U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-012)

Summary of Security Items from January 5 through January 11, 2006

Original release date: January 12, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources
Aquifer CMS

A vulnerability has been reported in Aquifer CMS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

Aquifer CMS Cross Site Scripting

CVE-2006-0122

2.3 Security Focus, ID: 16162, January 6, 2006

Blue Coat Systems

WinProxy 6.0

Multiple vulnerabilities have been reported in WinProxy that could let remote malicious users cause a Denial of Service.

Blue Coat Systems

There is no exploit code required.

Blue Coat WinProxy Multiple Vulnerabilities

CVE-2005-3187
CVE-2005-3654
CVE-2005-4085

2.3
(CVE-2005-3187)


9
(CVE-2005-3654)

8
(CVE-2005-4085)

Secunia, Advisory: SA18288, January 6, 2006

Microsoft

Excel 95, 97, 2000, 2002

A vulnerability has been reported in Excel that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Excel Arbitrary Code Execution Not available Security Focus, ID: 16181, January 9, 2006

Microsoft

Exchange 5.0 SP2, 5.5 SP4, 2000, Outlook

A buffer overflow vulnerability has been reported in Outlook and Exchange that could let remote malicious users execute arbitrary code.

Microsoft

Currently we are not aware of any exploits for this vulnerability.

Microsoft Outlook & Exchange Arbitrary Code Execution

CVE-2006-0002

7

Microsoft, Security Bulletin MS06-003, January 10, 2006

US-CERT VU#252146

Microsoft

Visual Studio Visual C# 2005 Express Edition

A vulnerability has been reported in Visual Studio that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Visual Studio Arbitrary Code Execution

CVE-2006-0187

4.5 Secunia, Advisory: SA18409, January 11, 2006

Microsoft

Windows 98, 2000 SP4, XP SP2, 2003

A buffer overflow vulnerability has been reported in Windows that could let remote malicious users execute arbitrary code.

Windows

Avaya

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Arbitrary Code Execution

CVE-2006-0010

7

Microsoft, Security Bulletin MS06-002, January 10, 2006

Avaya, Number: ASA-2006-004, January 10, 2006

US-CERT VU#915930

Microsoft

Windows Meta File (WMF) Graphics Rendering Engine

A vulnerability has been reported in Windows Meta File (WMF) Graphics Rendering Engine could let remote malicious users execute arbitrary code.

Microsoft

Avaya

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows WMF Rendering Engine Arbitrary Code Execution

CVE-2005-4560

8

Microsoft, Security Advisory 912840, December 28, 2005

US-CERT VU#181038

Avaya, Number: ASA-2006-001, January 5, 2006

NetSarang

Xlpd 2.1

A vulnerability has been reported in Xlpd that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Xlpd Denial of Service

CVE-2006-0148

2.3 Security Tracker, Alert ID: 1015444, January 6, 2006

PD9 Software

MegaBBS 2.0, 2.1

A vulnerability has been reported in MegaBBS that could let remote malicious users disclose information.

PD9 Software

There is no exploit code required.

MegaBBS Information Disclosure

CVE-2006-0139

2.3 Security Focus, ID: 16168, January 9, 2006
PHP 4.3.10, 4.4.0, and 4.4.1 for Windows

A buffer overflow vulnerability has been reported in PHP, mysql_connect, that could let malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit, phpflaw.obj, has been published.

PHP Arbitrary Code Execution

CVE-2006-0097

7 Security Focus, ID: 16145, January 5, 2006

Rockliffe

MailSite Email Server 6.1.22

A vulnerability has been reported in MailSite that could let remote malicious users disclose information.

Rockliffe

Currently we are not aware of any exploits for this vulnerability.

MailSite Information Disclosure

CVE-2006-0127

1.4 Secunia, Advisory: SA18318, January 5, 2006

Symantec

Norton SystemWorks 2005, 2006

A vulnerability has been reported in Norton SystemWorks that could let local malicious users bypass security restrictions.

Patch reportedly available via LiveUpdate.

Currently we are not aware of any exploits for this vulnerability.

Symantec Norton SystemWorks Security Bypassing

CVE-2006-0166

Not available Secunia, Advisory: SA18402, January 11, 2006
WebWiz Forum 6.34

A vulnerability has been reported in WebWiz Forum that could let remote malicious users conduct Cross-Site Scripting.

WebWiz

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebWiz Forums Cross Site Scripting

CVE-2006-0175

Not available Security Focus, ID: 16196, January 10, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Bogofilter Email Filter

Bogofilter Email Filter 0.96.2, 0.95.2, 0.94.14, 0.94.12, 0.93.5

Several buffer overflow vulnerabilities have been reported: a vulnerability was reported in bogofilter and bogolexer when character set conversion is performed on invalid input sequences, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported in bogofilter and bogolexer when processing input that contains overly long words, which could let a remote malicious user cause a Denial of Service.

Upgrade available

Ubuntu

There is no exploit code required.

Bogofilter Multiple Remote Buffer Overflows

CVE-2005-4591
CVE-2005-4592

9
(CVE-2005-4591)

9
(CVE-2005-4592)

Bogofilter Security Advisories, bogofilter-SA-2005-01 & 02, January 2, 2006

Ubuntu Security Notice, USN-240-1, January 11, 2006

Clam Anti-Virus

ClamAV 0.80 - 0.87.1, 0.75.1, 0.70, 0.68, 0.67, 0.65, 0.60, 0.51-0.54

A buffer overflow vulnerability has been reported when attempting to handle compressed UPX files due to an unspecified boundary error in "libclamav/upx.c, which could let a remote malicious user execute arbitrary code.

ClamAV

Currently we are not aware of any exploits for this vulnerability.

ClamAV UPX File Handling

CVE-2006-0162

Secunia Advisory: SA18379, January 10, 2006

Easy Software Products

CUPS prior to 1.1.21rc1

A vulnerability has been reported in incoming print jobs due to a failure to properly apply ACLs (Access Control List), which could let a remote malicious user bypass ACLs.

Cups

RedHat

Fedora

Ubuntu

Conectiva

There is no exploit code required.

Easy Software Products CUPS Access Control
List Bypass

CVE-2004-2154

Security
Tracker Alert ID: 1014482,
July 14, 2005

RedHat
Security Advisory,
RHSA-2005:
571-06,
July 14, 2005

Fedora Legacy Update Advisory, FLSA:163274, September 14, 2005

Ubuntu Security Notice, USN-185-1, September 20, 2005

Conectiva Linux Announcement, CLSA-2006:1055, January 2, 2006

Ethereal Group

Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8

Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.

Ethereal

Debian

Gentoo

SuSE:

SGI

ALT Linux

Conectiva

FedoraLegacy

Currently we are not aware of any exploits for these vulnerabilities.

3.3 (CVE-2005-0006)

3.3 (CVE-2005-0007)

3.3 (CVE-2005-0008)

3.3 (CVE-2005-0009)

3.3 (CVE-2005-0010)

7
(CVE-2005-0084)

Security Tracker Alert, 1012962, January 21, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

FreeBSD

FreeBSD 6.0 -STABLE, 6.0 -RELEASE

A remote Denial of Service vulnerability has been reported due to an error in the "ipfw" module when handling IP fragments.

FreeBSD

There is no exploit code required; however, exploit details, rt-sa-2005-15.txt, have been published.

FreeBSD IPFW IP Fragment Remote Denial of Service

CVE-2006-0054

FreeBSD Security Advisory, FreeBSD-SA-06:04.ipfw, January 11, 2006

FreeBSD

FreeBSD 4.x
FreeBSD 5.x
FreeBSD 6.x

A vulnerability has been reported in the 'EE' editor when executing a spell check operation due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

FreeBSD

There is no exploit code required.

FreeBSD Insecure Temporary File Creation

CVE-2006-0055

FreeBSD Security Advisory, FreeBSD-SA-06:02.ee, January 11, 2006

GNU

cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6

A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.

Trustix

Mandriva

RedHat

SGI

SCO

Avaya

Conectiva

Ubuntu

Debian

RedHat

SCO

FreeBSD

There is no exploit code required.

CPIO CHMod File Permission Modification

CVE-2005-1111

Bugtraq, 395703,
April 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005

RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

SCO Security Advisory, SCOSA-2005.32, August 18, 2005

Avaya Security Advisory, ASA-2005-191, September 6, 2005

Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005

Ubuntu Security Notice, USN-189-1, September 29, 2005

Debian Security Advisory, DSA 846-1, October 7, 2005

RedHat Security Advisory, RHSA-2005:806-8, November 10, 2005

SCO Security Advisory, SCOSA-2006.2, January 3, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006

GNU

cpio 2.6

A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.

Gentoo

Trustix/

Mandriva

SCO

Avaya

Conectiva

Ubuntu

Debian

SCO

FreeBSD

A Proof of Concept exploit has been published.

CPIO Directory Traversal

CVE-2005-1229

 

Bugtraq,
396429, April 20, 2005

Gentoo Linux Security Advisory, GLSA
200506-16, June 20, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-
0030, June 24, 2005

Mandriva Linux Security Update Advisory, MDKSA2005:
116, July 12, 2005

SCO Security Advisory, SCOSA-2005.32, August 18, 2005

Avaya Security Advisory, ASA-2005-191, September 6, 2005

Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005

Ubuntu Security Notice, USN-189-1, September 29, 2005

Debian Security Advisory, DSA 846-1, October 7, 2005

SCO Security Advisory, SCOSA-2006.2, January 3, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006

GNU

cpio 2.6, 2.5

A Denial of Service vulnerability has been reported due to a buffer overflow when cpio attempts to create an archive containing extremely large files.

Mandriva

Ubuntu

FreeBSD

Currently we are not aware of any exploits for this vulnerability.

CPIO File Size Stack Denial of Service

CVE-2005-4268

Mandriva Linux Security Advisory MDKSA-2005:237, December 23, 2005

Ubuntu Security Notice, USN-234-1, January 02, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006

GNU

Texinfo 4.7

A vulnerability has been reported in 'textindex.c' due to insecure creation of temporary files by the 'sort_offline()' function, which could let a malicious user create/ overwrite arbitrary files.

Gentoo

Mandriva

Ubuntu

SUSE

Trustix

FreeBSD

There is no exploit code required.

GNU Texinfo Insecure Temporary File Creation

CVE-2005-3011

Security Focus, Bugtraq ID: 14854, September 15, 2005

Gentoo Linux Security Advisory, GLSA 200510-04, October 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:175, October 6, 2005

Ubuntu Security Notice, USN-194-1, October 06, 2005

SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

FreeBSD Security Advisory, FreeBSD-SA-06:01.texindex, January 11, 2006

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

IpsecTools

Ubuntu

Gentoo

SUSE

Conectiva

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Currently we are not aware of any exploits for these vulnerabilities.

4.8 (CVE-2005-3191)

7
(CVE-2005-3192)

4.8 (CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

 

Multiple Vendors

Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1

A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.

RedHat

RedHat

RedHat

Ubuntu

KDE

Mandriva

SGI

Gentoo

Fedora

Debian

Trustix

TurboLinux

Conectiva

Mandriva

SCO

Debian

Currently we are not aware of any exploits for this vulnerability.

XPDF Loca Table Verification Remote Denial of Service

CVE-2005-2097

 

RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005

Ubuntu Security Notice, USN-163-1, August 09, 2005

KDE Security Advisory, 20050809-1, August 9, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 2005

Fedora Update Notifications,
FEDORA-2005-729, 730, 732, & 733, August 15 & 17, 2005

Debian Security Advisory, DSA 780-1, August 22, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

Turbolinux Security Advisory, TLSA-2005-88, September 5, 2005

Conectiva Linux Announcement, CLSA-2005:1010, September 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:138-1, September 19, 2005

SCO Security Advisory, SCOSA-2005.42, October 20, 2005

Debian Security Advisory,
DSA-936-1, January 11, 2006

Multiple Vendors

ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2

A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

SuSE

Debian

Gentoo

Mandrake

Fedora

SCO

FedoraLegacy

Proof of Concept exploit has been published.

ht://Dig
Cross-Site
Scripting

CVE-2005-0085

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 680-1, February 14, 2005

Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005

Fedora Update Notification,
FEDORA-2005-367, April 19, 2005

SCO Security Advisory, SCOSA-2005.46, November 2, 2005

Fedora Legacy Update Advisory, FLSA:152907, January 9, 2006

Multiple Vendors

Hylafax 4.2-4.2.3;
Gentoo Linux

Several vulnerabilities have been reported: a vulnerability was reported in 'hfaxd' when compiled with PAM support disabled, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported due to insufficient sanitization of the 'notify' script, which could let a remote malicious user execute arbitrary commands; and a vulnerability was reported in the 'faxrcvd' script due to insufficient sanitization, which could let a remote malicious user execute arbitrary commands.

Hylafax

Gentoo

There is no exploit code required; however, Proof of Concept exploits have been published.

HylaFAX Authentication Bypass & Arbitrary Command Execution

CVE-2005-3538
CVE-2005-3539

7
(CVE-2005-3538)

8
(CVE-2005-3539)

Secunia Advisory: SA18314, January 6, 2006

Gentoo Linux Security Advisory GLSA 200601-03, January 6, 2006

Multiple Vendors

Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6

A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.

Perl

Ubuntu

Gentoo

Debian

TurboLinux

Mandrake

HP

Fedora

Avaya

RedHat

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Perl 'rmtree()' Function Elevated Privileges

CVE-2005-0448

Ubuntu Security Notice, USN-94-1 March 09, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005

Debian Security Advisory, DSA 696-1 , March 22, 2005

Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005

HP Security Bulletin, HPSBUX01208, June 16, 2005

Secunia, Advisory: SA16193, July 25, 2005

Avaya Security Advisory, ASA-2005-196, September 13, 2005

RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Multiple Vendors

NetBSD 2.1, 2.0-2.0.3, 1.6-1.6.2, NetBSD Current
Linux kernel 2.6-2.6.15 -rc3

A vulnerability has been reported because the system clock can be set to an arbitrary value, which could let malicious user bypass security restrictions.

NetBSD

There is no exploit code required.

BSD SecureLevel Time Setting Security Restriction Bypass

CVE-2005-4352

NetBSD Security Advisory, NetBSD-SA2006-002, January 9, 2006

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A remote Denial of Service vulnerability has been reported in the NFSACL protocol when handling when handling XDR data.

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel NFSACL Protocol XDR Data Remote Denial of

CVE-2005-2500

8

Security Focus, 14468, August 3, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.

Linux Kernel

Ubuntu

SUSE

RedHat

Mandriva

RedHat

Mandriva

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel XFRM Array Index Buffer Overflow

CVE-2005-2456

2.3

Security Focus, 14477, August 5, 2005

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 200

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0, SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server for S/390 9.0, Linux Enterprise Server 9; 2.6-2.6.12 .4

A Denial of Service vulnerability has been reported due to a failure to handle malformed compressed files.

Linux Kernel

Ubuntu

SUSE

Trustix

Mandriva

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ZLib Null Pointer Dereference Denial of Service

CVE-2005-2459

3.3

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Todd Miller Sudo 1.6-1.6.8, 1.5.6-1.5.9

A vulnerability has been reported in the 'PYTHONINSPECT' variable, which could let a malicious user bypass security restrictions and obtain elevated privileges.

Todd Miller Sudo

AppleWebSharing Update

Conectiva

Debian

EnGarde

Fedora

FreeBSD

GratiSoft Sudo

Mandriva

OpenPKG

OpenBSD

RedHat

Slackware

SuSE

Trustix

TurboLinux

Ubuntu

Wirex

There is no exploit code required.

Sudo Python Environment Cleaning Security Bypass

CVE-2006-0151

Security Focus, Bugtraq ID: 16184, January 9, 2006

Multiple Vendors

zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3, 0.1-0.1.6 1, 0.0.1-0.0.6

A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.

Debian

FreeBSD

Gentoo

SUS

Ubuntu

Mandriva

OpenBSD

OpenPKG

RedHat

Trustix

Slackware

TurboLinux

Fedora

zsync

Apple

SCO

IPCop

Debian

Trolltech

FedoraLegacy

Gentoo

Debian

Trustix

Sun

Mandriva

Ubuntu

Ubuntu

SCO

Currently we are not aware of any exploits for this vulnerability.

Zlib Compression Library Buffer Overflow

CVE-2005-2096

Debian Security Advisory
DSA 740-1,
July 6, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005

Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005

SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005

Ubuntu Security Notice,
USN-148-1, July 06, 2005

RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005

Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005

Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005

Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005

Fedora Update Notification, FEDORA-2005-565, July 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Security Focus, 14162, July 21, 2005

US-CERT VU#680620

Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005

SCO Security Advisory, SCOSA-2005.33, August 19, 2005

Security Focus, Bugtraq ID: 14162, August 26, 2005

Debian Security Advisory, DSA 797-1, September 1, 2005

Security Focus, Bugtraq ID: 14162, September 12, 2005

Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005

Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005

Debian Security Advisory, DSA 797-2, September 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101989, October 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005

Ubuntu Security Notice, USN-151-3, October 28, 2005

Ubuntu Security Notice, USN-151-4, November 09, 2005

SCO Security Advisory, SCOSA-2006.6, January 10, 2006

Multiple Vendors

zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha

A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.

Zlib

Debian

Ubuntu

OpenBSD

Mandriva

Fedora

Slackware

FreeBSD

SUSE

Gentoo

Gentoo

Trustix

Conectiva

Apple

TurboLinux

SCO

Debian

Trolltech

FedoraLegacy

Debian

Mandriva

Ubuntu

Ubuntu

SCO

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service

CVE-2005-1849

Security Focus, Bugtraq ID 14340, July 21, 2005

Debian Security Advisory DSA 763-1, July 21, 2005

Ubuntu Security Notice, USN-151-1, July 21, 2005

OpenBSD, Release Errata 3.7, July 21, 2005

Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005

Secunia, Advisory: SA16195, July 25, 2005

Slackware Security Advisory, SSA:2005-
203-03
, July 22, 2005

FreeBSD Security Advisory, SA-05:18, July 27, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005

Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005

Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005

Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005

Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005

SCO Security Advisory, SCOSA-2005.33, August 19, 2005

Debian Security Advisory, DSA 797-1, September 1, 2005

Security Focus, Bugtraq ID: 14340, September 12, 2005

Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005

Debian Security Advisory, DSA 797-2, September 29, 2005

Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005

Ubuntu Security Notice, USN-151-3, October 28, 2005

Ubuntu Security Notice, USN-151-4, November 09, 2005

SCO Security Advisory, SCOSA-2006.6, January 10, 2006

Multiple Vendors

KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2;
Gentoo Linux

Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.

Gentoo

Ubuntu

Fedora

Mandriva

Ubuntu

Debian

Debian

Currently we are not aware of any exploits for this vulnerability.

KPdf & KWord Multiple Unspecified Buffer & Integer Overflow

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627

 

Not available

Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006

Ubuntu Security Notice, USN-236-1, January 05, 2006

Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006

Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006

Ubuntu Security Notice, USN-236-2, January 09, 2006

Debian Security Advisory DSA 931-1, January 9, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

 

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.

Ubuntu

Gentoo

Mandrake

RedHat

SGI

SUSE

Trustix

IBM

Fedora

Conectiva

Proofs of Concept exploits have been published.

Perl SuidPerl Multiple Vulnerabilities

CVE-2005-0155
CVE-2005-0156

4.9 (CVE-2005-0155)

2.3 (CVE-2005-0156)

Ubuntu Security Notice, USN-72-1, February 2, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005

RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005

IBM SECURITY ADVISORY, February 28, 2005

Fedora Update Notification,
FEDORA-2005-353, May 2, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Linux Kernel

SUSE

RedHat:

RedHat

Debian

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CVE-2005-1761

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6.8, 2.6.10

A remote Denial of Service vulnerability has been reported in the 'ipt_recent' module when specially crafted packets are sent.

Ubuntu

Mandriva

RedHat

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 'Ipt_recent' Remote Denial of Service

CVE-2005-2872

3.3

Security Focus, Bugtraq ID: 14791, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6.8-2.6.10, 2.4.21

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Ubuntu

Trustix

Fedora

RedHat

Mandriva

RedHat

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service

CVE-2005-2490
CVE-2005-2492

4.9 (CVE-2005-2490)

4.7 (CVE-2005-2492)

Secunia Advisory: SA16747, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .1

A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.

Ubuntu

This issue has been addressed in Linux kernel 2.6.13-rc7.

SUSE

RedHat

RedHat

Mandriva

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPSec Policies Authorization Bypass

CVE-2005-2555

Ubuntu Security Notice, USN-169-1, August 19, 2005

Security Focus, Bugtraq ID 14609, August 19, 2005

Security Focus, Bugtraq ID 14609, August 25, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32

A Denial of Service vulnerability has been reported in 'IP_VS_CONN_FLUSH' due to a NULL pointer dereference.

Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue.

Ubuntu

Mandriva

Debian

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Denial of Service

CVE-2005-3274

Security Focus, Bugtraq ID: 15528, November 22, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

Debian Security Advisory, DSA 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12, 2.4-2.4.31

 

A remote Denial of Service vulnerability has been reported due to a design error in the kernel.

The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue.

Ubuntu

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Remote Denial of Service

CVE-2005-3275

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.13.1

A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.

Linux Kernel

Ubuntu

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel routing_ioctl() Denial of Service

CVE-2005-3044

Security Tracker Alert ID: 1014944, September 21, 2005

Ubuntu Security Notice, USN-187-1, September 25, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_
key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.

Linux Kernel

Fedora

Trustix

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

There is no exploit code required.

Linux Kernel Denial of Service & Information Disclosure

CVE-2005-3119
CVE-2005-3180
CVE-2005-3181

2.3 (CVE-2005-3119)

3.3 (CVE-2005-3180)

2.3 (CVE-2005-3181)

 

Secunia Advisory: SA17114, October 12, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel USB Subsystem Denials of Service

CVE-2005-2873
CVE-2005-3055

2.3 (CVE-2005-2873)

2.3 (CVE-2005-3055)

Secunia Advisory: SA16969, September 27, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux Kernel 2.6-2.6.14

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_
mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.

Ubuntu

Trustix

RedHat

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors Linux Kernel Denials of Service

CVE-2005-3053
CVE-2005-3106
CVE-2005-3107
CVE-2005-3108
CVE-2005-3109
CVE-2005-3110

2.3 (CVE-2005-3053)

2.3 (CVE-2005-3106)

2.3 (CVE-2005-3107)

2.3 (CVE-2005-3108)

2.3 (CVE-2005-3109)

3.3 (CVE-2005-3110)

 

 

 

Ubuntu Security Notice, USN-199-1, October 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39

A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.

Mandriva

Fedora

Conectiva

There is no exploit code required; however, a Proof of Concept exploit has been published.

Linux Kernel Console Keymap Arbitrary Command Injection

CVE-2005-3257

Security Focus, Bugtraq ID: 15122, October 17, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel
2.6-2.6.12 .1

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION
_KEYRING' operation due to an error when attempting to join a key management session.

Linux Kernel

Ubuntu

Trustix

RedHat

Mandriva

Conectiva

There is no exploit code required.

Linux Kernel Management Denials of Service

CVE-2005-2098
CVE-2005-2099

3.3 (CVE-2005-2098)

3.3 (CVE-2005-2099)

Secunia Advisory: SA16355, August 9, 2005

Ubuntu Security Notice, USN-169-1, August 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Network Block Device NBD 2.8-2.8.2, 2.7.5;
Gentoo Linux;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported in the 'nbd-server' when handling specially crafted requests, which could let a remote malicious user execute arbitrary code.

Upgrades available

Debian

Gentoo

Ubuntu

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Network Block Device Server Buffer Overflow

CVE-2005-3534

Security Focus, Bugtraq ID: 16029, December 21, 2005

Debian Security Advisory, DSA 924-1, December 21, 2005

Gentoo Linux Security Advisory, GLSA 200512-14, December 23, 2006

Ubuntu Security Notice, USN-237-1, January 06, 2006

Multiple Vendors

petris 1.0.1

A buffer overflow vulnerability has been reported when handling environment variables when processing highscores, which could let a malicious user execute arbitrary code.

Debian

Currently we are not aware of any exploits for this vulnerability.

Petris Buffer Overflow

CVE-2005-3540

Debian Security Advisory, DSA-929-1, January 9, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; mod_auth_pgsql 2.0.1

A format string vulnerability has been reported in 'mod_auth_pgsql' when logging information, which could let a remote malicious user execute arbitrary code.

mod_auth_pgsql

RedHat

Fedora

Mandriva

Ubuntu

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors mod_auth_pgsql Apache Module Format String

CVE-2005-3656

Not available

RedHat Security Advisory, RHSA-2006:0164-7, January 5, 2006

Fedora Update Notifications,
FEDORA-2005-014 & 015, January 6, 2005

Mandriva Linux Security Advisory, MDKSA-2006:009, January 7, 2006

Ubuntu Security Notice, USN-239-1, January 09, 2006

Multiple Vendors

RedHat Fedora Core3; Linux kernel 2.6.10-2.6.13

 

A vulnerability has been reported because a world writable file is created in 'SYSFS' which could let a malicious user obtain sensitive information.

Linux Kernel

Fedora

Mandriva

Conectiva

There is no exploit code required.

Linux Kernel World Writable SYSFS Information Disclosure

CVE-2005-3179

Security Focus, Bugtraq ID: 15154, October 20, 2005

Fedora Update Notification
FEDORA-2005-1007, October 20, 2005

Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Stefan Frings SMS Server Tools 1.14.8;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha,

A format string vulnerability has been reported in 'logging.c' when attempting to log messages using a formatted print function, which could let a remote malicious user execute arbitrary code.

Debian

Currently we are not aware of any exploits for this vulnerability.

Stefan Frings SMS Server Tools Format String

CVE-2006-0083

Security Focus, Bugtraq ID: 16188, January 9, 2006

Debian Security Advisory, DSA-930-2, January 9, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1

A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.

Ubuntu

SUSE

Mandriva

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ISO File System Remote Denial of Service

CVE-2005-2457

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Trustix Secure Linux 3.0, 2.2,
Trustix Secure Enterprise Linux 2.0; SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server 9;
Linux kernel 2.6-2.6.12 .4

A Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions.

Linux Kernel

Ubuntu

SUSE

Trustix

Mandriva

Mandriva:

SUSE:

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ZLib Invalid Memory Access Denial of Service

CVE-2005-2458

3.3

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.0 4, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.13

A Denial of Service vulnerability has been reported in the '/proc/scsi/sg/devices' file due to a memory leak.

Ubuntu

Mandriva

SUSE

Conectiva

A Proof of Concept exploit has been published.

Linux Kernel SCSI ProcFS Denial of Service

CVE-2005-2800

2.3

Security Focus, Bugtraq ID: 14790, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
IBM HTTP Server 2.0.47.1, 2.0.47, 2.0.42.2, 2.0.42.1, 2.0.42;
Apache 2.0.28-2.0.54, 2.0 a9, 2.0

A remote Denial of Service vulnerability has been reported in 'worker.c' due to a memory leak.

Apache

Ubuntu

IBM

RedHat

There is no exploit code required.

Apache MPM 'Worker.C' Remote Denial of Service

CVE-2005-2970

Security Focus, Bugtraq ID: 15762, December 7, 2005

Ubuntu Security Notice, USN-225-1, December 06, 2005

RedHat Security Advisory, RHSA-2006:0159-8, January 5, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64;
Linux kernel 2.6-2.6.12 .3

An information disclosure vulnerability has been reported in 'SYS_GET_THREAD
_AREA,' which could let a malicious user obtain sensitive information.

Kernel versions 2.6.12.4 and 2.6.13 are not affected by this issue.

Ubuntu

Mandriva

Debian

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Information Disclosure

CVE-2005-3276

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Debian Security Advisory, DSA 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

Webmin

Fedora

OpenPKG

Mandriva

Ubuntu

Gentoo

Gentoo

Mandriva

SUSE

Trustix

Ubuntu

Fedora

RedHat

OpenBSD

OpenBSD

An exploit has been published.

Perl 'miniserv.pl' script Format String

CVE-2005-3912
CVE-2005-3962

9.3
(CVE-2005-3212)

6
(CVE-2005-3962)

Security Focus, Bugtraq ID: 15629, November 29, 2005

Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005

Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005

Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005

US-CERT VU#948385

Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

Ubuntu Security Notice, USN-222-2, December 12, 2005

Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005

Security Focus, Bugtraq ID: 15629, January 4, 2006

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available

Gentoo

Ubuntu

Gentoo

Ubuntu

ALTLinux

Fedora

RedHat

SGI

RedHat

Mandrake

Mandriva

Debian

RedHat

RedHat

RedHat

Apple

Fedora

SCO

SCO

FedoraLegacy

Currently we are not aware of any exploits for this vulnerability.

LibXPM Bitmap_unit
Integer Overflow

CVE-2005-0605

 

 

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005

RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005

RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005

Fedora Update Notifications,
FEDORA-2005-808 & 815, August 25 & 26, 2005

SCO Security Advisory, SCOSA-2005.57, December 14, 2005

SCO Security Advisory, SCOSA-2006.5, January 4, 2006

Fedora Legacy Update Advisory, FLSA:152803, January 10, 2006

NetBSD

NetBSD 2.1, 2.0-2.0.3, 1.6- 1.6.2, NetBSD Current

A vulnerability has been reported in the 'kernfs' file system due to insufficient sanitization, which could let a malicious user obtain sensitive information.

NetBSD

Currently we are not aware of any exploits for this vulnerability.

NetBSD KernFS Memory Disclosure

CVE-2006-0145

NetBSD Security Advisory, 2006-001, January 9, 2006
netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix

Gentoo

Mandriva

Ubuntu

Fedora

SUSE

RedHat

SGI

Conectiva

TurboLinux

Fedora

There is no exploit code required.

netpbm Arbitrary Code Execution

CVE-2005-2471


7

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005

Ubuntu Security Notice, USN-164-1, August 11, 2005

Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005

Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005

Fedora Update Notification,
FEDORA-2005-000, January 5, 2006

OpenBSD

OpenBSD 3.8, 3.7

A vulnerability has been reported in '/dev/fd' due to an unspecified error, which could let a malicious user obtain unauthorized access.

OpenBSD

Currently we are not aware of any exploits for this vulnerability.

OpenBSD DEV/FD Unauthorized File Access

CVE-2006-0098

Security Focus, Bugtraq ID: 16144, January 5, 2006

PHP go-pear.php

PHP go-pear.php0.2.2

A vulnerability has been reported that could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHP PEAR Go-Pear.PHP Arbitrary Remote Code Execution

CVE-2006-0144

Security Focus, Bugtraq ID: 16174, January 9, 2006

PostgreSQL

PostgreSQL 8.1, 8.0-8.0.2, 7.4.3-7.4.9, 7.4, 7.3 -7.3.9

A remote Denial of Service vulnerability has been reported due to a failure to properly handle exceptional conditions.

Postgresql

There is no exploit code required.

PostgreSQL Postmaster Denial of Service

CVE-2006-0105

Security Focus, Bugtraq ID: 16201, January 11, 2006

Qualcomm

Eudora Internet Mail Server for OS X Light 3.2.8, 3.2.4-3.2.6, Mail Server for OS X3.2.4-3.2.8

Denial of service vulnerabilities have been reported when a malformed NTLM authentication request, corrupted incoming Mail X, or malformed temporary mail is submitted.

Patches available

Currently we are not aware of any exploits for this vulnerability.

Qualcomm Eudora Internet Mail Server Denial of Service

CVE-2006-0141

Not available
Secunia Advisory: SA18356, January 9, 2006

Sun Microsystems, Inc.

Solaris 9.0 _x86, 9.0, 8.0 _x86, 8.0

A buffer overflow vulnerability has been reported due to an unspecified error in the uucp(1C) and uustat(1C) utilities, which could let a malicious user execute arbitrary code.

Sun

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris UUSTAT Buffer Overflow

CVE-2004-0780
CVE-2006-0161

5.6
(CVE-2006-0161)
Sun(sm) Alert Notification,
Sun Alert ID: 101933, January 9, 2006

Todd Miller

Sudo 1.x

A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.

Debian

Mandriva

Ubuntu

SUSE

Trustix

Conectiva

An exploit script has been published.

Todd Miller Sudo Local Elevated Privileges

CVE-2005-2959

Debian Security Advisory, DSA 870-1, October 25, 2005

Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005

Ubuntu Security Notice, USN-213-1, October 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15191, November 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

Conectiva Linux Announcement, CLSA-2006:1057, January 2, 2006

Todd Miller

Sudo prior to 1.6.8p12

A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.

Updates available at:
Sudo

Mandriva

Ubuntu

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Todd Miller Sudo Security Bypass

CVE-2005-4158

Security Focus, Bugtraq ID: 15394, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:234, December 20, 2005

Ubuntu Security Notice, USN-235-1, January 05, 2006

University of Washington

UW-imapd imap-2004c1

A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade to version imap-2004g

Trustix

Debian

Gentoo

SUSE

Mandriva

Slackware

Conectiva

RedHat

RedHat

Fedora

Trustix

Currently we are not aware of any exploits for this vulnerability.

UW-imapd Denial of Service and Arbitrary Code Execution

CVE-2005-2933

7

Secunia, Advisory: SA17062, October 5, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005

Debian Security Advisory, DSA 861-1, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005

US-CERT VU#933601

SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005

Slackware Security Advisory, SSA:2005-310-06, November 7, 2005

Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005

RedHat Security Advisory, RHSA-2005:848-6 & 850-5, December 6, 2005

Fedora Update Notifications,
FEDORA-2005-1112 & 1115, December 8, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005

WebFTP for SysCP

WebFTP for SysCP 1.2.6

A file include vulnerability has been reported, which could let a remote malicious user view unauthorized files and execute arbitrary scripts.

No workaround or patch available at time of publishing.

There is no exploit code required.

SysCP WebFTP Module File Include

CVE-2006-0132

Security Focus, Bugtraq ID: 16175, January 9, 2006

Xmame

Xmame 0.102

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'lang' command line option due to a boundary error, which could let a malicious user execute arbitrary code; and a buffer overflow vulnerability was reported when handling the 'lang,' 'ctrlr,' 'pb,' and 'rec' command line options, which could let a malicious user execute arbitrary code.

The vulnerabilities have been fixed in the CVS repositories.

Proof of Concept exploits, xmameOverflow-ruby.txt, have been published.

Xmame Buffer Overflows

CVE-2006-0176

Not available
Secunia Advisory: SA8931, January 11, 2006
Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

427BB

fourtwosevenbb 2.2.1, 2.2

An SQL injection vulnerability has been reported in 'showthread.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, EV0018.txt, has been published.

427BB SQL Injection

CVE-2006-0154

Security Focus, Bugtraq ID: 16169, January 9, 2006

427BB

fourtwosevenbb 2.2.1, 2.2

A vulnerability has been reported due to insufficient validation of user-supplied data, which could let a remote malicious user bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

427BB Authentication Bypass

CVE-2006-0153

Security Focus, Bugtraq ID: 16178, January 9, 2006

ADN Forum

ADN Forum 1.0 b, 1.0

Several input validation vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'fid' parameter and in 'verpag.php' due to insufficient sanitization of the 'pagid' parameter, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'titulo' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0015.txt, have been published.

ADN Forum SQL Injection & Cross-Site Scripting

CVE-2006-0123
CVE-2006-0124

7
(CVE-2006-0123)

2.3
(CVE-2006-0124)

 

Security Tracker Alert ID: 1015445, January 6, 2006

Andromeda

Andromeda 1.9.3 .4

A Cross-Site Scripting vulnerability has been reported in 'andromeda.php' due to insufficient sanitization of the 's' parameter before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Andromeda Cross-Site Scripting

CVE-2006-0142

Secunia Advisory: SA18359, January 9, 2006

Apache Software Foundation

Apache prior to 1.3.35-dev, 2.0.56-dev

A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.

OpenPKG

Trustix

Mandriva

There is no exploit code required.

Apache mod_imap Cross-Site Scripting

CVE-2005-3352

Security Tracker Alert ID: 1015344, December 13, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005

Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006

Apple

AirPort Extreme Firmware 5.5, AirPort Express Firmware 6.1

A remote Denial of Service vulnerability has been reported in the base station when handling certain network packets.

Update available

There is no exploit code required.

Apple AirPort Remote Denial of Service

CVE-2005-3714

Not available Apple Security Advisory, APPLE-SA-2006-01-05, January 5, 2006

Apple

QuickTime Player 7.0-7.0.3

Several vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported when handling 'QTIF' images due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when handling 'TGA' images, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported when handling 'TIFF' images, which could let a remote malicious user execute arbitrary code; a heap-based buffer overflow vulnerability was reported when handling 'GIF' images, which could let a remote malicious user execute arbitrary code; and a heap-based buffer overflow vulnerability was reported when handling certain media files, which could let a remote malicious user execute arbitrary code.

QuickTime

Currently we are not aware of any exploits for these vulnerabilities.

QuickTime Multiple Image/Media File Handling Vulnerabilities

CVE-2005-2340
CVE-2005-3707
CVE-2005-3708
CVE-2005-3709
CVE-2005-3710
CVE-2005-3711
CVE-2005-3713
CVE-2005-4092

8
(CVE-2005-2340)

8
(CVE-2005-3707)

8
(CVE-2005-3708)

9
(CVE-2005-3709)

8
(CVE-2005-3710)

8
(CVE-2005-3711)

8
(CVE-2005-3713)

7
(CVE-2005-4092)

Apple Security Advisory, APPLE-SA-2006-01-10, January 10, 2006

US-CERT VU#629845

US-CERT VU#913449

US-CERT VU#115729

US-CERT VU#150753

US-CERT VU#921193

AppServ Open Project

AppServ Open Project 2.4.5

A vulnerability has been reported due to insufficient verification of the 'appserv_root' parameter in 'appserv/main.php' before used to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, EV0018.txt, has been published.

AppServ File Inclusion

CVE-2006-0125

Secunia Advisory: SA18163, January 5, 2006

CaLogic

CaLogic 1.2.2

An HTML injection vulnerability has been reported in the title field when a new event is added due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CaLogic HTML Injection

CVE-2006-0180

2.3 Secunia Advisory: SA18417, January 11, 2006

Cisco Systems

Cisco CS-MARS 4.1.2, 4.1

A vulnerability has been reported because a default static administrative password is set during installation, which could let a malicious user obtain unauthorized administrative access.

Cisco CS-MARS

There is no exploit code required.

Cisco CS-MARS Default Administrative Password

CVE-2006-0181

7 Cisco Security Advisory, Document ID: 68605, January 11, 2006

Cisco Systems

Cisco IP Phone 7940

A remote Denial of Service vulnerability has been reported when a large amount of TCP SYN packets are submitted to port 80.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, CiscoPhoneDos.pl.txt, has been published.

Cisco IP Phone 7940 Remote Denial of Service

CVE-2006-0179

Not available
Security Focus, Bugtraq ID: 16200, January 10, 2006

Cray

UNICOS 9.0.2 .2

A buffer overflow vulnerability has been reported due to insufficient bounds checking of command line parameters, which could let a malicious user execute arbitrary code with superuser privileges.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Cray UNICOS Buffer Overflow

CVE-2006-0177

 

Not available

Security Focus, Bugtraq ID: 16205, January 10, 2006

Dave Carrigan

auth_ldap 1.6 .0, 1.4 .x, 1.3 .x, 1.2 .x

A format string vulnerability has been reported due to insufficient sanitization of user-supplied input before using in the format-specifier of a formatted printing function, which could let a remote malicious user execute arbitrary code.

Upgrade available

RedHat

Currently we are not aware of any exploits for this vulnerability.

Dave Carrigan Auth_LDAP Remote Format String

CVE-2006-0150

Security Focus, Bugtraq ID: 16177, January 9, 2006

RedHat Security Advisory, RHSA-2006:0179-7, January 10, 2006

Edgewall Software

Trac 0.9.2

An HTML injection vulnerability has been reported in the WikiProcessor Wiki Content due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

Trac

There is no exploit code required.

Trac HTML Injection

CVE-2005-4644

Not available

Security Focus, Bugtraq ID: 16198, January 10, 2006

Ethereal

Ethereal
V0.10.11

Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade available

Fedora

Mandriva

RedHat

SUSE

Avaya

SGI

Conectiva

Debian

FedoraLegacy

Currently we are not aware of any exploits for these vulnerabilities.

3.3
(CVE-2005-2361)

3.3
(CVE-2005-2362)

3.3
(CVE-2005-2363)

3.3
(CVE-2005-2364)

3.3
(CVE-2005-2365)

3.3
(CVE-2005-2366)

8
(CVE-2005-2367)

Secunia, Advisory: SA16225, July 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005

RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

Avaya Security Advisory, ASA-2005-185, August 30, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announce-ment, CLSA-2005:1003, September 13, 2005

Debian Security Advisory, DSA 853-1, October 9, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Ethereal Group

Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.

Patch available

Debian

Gentoo

Mandriva

Fedora

RedHat

Currently we are not aware of any exploits for this vulnerability.

Ethereal OSPF Protocol Dissection Buffer Overflow

CVE-2005-3651

 

iDefense Security Advisory, December 9, 2005

Debian Security Advisory DSA 920-1, December 13, 2005

Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005

Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006

Fedora Update Notification
FEDORA-2005-000, January 5, 2006

RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006

Ethereal Group

Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9

Avaya Converged Communications Server (CCS) 2.x, Avaya S8XXX Media Servers

Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.

Upgrades available

Gentoo

Mandriva

RedHat

Conectiva

SuSE

SGI

Avaya

FedoraLegacy

An exploit script has been published.

Ethereal Multiple Remote Protocol Dissector Vulnerabilities

CVE-2005-1456
CVE-2005-1457
CVE-2005-1458
CVE-2005-1459
CVE-2005-1460
CVE-2005-1461
CVE-2005-1462
CVE-2005-1463
CVE-2005-1464
CVE-2005-1465
CVE-2005-1466
CVE-2005-1467
CVE-2005-1468
CVE-2005-1469
CVE-2005-1470

3.3
(CVE-2005-1456)

3.3
(CVE-2005-1457)

2.3
(CVE-2005-1458)

3.3
(CVE-2005-1459)

3.3
(CVE-2005-1460)

8
(CVE-2005-1461)

7
(CVE-2005-1462)

7
(CVE-2005-1463)

3.3
(CVE-2005-1464)

3.3
(CVE-2005-1465)

3.3
(CVE-2005-1466)

3.3
(CVE-2005-1467)

3.3
(CVE-2005-1468)

3.3
(CVE-2005-1469)

3.3
(CVE-2005-1470)

Ethereal Security Advisory, enpa-sa-00019, May 4, 2005

Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005

RedHat Security Advisory, RHSA-2005:427-05, May 24, 2005

Conectiva Security Advisory, CLSA-2005:963, June 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Avaya Security Advisory, ASA-2005-131, June 13, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Ethereal Group

Ethereal 0.9.1-0.10.13.

A remote Denial of Service vulnerability has been reported in the IRC and GTP dissectors when a malicious user submits a specially crafted packet.

Upgrades available

Mandriva

RedHat

Currently we are not aware of any exploits for this vulnerability.

Ethereal IRC & GTP Dissectors Remote Denial of Service

CVE-2005-4585

Ethereal Security Advisory, enpa-sa-00022, December 27, 2005

Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006

RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006

Ethereal Group

Ethereal 0.10-0.10.8

A buffer overflow vulnerability exists due to a failure to copy network derived data securely into sensitive process buffers, which could let a remote malicious user execute arbitrary code.

Upgrades available

Gentoo

Fedora

Mandrake

RedHat

ALT Linux

Conectiva

Avaya

FedoraLegacy

Exploit scripts have been published.

Ethereal
Buffer Overflow

CVE-2005-0699

Security Focus, 12759, March 8, 2005

Security Focus, 12759, March 14, 2005

Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005

Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005

RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Avaya Security Advisory, ASA-2005-131, June 13, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Ethereal Group

Ethereal 0.9-0.9.16, 0.10-0.10.9

Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported in the Etheric dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability has been reported in the GPRS-LLC dissector if the 'ignore cipher bit' option is enabled; a buffer overflow vulnerability has been reported in the 3GPP2 A11 dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and remote Denial of Service vulnerabilities have been reported in the JXTA and sFLow dissectors.

Upgrades available

Gentoo

Fedora

Mandrake

RedHat

ALT Linux

Conectiva

Debian

Avaya

FedoraLegacy

A Denial of Service Proof of Concept exploit script has been published.

Ethereal Etheric/
GPRS-LLC/IAPP/
JXTA/s
Flow Dissector Vulnerabilities

CVE-2005-0704
CVE-2005-0705

CVE-2005-0739
CVE-2005-0765
CVE-2005-0766

8
(CVE-2005-0704)

3.3
(CVE-2005-0705)

3.3
(CVE-2005-0739)

3.3
(CVE-2005-0765)

3.3
(CVE-2005-0766)

Ethereal Advisory, enpa-sa-00018, March 12, 2005

Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005

Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005

RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Debian Security Advisory, DSA 718-1, April 28, 2005

Avaya Security Advisory, ASA-2005-131, June 13, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

foxrum

foxrum 4.0.4 f

Multiple script injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before including in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0020.txt, have been published.

Foxrum Multiple BBCode Tag Script Injection

CVE-2006-0156

Security Focus, Bugtraq ID: 16172, January 9, 2006

Globalissa

phpChamber

A Cross-Site Scripting vulnerability has been reported in 'search_result.php' due to insufficient sanitization of the 'needle' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required

PHPChamber Cross-Site Scripting

CVE-2006-0152

Secunia Advisory: SA18360, January 9, 2006

IBM

Lotus Notes 6.5-6.5.4, Lotus Domino Enterprise Server 6.5.4, 6.5.2, Lotus Domino 6.5.0-6.5.4

Multiple vulnerabilities have been reported including unspecified potential security issues in 'Agents;' an unspecified boundary error in CD to MIME Conversion, which could lead to a Denial of Service; a stack overflow vulnerability in in Domino for AIX when evaluating a long formula in 'Design,' which could lead to a Denial of Service; a vulnerability due to unspecified errors in the Directory Services that could lead to a Denial of Service when performing LDAP searches; a vulnerability due to an unspecified error in the IMAP server which could lead to a Denial of Service; a vulnerability due to an unspecified error when compact is executed from the client could lead to a Denial of Service; and several vulnerabilities due to unspecified errors when handling corrupted bitmap images or when performing the 'Delete Attachment' action.

Update information

Some of these vulnerabilities do not required an exploit.

IBM Lotus Domino Denial of Service& Unspecified Vulnerabilities

CVE-2006-0117
CVE-2006-0118
CVE-2006-0119
CVE-2006-0120
CVE-2006-0121

2.3
(CVE-2006-0117)

2.3
(CVE-2006-0118)

4.9
(CVE-2006-0119)

2.3
(CVE-2006-0120)

3.3
(CVE-2006-0121)

 

Secunia Advisory: SA18328, January 6, 2006

Idea Development ID Oy

Timecan CMS

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'viewID' parameter and potentially other parameters in various scripts, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Timecan CMS SQL Injection

CVE-2006-0107

Security Focus, Bugtraq ID: 16159, January 6, 2006

iNETstore Corporation

iNETstore Online

A Cross-Site Scripting vulnerability has been reported in 'search.inetstore' due to insufficient sanitization of the 'searchterm' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

iNETstore Ebusiness Software Cross-Site Scripting

CVE-2006-0116

Security Focus, Bugtraq ID: 16156, January 6, 2006

Javier Suarez Sanz

Foro Domus 2.10

A Cross-Site Scripting and SQL injection vulnerability has been reported in 'escribir.php' due to insufficient sanitization of the 'email' parameter, which could let a remote malicious user execute arbitrary HTML and script code or SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0016.txt, have been published.

Foro Domus Cross-Site Scripting & SQL Injection

CVE-2006-0110

Not available
Secunia Advisory: SA18327, January 6, 2006

Joomla

Joomla 1.0-1.0.5

An information disclosure vulnerability has been reported due to a failure to properly secure sensitive and privileged information, which could let a remote malicious user obtain sensitive information.

Contact the vendor for a temporary fix.

There is no exploit code required.

Joomla Vcard Access Information Disclosure

CVE-2006-0114

Security Focus, Bugtraq ID: 16185, January 9, 2006

Modular Merchant

Modular Merchant Shopping Cart Software

A Cross-Site Scripting vulnerability has been reported in 'category.php' due to insufficient sanitization of the 'cat' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Modular Merchant Shopping Cart Cross-Site Scripting

CVE-2006-0109

Secunia Advisory: SA18320, January 6, 2005

Mozilla.org

Netscape 8.0.3.3, 7.2;
Mozilla Firefox 1.5 Beta1, 1.0.6;
Mozilla Browser 1.7.11; Mozilla Thunderbird 1.0.6

 

A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code.

Patches available

RedHat

RedHat

Fedora

Ubuntu

Gentoo

Slackware

Gentoo

Conectiva

Fedora

Debian

TurboLinux

HP

Mandriva

HPSBUX01231 Rev1:
Preliminary Mozilla 1.7.12 available.

Netscape

Debian

Debian

HPSBUX01231 Rrev.2: HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)) is available detailing information on the availability of version 1.7.12.01 of Mozilla for various HP platforms. Users should see the referenced advisory or contact HP for further information.

FedoraLegacy

A Proof of Concept exploit script has been published.

Mozilla/Netscape/ Firefox Browsers Domain Name Buffer Overflow

CVE-2005-2871

Security Focus, Bugtraq ID: 14784, September 10, 2005

RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005

Fedora Update Notifications,
FEDORA-2005-871-184, September 10, 2005

Ubuntu Security Notice, USN-181-1, September 12, 2005

US-CERT VU#573857

Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005

Security Focus, Bugtraq ID: 14784, September 22, 2005

Slackware Security Advisory, SSA:2005-269-01, September 26, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005

Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005

Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005

Debian Security Advisory, DSA 837-1, October 2, 2005

Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005

HP Security Bulletin,
HPSBUX01231, October 3, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005

HP Security Bulletin,
HPSBUX01231 Rev 1, October 12, 2005

Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005

HP Security Bulletin,
HPSBUX01231 Rev 2, November 9, 2005

Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006

Multiple Vendors

Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11; Netscape Browser 8.0.3.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks.

Firefox

Mozilla Browser

RedHat

Ubuntu

Mandriva

Fedora

Slackware

SGI

Conectiva

Gentoo

SUSE

Fedora

Debian

TurboLinux

Mandriva

Ubuntu

Netscape

Debian

Debian

FedoraLegacy

Currently we are not aware of any exploits for these vulnerabilities.

Mozilla Browser / Firefox Multiple Vulnerabilities

CVE-2005-2701
CVE-2005-2702
CVE-2005-2703
CVE-2005-2704
CVE-2005-2705
CVE-2005-2706
CVE-2005-2707

7
(CVE-2005-2701)

8
(CVE-2005-2702)

3.3
(CVE-2005-2703)

3.3
(CVE-2005-2704)

7
(CVE-2005-2705)

4.7
(CVE-2005-2706)

3.3
(CVE-2005-2707)

Mozilla Foundation Security Advisory, 2005-58, September 22, 2005

RedHat Security Advisory, RHSA-2005:789-11, September 22, 2005

Ubuntu Security Notices, USN-186-1 & 186-2, September 23 & 25, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005

Fedora Update Notifications,
FEDORA-2005-926-934, September 26, 2005

Slackware Security Advisory, SSA:2005-269-01, September 26, 2005

SGI Security Advisory, 20050903-02-U, September 28, 2005

Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005

Gentoo Linux Security Advisory [UPDATE], September 29, 2005

SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005

Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005

Debian Security Advisory, DSA 838-1, October 2, 2005

Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005

Ubuntu Security Notice, USN-200-1, October 11, 2005

Security Focus, Bugtraq ID: 14916, October 19, 2005

Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005

Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006

Multiple Vendors

Netscape Browser 8.0.3.3;
Mozilla Firefox 1.0-1.0.6, Mozilla Browser 1.7-1.7.11

A remote Denial of Service vulnerability has been reported when a malicious user creates a Proxy Auto-Config (PAC) script that contains a specially crafted eval() statement.

Firefox

Mozilla Browser

FedoraLegacy

There is no exploit code required.

Multiple Browser Proxy Auto-Config Scripts Remote Denial of Service

CVE-2005-3089

Security Tracker Alert ID: 1014949, September 21, 2005

Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available

RedHat

Mandriva

Gentoo

Trustix

SGI

OpenPKG

SCO

FedoraLegacy

SCO

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

SCO Security Advisory, SCOSA-2006.7, January 10, 2006

Multiple Vendors

MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2;
Gentoo Linux;
Ethereal Group Ethereal 0.10.1-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A vulnerability has been reported in Ethereal, IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service.

Mandriva

Gentoo

SUSE

Conectiva

Fedora

RedHat

Currently we are not aware of any exploits for this vulnerability.

Ethereal Denial of Service

CVE-2005-3313

3.3

Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005

Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Conectiva Security Announce-ment, CLSA-2005:1043, November 8, 2005

Fedora Update Notification
FEDORA-2005-000, January 5, 2006

RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006

Multiple Vendors

PostNuke Development Team PostNuke 0.761; moodle 1.5.3; Mantis 1.0.0RC4, 0.19.4; Cacti 0.8.6 g; ADOdb 4.68, 4.66; Xaraya 1.x

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'server.php' test script, which could let a remote malicious user execute arbitrary SQL code and PHP script code; and a vulnerability was reported in the 'tests/tmssql.php' text script, which could let a remote malicious user call an arbitrary PHP function.

Adodb

Cacti

Moodle

PostNuke

Xaraya: The vendor recommends to restrict web access to the 'xaradodb' directory with a '.htaccess' file.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ADOdb Insecure Test Scripts

CVE-2006-0146
CVE-2006-0147

7
(CVE-2006-0146)

7
(CVE-2006-0147)

Secunia Advisory: SA17418, January 9, 2006

Multiple Vendors

RedHat Fedora Core4, Core3;
Ethereal Group Ethereal 0.10
-0.10.12, 0.9-0.9.16, 0.8.19, 0.8.18

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting).

Upgrades available

Fedora:

RedHat

Mandriva

Avaya

Gentoo

SUSE

SGI

FedoraLegacy

An exploit script has been published.

10
(CVE-2005-3184)

3.3
(CVE-2005-3241)

3.3
(CVE-2005-3242)

7
(CVE-2005-3243)

3.3
(CVE-2005-3244)

3.3
CVE-2005-3245)

3.3
(CVE-2005-3246)

3.3
(CVE-2005-3247)

3.3
(CVE-2005-3248)

6.7
(CVE-2005-3249)

 

Ethereal Security Advisory, enpa-sa-00021, October 19, 2005

Fedora Update Notifications,
FEDORA-2005-1008 & 1011, October 20, 2005

RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005

Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005

Avaya Security Advisory, ASA-2005-227, October 28, 2005

Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005

Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64; Blender 2.40 alpha, 2.39, 2.37 a, 2.37, 2.30-2.35, 2.25 -2.28, 2.0 4

A buffer overflow vulnerability has been reported in 'get_bhead()' when parsing '.blend' files, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu

A Proof of Concept exploit has been published.

Blender Buffer Overflow

CVE-2005-4470

8 Ubuntu Security Notice, USN-238-2, January 06, 2006

Multiple Vendors

University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64

A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.

University of Kansas Lynx

Gentoo

Ubuntu

RedHat

Fedora

Mandriva

Conectiva

Trustix

SGI

Mandriva

Debian

Debian

Ubuntu
(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)

SUSE

Slackware

SCO

OpenPKG

FedoraLegacy

SCO

A Proof of Concept Denial of Service exploit script has been published.

Lynx 'HTrjis()' NNTP Remote Buffer Overflow

CVE-2005-3120

7

Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005

Ubuntu Security Notice, USN-206-1, October 17, 2005

RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005

Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005

Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005

Ubuntu Security Notice, USN-206-2, October 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Slackware Security Advisory, SSA:2005-310-03, November 7, 2005

SCO Security Advisory, SCOSA-2005.47, November 8, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

SCO Security Advisory, SCOSA-2006.7, January 10, 2006

MyPhPim

MyPhPim 01.05

Multiple vulnerabilities have been reported: a file upload vulnerability was reported in the 'addresses.php3' script, which could let a remote malicious user execute arbitrary code; an SQL injection vulnerability was reported in 'calendar.php3' due to insufficient sanitization of the 'cal_id' parameter and in the password field when logging, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the description field when creating a new todo, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

MyPHPim Multiple Vulnerabilities

CVE-2006-0167
CVE-2006-0168
CVE-2006-0169

Not available Secunia Advisory: SA18399, January 11, 2006

Navboard

Navboard V17beta2, V16

A vulnerability has been reported due to insufficient sanitization of input received via certain BBcode tags, which could let a remote malicious user execute arbitrary JavaScript code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0019.txt, have been published.

NavBoard BBcode Script Insertion

CVE-2006-0140

 

Security Focus, Bugtraq ID: 16165, January 7, 2006

OnePlug Solutions

OnePlug CMS

SQL injection vulnerabilities have been reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

OnePlug CMS SQL Injection

CVE-2006-0115

Secunia Advisory: SA18325, January 6, 2006

OpenSSH

OpenSSH 4.1, 4.0, p1

Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials.

OpenBSD

Fedora

Trustix

Slackware

Fedora

RedHat

Mandriva

Ubuntu

Conectiva

HP

There is no exploit code required.

OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials

CVE-2005-2797
CVE-2005-2798

3.3
(CVE-2005-2797)

3.3
(CVE-2005-2798)

Secunia Advisory: SA16686, September 2, 2005

Fedora Update Notification,
FEDORA-2005-858, September 7, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005

Slackware Security Advisory, SSA:2005-251-03, September 9, 2005

Fedora Update Notification,
FEDORA-2005-860, September 12, 2005

RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005

Ubuntu Security Notice, USN-209-1, October 17, 2005

Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005

Security Focus, Bugtraq ID: 14729, January 10, 2006

Orjinweb E-commerce

Orjinweb E-commerce

A file include vulnerability has been reported in 'index.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, orjinweb.txt, has been published.

Orjinweb Remote File Include

CVE-2006-0171

Not available

Security Focus, Bugtraq ID: 16199, January 10, 2006

PHP-Nuke

PHP-Nuke EV 7.7

An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of the 'query' variable before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPNuke EV Search Module SQL Injection

CVE-2006-0163

Security Focus, Bugtraq ID: 16186, January 9, 2006

PHP-Nuke

PHP-Nuke Pool Module, News Module

An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPNuke Multiple Modules HTML Injection

CVE-2006-0185

Security Focus, Bugtraq ID: 16192, January 10, 2006

Ralph Capper

TinyPHPForum 3.6

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of input passed to the URL of a link when posting a message, which could let a remote malicious user execute arbitrary JavaScript; a vulnerability was reported in the 'users' directory because user credentials are stored insecurely, which could let a remote malicious user obtain sensitive information; and a Directory Traversal vulnerability was reported in 'profile.php' due to insufficient sanitization of the 'uname' parameter when viewing a profile, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0014.txt, have been published.

TinyPHPForum Information Disclosure & Cross-Site Scripting

CVE-2006-0102
CVE-2006-0103
CVE-2006-0104

2.3
(CVE-2006-0102)

2.3
(CVE-2006-0103)

2.3
(CVE-2006-0104)

 

 

Security Tracker Alert ID: 1015436, January 5, 2005

Reamday Enterprises

Magic News Plus 1.0.3

A vulnerability has been reported due to insufficient verification of user-supplied input, which could let a remote malicious user change the administrator password.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploit scripts, MagicNewsPlus-pw-change.pl and cijfer-mnxpl.pl.txt, have been published.

Magic News Plus Administrator Password Change

CVE-2006-0157

Security Focus, Bugtraq ID: 16182, January 9, 2006

Research In Motion

Blackberry Enterprise Server for Novell Groupwise 4.0, SP1 & SP2, Enterprise Server for Exchange 4.0, SP1 & SP2, Enterprise Server for Domino 4.0, SP1 & SP2

A remote Denial of Service vulnerability has been reported when handling a malformed PNG attachment.

Update available

Currently we are not aware of any exploits for this vulnerability.

Blackberry Enterprise Server Attachment Service PNG Attachment Remote Denial of Service

CVE-2005-2344

2.3

Secunia Advisory: SA18393,

US-CERT, VU#646976

TheWeb
Forum

TheWebForum 1.2.1

Several input validation vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'username' parameter in 'login.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the'register.php' script, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0017.txt, have been published.

TheWebForum SQL Injection & Cross-Site Scripting

CVE-2006-0134
CVE-2006-0135

2.3
(CVE-2006-0134)

7
(CVE-2006-0135)

New eVuln Advisory, January 6, 2006

Venom Board

Venom Board 1.22

SQL injection vulnerabilities have been reported due to insufficient sanitization of the '$parent,' '$root,' and '$topic_id' variables before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, EV0021.txt, has been published.

Venom Board Post.PHP3 Multiple SQL Injection

CVE-2006-0160

eVuln Advisory, January 9, 2006

VMWare, Inc.

VMWare ESX Server 2.5.2, 2.5, 2.1-2.1.2, 2.0.1 build 6403, 2.0.1, 2.0 build 5257, 2.0

A vulnerability has been reported in the VMware Management Interface due to an unspecified error, which could let a remote malicious user execute arbitrary code.

Patches available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

VMware ESX Server Management Interface Remote Arbitrary Code Execution

CVE-2005-4583

Security Tracker Alert ID: 1015422, December 29, 2005

Gentoo Linux Security Advisory, GLSA 200601-04, January 7, 2006

Xoops

Xoops Pool Module

An HTML injection vulnerability has been reported in the IMG tag due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Xoops Pool Module HTML Injection
Not available
Security Focus, Bugtraq ID: 16189, January 9, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.

  • Blackberry Enterprise Server Attachment Service PNG Attachment Remote Denial of Service: A remote Denial of Service vulnerability has been reported when handling malformed PNG attachments.
  • British Parliament members demand Wi-Fi access: Wireless Internet access should be installed in parts of the Houses of Parliament to give its members access to information on the move. According to a report by the U.K. House of Commons Administration Committee, they are calling for secure wireless access after it found that some new members of Parliament struggled to work before they were given office space.
  • Wireless Spending To Exceed Wireline In 2006: Study: According to a study by market research firm, In-Stat, enterprises will spend more for wireless voice service than on wireline in 2006. In addition, the study found that wireless data service will start growing quickly, with an average growth rate of 18 percent a year through 2009.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.

  • Security flaws on the rise, questions remain: The number of publicly reported vulnerabilities jumped in 2005. This number was boosted by easy-to-find bugs in Web applications. A survey of four major vulnerability databases found that the number of flaws counted by each in the past five years differed significantly. However, three of the four databases exhibited a relative plateau in the number of flaws publicly disclosed in 2002 through 2004. And, every database saw a significant increase in their count of the flaws disclosed in 2005. Recent numbers produced by the U.S. Computer Emergency Readiness Team (US-CERT) revealed some of the problems with refined vulnerability sources. Managed by the CERT Coordination Center, the US-CERT's security bulletins outline security issues but are updated each week. In a year end list published last week, the US-CERT announced that 5,198 vulnerabilities had been reported in 2005.
  • Your IM Buddy, Or A Hacker? It's Getting Harder To Tell: Instant-messaging security vendors FaceTime Communications Inc. and IMlogic Inc. reported that malware delivered over instant-message clients skyrocketed in recent months. There has been more than a 20-fold increase in the number of reported IM worm and virus variants since 2004.
  • Popular certifications don't ensure security: According to a survey from the SANS Institute, many popular information technology security certifications don't improve holders' ability to ensure computer systems' security, according to a new survey from the SANS Institute, a training and education organization for security professionals.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Mytob-GH Win32 Worm Stable November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
3 Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
4 Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
5 Sober-Z Win32 Worm Stable December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
6 Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
7 Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
8 Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
9 Mytob-BE Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data.
10 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.

Table updated January 11, 2006

[back to top]

 

 

 

Last updated

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources
Aquifer CMS

A vulnerability has been reported in Aquifer CMS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

Aquifer CMS Cross Site Scripting

CVE-2006-0122

2.3 Security Focus, ID: 16162, January 6, 2006

Blue Coat Systems

WinProxy 6.0

Multiple vulnerabilities have been reported in WinProxy that could let remote malicious users cause a Denial of Service.

Blue Coat Systems

There is no exploit code required.

Blue Coat WinProxy Multiple Vulnerabilities

CVE-2005-3187
CVE-2005-3654
CVE-2005-4085

2.3
(CVE-2005-3187)


9
(CVE-2005-3654)

8
(CVE-2005-4085)

Secunia, Advisory: SA18288, January 6, 2006

Microsoft

Excel 95, 97, 2000, 2002

A vulnerability has been reported in Excel that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Excel Arbitrary Code Execution Not available Security Focus, ID: 16181, January 9, 2006

Microsoft

Exchange 5.0 SP2, 5.5 SP4, 2000, Outlook

A buffer overflow vulnerability has been reported in Outlook and Exchange that could let remote malicious users execute arbitrary code.

Microsoft

Currently we are not aware of any exploits for this vulnerability.

Microsoft Outlook & Exchange Arbitrary Code Execution

CVE-2006-0002

7

Microsoft, Security Bulletin MS06-003, January 10, 2006

US-CERT VU#252146

Microsoft

Visual Studio Visual C# 2005 Express Edition

A vulnerability has been reported in Visual Studio that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Visual Studio Arbitrary Code Execution

CVE-2006-0187

4.5 Secunia, Advisory: SA18409, January 11, 2006

Microsoft

Windows 98, 2000 SP4, XP SP2, 2003

A buffer overflow vulnerability has been reported in Windows that could let remote malicious users execute arbitrary code.

Windows

Avaya

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Arbitrary Code Execution

CVE-2006-0010

7

Microsoft, Security Bulletin MS06-002, January 10, 2006

Avaya, Number: ASA-2006-004, January 10, 2006

US-CERT VU#915930

Microsoft

Windows Meta File (WMF) Graphics Rendering Engine

A vulnerability has been reported in Windows Meta File (WMF) Graphics Rendering Engine could let remote malicious users execute arbitrary code.

Microsoft

Avaya

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows WMF Rendering Engine Arbitrary Code Execution

CVE-2005-4560

8

Microsoft, Security Advisory 912840, December 28, 2005

US-CERT VU#181038

Avaya, Number: ASA-2006-001, January 5, 2006

NetSarang

Xlpd 2.1

A vulnerability has been reported in Xlpd that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Xlpd Denial of Service

CVE-2006-0148

2.3 Security Tracker, Alert ID: 1015444, January 6, 2006

PD9 Software

MegaBBS 2.0, 2.1

A vulnerability has been reported in MegaBBS that could let remote malicious users disclose information.

PD9 Software

There is no exploit code required.

MegaBBS Information Disclosure

CVE-2006-0139

2.3 Security Focus, ID: 16168, January 9, 2006
PHP 4.3.10, 4.4.0, and 4.4.1 for Windows

A buffer overflow vulnerability has been reported in PHP, mysql_connect, that could let malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit, phpflaw.obj, has been published.

PHP Arbitrary Code Execution

CVE-2006-0097

7 Security Focus, ID: 16145, January 5, 2006

Rockliffe

MailSite Email Server 6.1.22

A vulnerability has been reported in MailSite that could let remote malicious users disclose information.

Rockliffe

Currently we are not aware of any exploits for this vulnerability.

MailSite Information Disclosure

CVE-2006-0127

1.4 Secunia, Advisory: SA18318, January 5, 2006

Symantec

Norton SystemWorks 2005, 2006

A vulnerability has been reported in Norton SystemWorks that could let local malicious users bypass security restrictions.

Patch reportedly available via LiveUpdate.

Currently we are not aware of any exploits for this vulnerability.

Symantec Norton SystemWorks Security Bypassing

CVE-2006-0166

Not available Secunia, Advisory: SA18402, January 11, 2006
WebWiz Forum 6.34

A vulnerability has been reported in WebWiz Forum that could let remote malicious users conduct Cross-Site Scripting.

WebWiz

There is no exploit code required; however, a Proof of Concept exploit has been published.

WebWiz Forums Cross Site Scripting

CVE-2006-0175

Not available Security Focus, ID: 16196, January 10, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Bogofilter Email Filter

Bogofilter Email Filter 0.96.2, 0.95.2, 0.94.14, 0.94.12, 0.93.5

Several buffer overflow vulnerabilities have been reported: a vulnerability was reported in bogofilter and bogolexer when character set conversion is performed on invalid input sequences, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported in bogofilter and bogolexer when processing input that contains overly long words, which could let a remote malicious user cause a Denial of Service.

Upgrade available

Ubuntu

There is no exploit code required.

Bogofilter Multiple Remote Buffer Overflows

CVE-2005-4591
CVE-2005-4592

9
(CVE-2005-4591)

9
(CVE-2005-4592)

Bogofilter Security Advisories, bogofilter-SA-2005-01 & 02, January 2, 2006

Ubuntu Security Notice, USN-240-1, January 11, 2006

Clam Anti-Virus

ClamAV 0.80 - 0.87.1, 0.75.1, 0.70, 0.68, 0.67, 0.65, 0.60, 0.51-0.54

A buffer overflow vulnerability has been reported when attempting to handle compressed UPX files due to an unspecified boundary error in "libclamav/upx.c, which could let a remote malicious user execute arbitrary code.

ClamAV

Currently we are not aware of any exploits for this vulnerability.

ClamAV UPX File Handling

CVE-2006-0162

Secunia Advisory: SA18379, January 10, 2006

Easy Software Products

CUPS prior to 1.1.21rc1

A vulnerability has been reported in incoming print jobs due to a failure to properly apply ACLs (Access Control List), which could let a remote malicious user bypass ACLs.

Cups

RedHat

Fedora

Ubuntu

Conectiva

There is no exploit code required.

Easy Software Products CUPS Access Control
List Bypass

CVE-2004-2154

Security
Tracker Alert ID: 1014482,
July 14, 2005

RedHat
Security Advisory,
RHSA-2005:
571-06,
July 14, 2005

Fedora Legacy Update Advisory, FLSA:163274, September 14, 2005

Ubuntu Security Notice, USN-185-1, September 20, 2005

Conectiva Linux Announcement, CLSA-2006:1055, January 2, 2006

Ethereal Group

Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8

Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.

Ethereal

Debian

Gentoo

SuSE:

SGI

ALT Linux

Conectiva

FedoraLegacy

Currently we are not aware of any exploits for these vulnerabilities.

3.3 (CVE-2005-0006)

3.3 (CVE-2005-0007)

3.3 (CVE-2005-0008)

3.3 (CVE-2005-0009)

3.3 (CVE-2005-0010)

7
(CVE-2005-0084)

Security Tracker Alert, 1012962, January 21, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

FreeBSD

FreeBSD 6.0 -STABLE, 6.0 -RELEASE

A remote Denial of Service vulnerability has been reported due to an error in the "ipfw" module when handling IP fragments.

FreeBSD

There is no exploit code required; however, exploit details, rt-sa-2005-15.txt, have been published.

FreeBSD IPFW IP Fragment Remote Denial of Service

CVE-2006-0054

FreeBSD Security Advisory, FreeBSD-SA-06:04.ipfw, January 11, 2006

FreeBSD

FreeBSD 4.x
FreeBSD 5.x
FreeBSD 6.x

A vulnerability has been reported in the 'EE' editor when executing a spell check operation due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

FreeBSD

There is no exploit code required.

FreeBSD Insecure Temporary File Creation

CVE-2006-0055

FreeBSD Security Advisory, FreeBSD-SA-06:02.ee, January 11, 2006

GNU

cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6

A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.

Trustix

Mandriva

RedHat

SGI

SCO

Avaya

Conectiva

Ubuntu

Debian

RedHat

SCO

FreeBSD

There is no exploit code required.

CPIO CHMod File Permission Modification

CVE-2005-1111

Bugtraq, 395703,
April 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005

RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

SCO Security Advisory, SCOSA-2005.32, August 18, 2005

Avaya Security Advisory, ASA-2005-191, September 6, 2005

Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005

Ubuntu Security Notice, USN-189-1, September 29, 2005

Debian Security Advisory, DSA 846-1, October 7, 2005

RedHat Security Advisory, RHSA-2005:806-8, November 10, 2005

SCO Security Advisory, SCOSA-2006.2, January 3, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006

GNU

cpio 2.6

A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.

Gentoo

Trustix/

Mandriva

SCO

Avaya

Conectiva

Ubuntu

Debian

SCO

FreeBSD

A Proof of Concept exploit has been published.

CPIO Directory Traversal

CVE-2005-1229

 

Bugtraq,
396429, April 20, 2005

Gentoo Linux Security Advisory, GLSA
200506-16, June 20, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-
0030, June 24, 2005

Mandriva Linux Security Update Advisory, MDKSA2005:
116, July 12, 2005

SCO Security Advisory, SCOSA-2005.32, August 18, 2005

Avaya Security Advisory, ASA-2005-191, September 6, 2005

Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005

Ubuntu Security Notice, USN-189-1, September 29, 2005

Debian Security Advisory, DSA 846-1, October 7, 2005

SCO Security Advisory, SCOSA-2006.2, January 3, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006

GNU

cpio 2.6, 2.5

A Denial of Service vulnerability has been reported due to a buffer overflow when cpio attempts to create an archive containing extremely large files.

Mandriva

Ubuntu

FreeBSD

Currently we are not aware of any exploits for this vulnerability.

CPIO File Size Stack Denial of Service

CVE-2005-4268

Mandriva Linux Security Advisory MDKSA-2005:237, December 23, 2005

Ubuntu Security Notice, USN-234-1, January 02, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006

GNU

Texinfo 4.7

A vulnerability has been reported in 'textindex.c' due to insecure creation of temporary files by the 'sort_offline()' function, which could let a malicious user create/ overwrite arbitrary files.

Gentoo

Mandriva

Ubuntu

SUSE

Trustix

FreeBSD

There is no exploit code required.

GNU Texinfo Insecure Temporary File Creation

CVE-2005-3011

Security Focus, Bugtraq ID: 14854, September 15, 2005

Gentoo Linux Security Advisory, GLSA 200510-04, October 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:175, October 6, 2005

Ubuntu Security Notice, USN-194-1, October 06, 2005

SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

FreeBSD Security Advisory, FreeBSD-SA-06:01.texindex, January 11, 2006

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

IpsecTools

Ubuntu

Gentoo

SUSE

Conectiva

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Currently we are not aware of any exploits for these vulnerabilities.

4.8 (CVE-2005-3191)

7
(CVE-2005-3192)

4.8 (CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

 

Multiple Vendors

Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64;
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
KDE 3.4.1, 3.4, 3.3.1, 3.3.2; GNOME GPdf 2.8.3, 2.1

A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files.

RedHat

RedHat

RedHat

Ubuntu

KDE

Mandriva

SGI

Gentoo

Fedora

Debian

Trustix

TurboLinux

Conectiva

Mandriva

SCO

Debian

Currently we are not aware of any exploits for this vulnerability.

XPDF Loca Table Verification Remote Denial of Service

CVE-2005-2097

 

RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005

Ubuntu Security Notice, USN-163-1, August 09, 2005

KDE Security Advisory, 20050809-1, August 9, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005

SGI Security Advisory, 20050802-01-U, August 15, 2005

Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 2005

Fedora Update Notifications,
FEDORA-2005-729, 730, 732, & 733, August 15 & 17, 2005

Debian Security Advisory, DSA 780-1, August 22, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

Turbolinux Security Advisory, TLSA-2005-88, September 5, 2005

Conectiva Linux Announcement, CLSA-2005:1010, September 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:138-1, September 19, 2005

SCO Security Advisory, SCOSA-2005.42, October 20, 2005

Debian Security Advisory,
DSA-936-1, January 11, 2006

Multiple Vendors

ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2

A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

SuSE

Debian

Gentoo

Mandrake

Fedora

SCO

FedoraLegacy

Proof of Concept exploit has been published.

ht://Dig
Cross-Site
Scripting

CVE-2005-0085

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

Debian Security Advisory, DSA 680-1, February 14, 2005

Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005

Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005

Fedora Update Notification,
FEDORA-2005-367, April 19, 2005

SCO Security Advisory, SCOSA-2005.46, November 2, 2005

Fedora Legacy Update Advisory, FLSA:152907, January 9, 2006

Multiple Vendors

Hylafax 4.2-4.2.3;
Gentoo Linux

Several vulnerabilities have been reported: a vulnerability was reported in 'hfaxd' when compiled with PAM support disabled, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported due to insufficient sanitization of the 'notify' script, which could let a remote malicious user execute arbitrary commands; and a vulnerability was reported in the 'faxrcvd' script due to insufficient sanitization, which could let a remote malicious user execute arbitrary commands.

Hylafax

Gentoo

There is no exploit code required; however, Proof of Concept exploits have been published.

HylaFAX Authentication Bypass & Arbitrary Command Execution

CVE-2005-3538
CVE-2005-3539

7
(CVE-2005-3538)

8
(CVE-2005-3539)

Secunia Advisory: SA18314, January 6, 2006

Gentoo Linux Security Advisory GLSA 200601-03, January 6, 2006

Multiple Vendors

Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6

A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.

Perl

Ubuntu

Gentoo

Debian

TurboLinux

Mandrake

HP

Fedora

Avaya

RedHat

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Perl 'rmtree()' Function Elevated Privileges

CVE-2005-0448

Ubuntu Security Notice, USN-94-1 March 09, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005

Debian Security Advisory, DSA 696-1 , March 22, 2005

Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005

HP Security Bulletin, HPSBUX01208, June 16, 2005

Secunia, Advisory: SA16193, July 25, 2005

Avaya Security Advisory, ASA-2005-196, September 13, 2005

RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Multiple Vendors

NetBSD 2.1, 2.0-2.0.3, 1.6-1.6.2, NetBSD Current
Linux kernel 2.6-2.6.15 -rc3

A vulnerability has been reported because the system clock can be set to an arbitrary value, which could let malicious user bypass security restrictions.

NetBSD

There is no exploit code required.

BSD SecureLevel Time Setting Security Restriction Bypass

CVE-2005-4352

NetBSD Security Advisory, NetBSD-SA2006-002, January 9, 2006

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A remote Denial of Service vulnerability has been reported in the NFSACL protocol when handling when handling XDR data.

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel NFSACL Protocol XDR Data Remote Denial of

CVE-2005-2500

8

Security Focus, 14468, August 3, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.

Linux Kernel

Ubuntu

SUSE

RedHat

Mandriva

RedHat

Mandriva

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel XFRM Array Index Buffer Overflow

CVE-2005-2456

2.3

Security Focus, 14477, August 5, 2005

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 200

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0, SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server for S/390 9.0, Linux Enterprise Server 9; 2.6-2.6.12 .4

A Denial of Service vulnerability has been reported due to a failure to handle malformed compressed files.

Linux Kernel

Ubuntu

SUSE

Trustix

Mandriva

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ZLib Null Pointer Dereference Denial of Service

CVE-2005-2459

3.3

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Todd Miller Sudo 1.6-1.6.8, 1.5.6-1.5.9

A vulnerability has been reported in the 'PYTHONINSPECT' variable, which could let a malicious user bypass security restrictions and obtain elevated privileges.

Todd Miller Sudo

AppleWebSharing Update

Conectiva

Debian

EnGarde

Fedora

FreeBSD

GratiSoft Sudo

Mandriva

OpenPKG

OpenBSD

RedHat

Slackware

SuSE

Trustix

TurboLinux

Ubuntu

Wirex

There is no exploit code required.

Sudo Python Environment Cleaning Security Bypass

CVE-2006-0151

Security Focus, Bugtraq ID: 16184, January 9, 2006

Multiple Vendors

zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3, 0.1-0.1.6 1, 0.0.1-0.0.6

A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.

Debian

FreeBSD

Gentoo

SUS

Ubuntu

Mandriva

OpenBSD

OpenPKG

RedHat

Trustix

Slackware

TurboLinux

Fedora

zsync

Apple

SCO

IPCop

Debian

Trolltech

FedoraLegacy

Gentoo

Debian

Trustix

Sun

Mandriva

Ubuntu

Ubuntu

SCO

Currently we are not aware of any exploits for this vulnerability.

Zlib Compression Library Buffer Overflow

CVE-2005-2096

Debian Security Advisory
DSA 740-1,
July 6, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:16, July 6, 2005

Gentoo Linux Security Advisory, GLSA 200507-
05, July 6, 2005

SUSE Security Announcement, SUSE-SA:2005:039,
July 6, 2005

Ubuntu Security Notice,
USN-148-1, July 06, 2005

RedHat Security Advisory, RHSA-2005:569-03,
July 6, 2005

Fedora Update Notifications,
FEDORA-2005-523, 524,
July 7, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:11, July 7, 2005

OpenPKG
Security Advisory, OpenPKG-SA-2005.013,
July 7, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0034, July 8,
2005

Slackware Security
Advisory, SSA:2005-
189-01,
July 11, 2005

Turbolinux Security
Advisory, TLSA-2005-77,
July 11, 2005

Fedora Update Notification, FEDORA-2005-565, July 13, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Security Focus, 14162, July 21, 2005

US-CERT VU#680620

Apple Security Update 2005-007,
APPLE-SA-2005-08-15, August 15, 2005

SCO Security Advisory, SCOSA-2005.33, August 19, 2005

Security Focus, Bugtraq ID: 14162, August 26, 2005

Debian Security Advisory, DSA 797-1, September 1, 2005

Security Focus, Bugtraq ID: 14162, September 12, 2005

Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005

Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005

Debian Security Advisory, DSA 797-2, September 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101989, October 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005

Ubuntu Security Notice, USN-151-3, October 28, 2005

Ubuntu Security Notice, USN-151-4, November 09, 2005

SCO Security Advisory, SCOSA-2006.6, January 10, 2006

Multiple Vendors

zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha

A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.

Zlib

Debian

Ubuntu

OpenBSD

Mandriva

Fedora

Slackware

FreeBSD

SUSE

Gentoo

Gentoo

Trustix

Conectiva

Apple

TurboLinux

SCO

Debian

Trolltech

FedoraLegacy

Debian

Mandriva

Ubuntu

Ubuntu

SCO

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service

CVE-2005-1849

Security Focus, Bugtraq ID 14340, July 21, 2005

Debian Security Advisory DSA 763-1, July 21, 2005

Ubuntu Security Notice, USN-151-1, July 21, 2005

OpenBSD, Release Errata 3.7, July 21, 2005

Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005

Secunia, Advisory: SA16195, July 25, 2005

Slackware Security Advisory, SSA:2005-
203-03
, July 22, 2005

FreeBSD Security Advisory, SA-05:18, July 27, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005

Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005

Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005

Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005

Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005

SCO Security Advisory, SCOSA-2005.33, August 19, 2005

Debian Security Advisory, DSA 797-1, September 1, 2005

Security Focus, Bugtraq ID: 14340, September 12, 2005

Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005

Debian Security Advisory, DSA 797-2, September 29, 2005

Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005

Ubuntu Security Notice, USN-151-3, October 28, 2005

Ubuntu Security Notice, USN-151-4, November 09, 2005

SCO Security Advisory, SCOSA-2006.6, January 10, 2006

Multiple Vendors

KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2;
Gentoo Linux

Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.

Gentoo

Ubuntu

Fedora

Mandriva

Ubuntu

Debian

Debian

Currently we are not aware of any exploits for this vulnerability.

KPdf & KWord Multiple Unspecified Buffer & Integer Overflow

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627

 

Not available

Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006

Ubuntu Security Notice, USN-236-1, January 05, 2006

Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006

Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006

Ubuntu Security Notice, USN-236-2, January 09, 2006

Debian Security Advisory DSA 931-1, January 9, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

 

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.

Ubuntu

Gentoo

Mandrake

RedHat

SGI

SUSE

Trustix

IBM

Fedora

Conectiva

Proofs of Concept exploits have been published.

Perl SuidPerl Multiple Vulnerabilities

CVE-2005-0155
CVE-2005-0156

4.9 (CVE-2005-0155)

2.3 (CVE-2005-0156)

Ubuntu Security Notice, USN-72-1, February 2, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005

RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005

IBM SECURITY ADVISORY, February 28, 2005

Fedora Update Notification,
FEDORA-2005-353, May 2, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Linux Kernel

SUSE

RedHat:

RedHat

Debian

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CVE-2005-1761

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6.8, 2.6.10

A remote Denial of Service vulnerability has been reported in the 'ipt_recent' module when specially crafted packets are sent.

Ubuntu

Mandriva

RedHat

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 'Ipt_recent' Remote Denial of Service

CVE-2005-2872

3.3

Security Focus, Bugtraq ID: 14791, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6.8-2.6.10, 2.4.21

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Ubuntu

Trustix

Fedora

RedHat

Mandriva

RedHat

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service

CVE-2005-2490
CVE-2005-2492

4.9 (CVE-2005-2490)

4.7 (CVE-2005-2492)

Secunia Advisory: SA16747, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .1

A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.

Ubuntu

This issue has been addressed in Linux kernel 2.6.13-rc7.

SUSE

RedHat

RedHat

Mandriva

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPSec Policies Authorization Bypass

CVE-2005-2555

Ubuntu Security Notice, USN-169-1, August 19, 2005

Security Focus, Bugtraq ID 14609, August 19, 2005

Security Focus, Bugtraq ID 14609, August 25, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32

A Denial of Service vulnerability has been reported in 'IP_VS_CONN_FLUSH' due to a NULL pointer dereference.

Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue.

Ubuntu

Mandriva

Debian

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Denial of Service

CVE-2005-3274

Security Focus, Bugtraq ID: 15528, November 22, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

Debian Security Advisory, DSA 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12, 2.4-2.4.31

 

A remote Denial of Service vulnerability has been reported due to a design error in the kernel.

The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue.

Ubuntu

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Remote Denial of Service

CVE-2005-3275

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.13.1

A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.

Linux Kernel

Ubuntu

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel routing_ioctl() Denial of Service

CVE-2005-3044

Security Tracker Alert ID: 1014944, September 21, 2005

Ubuntu Security Notice, USN-187-1, September 25, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_
key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.

Linux Kernel

Fedora

Trustix

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

There is no exploit code required.

Linux Kernel Denial of Service & Information Disclosure

CVE-2005-3119
CVE-2005-3180
CVE-2005-3181

2.3 (CVE-2005-3119)

3.3 (CVE-2005-3180)

2.3 (CVE-2005-3181)

 

Secunia Advisory: SA17114, October 12, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel USB Subsystem Denials of Service

CVE-2005-2873
CVE-2005-3055

2.3 (CVE-2005-2873)

2.3 (CVE-2005-3055)

Secunia Advisory: SA16969, September 27, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux Kernel 2.6-2.6.14

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_
mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.

Ubuntu

Trustix

RedHat

Mandriva

SUSE

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors Linux Kernel Denials of Service

CVE-2005-3053
CVE-2005-3106
CVE-2005-3107
CVE-2005-3108
CVE-2005-3109
CVE-2005-3110

2.3 (CVE-2005-3053)

2.3 (CVE-2005-3106)

2.3 (CVE-2005-3107)

2.3 (CVE-2005-3108)

2.3 (CVE-2005-3109)

3.3 (CVE-2005-3110)

 

 

 

Ubuntu Security Notice, USN-199-1, October 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39

A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.

Mandriva

Fedora

Conectiva

There is no exploit code required; however, a Proof of Concept exploit has been published.

Linux Kernel Console Keymap Arbitrary Command Injection

CVE-2005-3257

Security Focus, Bugtraq ID: 15122, October 17, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Linux kernel
2.6-2.6.12 .1

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION
_KEYRING' operation due to an error when attempting to join a key management session.

Linux Kernel

Ubuntu

Trustix

RedHat

Mandriva

Conectiva

There is no exploit code required.

Linux Kernel Management Denials of Service

CVE-2005-2098
CVE-2005-2099

3.3 (CVE-2005-2098)

3.3 (CVE-2005-2099)

Secunia Advisory: SA16355, August 9, 2005

Ubuntu Security Notice, USN-169-1, August 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Network Block Device NBD 2.8-2.8.2, 2.7.5;
Gentoo Linux;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported in the 'nbd-server' when handling specially crafted requests, which could let a remote malicious user execute arbitrary code.

Upgrades available

Debian

Gentoo

Ubuntu

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Network Block Device Server Buffer Overflow

CVE-2005-3534

Security Focus, Bugtraq ID: 16029, December 21, 2005

Debian Security Advisory, DSA 924-1, December 21, 2005

Gentoo Linux Security Advisory, GLSA 200512-14, December 23, 2006

Ubuntu Security Notice, USN-237-1, January 06, 2006

Multiple Vendors

petris 1.0.1

A buffer overflow vulnerability has been reported when handling environment variables when processing highscores, which could let a malicious user execute arbitrary code.

Debian

Currently we are not aware of any exploits for this vulnerability.

Petris Buffer Overflow

CVE-2005-3540

Debian Security Advisory, DSA-929-1, January 9, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; mod_auth_pgsql 2.0.1

A format string vulnerability has been reported in 'mod_auth_pgsql' when logging information, which could let a remote malicious user execute arbitrary code.

mod_auth_pgsql

RedHat

Fedora

Mandriva

Ubuntu

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors mod_auth_pgsql Apache Module Format String

CVE-2005-3656

Not available

RedHat Security Advisory, RHSA-2006:0164-7, January 5, 2006

Fedora Update Notifications,
FEDORA-2005-014 & 015, January 6, 2005

Mandriva Linux Security Advisory, MDKSA-2006:009, January 7, 2006

Ubuntu Security Notice, USN-239-1, January 09, 2006

Multiple Vendors

RedHat Fedora Core3; Linux kernel 2.6.10-2.6.13

 

A vulnerability has been reported because a world writable file is created in 'SYSFS' which could let a malicious user obtain sensitive information.

Linux Kernel

Fedora

Mandriva

Conectiva

There is no exploit code required.

Linux Kernel World Writable SYSFS Information Disclosure

CVE-2005-3179

Security Focus, Bugtraq ID: 15154, October 20, 2005

Fedora Update Notification
FEDORA-2005-1007, October 20, 2005

Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Stefan Frings SMS Server Tools 1.14.8;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha,

A format string vulnerability has been reported in 'logging.c' when attempting to log messages using a formatted print function, which could let a remote malicious user execute arbitrary code.

Debian

Currently we are not aware of any exploits for this vulnerability.

Stefan Frings SMS Server Tools Format String

CVE-2006-0083

Security Focus, Bugtraq ID: 16188, January 9, 2006

Debian Security Advisory, DSA-930-2, January 9, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1

A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.

Ubuntu

SUSE

Mandriva

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ISO File System Remote Denial of Service

CVE-2005-2457

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Trustix Secure Linux 3.0, 2.2,
Trustix Secure Enterprise Linux 2.0; SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server 9;
Linux kernel 2.6-2.6.12 .4

A Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions.

Linux Kernel

Ubuntu

SUSE

Trustix

Mandriva

Mandriva:

SUSE:

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ZLib Invalid Memory Access Denial of Service

CVE-2005-2458

3.3

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.0 4, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.13

A Denial of Service vulnerability has been reported in the '/proc/scsi/sg/devices' file due to a memory leak.

Ubuntu

Mandriva

SUSE

Conectiva

A Proof of Concept exploit has been published.

Linux Kernel SCSI ProcFS Denial of Service

CVE-2005-2800

2.3

Security Focus, Bugtraq ID: 14790, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
IBM HTTP Server 2.0.47.1, 2.0.47, 2.0.42.2, 2.0.42.1, 2.0.42;
Apache 2.0.28-2.0.54, 2.0 a9, 2.0

A remote Denial of Service vulnerability has been reported in 'worker.c' due to a memory leak.

Apache

Ubuntu

IBM

RedHat

There is no exploit code required.

Apache MPM 'Worker.C' Remote Denial of Service

CVE-2005-2970

Security Focus, Bugtraq ID: 15762, December 7, 2005

Ubuntu Security Notice, USN-225-1, December 06, 2005

RedHat Security Advisory, RHSA-2006:0159-8, January 5, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64;
Linux kernel 2.6-2.6.12 .3

An information disclosure vulnerability has been reported in 'SYS_GET_THREAD
_AREA,' which could let a malicious user obtain sensitive information.

Kernel versions 2.6.12.4 and 2.6.13 are not affected by this issue.

Ubuntu

Mandriva

Debian

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Information Disclosure

CVE-2005-3276

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Debian Security Advisory, DSA 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

Webmin

Fedora

OpenPKG

Mandriva

Ubuntu

Gentoo

Gentoo

Mandriva

SUSE

Trustix

Ubuntu

Fedora

RedHat

OpenBSD

OpenBSD

An exploit has been published.

Perl 'miniserv.pl' script Format String

CVE-2005-3912
CVE-2005-3962

9.3
(CVE-2005-3212)

6
(CVE-2005-3962)

Security Focus, Bugtraq ID: 15629, November 29, 2005

Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005

Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005

Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005

US-CERT VU#948385

Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

Ubuntu Security Notice, USN-222-2, December 12, 2005

Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005

Security Focus, Bugtraq ID: 15629, January 4, 2006

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available

Gentoo

Ubuntu

Gentoo

Ubuntu

ALTLinux

Fedora

RedHat

SGI

RedHat

Mandrake

Mandriva

Debian

RedHat

RedHat

RedHat

Apple

Fedora

SCO

SCO

FedoraLegacy

Currently we are not aware of any exploits for this vulnerability.

LibXPM Bitmap_unit
Integer Overflow

CVE-2005-0605

 

 

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005

RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005

RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005

Fedora Update Notifications,
FEDORA-2005-808 & 815, August 25 & 26, 2005

SCO Security Advisory, SCOSA-2005.57, December 14, 2005

SCO Security Advisory, SCOSA-2006.5, January 4, 2006

Fedora Legacy Update Advisory, FLSA:152803, January 10, 2006

NetBSD

NetBSD 2.1, 2.0-2.0.3, 1.6- 1.6.2, NetBSD Current

A vulnerability has been reported in the 'kernfs' file system due to insufficient sanitization, which could let a malicious user obtain sensitive information.

NetBSD

Currently we are not aware of any exploits for this vulnerability.

NetBSD KernFS Memory Disclosure

CVE-2006-0145

NetBSD Security Advisory, 2006-001, January 9, 2006
netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix

Gentoo

Mandriva

Ubuntu

Fedora

SUSE

RedHat

SGI

Conectiva

TurboLinux

Fedora

There is no exploit code required.

netpbm Arbitrary Code Execution

CVE-2005-2471


7

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005

Ubuntu Security Notice, USN-164-1, August 11, 2005

Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005

Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005

Fedora Update Notification,
FEDORA-2005-000, January 5, 2006

OpenBSD

OpenBSD 3.8, 3.7

A vulnerability has been reported in '/dev/fd' due to an unspecified error, which could let a malicious user obtain unauthorized access.

OpenBSD

Currently we are not aware of any exploits for this vulnerability.

OpenBSD DEV/FD Unauthorized File Access

CVE-2006-0098

Security Focus, Bugtraq ID: 16144, January 5, 2006

PHP go-pear.php

PHP go-pear.php0.2.2

A vulnerability has been reported that could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHP PEAR Go-Pear.PHP Arbitrary Remote Code Execution

CVE-2006-0144

Security Focus, Bugtraq ID: 16174, January 9, 2006

PostgreSQL

PostgreSQL 8.1, 8.0-8.0.2, 7.4.3-7.4.9, 7.4, 7.3 -7.3.9

A remote Denial of Service vulnerability has been reported due to a failure to properly handle exceptional conditions.

Postgresql

There is no exploit code required.

PostgreSQL Postmaster Denial of Service

CVE-2006-0105

Security Focus, Bugtraq ID: 16201, January 11, 2006

Qualcomm

Eudora Internet Mail Server for OS X Light 3.2.8, 3.2.4-3.2.6, Mail Server for OS X3.2.4-3.2.8

Denial of service vulnerabilities have been reported when a malformed NTLM authentication request, corrupted incoming Mail X, or malformed temporary mail is submitted.

Patches available

Currently we are not aware of any exploits for this vulnerability.

Qualcomm Eudora Internet Mail Server Denial of Service

CVE-2006-0141

Not available
Secunia Advisory: SA18356, January 9, 2006

Sun Microsystems, Inc.

Solaris 9.0 _x86, 9.0, 8.0 _x86, 8.0

A buffer overflow vulnerability has been reported due to an unspecified error in the uucp(1C) and uustat(1C) utilities, which could let a malicious user execute arbitrary code.

Sun

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris UUSTAT Buffer Overflow

CVE-2004-0780
CVE-2006-0161

5.6
(CVE-2006-0161)
Sun(sm) Alert Notification,
Sun Alert ID: 101933, January 9, 2006

Todd Miller

Sudo 1.x

A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.

Debian

Mandriva

Ubuntu

SUSE

Trustix

Conectiva

An exploit script has been published.

Todd Miller Sudo Local Elevated Privileges

CVE-2005-2959

Debian Security Advisory, DSA 870-1, October 25, 2005

Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005

Ubuntu Security Notice, USN-213-1, October 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15191, November 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

Conectiva Linux Announcement, CLSA-2006:1057, January 2, 2006

Todd Miller

Sudo prior to 1.6.8p12

A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.

Updates available at:
Sudo

Mandriva

Ubuntu

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Todd Miller Sudo Security Bypass

CVE-2005-4158

Security Focus, Bugtraq ID: 15394, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:234, December 20, 2005

Ubuntu Security Notice, USN-235-1, January 05, 2006

University of Washington

UW-imapd imap-2004c1

A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade to version imap-2004g

Trustix

Debian

Gentoo

SUSE

Mandriva

Slackware

Conectiva

RedHat

RedHat

Fedora

Trustix

Currently we are not aware of any exploits for this vulnerability.

UW-imapd Denial of Service and Arbitrary Code Execution

CVE-2005-2933

7

Secunia, Advisory: SA17062, October 5, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005

Debian Security Advisory, DSA 861-1, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005

US-CERT VU#933601

SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005

Slackware Security Advisory, SSA:2005-310-06, November 7, 2005

Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005

RedHat Security Advisory, RHSA-2005:848-6 & 850-5, December 6, 2005

Fedora Update Notifications,
FEDORA-2005-1112 & 1115, December 8, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005

WebFTP for SysCP

WebFTP for SysCP 1.2.6

A file include vulnerability has been reported, which could let a remote malicious user view unauthorized files and execute arbitrary scripts.

No workaround or patch available at time of publishing.

There is no exploit code required.

SysCP WebFTP Module File Include

CVE-2006-0132

Security Focus, Bugtraq ID: 16175, January 9, 2006

Xmame

Xmame 0.102

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'lang' command line option due to a boundary error, which could let a malicious user execute arbitrary code; and a buffer overflow vulnerability was reported when handling the 'lang,' 'ctrlr,' 'pb,' and 'rec' command line options, which could let a malicious user execute arbitrary code.

The vulnerabilities have been fixed in the CVS repositories.

Proof of Concept exploits, xmameOverflow-ruby.txt, have been published.

Xmame Buffer Overflows

CVE-2006-0176

Not available
Secunia Advisory: SA8931, January 11, 2006
Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

427BB

fourtwosevenbb 2.2.1, 2.2

An SQL injection vulnerability has been reported in 'showthread.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, EV0018.txt, has been published.

427BB SQL Injection

CVE-2006-0154

Security Focus, Bugtraq ID: 16169, January 9, 2006

427BB

fourtwosevenbb 2.2.1, 2.2

A vulnerability has been reported due to insufficient validation of user-supplied data, which could let a remote malicious user bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

427BB Authentication Bypass

CVE-2006-0153

Security Focus, Bugtraq ID: 16178, January 9, 2006

ADN Forum

ADN Forum 1.0 b, 1.0

Several input validation vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'fid' parameter and in 'verpag.php' due to insufficient sanitization of the 'pagid' parameter, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'titulo' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0015.txt, have been published.

ADN Forum SQL Injection & Cross-Site Scripting

CVE-2006-0123
CVE-2006-0124

7
(CVE-2006-0123)

2.3
(CVE-2006-0124)

 

Security Tracker Alert ID: 1015445, January 6, 2006

Andromeda

Andromeda 1.9.3 .4

A Cross-Site Scripting vulnerability has been reported in 'andromeda.php' due to insufficient sanitization of the 's' parameter before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Andromeda Cross-Site Scripting

CVE-2006-0142

Secunia Advisory: SA18359, January 9, 2006

Apache Software Foundation

Apache prior to 1.3.35-dev, 2.0.56-dev

A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.

OpenPKG

Trustix

Mandriva

There is no exploit code required.

Apache mod_imap Cross-Site Scripting

CVE-2005-3352

Security Tracker Alert ID: 1015344, December 13, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005

Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006

Apple

AirPort Extreme Firmware 5.5, AirPort Express Firmware 6.1

A remote Denial of Service vulnerability has been reported in the base station when handling certain network packets.

Update available

There is no exploit code required.

Apple AirPort Remote Denial of Service

CVE-2005-3714

Not available Apple Security Advisory, APPLE-SA-2006-01-05, January 5, 2006

Apple

QuickTime Player 7.0-7.0.3

Several vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported when handling 'QTIF' images due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when handling 'TGA' images, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported when handling 'TIFF' images, which could let a remote malicious user execute arbitrary code; a heap-based buffer overflow vulnerability was reported when handling 'GIF' images, which could let a remote malicious user execute arbitrary code; and a heap-based buffer overflow vulnerability was reported when handling certain media files, which could let a remote malicious user execute arbitrary code.

QuickTime

Currently we are not aware of any exploits for these vulnerabilities.

QuickTime Multiple Image/Media File Handling Vulnerabilities

CVE-2005-2340
CVE-2005-3707
CVE-2005-3708
CVE-2005-3709
CVE-2005-3710
CVE-2005-3711
CVE-2005-3713
CVE-2005-4092

8
(CVE-2005-2340)

8
(CVE-2005-3707)

8
(CVE-2005-3708)

9
(CVE-2005-3709)

8
(CVE-2005-3710)

8
(CVE-2005-3711)

8
(CVE-2005-3713)

7
(CVE-2005-4092)

Apple Security Advisory, APPLE-SA-2006-01-10, January 10, 2006

US-CERT VU#629845

US-CERT VU#913449

US-CERT VU#115729

US-CERT VU#150753

US-CERT VU#921193

AppServ Open Project

AppServ Open Project 2.4.5

A vulnerability has been reported due to insufficient verification of the 'appserv_root' parameter in 'appserv/main.php' before used to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, EV0018.txt, has been published.

AppServ File Inclusion

CVE-2006-0125

Secunia Advisory: SA18163, January 5, 2006

CaLogic

CaLogic 1.2.2

An HTML injection vulnerability has been reported in the title field when a new event is added due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CaLogic HTML Injection

CVE-2006-0180

2.3 Secunia Advisory: SA18417, January 11, 2006

Cisco Systems

Cisco CS-MARS 4.1.2, 4.1

A vulnerability has been reported because a default static administrative password is set during installation, which could let a malicious user obtain unauthorized administrative access.

Cisco CS-MARS

There is no exploit code required.

Cisco CS-MARS Default Administrative Password

CVE-2006-0181

7 Cisco Security Advisory, Document ID: 68605, January 11, 2006

Cisco Systems

Cisco IP Phone 7940

A remote Denial of Service vulnerability has been reported when a large amount of TCP SYN packets are submitted to port 80.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, CiscoPhoneDos.pl.txt, has been published.

Cisco IP Phone 7940 Remote Denial of Service

CVE-2006-0179

Not available
Security Focus, Bugtraq ID: 16200, January 10, 2006

Cray

UNICOS 9.0.2 .2

A buffer overflow vulnerability has been reported due to insufficient bounds checking of command line parameters, which could let a malicious user execute arbitrary code with superuser privileges.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Cray UNICOS Buffer Overflow

CVE-2006-0177

 

Not available

Security Focus, Bugtraq ID: 16205, January 10, 2006

Dave Carrigan

auth_ldap 1.6 .0, 1.4 .x, 1.3 .x, 1.2 .x

A format string vulnerability has been reported due to insufficient sanitization of user-supplied input before using in the format-specifier of a formatted printing function, which could let a remote malicious user execute arbitrary code.

Upgrade available

RedHat

Currently we are not aware of any exploits for this vulnerability.

Dave Carrigan Auth_LDAP Remote Format String

CVE-2006-0150

Security Focus, Bugtraq ID: 16177, January 9, 2006

RedHat Security Advisory, RHSA-2006:0179-7, January 10, 2006

Edgewall Software

Trac 0.9.2

An HTML injection vulnerability has been reported in the WikiProcessor Wiki Content due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

Trac

There is no exploit code required.

Trac HTML Injection

CVE-2005-4644

Not available

Security Focus, Bugtraq ID: 16198, January 10, 2006

Ethereal

Ethereal
V0.10.11

Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code.

Upgrade available

Fedora

Mandriva

RedHat

SUSE

Avaya

SGI

Conectiva

Debian

FedoraLegacy

Currently we are not aware of any exploits for these vulnerabilities.

3.3
(CVE-2005-2361)

3.3
(CVE-2005-2362)

3.3
(CVE-2005-2363)

3.3
(CVE-2005-2364)

3.3
(CVE-2005-2365)

3.3
(CVE-2005-2366)

8
(CVE-2005-2367)

Secunia, Advisory: SA16225, July 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005

RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

Avaya Security Advisory, ASA-2005-185, August 30, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announce-ment, CLSA-2005:1003, September 13, 2005

Debian Security Advisory, DSA 853-1, October 9, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Ethereal Group

Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.

Patch available

Debian

Gentoo

Mandriva

Fedora

RedHat

Currently we are not aware of any exploits for this vulnerability.

Ethereal OSPF Protocol Dissection Buffer Overflow

CVE-2005-3651

 

iDefense Security Advisory, December 9, 2005

Debian Security Advisory DSA 920-1, December 13, 2005

Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005

Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006

Fedora Update Notification
FEDORA-2005-000, January 5, 2006

RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006

Ethereal Group

Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9

Avaya Converged Communications Server (CCS) 2.x, Avaya S8XXX Media Servers

Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.

Upgrades available

Gentoo

Mandriva

RedHat

Conectiva

SuSE

SGI

Avaya

FedoraLegacy

An exploit script has been published.

Ethereal Multiple Remote Protocol Dissector Vulnerabilities

CVE-2005-1456
CVE-2005-1457
CVE-2005-1458
CVE-2005-1459
CVE-2005-1460
CVE-2005-1461
CVE-2005-1462
CVE-2005-1463
CVE-2005-1464
CVE-2005-1465
CVE-2005-1466
CVE-2005-1467
CVE-2005-1468
CVE-2005-1469
CVE-2005-1470

3.3
(CVE-2005-1456)

3.3
(CVE-2005-1457)

2.3
(CVE-2005-1458)

3.3
(CVE-2005-1459)

3.3
(CVE-2005-1460)

8
(CVE-2005-1461)

7
(CVE-2005-1462)

7
(CVE-2005-1463)

3.3
(CVE-2005-1464)

3.3
(CVE-2005-1465)

3.3
(CVE-2005-1466)

3.3
(CVE-2005-1467)

3.3
(CVE-2005-1468)

3.3
(CVE-2005-1469)

3.3
(CVE-2005-1470)

Ethereal Security Advisory, enpa-sa-00019, May 4, 2005

Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005

RedHat Security Advisory, RHSA-2005:427-05, May 24, 2005

Conectiva Security Advisory, CLSA-2005:963, June 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

SGI Security Advisory, 20050503-01-U, June 8, 2005

Avaya Security Advisory, ASA-2005-131, June 13, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Ethereal Group

Ethereal 0.9.1-0.10.13.

A remote Denial of Service vulnerability has been reported in the IRC and GTP dissectors when a malicious user submits a specially crafted packet.

Upgrades available

Mandriva

RedHat

Currently we are not aware of any exploits for this vulnerability.

Ethereal IRC & GTP Dissectors Remote Denial of Service

CVE-2005-4585

Ethereal Security Advisory, enpa-sa-00022, December 27, 2005

Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006

RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006

Ethereal Group

Ethereal 0.10-0.10.8

A buffer overflow vulnerability exists due to a failure to copy network derived data securely into sensitive process buffers, which could let a remote malicious user execute arbitrary code.

Upgrades available

Gentoo

Fedora

Mandrake

RedHat

ALT Linux

Conectiva

Avaya

FedoraLegacy

Exploit scripts have been published.

Ethereal
Buffer Overflow

CVE-2005-0699

Security Focus, 12759, March 8, 2005

Security Focus, 12759, March 14, 2005

Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005

Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005

RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Avaya Security Advisory, ASA-2005-131, June 13, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Ethereal Group

Ethereal 0.9-0.9.16, 0.10-0.10.9

Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported in the Etheric dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability has been reported in the GPRS-LLC dissector if the 'ignore cipher bit' option is enabled; a buffer overflow vulnerability has been reported in the 3GPP2 A11 dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and remote Denial of Service vulnerabilities have been reported in the JXTA and sFLow dissectors.

Upgrades available

Gentoo

Fedora

Mandrake

RedHat

ALT Linux

Conectiva

Debian

Avaya

FedoraLegacy

A Denial of Service Proof of Concept exploit script has been published.

Ethereal Etheric/
GPRS-LLC/IAPP/
JXTA/s
Flow Dissector Vulnerabilities

CVE-2005-0704
CVE-2005-0705

CVE-2005-0739
CVE-2005-0765
CVE-2005-0766

8
(CVE-2005-0704)

3.3
(CVE-2005-0705)

3.3
(CVE-2005-0739)

3.3
(CVE-2005-0765)

3.3
(CVE-2005-0766)

Ethereal Advisory, enpa-sa-00018, March 12, 2005

Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005

Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005

RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Debian Security Advisory, DSA 718-1, April 28, 2005

Avaya Security Advisory, ASA-2005-131, June 13, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

foxrum

foxrum 4.0.4 f

Multiple script injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before including in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0020.txt, have been published.

Foxrum Multiple BBCode Tag Script Injection

CVE-2006-0156

Security Focus, Bugtraq ID: 16172, January 9, 2006

Globalissa

phpChamber

A Cross-Site Scripting vulnerability has been reported in 'search_result.php' due to insufficient sanitization of the 'needle' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required

PHPChamber Cross-Site Scripting

CVE-2006-0152

Secunia Advisory: SA18360, January 9, 2006

IBM

Lotus Notes 6.5-6.5.4, Lotus Domino Enterprise Server 6.5.4, 6.5.2, Lotus Domino 6.5.0-6.5.4

Multiple vulnerabilities have been reported including unspecified potential security issues in 'Agents;' an unspecified boundary error in CD to MIME Conversion, which could lead to a Denial of Service; a stack overflow vulnerability in in Domino for AIX when evaluating a long formula in 'Design,' which could lead to a Denial of Service; a vulnerability due to unspecified errors in the Directory Services that could lead to a Denial of Service when performing LDAP searches; a vulnerability due to an unspecified error in the IMAP server which could lead to a Denial of Service; a vulnerability due to an unspecified error when compact is executed from the client could lead to a Denial of Service; and several vulnerabilities due to unspecified errors when handling corrupted bitmap images or when performing the 'Delete Attachment' action.

Update information

Some of these vulnerabilities do not required an exploit.

IBM Lotus Domino Denial of Service& Unspecified Vulnerabilities

CVE-2006-0117
CVE-2006-0118
CVE-2006-0119
CVE-2006-0120
CVE-2006-0121

2.3
(CVE-2006-0117)

2.3
(CVE-2006-0118)

4.9
(CVE-2006-0119)

2.3
(CVE-2006-0120)

3.3
(CVE-2006-0121)

 

Secunia Advisory: SA18328, January 6, 2006

Idea Development ID Oy

Timecan CMS

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'viewID' parameter and potentially other parameters in various scripts, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Timecan CMS SQL Injection

CVE-2006-0107

Security Focus, Bugtraq ID: 16159, January 6, 2006

iNETstore Corporation

iNETstore Online

A Cross-Site Scripting vulnerability has been reported in 'search.inetstore' due to insufficient sanitization of the 'searchterm' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

iNETstore Ebusiness Software Cross-Site Scripting

CVE-2006-0116

Security Focus, Bugtraq ID: 16156, January 6, 2006

Javier Suarez Sanz

Foro Domus 2.10

A Cross-Site Scripting and SQL injection vulnerability has been reported in 'escribir.php' due to insufficient sanitization of the 'email' parameter, which could let a remote malicious user execute arbitrary HTML and script code or SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0016.txt, have been published.

Foro Domus Cross-Site Scripting & SQL Injection

CVE-2006-0110

Not available
Secunia Advisory: SA18327, January 6, 2006

Joomla

Joomla 1.0-1.0.5

An information disclosure vulnerability has been reported due to a failure to properly secure sensitive and privileged information, which could let a remote malicious user obtain sensitive information.

Contact the vendor for a temporary fix.

There is no exploit code required.

Joomla Vcard Access Information Disclosure

CVE-2006-0114

Security Focus, Bugtraq ID: 16185, January 9, 2006

Modular Merchant

Modular Merchant Shopping Cart Software

A Cross-Site Scripting vulnerability has been reported in 'category.php' due to insufficient sanitization of the 'cat' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Modular Merchant Shopping Cart Cross-Site Scripting

CVE-2006-0109

Secunia Advisory: SA18320, January 6, 2005

Mozilla.org

Netscape 8.0.3.3, 7.2;
Mozilla Firefox 1.5 Beta1, 1.0.6;
Mozilla Browser 1.7.11; Mozilla Thunderbird 1.0.6

 

A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code.

Patches available

RedHat

RedHat

Fedora

Ubuntu

Gentoo

Slackware

Gentoo

Conectiva

Fedora

Debian

TurboLinux

HP

Mandriva

HPSBUX01231 Rev1:
Preliminary Mozilla 1.7.12 available.

Netscape

Debian

Debian

HPSBUX01231 Rrev.2: HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)) is available detailing information on the availability of version 1.7.12.01 of Mozilla for various HP platforms. Users should see the referenced advisory or contact HP for further information.

FedoraLegacy

A Proof of Concept exploit script has been published.

Mozilla/Netscape/ Firefox Browsers Domain Name Buffer Overflow

CVE-2005-2871

Security Focus, Bugtraq ID: 14784, September 10, 2005

RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005

Fedora Update Notifications,
FEDORA-2005-871-184, September 10, 2005

Ubuntu Security Notice, USN-181-1, September 12, 2005

US-CERT VU#573857

Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005

Security Focus, Bugtraq ID: 14784, September 22, 2005

Slackware Security Advisory, SSA:2005-269-01, September 26, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005

Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005

Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005

Debian Security Advisory, DSA 837-1, October 2, 2005

Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005

HP Security Bulletin,
HPSBUX01231, October 3, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005

HP Security Bulletin,
HPSBUX01231 Rev 1, October 12, 2005

Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005

HP Security Bulletin,
HPSBUX01231 Rev 2, November 9, 2005

Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006

Multiple Vendors

Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11; Netscape Browser 8.0.3.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks.

Firefox

Mozilla Browser

RedHat

Ubuntu

Mandriva

Fedora

Slackware

SGI

Conectiva

Gentoo

SUSE

Fedora

Debian

TurboLinux

Mandriva

Ubuntu

Netscape

Debian

Debian

FedoraLegacy

Currently we are not aware of any exploits for these vulnerabilities.

Mozilla Browser / Firefox Multiple Vulnerabilities

CVE-2005-2701
CVE-2005-2702
CVE-2005-2703
CVE-2005-2704
CVE-2005-2705
CVE-2005-2706
CVE-2005-2707

7
(CVE-2005-2701)

8
(CVE-2005-2702)

3.3
(CVE-2005-2703)

3.3
(CVE-2005-2704)

7
(CVE-2005-2705)

4.7
(CVE-2005-2706)

3.3
(CVE-2005-2707)

Mozilla Foundation Security Advisory, 2005-58, September 22, 2005

RedHat Security Advisory, RHSA-2005:789-11, September 22, 2005

Ubuntu Security Notices, USN-186-1 & 186-2, September 23 & 25, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005

Fedora Update Notifications,
FEDORA-2005-926-934, September 26, 2005

Slackware Security Advisory, SSA:2005-269-01, September 26, 2005

SGI Security Advisory, 20050903-02-U, September 28, 2005

Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005

Gentoo Linux Security Advisory [UPDATE], September 29, 2005

SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005

Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005

Debian Security Advisory, DSA 838-1, October 2, 2005

Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005

Ubuntu Security Notice, USN-200-1, October 11, 2005

Security Focus, Bugtraq ID: 14916, October 19, 2005

Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005

Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006

Multiple Vendors

Netscape Browser 8.0.3.3;
Mozilla Firefox 1.0-1.0.6, Mozilla Browser 1.7-1.7.11

A remote Denial of Service vulnerability has been reported when a malicious user creates a Proxy Auto-Config (PAC) script that contains a specially crafted eval() statement.

Firefox

Mozilla Browser

FedoraLegacy

There is no exploit code required.

Multiple Browser Proxy Auto-Config Scripts Remote Denial of Service

CVE-2005-3089

Security Tracker Alert ID: 1014949, September 21, 2005

Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available

RedHat

Mandriva

Gentoo

Trustix

SGI

OpenPKG

SCO

FedoraLegacy

SCO

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

SCO Security Advisory, SCOSA-2006.7, January 10, 2006

Multiple Vendors

MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2;
Gentoo Linux;
Ethereal Group Ethereal 0.10.1-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A vulnerability has been reported in Ethereal, IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service.

Mandriva

Gentoo

SUSE

Conectiva

Fedora

RedHat

Currently we are not aware of any exploits for this vulnerability.

Ethereal Denial of Service

CVE-2005-3313

3.3

Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005

Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Conectiva Security Announce-ment, CLSA-2005:1043, November 8, 2005

Fedora Update Notification
FEDORA-2005-000, January 5, 2006

RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006

Multiple Vendors

PostNuke Development Team PostNuke 0.761; moodle 1.5.3; Mantis 1.0.0RC4, 0.19.4; Cacti 0.8.6 g; ADOdb 4.68, 4.66; Xaraya 1.x

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'server.php' test script, which could let a remote malicious user execute arbitrary SQL code and PHP script code; and a vulnerability was reported in the 'tests/tmssql.php' text script, which could let a remote malicious user call an arbitrary PHP function.

Adodb

Cacti

Moodle

PostNuke

Xaraya: The vendor recommends to restrict web access to the 'xaradodb' directory with a '.htaccess' file.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ADOdb Insecure Test Scripts

CVE-2006-0146
CVE-2006-0147

7
(CVE-2006-0146)

7
(CVE-2006-0147)

Secunia Advisory: SA17418, January 9, 2006

Multiple Vendors

RedHat Fedora Core4, Core3;
Ethereal Group Ethereal 0.10
-0.10.12, 0.9-0.9.16, 0.8.19, 0.8.18

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting).

Upgrades available

Fedora:

RedHat

Mandriva

Avaya

Gentoo

SUSE

SGI

FedoraLegacy

An exploit script has been published.

10
(CVE-2005-3184)

3.3
(CVE-2005-3241)

3.3
(CVE-2005-3242)

7
(CVE-2005-3243)

3.3
(CVE-2005-3244)

3.3
CVE-2005-3245)

3.3
(CVE-2005-3246)

3.3
(CVE-2005-3247)

3.3
(CVE-2005-3248)

6.7
(CVE-2005-3249)

 

Ethereal Security Advisory, enpa-sa-00021, October 19, 2005

Fedora Update Notifications,
FEDORA-2005-1008 & 1011, October 20, 2005

RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005

Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005

Avaya Security Advisory, ASA-2005-227, October 28, 2005

Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005

Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64; Blender 2.40 alpha, 2.39, 2.37 a, 2.37, 2.30-2.35, 2.25 -2.28, 2.0 4

A buffer overflow vulnerability has been reported in 'get_bhead()' when parsing '.blend' files, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu

A Proof of Concept exploit has been published.

Blender Buffer Overflow

CVE-2005-4470

8 Ubuntu Security Notice, USN-238-2, January 06, 2006

Multiple Vendors

University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64

A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.

University of Kansas Lynx

Gentoo

Ubuntu

RedHat

Fedora

Mandriva

Conectiva

Trustix

SGI

Mandriva

Debian

Debian

Ubuntu
(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)

SUSE

Slackware

SCO

OpenPKG

FedoraLegacy

SCO

A Proof of Concept Denial of Service exploit script has been published.

Lynx 'HTrjis()' NNTP Remote Buffer Overflow

CVE-2005-3120

7

Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005

Ubuntu Security Notice, USN-206-1, October 17, 2005

RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005

Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005

Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005

Ubuntu Security Notice, USN-206-2, October 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Slackware Security Advisory, SSA:2005-310-03, November 7, 2005

SCO Security Advisory, SCOSA-2005.47, November 8, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

SCO Security Advisory, SCOSA-2006.7, January 10, 2006

MyPhPim

MyPhPim 01.05

Multiple vulnerabilities have been reported: a file upload vulnerability was reported in the 'addresses.php3' script, which could let a remote malicious user execute arbitrary code; an SQL injection vulnerability was reported in 'calendar.php3' due to insufficient sanitization of the 'cal_id' parameter and in the password field when logging, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the description field when creating a new todo, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

MyPHPim Multiple Vulnerabilities

CVE-2006-0167
CVE-2006-0168
CVE-2006-0169

Not available Secunia Advisory: SA18399, January 11, 2006

Navboard

Navboard V17beta2, V16

A vulnerability has been reported due to insufficient sanitization of input received via certain BBcode tags, which could let a remote malicious user execute arbitrary JavaScript code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0019.txt, have been published.

NavBoard BBcode Script Insertion

CVE-2006-0140

 

Security Focus, Bugtraq ID: 16165, January 7, 2006

OnePlug Solutions

OnePlug CMS

SQL injection vulnerabilities have been reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

OnePlug CMS SQL Injection

CVE-2006-0115

Secunia Advisory: SA18325, January 6, 2006

OpenSSH

OpenSSH 4.1, 4.0, p1

Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials.

OpenBSD

Fedora

Trustix

Slackware

Fedora

RedHat

Mandriva

Ubuntu

Conectiva

HP

There is no exploit code required.

OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials

CVE-2005-2797
CVE-2005-2798

3.3
(CVE-2005-2797)

3.3
(CVE-2005-2798)

Secunia Advisory: SA16686, September 2, 2005

Fedora Update Notification,
FEDORA-2005-858, September 7, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005

Slackware Security Advisory, SSA:2005-251-03, September 9, 2005

Fedora Update Notification,
FEDORA-2005-860, September 12, 2005

RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005

Ubuntu Security Notice, USN-209-1, October 17, 2005

Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005

Security Focus, Bugtraq ID: 14729, January 10, 2006

Orjinweb E-commerce

Orjinweb E-commerce

A file include vulnerability has been reported in 'index.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, orjinweb.txt, has been published.

Orjinweb Remote File Include

CVE-2006-0171

Not available

Security Focus, Bugtraq ID: 16199, January 10, 2006

PHP-Nuke

PHP-Nuke EV 7.7

An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of the 'query' variable before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPNuke EV Search Module SQL Injection

CVE-2006-0163

Security Focus, Bugtraq ID: 16186, January 9, 2006

PHP-Nuke

PHP-Nuke Pool Module, News Module

An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPNuke Multiple Modules HTML Injection

CVE-2006-0185

Security Focus, Bugtraq ID: 16192, January 10, 2006

Ralph Capper

TinyPHPForum 3.6

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of input passed to the URL of a link when posting a message, which could let a remote malicious user execute arbitrary JavaScript; a vulnerability was reported in the 'users' directory because user credentials are stored insecurely, which could let a remote malicious user obtain sensitive information; and a Directory Traversal vulnerability was reported in 'profile.php' due to insufficient sanitization of the 'uname' parameter when viewing a profile, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0014.txt, have been published.

TinyPHPForum Information Disclosure & Cross-Site Scripting

CVE-2006-0102
CVE-2006-0103
CVE-2006-0104

2.3
(CVE-2006-0102)

2.3
(CVE-2006-0103)

2.3
(CVE-2006-0104)

 

 

Security Tracker Alert ID: 1015436, January 5, 2005

Reamday Enterprises

Magic News Plus 1.0.3

A vulnerability has been reported due to insufficient verification of user-supplied input, which could let a remote malicious user change the administrator password.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploit scripts, MagicNewsPlus-pw-change.pl and cijfer-mnxpl.pl.txt, have been published.

Magic News Plus Administrator Password Change

CVE-2006-0157

Security Focus, Bugtraq ID: 16182, January 9, 2006

Research In Motion

Blackberry Enterprise Server for Novell Groupwise 4.0, SP1 & SP2, Enterprise Server for Exchange 4.0, SP1 & SP2, Enterprise Server for Domino 4.0, SP1 & SP2

A remote Denial of Service vulnerability has been reported when handling a malformed PNG attachment.

Update available

Currently we are not aware of any exploits for this vulnerability.

Blackberry Enterprise Server Attachment Service PNG Attachment Remote Denial of Service

CVE-2005-2344

2.3

Secunia Advisory: SA18393,

US-CERT, VU#646976

TheWeb
Forum

TheWebForum 1.2.1

Several input validation vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'username' parameter in 'login.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the'register.php' script, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, exploit details, EV0017.txt, have been published.

TheWebForum SQL Injection & Cross-Site Scripting

CVE-2006-0134
CVE-2006-0135

2.3
(CVE-2006-0134)

7
(CVE-2006-0135)

New eVuln Advisory, January 6, 2006

Venom Board

Venom Board 1.22

SQL injection vulnerabilities have been reported due to insufficient sanitization of the '$parent,' '$root,' and '$topic_id' variables before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit, EV0021.txt, has been published.

Venom Board Post.PHP3 Multiple SQL Injection

CVE-2006-0160

eVuln Advisory, January 9, 2006

VMWare, Inc.

VMWare ESX Server 2.5.2, 2.5, 2.1-2.1.2, 2.0.1 build 6403, 2.0.1, 2.0 build 5257, 2.0

A vulnerability has been reported in the VMware Management Interface due to an unspecified error, which could let a remote malicious user execute arbitrary code.

Patches available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

VMware ESX Server Management Interface Remote Arbitrary Code Execution

CVE-2005-4583

Security Tracker Alert ID: 1015422, December 29, 2005

Gentoo Linux Security Advisory, GLSA 200601-04, January 7, 2006

Xoops

Xoops Pool Module

An HTML injection vulnerability has been reported in the IMG tag due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Xoops Pool Module HTML Injection
Not available
Security Focus, Bugtraq ID: 16189, January 9, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.

  • Blackberry Enterprise Server Attachment Service PNG Attachment Remote Denial of Service: A remote Denial of Service vulnerability has been reported when handling malformed PNG attachments.
  • British Parliament members demand Wi-Fi access: Wireless Internet access should be installed in parts of the Houses of Parliament to give its members access to information on the move. According to a report by the U.K. House of Commons Administration Committee, they are calling for secure wireless access after it found that some new members of Parliament struggled to work before they were given office space.
  • Wireless Spending To Exceed Wireline In 2006: Study: According to a study by market research firm, In-Stat, enterprises will spend more for wireless voice service than on wireline in 2006. In addition, the study found that wireless data service will start growing quickly, with an average growth rate of 18 percent a year through 2009.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.

  • Security flaws on the rise, questions remain: The number of publicly reported vulnerabilities jumped in 2005. This number was boosted by easy-to-find bugs in Web applications. A survey of four major vulnerability databases found that the number of flaws counted by each in the past five years differed significantly. However, three of the four databases exhibited a relative plateau in the number of flaws publicly disclosed in 2002 through 2004. And, every database saw a significant increase in their count of the flaws disclosed in 2005. Recent numbers produced by the U.S. Computer Emergency Readiness Team (US-CERT) revealed some of the problems with refined vulnerability sources. Managed by the CERT Coordination Center, the US-CERT's security bulletins outline security issues but are updated each week. In a year end list published last week, the US-CERT announced that 5,198 vulnerabilities had been reported in 2005.
  • Your IM Buddy, Or A Hacker? It's Getting Harder To Tell: Instant-messaging security vendors FaceTime Communications Inc. and IMlogic Inc. reported that malware delivered over instant-message clients skyrocketed in recent months. There has been more than a 20-fold increase in the number of reported IM worm and virus variants since 2004.
  • Popular certifications don't ensure security: According to a survey from the SANS Institute, many popular information technology security certifications don't improve holders' ability to ensure computer systems' security, according to a new survey from the SANS Institute, a training and education organization for security professionals.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Mytob-GH Win32 Worm Stable November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
3 Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
4 Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
5 Sober-Z Win32 Worm Stable December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
6 Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
7 Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
8 Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
9 Mytob-BE Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data.
10 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.

Table updated January 11, 2006

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top