

Lynx 'HTrjis()' NNTP Remote Buffer Overflow

CVE-2005-3120

High

Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005

Ubuntu Security Notice, USN-206-1, October 17, 2005

RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005

Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005

Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005

Ubuntu Security Notice, USN-206-2, October 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Slackware Security Advisory, SSA:2005-310-03, November 7, 2005

SCO Security Advisory, SCOSA-2005.47, November 8, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

myEZshop Shopping Cart

myEZshop Shopping Cart

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'Keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'admin.php' due to insufficient sanitization of the 'Groupsld' and 'Itemsld' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

myEZshop Shopping Cart Cross-Site Scripting & SQL Injection
Medium
Secunia Advisory: SA18086, December 20, 2005

NetQuest

NQcontent 3.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'text' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

NQcontent Cross-Site Scripting

CVE-2005-4410

Medium
Secunia Advisory: SA17994, December 20, 2005

NightMedia

The CITY Shop 1.3

A Cross-Site Scripting vulnerability has been reported in 'store.cgi' due to insufficient sanitization of the 'SKey' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

The CITY Shop Cross-Site Scripting

CVE-2005-4283

Medium
Security Focus, Bugtraq ID: 15897, December 15, 2005

ODFaq

ODFaq 2.1.0

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'cat' and 'srcText' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ODFaq SQL Injection

CVE-2005-4359

Medium
Secunia Advisory: SA18121, December 19, 2005

OpenCMS Project

Alkacon OpenCMS 6.0.2

A Cross-Site Scripting vulnerability has been reported in the login page due to insufficient sanitization of the user name field before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://www.opencms.org/
opencms/en/download/
opencms.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Alkacon OpenCMS Cross-Site Scripting

CVE-2005-4294

Medium
Security Tracker Alert ID: 1015365, December 15, 2005

OTRS

OTRS (Open Ticket Request System) 2.0.0-2.0.3, 1.3.2, 1.0 .0

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'login' function due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in the 'AgentTicketPlain' function due to insufficient sanitization of the 'TicketID' and 'ArticleID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of HTML email attachments before displaying, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'index.pl' due to insufficient sanitization of the 'QueueID' and 'Action' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
ftp://ftp.otrs.org/pub/
otrs/otrs-1.3.3-01.tar.gz

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, Proof of Concept exploits have been published.

OTRS SQL Injection & Cross-Site Scripting

CVE-2005-3893
CVE-2005-3894
CVE-2005-3895

Medium

OTRS Security Advisory, OSA-2005-01, November 22, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005


PHP Fusebox

PHP Fusebox 3.0

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Fusebox Cross-Site Scripting Medium Security Focus, Bugtraq ID: 15924, December 19, 2005

phpXplorer

phpXplorer 0.9.12

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'address bar' field before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPXplorer Address Bar Cross-Site Scripting

CVE-2005-4301

Medium
Secunia Advisory: SA18080, December 16, 2005

Plexum

PlexCart X3 3.0

An SQL injection vulnerability has been reported in 'plexcart.pl' due to insufficient sanitization of some parameters (e.g. 's_itemname,' 's_orderby') before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Plexum PlexCart X3 SQL Injection

CVE-2005-4315

Medium
Security Focus, Bugtraq ID: 15900, December 15, 2005

PPCal Shopping Cart

PPCal Shopping Cart 3.3

A Cross-Site Scripting vulnerability has been reported in 'ppcal.cgi' due to insufficient sanitization of the 'user' and 'stop' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

PPCal Shopping Cart Cross-Site Scripting

CVE-2005-4314

Medium
Security Focus, Bugtraq ID: 15892, December 15, 2005

QuickPay
Pro

QuickPayPro 3.1

Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in the 'popupid,' 'so,' 'sb,' 'nr,' subtrackingid,' 'delete,' 'trackingid,' and customerid' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and Cross-Site Scripting vulnerabilities were reported in 'subscribers.tracking.add.php,' 'tickets.add.php,' and 'categories.php' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

QuickPayPro SQL Injection & Cross-Site Scripting

CVE-2005-4243
CVE-2005-4248

Medium
Secunia Advisory: SA17981, December 14, 2005

Random
Mouse

Red Queen 1.02 & prior

A vulnerability has been reported because the full path to the installation is shown when malformed input is used to access certain scripts, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Red Queen Full Path Disclosure

CVE-2005-4405

Medium
Secunia Advisory: SA18072, December 19, 2005

Round Cube Project

Round Cube Webmail 0.1 -20051021

A vulnerability has been reported when an invalid_task parameter is submitted, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Round Cube Webmail Path Disclosure

CVE-2005-4368

Medium Security Focus, Bugtraq ID: 15920, December 17, 2005

ScareCrow

ScareCrow 2.13

Cross-Site Scripting vulnerabilities have been reported in 'forum.cgi' and ' post.cgi' due to insufficient sanitization of the 'forum' parameter and in in 'profile.cgi' due to insufficient sanitization of the 'user' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ScareCrow Multiple Cross-Site Scripting

CVE-2005-4307

Medium
Secunia Advisory: SA18084, December 16, 2005

Scientific Atlanta

Scientific Atlanta DPX2100

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Scientific Atlanta DPX2100 Remote Denial of Service

CVE-2005-4275

Low
Security Focus, Bugtraq ID: 15870, December 14, 2005

SSH Communications

Security Tectia Server 5.0 .0

A vulnerability has been reported when handling host-based authentication due to an error, which could let a remote malicious user bypass security restrictions.

Upgrade available at:
http://www.ssh.com/support/
downloads/tectia-server/
updates-and-packages-5-0.html

Currently we are not aware of any exploits for this vulnerability.

SSH Tectia Server Host Authentication Bypass

CVE-2005-4310

Medium
SSH Communications Security Advisory, December 15, 2005

Sun Microsystems, Inc.

Java JDK 1.5.x, Java JRE 1.3.x, 1.4.x, 1.5.x / 5.x, Java SDK 1.3.x, 1.4.x

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a malicious untrusted applet read/ write local files or execute local applications; three unspecified vulnerabilities were reported with the use of 'reflection' APIs error, which could let a malicious untrusted applet read/write local files or execute local applications; and a vulnerability was reported in the Java Management Extensions (JMX) implementation, which could let a malicious untrusted applet read/ write local files or execute local applications.

Upgrade information available at:
http://sunsolve.sun.com
/searchproxy/document.
do?assetkey=1-26-
102003-1

http://sunsolve.sun.com/
searchproxy/document.
do?assetkey=1-
26-102017-1

http://sunsolve.sun.com/
searchproxy/document.
do?assetkey=1-
26-102050-1

IBM:
http://www-1.ibm.com/
support/docview.wss?
uid=swg21225628

Currently we are not aware of any exploits for these vulnerabilities.

Sun Java Runtime Environment Security Bypass

CVE-2005-3904
CVE-2005-3905
CVE-2005-3906
CVE-2005-3907

Medium

Sun(sm) Alert Notifications
Sun Alert ID: 102003, 102017, & 102050, November 28, 2005

US-CERT VU#974188, VU#355284, VU#931684

IBM Technote, December 16, 2005

 

TML

TML 0.5

Multiple input validation vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code and SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

TML CMS Multiple Input Validation

CVE-2005-4415
CVE-2005-4416

Medium
Security Focus, Bugtraq ID: 15876, December 15, 2005

Westell

Versalink 327W

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Westell Versalink Remote Denial of Service

CVE-2005-4276

Low
Security Focus, Bugtraq ID: 15869, December 14, 2005

WHM
Complete
Solution

WHMComplete
Solution 2.1

A Cross-Site Scripting vulnerability has been reported in 'knowledgebase.php' due to insufficient sanitization of the 'search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

WHMCompleteSolution 2.2 is not affected by this issue. Please contact the vendor to obtain a fix.

There is no exploit code required.

WHMComplete
Solution Cross-Site Scripting

CVE-2005-4235

Medium

Security Focus, Bugtraq ID: 15856, December 14, 2005

Security Focus, Bugtraq ID: 15856, December 20, 2005

Zaygo

HostingCart 2.0, DomainCart 2.0

A Cross-Site Scripting vulnerability has been reported in 'zaygo.cgi' due to insufficient sanitization of the 'root' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required

Zaygo HostingCart & DomainCart Cross-Site Scripting

CVE-2005-4281
CVE-2005-4282

Medium
Security Focus, Bugtraq ID: 15893, December 15, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Mobile Phone Exec's Communications Cloned By Terrorists: According to Canadian news reports, terrorists reportedly have found a way to scam mobile phone companies by exploiting wireless phone vulnerabilities. They cloned the mobile phone of a top mobile phone executive, along with some of his company's customers, and made thousands of dollars worth of international calls. Source: http://www.techweb.com/wire/mobile/175007174;jsessionid=
    0NQ1L1TNB0RIOQSNDBOCKHSCJUMEKJVN
    .
  • Grim Prediction For 2006: Expect More Mobile Security Woes: According to McAfee's AVERT anti-virus lab, mobile phone and PDA users should expect a rising tide of malicious software and attacks in 2006. A"significant rise in the number of global mobile threats" will appear next year as the malware risk continues to increase against cellular and smart phones, as well as PDAs. Source: http://www.techweb.com/wire/mobile/175006618;jsessionid=
    0NQ1L1TNB0RIOQSNDBOCKHSCJUMEKJVN
    .
  • Will Mobile Broadband Kill Wi-Fi? With the approval of the IEEE 802.11e standard for mobile wireless broadband there are many unanswered questions about the future of Wi-Fi. About 90 percent of laptops are now delivered with built-in support for Wi-Fi wireless networks and the technology has been widely adopted both in enterprises and the home. In addition, the number of public Wi-Fi hotspots continues to grow. Source: http://www.mobilepipeline.com/175006860;jsessionid=
    HDPOH23NOWCGSQSNDBCSKH0CJUMEKJVN
    .
  • Gmail goes mobile: Google launches Gmail mobile and Gmail users can now access their account on the move. According to Google, the page will automatically optimize its interface for whatever phone you are using, adjusting it depending on the size of your mobile phone screen. The service also allows users to open attachments such as photos, Microsoft Word documents and PDF files. Source: http://www.theregister.com/2005/12/19/electric_gmail/.

Wireless Vulnerabilities

  • Nothing significant to report.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
December 20, 2005 TmPfw_poc
Yes
Proof of Concept exploit for the Trend Micro PC-cillin Privilege Elevation vulnerability.
December 19, 2005 bug1.xls
bug2.xls
No
Proof of Concept exploit for the Microsoft Excel Unspecified Memory Corruption vulnerability.
December 19, 2005 IIS_Mal_URI_Dos.cpp
No
Proof of Concept exploit for the Microsoft Internet Information Server 5.1 DLL Request Denial of Service vulnerability.
December 18, 2005 checkpoint.txt
N/A
Another methodology for disabling Checkpoint's SecureClient NGX Security Policy.
December 15, 2005 ibm_css.txt
No
Exploit details for the IBM WebSphere Application Server Sample Scripts Multiple HTML Injection vulnerabilities.
December 14, 2005 AppScanQA_Poc.pl
AppScanQA-RemoteCodeExec-PoC.zip
Yes
Exploit for the Watchfire AppScan QA Remote Buffer Overflow vulnerability.
December 14, 2005 limbo_1042_eval_xpl.php
limbo1042_xpl.txt
No
Proof of Concept exploit for the Limbo CMS Multiple Input Validation vulnerabilities.
December 14, 2005 MS05-053.c
Yes
Exploit for the Microsoft Windows EMF File Denial of Service Vulnerability.

[back to top]

Trends
  • US-CERT is aware of malicious software exploiting a vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC).
  • Dasher worm gallops onto the Net: According to security experts, a Windows-targeted worm that drops spying software on vulnerable PCs is spreading across the Internet. The Dasher.B worm exploits a flaw in Microsoft Windows Distributed Transaction Coordinator, or MDTC. Microsoft announced and patched the hole in the component for transaction processing in October. However, initial glitches with the update may have left some users without a properly implemented fix. Source: http://news.com.com/
    Dasher+worm+gallops+onto+the+Net/2100-1002_3-6999114.html?part=rss
    &tag=5999114&subj=news
    .
  • Vendors predict upturn in technology spending: According to research commissioned by Siemens during December, IT and telecoms vendors expected business investment in the UK to rise by 2.85 per cent in 2006, a growth rate that is 40 per cent higher than the government’s expected 2005 figure. Source: http://www.channelweb.co.uk/crn/news/2147751/vendors-predict-upturn.
  • IM Worm On MSN, AOL, ICQ, & Yahoo Plants Rootkit: According to a security firm, a new worm posing as a come-on to a Santa Claus site is traveling across all the major instant messaging networks. When recipients visit the bogus site, they're infected with a file hidden from sight by a rootkit. IMlogic said that the worm, dubbed "M.GiftCom.All," is circulating on the MSN, AOL, ICQ, and Yahoo instant messaging services, is a "Medium" threat. Source: http://www.informationweek.com/news/showArticle.jhtml?articleID=175007154.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
3 Sober-Z Win32 Worm Stable December 2005 A mass-mailing worm that harvests addresses from infected machines, forges the senders email, and utilizes its own mail engine.
4 Mytob-GH Win32 Worm Stable November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5 Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
6 Mytob-BE Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
7 Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
8 Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
9 Mytob-GH Win32 Worm Stable December 2005 This email worm turns off anti-virus and opens infected systems to remote connections. It further harvests email addresses from infected machines, and forges the senders address.
10 Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.

Table updated December 20, 2005

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source
Acidcat CMS 2.1.13

A vulnerability has been reported in Acidcat CMS that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Acidcat CMS SQL Injection Vulnerability

CVE-2005-4370
CVE-2005-4371

Medium Secunia Advisory: SA18097, December 19, 1005
Allinta 2.3.2 and prior

A vulnerability has been reported in Allinta that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Allinta Cross-Site Scripting

CVE-2005-4374

Medium Secunia, Advisory: SA18060, December 19, 2005

Citrix Systems

Citrix Program Neighborhood Client 9.1 and prior

A vulnerability has been reported in Citrix Program Neighborhood Client that could let local malicious users disclose information.

A vendor solution is available:
http://support.citrix.com/
article/CTX108108

http://support.citrix.com/
article/CTX108354

Currently we are not aware of any exploits for this vulnerability.

Citrix Program Neighborhood Client Information Disclosure

CVE-2005-3652
CVE-2005-4412

Medium Citrix Security Alert, CTX108354, CTX108108, December 16, 2005
iCMS

A vulnerability has been reported in iCMS that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

iCMS Cross-Site Scripting or SQL Injection

CVE-2005-4396
CVE-2005-4397

Medium Secunia, Advisory: SA18085, December 19, 2005
MailEnable 1.71 & prior

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.mailenable.com/
hotfix/

A Proof of Concept exploit has been published.

MailEnable Arbitrary Code Execution

CVE-2005-4402

High Security Tracker, Alert ID: 1015378, December 19, 2005
Mercury Mail 4.01b

Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Mercury Mail Arbitrary Code Execution

CVE-2005-4411

High Security Tracker, Alert ID: 1015374, December 16, 2005

Media2

Media2 CMS Shop

A vulnerability has been reported in Media2 CMS Shop that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Media2 CMS Shop SQL Injection

CVE-2005-4404

Medium Secunia, Advisory: SA18079, December 19, 2005

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer, by mismatched DOM objects, that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

An exploit has been published.

Microsoft Internet Explorer Unauthorized Access

CVE-2005-1790

Medium

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861, November 21, 2005

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, by dialog manipulation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2829

High

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, COM object Instantiation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2831

High

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

There is no exploit code required.

Microsoft Internet Explorer Information Disclosure

CVE-2005-2830

Medium

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Information Server 5.1

A vulnerability has been reported in IIS that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft IIS Denial of Service

CVE-2005-4360

Low Security Tracker, Alert ID: 1015376, December 18, 2005

Microsoft

Windows 2000 Server SP4 and prior, Professional SP4 and prior, Datacenter Server SP4 and prior, Advanced Server SP4 and prior

A vulnerability has been reported in Windows, Asynchronous Procedure Calls, that could let local malicious users obtain elevated privileges.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-055.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Privilege Elevation

CVE-2005-2827

Medium

Microsoft, Security Bulletin MS05-055, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Pegasus Mail 4.21a - 4.21c, 4.30PB1

Multiple vulnerabilities have been reported in Pegasus Mail that could let remote malicious uses execute arbitrary code.

Upgrade to newest version:
http://www.pmail.com/
downloads_de_t.htm

Currently we are not aware of any exploits for this vulnerability.

Pegasus Mail Arbitrary Code Execution

CVE-2005-4445

High Secunia, Advisory: SA17992, December 20, 2005

Soft4e

ECW-Cart 2.03 and prior

A vulnerability has been reported in ECW-Cart that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ECW-Cart Cross-Site Scripting

CVE-2005-4290

Medium Security Focus, ID: 15890, December 15, 2005

SuperFreaker Studios

UStore

A vulnerability has been reported in UStore that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

UStore Cross-Site Scripting or SQL Injection

CVE-2005-4355
CVE-2005-4356

Medium Secunia, Advisory: SA18026, December 19, 2005

The Collective

Acuity CMS 2.6.2

A vulnerability has been reported in Acuity CMS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

Acuity CMS Cross-Site Scripting

CVE-2005-4369

Medium Secunia, Advisory: SA18070, December 19, 2005

Trend Micro

PC-cillin Internet Security 2005 version 12.00 build 1244

A vulnerability has been reported in PC-cillin that could let local malicious users obtain elevated privileges.

Upgrade to version 12.4.

A Proof of Concept exploit script has been published.

Trend Micro PC-cillin Privilege Elevation

CVE-2005-3360

Medium Security Tracker, Alert ID: 1015357, December 14, 2005

Watchfire

AppScan QA 5.0.609, 5.0.134, Subscription 7

A buffer overflow vulnerability has been reported in AppScan that could let remote malicious users execute arbitrary code.

A vendor update is available via the applications update functionality.

A Proof of Concept exploit script has been published.

Watchfire AppScan Arbitrary Code Execution

CVE-2005-4270

High Security Focus, ID: 15873, December 15, 2005

Xigla Software

Absolute Image Gallery XE

An input validation vulnerability has been reported in Absolute Image Gallery XE that could let remote malicious users perform Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Absolute Image Gallery XE Cross-Site Scripting

CVE-2005-4295

Medium Secunia, Advisory: SA18065, December 15, 2005
ZixForum 1.12

An input validation vulnerability has been reported in ZixForum that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ZixForum SQL Injection

CVE-2005-4334

Medium Security Tracker, Alert ID: 1015359, December 15, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

Almond
Soft.Com

Almond Classifieds

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

AlmondSoft Almond Classifieds SQL Injection

CVE-2005-4312
CVE-2005-4313

Medium Security Focus, Bugtraq ID: 15899, December 15, 2005

Appfluent Technology

Database IDS 2.0

A buffer overflow vulnerability has been reported in the 'APPFLUENT_HOME' environment variable when handling a malformed value, which could let a malicious user execute arbitrary code.

The vulnerability has reportedly been fixed in version 2.1.0.103.

An exploit script has been published.

Appfluent Technology Database IDS Buffer Overflow

CVE-2005-4076

High

Security Focus, Bugtraq ID: 15755, December 7, 2005

Security Focus, Bugtraq ID: 15755, December 16, 2005

AtlantPro
.Com

Atlant Pro 8.0.9

A Cross-Site Scripting vulnerability has been reported in 'atl.cgi' due to insufficient sanitization of the 'before' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Atlant Pro Cross-Site Scripting

CVE-2005-4299

Medium Security Focus, Bugtraq ID: 15886, December 15, 2005

AtlantPro.
Com

AtlantForum Pro 4.0.2, AtlantForum Lite 4.0.2, AtlantForum 4.0.2

Cross-Site Scripting vulnerabilities have been reported in 'atl.cgi' due to insufficient sanitization of the 'sch_allsubct,' 'before,' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AltantForum Multiple Cross-Site Scripting

CVE-2005-4298

Medium Security Focus, Bugtraq ID: 15887, December 15, 2005

binary-concepts

binary board system 0.2.5

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'inreplyto,' 'article,' 'branch,' 'board,' 'user,' and search module parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Binary Board System Multiple Cross-Site Scripting

CVE-2005-4333

Medium
Security Focus, Bugtraq ID: 15913, December 16, 2005

Centericq

Centericq 4.20

A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages.

Debian:
http://security.debian.
org/pool/updates/
main/c/centericq/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

A Proof of Concept exploit script has been published.

Centericq Empty Packet Remote Denial of Service

CVE-2005-3694

Low

Debian Security Advisory. DSA 912-1, November 30, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Daniel Stenberg

curl 7.12-7.15, 7.11.2

 

A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.

Upgrades available at:
http://curl.haxx.se/
download/curl-
7.15.1.tar.gz

Mandriva:
http://www.mandriva.
com/security/
advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.
org/pool/updates/
main/c/curl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-09.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-875.html

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL URL Parser Buffer Overflow

CVE-2005-4077

High

Security Focus, Bugtraq ID: 15756, December 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005

Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005

Debian Security Advisory, DSA 919-1, December 12, 2005

Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005

RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005

Dick Copits

PDEstore 1.8

A Cross-Site Scripting vulnerability has been reported in 'pdestore.cgi' due to insufficient sanitization of the 'product' and 'cart_id' parameters before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Dick Copits PDEstore Cross-Site Scripting

CVE-2005-4285

Medium Secunia Advisory: SA18042, December 15, 2005

Dropbear SSH Server

Dropbear SSH Server prior to 0.47

A buffer overflow vulnerability has been reported in 'svr_chansession.c' due to a buffer allocation error, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://matt.ucc.asn.
au/dropbear/

Debian:
http://www.debian.org/
security/2005/
dsa-923

Currently we are not aware of any exploits for this vulnerability.

Dropbear SSH Server Buffer Overflow

CVE-2005-4178

High

Secunia Advisory: SA18108, December 19, 2005

Debian Security Advisory, DSA-923-1, December 19, 2005

Gentoo Linux

Gentoo Linux

Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-07.xml

There is no exploit code required.

Gentoo Linux Multiple Packages Insecure RUNPATH

CVE-2005-4278

Medium

Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005

Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-07, December 15, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

 

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.
org/pool/updates/
main/e/enscript/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-03.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-039.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com
/support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for these vulnerabilities.

GNU Enscript Input Validation

CVE-2004-1184
CVE-2004-1185
CVE-2004-1186

 

High

 

Security Tracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Fedora Legacy Update Advisory, FLSA:152892, December 17, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=
dateD

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.
org/security/
OpenPKG-
SA-2005.009-
openpkg.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101816-1

Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-172.pdf

Sun: Updated Relief/Workaround section.

Sun: Updated Contributing Factors, Relief/Workaround, and Resolution sections.

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

A Proof of Concept exploit has been published.

GNU GZip
Directory Traversal

CVE-2005-1228

Medium

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download
/3/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip/gzip

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

Sun: Updated Relief/Workaround section.

There is no exploit code required.

GNU GZip File Permission Modification

CVE-2005-0988

Medium

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.
org/show_bug.
cgi?id=90626

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/
projects/sgi_
propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4532.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
ftp://ftp.trustix.org0
/pub/trustix/updates/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-172.pdf

FedoraLegacy:
http://download.
fedoralegacy.org/

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CVE-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

Hewlett Packard Company

HP-UX B.11.00, B.11.11, B.11.23

 

A remote Denial of Service vulnerability has been reported due to an unspecified error in the WBEM Services.

Update information available at:
www2.itrc.hp.com
/service/cki/doc
Display.do?docId=
c00582373

Currently we are not aware of any exploits for this vulnerability.

HP WBEM Services Remote Denial of Service

CVE-2005-4350

Low
HP Security Bulletin, HPSBMA02088, December 19, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2

A vulnerability has been reported in the '/usr/lpp/diagnostics/
bin/diagela.sh' script due to the use of absolute path. The impact was not specified.

Updates available at:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/diagela_
ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

AIX 'diagela' Script

CVE-2005-3749

Not Specified

IBM Security Advisory, November 11, 2005

IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'slocal' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
slocal_ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM AIX Buffer Overflow

CVE-2005-4272

High
IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3

A buffer overflow vulnerability has been reported in the malloc debugging tools due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
dbgmalloc_ifix.tar.Z

Exploits for this vulnerability may be publicly available.

IBM AIX Debug Malloc Tools Buffer Overflow

CVE-2005-4271

High
IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3

A vulnerability has been reported in the 'getShell' and 'getCommand utilities,' which could let a malicious user corrupt data and obtain elevated privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
getshell_ifix.tar.Z

There is no exploit code required.

IBM AIX GetShell & GetCommand Arbitrary File Overwrite

CVE-2005-4273

Medium IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'muxatmd' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/libisode_ifix.tar.

Currently we are not aware of any exploits for this vulnerability.

IBM AIX MUXATMD Buffer Overflow

CVE-2005-4272

High
IBM Security Advisory, December 15, 2005

Internet Express Products

CommerceSQL 1.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'keywords' parameter in the Quick Find feature before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CommerceSQL Cross-Site Scripting

CVE-2005-4292

Medium Secunia Advisory: SA17932, December 15, 2005

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

Upgrades available at:
http://prdownloads.
sourceforge.net/
ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/ipsec-tools/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Low

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=
index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:10/
tcpdump.patch

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4809.html

Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.60

ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.61

Exploit scripts have been published.

LBL TCPDump Remote Denials of Service

CVE-2005-1278
CVE-2005-1279

CVE-2005-1280

Low

Bugtraq,
396932,
April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3,
2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005

Ubuntu Security Notice,
USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005

Avaya Security Advisory,
ASA-2005-137, June 13, 2005

Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Security Focus, 13392, July 21, 2005

Debian Security Advisory, DSA 850-1, October 9, 2005

SCO Security Advisories, SCOSA-2005.60 & SCOSA-2005.61, December 16, 2005

libpng

pnmtopng 2.38, 2.37.3-2.37.6

A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

PNMToPNG Remote Buffer Overflow

CVE-2005-3662

High

Security Focus, Bugtraq ID: 15427, November 15, 2005

Debian Security Advisory, DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1, November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Michael Arndt

WebCal 3.0 4

Multiple HTML injection and Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebCal Multiple HTML Injection & Cross-Site Scripting

CVE-2005-4327

Medium
Security Focus, Bugtraq ID: 15917, December 16, 2005

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available at:
ftp://ftp.foolabs.com/
pub/xpdf/xpdf-
3.01pl1.patch

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-840.html

KDE:
ftp://ftp.kde.org/pub/
kde/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-08.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-878.html

http://rhn.redhat.
com/errata/RHSA-
2005-868.html

http://rhn.redhat.
com/errata/RHSA-
2005-867.html

Currently we are not aware of any exploits for these vulnerabilities.

High

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Multiple Vendors

FreeBSD 5.4 & prior

A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.

Patches and updates available at:
ftp://ftp.freebsd.org/
pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-
05:09.htt.asc

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.24

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-476.html

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101739-1

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure

CVE-2005-0109

Medium

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Multiple Vendors

ktools 0.3;
Centericq 4.21, 4.20

A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

Currently we are not aware of any exploits for this vulnerability.

KTools Remote Buffer Overflow

CVE-2005-3863

High

Zone-H Research Center Security Advisory 200503, November 27, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Multiple Vendors

GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2

A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html

http://rhn.redhat.com/
errata/RHSA-
2005-343.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958

Mandriva:
http://www.mandriva.
com/security/
advisories

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service

CVE-2005-0891

Low

Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005

RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005

Ubuntu Security Notice, USN-108-1 April 05, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005

SGI Security Advisory, 20050403-01-U, April 15, 2005

Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005

Conectiva Security Advisory, CLSA-2005:958, June 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Fedora Legacy Update Advisory, FLSA:155510, December 17, 2005

Multiple Vendors

phpMyAdmin 2.7.0-pl1

A Cross-Site Request Forgery vulnerability has been reported because a remote malicious user can perform unauthorized actions as a logged-in
user via a link or IMG tag to 'server_privileges.php.'

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

phpMyAdmin Cross-Site Request Forgery

CVE-2005-4450

Medium
Advisory: SA18113, December 19, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/

OpenPKG:
ftp://ftp.openpkg.org/
release/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/

NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804

BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html

Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Cisco:
http://www.cisco.com/
warp/public/707/
cisco-response-
20051202-
openssl.shtml

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

Medium

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announce-ment, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Cisco Security Notice, Document ID: 68324, December 19, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

libpng:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

NetPBM PNMToPNG Remote Buffer Overflow

CVE-2005-3632

High

Debian Security Advisory DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1 November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Multiple Vendors

util-linux 2.8-2.13;
Andries Brouwer util-linux 2.11 d, f, h, i, k, l, n, u, 2.10 s

A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges.

Updates available at:
http://www.kernel.
org/pub/linux/utils/
util-linux/testing
/util-linux-2.
12r-pre1.tar.gz

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/util-linux/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-15.xml

Mandriva:
http://www.mandriva
.com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/util-linux/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101960-1

SGI:
http://www.sgi.com/
support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Util-Linux UMount Remounting Filesystem Elevated Privileges

CVE-2005-2876

Medium

Security Focus, Bugtraq ID: 14816, September 12, 2005

Slackware Security Advisory, SSA:2005-255-02, September 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Ubuntu Security Notice, USN-184-1, September 19, 2005

Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005

Debian Security Advisory, DSA 823-1, September 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005

Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101960, October 10, 2005

SGI Security Advisor, 20051003-01-U, October 26, 2005

Fedora Legacy Update Advisory, FLSA:168326, December 17, 2005

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

Webmin:
http://prdownloads.
sourceforge.net/
webadmin

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-01.xml

http://security.gentoo.
org/glsa/glsa-
200512-02.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-880.html

An exploit has been published.

Perl 'miniserv.pl' script Format String

CVE-2005-3912
CVE-2005-3962

Low

Security Focus, Bugtraq ID: 15629, November 29, 2005

Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005

Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005

Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005

US-CERT VU#948385

Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

Ubuntu Security Notice, USN-222-2, December 12, 2005

Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.
org/attachment.cgi
?id=1909

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-08.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lesstif1-1/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-15.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-
announce/2005-
March/000287.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-331.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-044.html

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/x/xfree86/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-412.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-473.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-198.html

Apple:
http://docs.info.apple.
com/article.html?
artnum=302163

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.57

Currently we are not aware of any exploits for this vulnerability.

LibXPM Bitmap_unit
Integer Overflow

CVE-2005-0605

 

 

High

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005

RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005

RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005

Fedora Update Notifications,
FEDORA-2005-808 & 815, August 25 & 26, 2005

SCO Security Advisory, SCOSA-2005.57, December 14, 2005

Openswan

Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets.

Upgrades available at:
http://www.openswan.
org/download/opens
wan-2.4.2.tar.gz

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028&Searchpage=
0&Limit=25&Main=
63678&Search=true
&where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite.

Openswan IKE Message Remote Denials of Service

CVE-2005-3671

Low

CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Fedora Update Notifications,
FEDORA-2005-1092 & 1093, November 21, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Opera Software

Opera Web Browser 8.5, 8.0-8.0 2

A vulnerability has been reported due to insufficient sanitization of user-supplied data passed through a URI, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.opera.com/
download/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-10.xml

There is no exploit code required.

Opera Web Browser Arbitrary Command Execution

CVE-2005-3750

High

Secunia Advisory: SA16907, November 22, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-10, December 18, 2005

PHP Arena

paFileDB Extreme Edition RC1- RC5

An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Arena PAFileDB Extreme Edition SQL Injection

CVE-2005-4329

Medium
Security Focus, Bugtraq ID: 15912, December 16, 2005

PlaySmS

PlaySmS

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'err' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PlaySMS Cross-Site Scripting

CVE-2005-4432

Medium
Security Focus, Bugtraq ID: 15928, December 19, 2005

Static Store

StaticStore 1.189 A

A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

StaticStore Cross-Site Scripting

CVE-2005-4284

Medium Security Focus, Bugtraq ID: 15895, December 15, 2005

Stefan Ritt

ELOG 2.6.0

A remote Denial of Service vulnerability has been reported in 'elogd' due to an error when handling an overly long value sent to the 'cmd' and 'mode' parameters.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ELOG Remote Denial of Service

CVE-2005-4439

Low
Security Tracker Alert ID: 1015379, December 20, 2005

Todd Miller

Sudo prior to 1.6.8p12

A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.

Upgrades available at:
http://www.sudo.ws/
sudo/download.html

Mandriva:
http://www.mandriva.
com/security/
advisories

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Todd Miller Sudo Security Bypass

CVE-2005-4158

Medium

Security Focus, Bugtraq ID: 15394, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:234, December 20, 2005

Web
Glimpse.org

WebGlimpse 2.14.1, 2.0-2.2.2

A Cross-Site Scripting vulnerability has been reported in 'webglimpse.cgi' due to insufficient sanitization of the 'ID' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebGlimpse Cross-Site Scripting

CVE-2005-4328

Medium
Secunia Advisory: SA18076, December 19, 2005

xloadimage

xloadimage 4.1

A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/x/xloadimage/

http://security.debian.
org/pool/updates/
main/x/xli/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-802.html

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com/
support/security/

Gentoo:
http://security.gentoo.
org

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.56

Currently we are not aware of any exploits for this vulnerability.

Xloadimage NIFF Image Buffer Overflow

CVE-2005-3178

High

Debian Security Advisories, DSA 858-1 & 859-1, October 10, 2005

RedHat Security Advisory, RHSA-2005:802-4, October 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005

SUSE Security Summary Report, SUSE-SR:2005:024, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Gentoo Linux Security Advisory, GLSA 200510-26, October 31, 2005

SCO Security Advisory, SCOSA-2005.56, December 14, 2005

 

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

AbleDesign

D-Man 3.x

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'title' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AbleDesign D-Man Cross-Site Scripting

CVE-2005-4435

Medium
Secunia Advisory: SA18074, December 20, 2005

bbBoard

bbBoard v2 2.56

A Cross-Site Scripting vulnerability has been reported to due to insufficient sanitization of the 'keys' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

BBBoard V2 Cross-Site Scripting

CVE-2005-4297

Medium
Security Focus, Bugtraq ID: 15884, December 15, 2005

Box UK

Amaxus CMS 3.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'change' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Amaxus CMS Cross-Site Scripting

CVE-2005-4375

Medium
Secunia Advisory: SA18004, December 19, 2005

Caravel CMS

Caravel CMS 3.0 Beta 1

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'folderviewer_attrs' and 'fileDN' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Caravel CMS Multiple Cross-Site Scripting

CVE-2005-4381

Medium Security Focus, Bugtraq ID: 15939, December 19, 2005

Cisco Systems

Cisco Catalyst Switches

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Multiple Unspecified Cisco Catalyst Switches Remote Denial of Service

CVE-2005-4248

Low
Security Focus, Bugtraq ID: 15864, December 14, 2005

Cisco Systems

Cisco Clean Access (CCA) 3.5-3.5.5, 3.4-3.4.5, 3.3-3.3.9

A vulnerability has been reported due to insufficient authentication of several scripts on the Secure Smart Manager, which could let a remote malicious cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Cisco Clean Access Multiple JSP Pages Insufficient Authentication

CVE-2005-4332

Low
Security Tracker Alert ID: 1015375, December 16, 2005

Cisco Systems

Firewall Services Module (FWSM) 1.x, 2.x, IOS 12.x, IOS R12.x, PIX 4.x, 5.x, 6.x, 7.x,
Cisco SAN-OS 1.x (MDS 9000 Switches), 2.x (MDS 9000 Switches), VPN 3000 Concentrator

A remote Denial of Service vulnerability has been reported due to errors in the processing of IKEv1 Phase 1 protocol exchange messages.

Patch information available at:
http://www.cisco.com/
warp/public/707/
cisco-sa-20051114-
ipsec.shtml

Rev 1.5: Updated Cisco IOS Products table.

Rev 1.6: Updated Additional Details for Cisco IOS section. Updated Cisco IOS section.

Rev 1.7: Updated Cisco IOS Products table and changed the availability date of 12.3(11)T9 to 27-Dec-05.

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Cisco IPSec IKE Traffic Remote Denial of Service

CVE-2005-3669

Low

Cisco Security Advisory, Document ID: 68158, November 14, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.5, November 29, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.6, December 6, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.7, December 15, 2005

Colony

Colony Gov CMS, Enterprise CMS, E-Commerce CMS, Colony 2.75

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Colony Cross-Site Scripting

CVE-2005-4386

Medium Security Focus, Bugtraq ID: 15941, December 19, 2005

contenite

contenite 0.11

A Cross-Site Scripting vulnerability has been reported in 'home.php' due to insufficient sanitization of the 'id' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Contenite Cross-Site Scripting

CVE-2005-4387

Medium Security Focus, Bugtraq ID: 15942, December 19, 2005

CONTENS Software

CONTENS 3.0

A Cross-Site Scripting vulnerability has been reported in 'search.cfm' due to insufficient sanitization of the 'near' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CONTENS Cross-Site Scripting

CVE-2005-4388

Medium Security Focus, Bugtraq ID: 15943, December 19, 2005

contentServ

contentServ 3.1

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

ContentServ SQL Injection

CVE-2005-4390

Medium Security Focus, Bugtraq ID: 15956, December 19, 2005

DC Scripts

DCForum 6.25, 6.22, 6.21, 6.0, 5.0, 4.0, 3.0, 2.0, 1.0

A Cross-Site Scripting vulnerability has been reported in 'dcboard.php' due to insufficient sanitization of the 'page' parameter and in the 'keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

DCForum DCBoard Parameter Cross-Site Scripting

CVE-2005-4311

Medium
Secunia Advisory: SA18093, December 16, 2005

ECTOOLS

Onlineshop 1.0

A Cross-Site Scripting vulnerability has been reported in 'cart.cgi' due to insufficient sanitization of the 'product,' 'category,' and 'uid' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

ECTOOLS Onlineshop Cross-Site Scripting

CVE-2005-4291

Medium
Secunia Advisory: SA18028, December 15, 2005

eDatCat

eDatCat 3.0

A Cross-Site Scripting vulnerability has been reported in 'EDCstore.pl' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

eDatCat Cross-Site Scripting

CVE-2005-4289

Medium
Security Focus, Bugtraq ID: 15889, December 15, 2005

EPiX

EPiX 3.1.2

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

EPiX Cross-Site Scripting

CVE-2005-4394

Medium Security Focus, Bugtraq ID: 15944, December 19, 2005

Esselbach Storyteller CMS System

Esselbach Storyteller CMS System 1.8 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Esselbach Storyteller CMS System Cross-Site Scripting

CVE-2005-4433

Medium
Secunia Advisory: SA18130, December 19,2005

Ethereal Group

Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.

Patch available at:
http://anonsvn.ethereal.
com/viewcvs/viewcvs.py/
trunk/epan/dissectors/
packet-ospf.c?rev=
16507&view=markup

Debian:
http://security.debian.
org/pool/updates/
main/e/ethereal/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

Currently we are not aware of any exploits for this vulnerability.

Ethereal OSPF Protocol Dissection Buffer Overflow

CVE-2005-3651

 

High

iDefense Security Advisory, December 9, 2005

Debian Security Advisory DSA 920-1, December 13, 2005

Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005

ezUpload

ezUpload 2.2

Several vulnerabilities have been reported: a file include vulnerability was reported in 'index.php' due to insufficient verification of the 'mode' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code; and an SQL injection vulnerability was reported in the search module parameters due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

EZUpload Remote File Include & SQL Injection

CVE-2005-4308
CVE-2005-4309

High
Security Focus, Bugtraq ID: 15918 & 15919 December 16, 2005

FarCry

FarCry 3.0

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

FarCry Cross-Site Scripting

CVE-2005-4395

Medium Security Focus, Bugtraq ID: 15946, December 19, 2005

FFmpeg

FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS

A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www1.mplayerhq.hu/
cgi-bin/cvsweb.cgi/
ffmpeg/libavcodec/
utils.c.diff?cvsroot=
FFMpeg&r2=1.162&
r1=1.161&f=u

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/ffmpeg/

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xine-lib/

Currently we are not aware of any exploits for this vulnerability.

FFmpeg Remote Buffer Overflow

CVE-2005-4048

High

Secunia Advisory: SA17892, December 6, 2005

Ubuntu Security Notice, USN-230-1, December 14, 2005

Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005

Ubuntu Security Notice, USN-230-2, December 16, 2005

FLIP

FLIP 0.9.0.1029 & prior

A Cross-Site Scripting vulnerability has been reported in 'text.php' due to insufficient sanitization of the 'name' parameter and in 'forum.php' due to insufficient sanitization of the 'frame' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

FLIP Cross-Site Scripting

CVE-2005-4365

Medium
Secunia Advisory: SA18128, December 19, 2005

Focal
Media.net

Sitenet BBS 2.0

A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization o f the 'cid' parameter and in'netboard.cgi' due to insufficient sanitization of the 'pg,' 'tid,' 'cid,' and 'fid' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

SiteNet BBS Cross-Site Scripting

CVE-2005-4306

Medium
Secunia Advisory: SA18090, December 16, 2005

Hot Banana

Web Content Management Suite 5.3 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.cfm' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hot Banana Web Content Management Suite Cross-Site Scripting

CVE-2005-4364

Medium
Secunia Advisory: SA18126, December 19, 2005

IBM

Websphere Application Server 6.0

Multiple HTML injection vulnerabilities have been reported in WebSphere Application Server sample scripts due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

IBM WebSphere Application Server Sample Scripts Multiple HTML Injection

CVE-2005-4413

Medium Security Tracker Alert ID: 1015360, December 15, 2005

iHTML Merchant

iHTML Merchant 2.0

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'id,' pid,' and 'step' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

IHTML Merchant SQL Injection

CVE-2005-4331

Medium
Security Focus, Bugtraq ID: 15911, December 16, 2005

iHTML Merchant

iHTML Merchant Mall

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'id,' 'store,' and 'step' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

IHTML Merchant Mall SQL Injection

CVE-2005-4330

Medium
Security Focus, Bugtraq ID: 15910, December 16, 2005

IndexCOR

ezDatabase 2.1.2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code or include arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

EZDatabase Multiple Input Validation

CVE-2005-4302
CVE-2005-4303
CVE-2005-4304

Medium
Security Focus, Bugtraq ID: 15908, December 16, 2005

Komodo CMS

Komodo CMS 2.1 & prior

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'page.php' due to insufficient sanitization of the 'page' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Komodo CMS SQL Injection & Cross-Site Scripting

CVE-2005-4362
CVE-2005-4363

Medium
Secunia Advisory: SA18120, December 19, 2005

Kryptronic

ClickCartPro 5.1

A Cross-Site Scripting vulnerability has been reported in 'cp-app.cgi' due to insufficient sanitization of the 'affl' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Kryptronic ClickCartPro Cross-Site Scripting

CVE-2005-4293

Medium
Secunia Advisory: SA17927, December 15, 2005

Libertas Solutions

Libertas ECMS 3.0 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'page_search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Libertas ECMS Cross-Site Scripting

CVE-2005-4399

Medium
Secunia Advisory: SA18117, December 19, 2005

Libremail

Libremail 1.1.0 & prior

A format string vulnerability has been reported in 'pop.c' when processing specially crafted data from a POP server, which could let a remote malicious user execute arbitrary code.

Update available at:
http://libremail.tuxfamily.org/
en/dersources.htm

Currently we are not aware of any exploits for this vulnerability.

Libremail Remote Format String

CVE-2005-4300

High
Security Focus, Bugtraq ID: 15906, December 16, 2005

Liferay

Liferay Portal Enterprise 3.6.1 & prior

A Cross-Site Scripting vulnerability has been reported in 'portal_ent' due to insufficient sanitization of the '_77_struts_action,' 'p_p_mode,' and 'p_p_state' parameters and due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Liferay Portal Enterprise Cross-Site Scripting

CVE-2005-4400

Medium
Secunia Advisory: SA18116, December 19, 2005

Limbo CMS

Limbo CMS 1.0.4 .2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code, SQL code, and include local arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Limbo CMS Multiple Input Validation

CVE-2005-4317
CVE-2005-4318
CVE-2005-4319
CVE-2005-4320

Medium
Security Focus, Bugtraq ID: 15871, December 14, 2005

Lutece

Lutece 1.2.3 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Lutece Cross-Site Scripting

CVE-2005-4401

Medium
Secunia Advisory: SA18114, December 19, 2005

Macromedia

ColdFusion Server MX 7.0, 6.1, 6.0, ColdFusion MX J2EE 6.1, ColdFusion MX Enterprise with JRun 6.1, ColdFusion MX 7.0, 6.1, 6.0

Multiple vulnerabilities have been reported: a vulnerability was reported in the Sandbox Security functionality due to a failure to throw an exception when ColdFusion is running on a JRun 4 cluster member with the Java SecurityManager disabled, which could let a remote malicious user bypass security controls; an input validation vulnerability was reported in the CFMAIL tag when handling the 'Subject' field, which could let a remote malicious user attach arbitrary files; a vulnerability was reported in the Sandbox Security functionality when enforcing the 'CFOBJECT/CreateObject(Java)' setting due to an error, which could let a remote malicious user call restricted methods through an object of a specially crafted class written to the ColdFusion library directory; and a vulnerability was reported because the password hash used to authenticate the ColdFusion Administrator can be obtained by developers.

Update and fix information available at:
http://www.macromedia.com/
devnet/security/security_zone/
mpsb05-12.html

http://www.macromedia.com/
devnet/security/security_zone/
mpsb05-14.html


Currently we are not aware of any exploits for this vulnerability.

Macromedia ColdFusion Multiple Vulnerabilities

CVE-2005-4342
CVE-2005-4343
CVE-2005-4344
CVE-2005-4345

Medium
Macromedia Security Bulletins, MPSB05-12 & MPSB05-14, December 15, 2005

Macromedia

Flash Media Server Professional Edition 2.0,
Flash Media Server Origin Edition 2.0, Flash Media Server Edge Edition 2.0, Flash Media Server Developer Edition 2.0

A Denial of Service vulnerability has been reported due to an error in the Administration Service (FMSAdmin.exe) when handling received data.

Solution available at:
http://www.macromedia.
com/devnet/security/
security_zone/mpsb05-11.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Macromedia Flash Media Server Administration Service Denial of Service

CVE-2005-4216

Low

Security Focus, Bugtraq ID: 15822, December 13, 2005

Macromedia Security Bulletin, MPSB05-11, December 15, 2005

Magnolia

Magnolia 2.1 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter in the search feature, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Magnolia Search Feature Cross-Site Scripting

CVE-2005-4361

Medium
Secunia Advisory: SA18104, December 19, 2005

Mantis

Mantis 1.x

A Cross-Site Scripting vulnerability has been reported in 'view_filters_page.php' due to insufficient sanitization of the 'target_field' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
mantisbt/mantis-
0.19.4.tar.gz

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Mantis Cross-Site Scripting

CVE-2005-4238

Medium

Secunia Advisory: SA18018, December 14, 2005

Security Focus, Bugtraq ID: 15842, December 15, 2005

Marmara
Web

E-commerce

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a remote file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploit scripts have been published.

MarmaraWeb E-Commerce Cross-Site Scripting & File Include

CVE-2005-4287
CVE-2005-4288

High
Security Focus, Bugtraq ID: 15875 & 15877, December 15, 2005

Marwel

Marwel 2.7 & prior

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'show' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Marwel SQL Injection

CVE-2005-4403

Medium
Secunia Advisory: SA18099, December 19, 2005

Mindroute Software AB

damoon

 

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

damoon Cross-Site Scripting

CVE-2005-4391

Medium
Secunia Advisory: SA18118, December 19, 2005

Mindroute Software AB

lemoon 2.0 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

lemoon Cross-Site Scripting

CVE-2005-4398

Medium
Secunia Advisory: SA18119, December 19, 2005

Miraserver

Miraserver 1.0 RC4 & prior

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'page' parameter, in 'newsitem.php' due to insufficient sanitization of the 'id' parameter, and in 'article.php' due to insufficient sanitization of the 'cat' parameter, before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Miraserver SQL Injection

CVE-2005-4408

Medium
Secunia Advisory: SA18110, December 20, 2005

MMBase

MMBase 1.7.4

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

MMBase Cross-Site Scripting

CVE-2005-4409

Medium Security Focus, Bugtraq ID: 15955, December 19, 2005

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available at:
http://lynx.isc.org/
current/lynx2.8.6
dev.15.tar.gz

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-839.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-09.xml

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

OpenPKG:
http://www.openpkg.
org/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.55

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

High

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

Multiple Vendors

University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64

A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.

University of Kansas Lynx:
http://lynx.isc.org/current/
lynx2.8.6dev.14.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200510-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/lynx/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-803.html

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.
org/pool/updates/
main/l/lynx/

http://security.debian.
org/pool/updates/
main/l/lynx-ssl/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lynx/

(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)

SUSE:
ftp://ftp.suse.com
/pub/suse/

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.47

OpenPKG:
http://www.openpkg.
org/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

A Proof of Concept Denial of Service exploit script has been published.

Lynx 'HTrjis()' NNTP Remote Buffer Overflow

CVE-2005-3120

High

Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005

Ubuntu Security Notice, USN-206-1, October 17, 2005

RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005

Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005

Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005

Ubuntu Security Notice, USN-206-2, October 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Slackware Security Advisory, SSA:2005-310-03, November 7, 2005

SCO Security Advisory, SCOSA-2005.47, November 8, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

myEZshop Shopping Cart

myEZshop Shopping Cart

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'Keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'admin.php' due to insufficient sanitization of the 'Groupsld' and 'Itemsld' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

myEZshop Shopping Cart Cross-Site Scripting & SQL Injection
Medium
Secunia Advisory: SA18086, December 20, 2005

NetQuest

NQcontent 3.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'text' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

NQcontent Cross-Site Scripting

CVE-2005-4410

Medium
Secunia Advisory: SA17994, December 20, 2005

NightMedia

The CITY Shop 1.3

A Cross-Site Scripting vulnerability has been reported in 'store.cgi' due to insufficient sanitization of the 'SKey' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

The CITY Shop Cross-Site Scripting

CVE-2005-4283

Medium
Security Focus, Bugtraq ID: 15897, December 15, 2005

ODFaq

ODFaq 2.1.0

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'cat' and 'srcText' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ODFaq SQL Injection

CVE-2005-4359

Medium
Secunia Advisory: SA18121, December 19, 2005

OpenCMS Project

Alkacon OpenCMS 6.0.2

A Cross-Site Scripting vulnerability has been reported in the login page due to insufficient sanitization of the user name field before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://www.opencms.org/
opencms/en/download/
opencms.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Alkacon OpenCMS Cross-Site Scripting

CVE-2005-4294

Medium
Security Tracker Alert ID: 1015365, December 15, 2005

OTRS

OTRS (Open Ticket Request System) 2.0.0-2.0.3, 1.3.2, 1.0 .0

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'login' function due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in the 'AgentTicketPlain' function due to insufficient sanitization of the 'TicketID' and 'ArticleID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of HTML email attachments before displaying, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'index.pl' due to insufficient sanitization of the 'QueueID' and 'Action' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
ftp://ftp.otrs.org/pub/
otrs/otrs-1.3.3-01.tar.gz

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, Proof of Concept exploits have been published.

OTRS SQL Injection & Cross-Site Scripting

CVE-2005-3893
CVE-2005-3894
CVE-2005-3895

Medium

OTRS Security Advisory, OSA-2005-01, November 22, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005


PHP Fusebox

PHP Fusebox 3.0

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Fusebox Cross-Site Scripting Medium Security Focus, Bugtraq ID: 15924, December 19, 2005

phpXplorer

phpXplorer 0.9.12

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'address bar' field before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPXplorer Address Bar Cross-Site Scripting

CVE-2005-4301

Medium
Secunia Advisory: SA18080, December 16, 2005

Plexum

PlexCart X3 3.0

An SQL injection vulnerability has been reported in 'plexcart.pl' due to insufficient sanitization of some parameters (e.g. 's_itemname,' 's_orderby') before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Plexum PlexCart X3 SQL Injection

CVE-2005-4315

Medium
Security Focus, Bugtraq ID: 15900, December 15, 2005

PPCal Shopping Cart

PPCal Shopping Cart 3.3

A Cross-Site Scripting vulnerability has been reported in 'ppcal.cgi' due to insufficient sanitization of the 'user' and 'stop' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

PPCal Shopping Cart Cross-Site Scripting

CVE-2005-4314

Medium
Security Focus, Bugtraq ID: 15892, December 15, 2005

QuickPay
Pro

QuickPayPro 3.1

Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in the 'popupid,' 'so,' 'sb,' 'nr,' subtrackingid,' 'delete,' 'trackingid,' and customerid' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and Cross-Site Scripting vulnerabilities were reported in 'subscribers.tracking.add.php,' 'tickets.add.php,' and 'categories.php' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

QuickPayPro SQL Injection & Cross-Site Scripting

CVE-2005-4243
CVE-2005-4248

Medium
Secunia Advisory: SA17981, December 14, 2005

Random
Mouse

Red Queen 1.02 & prior

A vulnerability has been reported because the full path to the installation is shown when malformed input is used to access certain scripts, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Red Queen Full Path Disclosure

CVE-2005-4405

Medium
Secunia Advisory: SA18072, December 19, 2005

Round Cube Project

Round Cube Webmail 0.1 -20051021

A vulnerability has been reported when an invalid_task parameter is submitted, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Round Cube Webmail Path Disclosure

CVE-2005-4368

Medium Security Focus, Bugtraq ID: 15920, December 17, 2005

ScareCrow

ScareCrow 2.13

Cross-Site Scripting vulnerabilities have been reported in 'forum.cgi' and ' post.cgi' due to insufficient sanitization of the 'forum' parameter and in in 'profile.cgi' due to insufficient sanitization of the 'user' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ScareCrow Multiple Cross-Site Scripting

CVE-2005-4307

Medium
Secunia Advisory: SA18084, December 16, 2005

Scientific Atlanta

Scientific Atlanta DPX2100

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Scientific Atlanta DPX2100 Remote Denial of Service

CVE-2005-4275

Low
Security Focus, Bugtraq ID: 15870, December 14, 2005

SSH Communications

Security Tectia Server 5.0 .0

A vulnerability has been reported when handling host-based authentication due to an error, which could let a remote malicious user bypass security restrictions.

Upgrade available at:
http://www.ssh.com/support/
downloads/tectia-server/
updates-and-packages-5-0.html

Currently we are not aware of any exploits for this vulnerability.

SSH Tectia Server Host Authentication Bypass

CVE-2005-4310

Medium
SSH Communications Security Advisory, December 15, 2005

Sun Microsystems, Inc.

Java JDK 1.5.x, Java JRE 1.3.x, 1.4.x, 1.5.x / 5.x, Java SDK 1.3.x, 1.4.x

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a malicious untrusted applet read/ write local files or execute local applications; three unspecified vulnerabilities were reported with the use of 'reflection' APIs error, which could let a malicious untrusted applet read/write local files or execute local applications; and a vulnerability was reported in the Java Management Extensions (JMX) implementation, which could let a malicious untrusted applet read/ write local files or execute local applications.

Upgrade information available at:
http://sunsolve.sun.com
/searchproxy/document.
do?assetkey=1-26-
102003-1

http://sunsolve.sun.com/
searchproxy/document.
do?assetkey=1-
26-102017-1

http://sunsolve.sun.com/
searchproxy/document.
do?assetkey=1-
26-102050-1

IBM:
http://www-1.ibm.com/
support/docview.wss?
uid=swg21225628

Currently we are not aware of any exploits for these vulnerabilities.

Sun Java Runtime Environment Security Bypass

CVE-2005-3904
CVE-2005-3905
CVE-2005-3906
CVE-2005-3907

Medium

Sun(sm) Alert Notifications
Sun Alert ID: 102003, 102017, & 102050, November 28, 2005

US-CERT VU#974188, VU#355284, VU#931684

IBM Technote, December 16, 2005

 

TML

TML 0.5

Multiple input validation vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code and SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

TML CMS Multiple Input Validation

CVE-2005-4415
CVE-2005-4416

Medium
Security Focus, Bugtraq ID: 15876, December 15, 2005

Westell

Versalink 327W

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Westell Versalink Remote Denial of Service

CVE-2005-4276

Low
Security Focus, Bugtraq ID: 15869, December 14, 2005

WHM
Complete
Solution

WHMComplete
Solution 2.1

A Cross-Site Scripting vulnerability has been reported in 'knowledgebase.php' due to insufficient sanitization of the 'search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

WHMCompleteSolution 2.2 is not affected by this issue. Please contact the vendor to obtain a fix.

There is no exploit code required.

WHMComplete
Solution Cross-Site Scripting

CVE-2005-4235

Medium

Security Focus, Bugtraq ID: 15856, December 14, 2005

Security Focus, Bugtraq ID: 15856, December 20, 2005

Zaygo

HostingCart 2.0, DomainCart 2.0

A Cross-Site Scripting vulnerability has been reported in 'zaygo.cgi' due to insufficient sanitization of the 'root' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required

Zaygo HostingCart & DomainCart Cross-Site Scripting

CVE-2005-4281
CVE-2005-4282

Medium
Security Focus, Bugtraq ID: 15893, December 15, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Mobile Phone Exec's Communications Cloned By Terrorists: According to Canadian news reports, terrorists reportedly have found a way to scam mobile phone companies by exploiting wireless phone vulnerabilities. They cloned the mobile phone of a top mobile phone executive, along with some of his company's customers, and made thousands of dollars worth of international calls. Source: http://www.techweb.com/wire/mobile/175007174;jsessionid=
    0NQ1L1TNB0RIOQSNDBOCKHSCJUMEKJVN
    .
  • Grim Prediction For 2006: Expect More Mobile Security Woes: According to McAfee's AVERT anti-virus lab, mobile phone and PDA users should expect a rising tide of malicious software and attacks in 2006. A"significant rise in the number of global mobile threats" will appear next year as the malware risk continues to increase against cellular and smart phones, as well as PDAs. Source: http://www.techweb.com/wire/mobile/175006618;jsessionid=
    0NQ1L1TNB0RIOQSNDBOCKHSCJUMEKJVN
    .
  • Will Mobile Broadband Kill Wi-Fi? With the approval of the IEEE 802.11e standard for mobile wireless broadband there are many unanswered questions about the future of Wi-Fi. About 90 percent of laptops are now delivered with built-in support for Wi-Fi wireless networks and the technology has been widely adopted both in enterprises and the home. In addition, the number of public Wi-Fi hotspots continues to grow. Source: http://www.mobilepipeline.com/175006860;jsessionid=
    HDPOH23NOWCGSQSNDBCSKH0CJUMEKJVN
    .
  • Gmail goes mobile: Google launches Gmail mobile and Gmail users can now access their account on the move. According to Google, the page will automatically optimize its interface for whatever phone you are using, adjusting it depending on the size of your mobile phone screen. The service also allows users to open attachments such as photos, Microsoft Word documents and PDF files. Source: http://www.theregister.com/2005/12/19/electric_gmail/.

Wireless Vulnerabilities

  • Nothing significant to report.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
December 20, 2005 TmPfw_poc
Yes
Proof of Concept exploit for the Trend Micro PC-cillin Privilege Elevation vulnerability.
December 19, 2005 bug1.xls
bug2.xls
No
Proof of Concept exploit for the Microsoft Excel Unspecified Memory Corruption vulnerability.
December 19, 2005 IIS_Mal_URI_Dos.cpp
No
Proof of Concept exploit for the Microsoft Internet Information Server 5.1 DLL Request Denial of Service vulnerability.
December 18, 2005 checkpoint.txt
N/A
Another methodology for disabling Checkpoint's SecureClient NGX Security Policy.
December 15, 2005 ibm_css.txt
No
Exploit details for the IBM WebSphere Application Server Sample Scripts Multiple HTML Injection vulnerabilities.
December 14, 2005 AppScanQA_Poc.pl
AppScanQA-RemoteCodeExec-PoC.zip
Yes
Exploit for the Watchfire AppScan QA Remote Buffer Overflow vulnerability.
December 14, 2005 limbo_1042_eval_xpl.php
limbo1042_xpl.txt
No
Proof of Concept exploit for the Limbo CMS Multiple Input Validation vulnerabilities.
December 14, 2005 MS05-053.c
Yes
Exploit for the Microsoft Windows EMF File Denial of Service Vulnerability.

[back to top]

Trends
  • US-CERT is aware of malicious software exploiting a vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC).
  • Dasher worm gallops onto the Net: According to security experts, a Windows-targeted worm that drops spying software on vulnerable PCs is spreading across the Internet. The Dasher.B worm exploits a flaw in Microsoft Windows Distributed Transaction Coordinator, or MDTC. Microsoft announced and patched the hole in the component for transaction processing in October. However, initial glitches with the update may have left some users without a properly implemented fix. Source: http://news.com.com/
    Dasher+worm+gallops+onto+the+Net/2100-1002_3-6999114.html?part=rss
    &tag=5999114&subj=news
    .
  • Vendors predict upturn in technology spending: According to research commissioned by Siemens during December, IT and telecoms vendors expected business investment in the UK to rise by 2.85 per cent in 2006, a growth rate that is 40 per cent higher than the government’s expected 2005 figure. Source: http://www.channelweb.co.uk/crn/news/2147751/vendors-predict-upturn.
  • IM Worm On MSN, AOL, ICQ, & Yahoo Plants Rootkit: According to a security firm, a new worm posing as a come-on to a Santa Claus site is traveling across all the major instant messaging networks. When recipients visit the bogus site, they're infected with a file hidden from sight by a rootkit. IMlogic said that the worm, dubbed "M.GiftCom.All," is circulating on the MSN, AOL, ICQ, and Yahoo instant messaging services, is a "Medium" threat. Source: http://www.informationweek.com/news/showArticle.jhtml?articleID=175007154.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
3 Sober-Z Win32 Worm Stable December 2005 A mass-mailing worm that harvests addresses from infected machines, forges the senders email, and utilizes its own mail engine.
4 Mytob-GH Win32 Worm Stable November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5 Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
6 Mytob-BE Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
7 Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
8 Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
9 Mytob-GH Win32 Worm Stable December 2005 This email worm turns off anti-virus and opens infected systems to remote connections. It further harvests email addresses from infected machines, and forges the senders address.
10 Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.

Table updated December 20, 2005

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top