U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-089)

Summary of Security Items from March 23 through March 29, 2006

Original release date: March 30, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Caloris Planitia Technologies

Online Quiz System

Multiple input validation vulnerabilities have been reported in Online Quiz System that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Online Quiz System Cross-Site Scripting

CVE-2006-1417

2.3 Security Focus, ID: 17255, March 27, 2006

Caloris Planitia Technologies

School Management System

An input validation vulnerability has been reported in School Management System that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Caloris Planitia Technologies School Management System Cross-Site Scripting

CVE-2006-1418

2.3 Security Focus, ID: 17257, March 27, 2006

Desiderata Software

Blazix 1.2.5 for Windows

A vulnerability has been reported in Blazix that could let remote malicious users disclose information.

Blazix 1.2.6

Currently we are not aware of any exploits for these vulnerabilities.

Blazix Information Disclosure

CVE-2006-1483

2.3 Security Tracker, Alert ID: 1015837, March 28, 2006
Explorer XP

An input validation vulnerability has been reported in Explorer XP that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Explorer XP Cross-Site Scripting

CVE-2006-1493

2.3 Security Tracker, Alert ID: 1015840, March 28, 2006

FusionZONE

ClassifiedZONE 1.2

A vulnerability has been reported in ClassifiedZONE that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

ClassifiedZONE Cross-Site Scripting

CVE-2006-1429

2.3 Secunia, Advisory: SA19427, March 28, 2006

FusionZONE

CouponZONE 4.2

A vulnerability has been reported in CouponZONE that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

CouponZONE Cross-Site Scripting

CVE-2006-1431

2.3 Secunia, Advisory: SA19430, March 28, 2006

FusionZONE

RealestateZONE 4.2

A vulnerability has been reported in RealestateZONE that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

RealestateZONE Cross-Site Scripting

CVE-2006-1486

2.3 Secunia, Advisory: SA19427, March 28, 2006

HTMLJunction

EZHomePagePro 1.5

Multiple vulnerabilities have been reported in EZHomePagePro that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

EZHomePagePro Cross-Site Scripting

CVE-2006-1413

2.3 Secunia, Advisory: SA19386, March 27, 2006

Internet Security Systems

BlackIce PC Desktop for Windows 3.6, BlackICE PC Protection consumer edition, BlackICE Server Protection consumer edition, BlackICE Agent for Server corporate edition, RealSecure Desktop 3.6, corporate 7.0

A vulnerability has been reported in multiple Internet Security Systems products, help dialog privilege error, that could let local malicious users obtain elevated privileges or execute arbitrary code.

Preventa Desktop and Preventa Server are not vulnerable.

There is no exploit code required.

Multiple Internet Security Systems Product Privilege Elevation or Arbitrary Code Execution

CVE-2005-2711

7 Secunia, Advisory: SA19327, March 24, 2006

KYE Systems

Genius VideoCAM NB

A vulnerability has been reported in Genius VideoCAM NB that could let local malicious users obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

Genius VideoCAM NB Privilege Elevation

CVE-2006-1484

7 Security Focus, ID: 17284, March 28, 2006

Microsoft

.NET Framework SDK 1.1 SP1 and prior

Multiple buffer overflow vulnerabilities have been reported in the .NET Framework SDK, ildasm DLL disassembly and MSIL tools, that could let remote malicious users cause a Denial of Service, execute arbitrary code, or obtain unauthorized access.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, BufferOverFlowInILASM
andILDASM.zip, has been published.

Microsoft .NET Framework SDK Multiple Vulnerabilities

CVE-2006-1510
CVE-2006-1511

Not Available

Secunia, Advisory: SA19406, March 27, 2006

Security Focus, ID: 17243, March 27

Microsoft

Internet Explorer 6.0 SP2 and prior

A vulnerability has been reported in Internet Explorer, createtextrange command, that could let remote malicious users execute arbitrary code.

Microsoft

Proof of Concept exploit scripts, ie_checkbox.pm and IE_exp.c, have been published.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2006-1359

7

Microsoft, Security Advisory 917077, March 23, 2006

US-CERT VU#876678

Microsoft

Internet Explorer 6.0, 6.0 SP1, 6.0 SP2

An unspecified vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code, HTA applications.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2006-1388

7 Security Tracker, Alert ID: 1015800, March 21, 2006

Microsoft

Office XP, XP SP1, XP SP2, XP SP3

A vulnerability has been reported in Office XP, array index, that could let remote malicious users cause a denial of service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, excel_03262006.rar, has been published.

Microsoft Office XP Denial of Service

CVE-2006-1540

Not Available Security Focus, ID: 17252, March 27, 2006
Orion Application Server 2.0.5, 2.0.6

A vulnerability has been reported in Orion Application Server that could let remote malicious users disclose information, JSP source code.

Orion Application Server 2.0.7

There is no exploit code required.

Orion Application Server Source Code Disclosure

CVE-2006-0816

2.3 Security Tracker, Alert ID: 1015823, March 23, 3006

Pablo Software Solutions

Baby ASP Web Server 1.5, 2.7.2

Quick 'n Easy Web Server 3.0.6, 3.1

A vulnerability has been reported in Baby ASP Web Server and Quick 'n Easy Web Server that could let remote malicious users disclose information, ASP source code.

Pablo Software Solutions Quick 'n Easy Web Server 3.1.1

Currently we are not aware of any exploits for these vulnerabilities.

Pablo Software Solutions Web Server Source Code Disclosure

CVE-2006-1391

2.3 Security Focus, ID: 17222, March 24, 2006

PuttySoft

dotNetBB Forums 2.42EC SP 3

An input validation vulnerability has been reported in dotNetBB Forums that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

dotNetBB Forums Cross-Site Scripting

CVE-2006-1415

2.3 Secunia, Advisory: SA19398, March 27, 2006

RealPlayer 8, 10, 10.0.6, 10.5, RealOne Player, and RealPlayer Enterprise

A buffer overflow vulnerability has been reported in RealPlayer, Mimio Broadcast file processing, that could let remote malicious users execute arbitrary code.

RealPlayer

There is no exploit code required.

RealPlayer Arbitrary Code Execution

CVE-2006-1370

7 Security Tracker, Alert ID: 1015810, March 24, 2006

Sheer Vision Technologies

SweetSuite .NET CMS 2.1

An input validation vulnerability has been reported in SweetSuite.NET CMS, 'search.aspx', that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

SweetSuite.NET CMS Cross-Site Scripting

CVE-2006-1405

4.7 Secunia, Advisory: SA19399, March 27, 2006
Toast Forums 1.6

A vulnerability has been reported in Toast Forums that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Toast Forums Cross-Site Scripting

CVE-2006-1414

2.3 Security Focus, ID: 17249, March 27, 2006
uniForum 4

Multiple vulnerabilities have been reported in uniForm that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

uniForum Cross-Site Scripting

CVE-2006-1406

2.3 Security Focus, ID: 17245, March 27, 2006
Vavoom 1.19.1 and prior

Multiple vulnerabilities have been reported in Vavoom that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, vaboom.zip, has been published.

Vavoom Two Denial of Service Vulnerabilities

CVE-2006-1408
CVE-2006-1409

2.3 (CVE-2006-1408)

2.3 (CVE-2006-1409)

Secunia, Advisory: SA19388, March 27, 2006

Web Host Automation Ltd.

Helm 3.2.10 beta

Multiple input validation vulnerabilities have been reported in Helm that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Helm Cross-Site Scripting

CVE-2005-4747

Not Available Security Focus, ID: 17263, March 27, 2006

Xigla Software

Absolute FAQ Manager .NET 4.0

An input validation vulnerability has been reported in Absolute FAQ Manager that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Absolute FAQ Manager Cross-Site Scripting

CVE-2006-1416

2.3 Secunia, Advisory: SA19396, March 27, 2006

Xigla Software

Absolute Live Support XE 2.0

A vulnerability has been reported in Absolute Live Support XE that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Absolute Live Support XE Arbitrary Code Execution

CVE-2006-1410

2.3 Secunia, Advisory: SA19415, March 37, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

AnyPortal
(php)

AnyPortal(php) 0.1

A Directory Traversal vulnerability has been reported in 'siteman.php3' due to insufficient sanitization of the 'F' parameter before using to create, edit, or view files, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

AnyPortal(PHP) Directory Traversal

CVE-2000-1240
CVE-2003-1298

Not Available Secunia Advisory: SA19359, March 23, 2006

BlankOL

BlankOL 1.0

Cross-Site Scripting vulnerabilities have been reported in 'bol.cgi' due to insufficient sanitization of the 'file' and 'function' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

BlankOL Multiple Cross-Site Scripting

CVE-2006-1404

4.7 Secunia Advisory: SA19387, March 27, 2006

Cholod.com

Cholod Mysql based message board

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'mb.cgi' due to insufficient sanitization of the 'name,' 'subject,' and 'message' parameters when posting a message, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'mb.cgi' due to insufficient sanitization of the 'topicnumber' and 'threadnumber' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client.

Cholod Mysql based message board Cross-Site Scripting & SQL Injection

CVE-2006-1395
CVE-2006-1396

7
(CVE-2006-1395)

2.3
(CVE-2006-1396)

 

Secunia Advisory: SA19439, March 29, 2006

Daniel Stenberg

curl 7.12-7.15, 7.11.2

 

A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.

Upgrades available

Mandriva

Fedora

Debian

Fedora

OpenPKG

Gentoo

RedHat

OpenOffice

Gentoo

SCO

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL URL Parser Buffer Overflow

CVE-2005-4077

Security Focus, Bugtraq ID: 15756, December 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005

Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005

Debian Security Advisory, DSA 919-1, December 12, 2005

Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005

RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005

Secunia Advisory: SA19261, March 16, 2006

Gentoo Linux Security Advisory, GLSA 200603-25, March 27, 2006

SCO Security Advisory, SCOSA-2006.16, March 28, 2006

Debian

Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A vulnerability has been reported in multiple Debian GNU/Linux packages due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries, which could let a malicious user execute arbitrary code.

Debian GNU/Linux has released fixed builds of the following package:

- libapache2-svn

There is no exploit code required.

Debian GNU/Linux Multiple Packages Insecure RUNPATH
Not Available Security Focus, Bugtraq ID: 17288, March 29, 2006

DRZES, LLC.

CONTROLzx HMS 3.3.4

Cross-Site Scripting vulnerabilities have been reported in 'dedicated_order.php' due to insufficient sanitization of the 'dedicatedPlanID' parameter, in 'shared_order.php' due to insufficient sanitization of the 'sharedPlanID' parameter, in 'customers/server_
management.php' due to insufficient sanitization of the 'plan_id' parameter, and in 'customers/forgotpass.php' due to insufficient sanitization of the 'customerEmailAddress' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities may be exploited with a web client; however, Proof of Concept exploits have been published.

CONTROLzx HMS Multiple Cross-Site Scripting

CVE-2006-1430

Secunia Advisory: SA19432, March 28, 2006

Free
RADIUS

FreeRADIUS 1.0-1.0.5

A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.

Updates available

SuSE

Currently we are not aware of any exploits for this vulnerability.

FreeRADIUS EAP-MSCHAPv2 Authentication Bypass

CVE-2006-1354

8

Security Focus, Bugtraq ID: 17171, March 21, 2006

SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006

Free
RADIUS

FreeRADIUS 1.0.4, 1.0.3

Multiple buffer overflow vulnerabilities have been reported in 'RLM_SQLCounter' due to insufficient bounds checking on user-supplied input, which could let a remote malicious user cause a Denial of Service.

Updates available

Currently we are not aware of any exploits for these vulnerabilities.

FreeRADIUS Multiple RLM_SQL
Counter Buffer Overflow

CVE-2005-4746

Not Available Security Focus, Bugtraq ID: 17293, March 29, 2006

Free
RADIUS

FreeRADIUS 1.0.4, 1.0.3

An SQL injection vulnerability has been reported in 'RLM_SQLCounter' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Updates available

There is no exploit code required.

FreeRadius RLM_SQL
Counter SQL Injection

CVE-2005-4745

Not Available Security Focus, Bugtraq ID: 17294, March 29, 2006

Gentoo

Linux

A vulnerability has been reported in 'Tetris-bsd.scores' due to a design error, which could let a malicious user obtain elevated privileges.

Update available

There is no exploit code required.

Tetris-BSD Elevated Privileges

CVE-2006-1539

Not Available Gentoo Linux Security Advisory, GLSA 200603-26, March 29, 2006

Gentoo

Linux 1.4 _rc1-rc3, 1.4, 1.2, 1.1 a, 0.7, 0.5

Several vulnerabilities have been reported due to NetHack, SlashEM, and Falcon's Eye games being incompatible with the system used for managing games on Gentoo Linux, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Gentoo nethack / falconseye / slashem Elevated Privileges

CVE-2006-1390

4.9 Gentoo Linux Security Advisory, GLSA 200603-23, March 23, 2006

Hewlett Packard Company

HP-UX B.11.23, B.11.11, B.11.00

A Denial of Service vulnerability has been reported in 'passwd(1)' due to a failure to handle exceptional conditions.

Patch information

Currently we are not aware of any exploits for this vulnerability.

HP-UX Passwd Unspecified Local Denial of Service

CVE-2006-1509

Not Available HP Security Bulletin, HPSBUX02103, March 26, 2006

Image
Magick

ImageMagick 6.2.4.5

A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands; and a format string vulnerability has been reported when handling filenames received via command line arguments, which could let a remote malicious user execute arbitrary code.

Ubuntu

Debian

Mandriva

Gentoo

RedHat

Gentoo

SGI

SuSE

There is no exploit code required.

ImageMagick Utilities Image Filename Remote Command Execution

CVE-2005-4601
CVE-2006-0082

7
(CVE-2005-4601)

3.9
(CVE-2006-0082)

Secunia Advisory: SA18261, December 30, 2005

Ubuntu Security Notice, USN-246-1, January 24, 2006

Debian Security Advisory,
DSA-957-1, January 26, 2006

Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006

Gentoo Linux Security Advisory, GLSA 200602-06, February 13, 2006

RedHat Security Advisory, RHSA-2006:0178-4, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200602-13, February 26, 2006

SGI Security Advisory, 20060301-01-U, March 8, 2006

SUSE Security Summary Report, SUSE-SR:2006:006, March 24, 2006

KisMAC

KisMAC 0.5 d4, 0.5 d, 0.2 a, 0.1 c, 0.1 b, 0.1 a, 0.12 a, 0.11 a, 0.10 a

A buffer overflow vulnerability has been reported in the 'WavePacketparse
TaggedData()' function when parsing the Cisco vendor tag for additional SSIDs in a received 802.11 management frame, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for this vulnerability.

KisMAC Remote Buffer Overflow

CVE-2006-1385

5.6 Security Focus, Bugtraq ID: 17198, March 23, 2006

MediaWiki

MediaWiki 1.5.7

An HTML injection vulnerability has been reported in the Encoded Page Link due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerability can be exploited via a web client.

MediaWiki HTML Injection

CVE-2006-1498

Not Available Security Focus, Bugtraq ID: 17269, March 27, 2006

MPlayer

MPlayer 1.0.20060329

Multiple vulnerabilities have been reported due to integer overflow errors in 'libmpdemux/asfheader.c' when handling an ASF file, and in 'libmpdemux/aviheader.c' when parsing the 'indx' chunk in an AVI file, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

MPlayer Multiple Integer Overflows

CVE-2006-1502

Not Available Secunia Advisory: SA19418, March 29, 2006

Multiple Vendors

Linux kernel 2.6-2.6.10, 2.4-2.4.28

A buffer overflow vulnerability has been reported in the 'coda_pioctl' function of the 'pioctl.c' file, which could let a malicious user cause a Denial of Service or execute arbitrary code with superuser privileges.

RedHat

RedHat

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Coda_Pioctl Local Buffer Overflow

CVE-2005-0124

Security Focus, Bugtraq ID: 14967, September 28, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Debian

Debian

Fedora

SuSE

RedHat

SGI

Debian

TurboLinux

Debian

Debian

Slackware

Slackware

Gentoo

SGI

SCO

Currently we are not aware of any exploits for these vulnerabilities.

3.9
(CVE-2005-3191)

7
(CVE-2005-3192)

3.9
(CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Debian Security Advisory, DSA-937-1, January 12, 2006

Debian Security Advisory, DSA 938-1, January 12, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006

SGI Security Advisory, 20060201-01-U, March 14, 2006

SCO Security Advisory, SCOSA-2006.15, March 22, 2006

Multiple Vendors

Linux kernel 2.6- 2.6.14

A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function.

Fedora

Upgrades available

Ubuntu

SUSE

RedHat

RedHat

RedHat

SmoothWall

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPV6 Denial of Service

CVE-2005-2973

Secunia Advisory: SA17261, October 21, 2005

Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005

Security Focus, Bugtraq ID: 15156, October 31, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Fast Lexical Analyzer Generator (Flex) prior to 2.5.33

A buffer overflow vulnerability has been reported in 'flex.skl' due to a boundary error, which could let a remote malicious user execute arbitrary code.

Updates available

Ubuntu

Gentoo

Debian

Currently we are not aware of any exploits for this vulnerability.

Flex Buffer Overflow

CVE-2006-0459

7

Secunia Advisory: SA19071, March 8, 2006

Ubuntu Security Notice, USN-260-1, March 06, 2006

Gentoo Linux Security Advisory, GLSA 200603-07, March 7, 2006

Debian Security Advisory,
DSA-1020-1, March 28, 2006

Multiple Vendors

Hewlett Packard Company HP-UX B.11.11, B.11.04, B.11.00;
Avaya Predictive Dialing System (PDS) 12.0

A remote Denial of Service vulnerability has been reported in the HP-UX 'swagentd' daemon.

HP

Avaya

There is no exploit code required.

HP-UX Swagentd Remote Denial of Service

CVE-2006-1389

3.3 Security Focus, Bugtraq ID: 17215, March 27, 2006

Multiple Vendors

KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2;
Gentoo Linux

Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.

Gentoo

Ubuntu

Fedora

Mandriva

Ubuntu

Debian

Debian

SuSE

RedHat

RedHat

Fedora

Debian

Trustix

Mandriva

RedHat

SGI

Debian

TurboLinux

Gentoo

Debian

Debian

Slackware

Slackware

SGI

SCO

Currently we are not aware of any exploits for this vulnerability.

KPdf & KWord Multiple Unspecified Buffer & Integer Overflow

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627

 

Not Available

Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006

Ubuntu Security Notice, USN-236-1, January 05, 2006

Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006

Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006

Ubuntu Security Notice, USN-236-2, January 09, 2006

Debian Security Advisory DSA 931-1, January 9, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

SUSE Security Announcement, SUSE-SA:2006:001, January 11, 2006

RedHat Security Advisories, RHSA-2006:0163-2 & RHSA-2006:0177-5, January 11, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

Debian Security Advisories, DSA 937-1, 938-1, & 940-1, January 12 & 13, 2006

Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006

Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006

SGI Security Advisory, 20060201-01-U, March 14, 2006

SCO Security Advisory, SCOSA-2006.15, March 22, 2006

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Linux Kernel

SUSE

RedHat:

RedHat

Debian

Conectiva

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CVE-2005-1761

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.4.x, 2.6.x

Vulnerabilities have been reported due to the 'sockaddr_in.sin_zero' array not being zeroed before being returned to user space programs calling certain socket functions that retrieve information about the specified socket, which could let a remote malicious user obtain sensitive information.

Vulnerability has been fixed in the 2.4 kernel branch in the CVS repositories.

An exploit script, linux_sin_zero.c, has been published.

Linux Kernel IPv4 'sockaddr_
in.sin_zero' Information Disclosure

CVE-2006-1342
CVE-2006-1343

1.6
(CVE-2006-1342)

1.6
(CVE-2006-1343)

 

Secunia Advisory: SA19357, March 23, 2006

Multiple Vendors

Linux kernel 2.6.15.1 & prior

Two vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'get_compat_timespec' function in the SPARC architecture; and a Denial of Service vulnerability was reported when single steps are performed by multiple ptrace tasks in the ia64 architecture.

Updates available

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Get_Compat_
Timespec & PTrace Local Denial of Service

CVE-2006-0482
CVE-2006-1066

1.6
(CVE-2006-0482)

1.3
(CVE-2006-1066)

Security Focus, Bugtraq ID: 17216, March 24, 2006

Debian Security Advisory
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6.8-2.6.10, 2.4.21

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Ubuntu

Trustix

Fedora

RedHat

Mandriva

RedHat

Mandriva

SUSE

Conectiva

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service

CVE-2005-2490
CVE-2005-2492

4.9 (CVE-2005-2490)

4.7 (CVE-2005-2492)

Secunia Advisory: SA16747, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .1

A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.

Ubuntu

This issue has been addressed in Linux kernel 2.6.13-rc7.

SUSE

RedHat

RedHat

Mandriva

Conectiva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPSec Policies Authorization Bypass

CVE-2005-2555

Ubuntu Security Notice, USN-169-1, August 19, 2005

Security Focus, Bugtraq ID 14609, August 19, 2005

Security Focus, Bugtraq ID 14609, August 25, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.13.1

A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.

Linux Kernel

Ubuntu

Mandriva

SUSE

Conectiva

RedHat

RedHat

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel routing_ioctl() Denial of Service

CVE-2005-3044

Security Tracker Alert ID: 1014944, September 21, 2005

Ubuntu Security Notice, USN-187-1, September 25, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_
key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.

Linux Kernel

Fedora

Trustix

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

RedHat

RedHat

RedHat

Debian

There is no exploit code required.

Linux Kernel Denial of Service & Information Disclosure

CVE-2005-3119
CVE-2005-3180
CVE-2005-3181

2.3 (CVE-2005-3119)

3.3 (CVE-2005-3180)

2.3 (CVE-2005-3181)

 

Secunia Advisory: SA17114, October 12, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

 

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'mm/mempolicy.c' when handling the policy system call; a remote Denial of Service vulnerability was reported in 'net/ipv4/fib_
frontend.c' when validating the header and payload of fib_lookup netlink messages; an off-by-one buffer overflow vulnerability was reported in 'kernel/sysctl.c,' which could let a malicious user cause a Denial of Service and potentially execute arbitrary code; and a buffer overflow vulnerability was reported in the DVB (Digital Video Broadcasting) driver subsystem, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code.

Updates available

SuSE

SuSE

Debian

An exploit script has been published.

Linux Kernel Multiple Vulnerabilities


CVE-2005-4635
CVE-2005-3358

2.3
(CVE-2005-4635)

3.5
(CVE-2005-3358)

 

Secunia Advisory: SA18216, January 4, 2006

SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'

Upgrades available

Ubuntu

RedHat

RedHat

RedHat

RedHat

DSA-1017

DSA-1018

There is no exploit code required.

Linux Kernel 'Sysctl' Denial of Service

CVE-2005-2709

Secunia Advisory: SA17504, November 9, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel USB Subsystem Denials of Service

CVE-2005-2873
CVE-2005-3055

2.3 (CVE-2005-2873)

2.3 (CVE-2005-3055)

Secunia Advisory: SA16969, September 27, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux Kernel 2.6-2.6.14

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.

Ubuntu

Trustix

RedHat

Mandriva

SUSE

Conectiva

RedHat

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors Linux Kernel Denials of Service

CVE-2005-3053
CVE-2005-3106
CVE-2005-3107
CVE-2005-3108
CVE-2005-3109
CVE-2005-3110

2.3 (CVE-2005-3053)

2.3 (CVE-2005-3106)

2.3 (CVE-2005-3107)

2.3 (CVE-2005-3108)

2.3 (CVE-2005-3109)

3.3 (CVE-2005-3110)

 

 

 

Ubuntu Security Notice, USN-199-1, October 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39

A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.

Mandriva

Fedora

Conectiva

SmoothWall

DSA-1017

DSA-1018

There is no exploit code required; however, a Proof of Concept exploit has been published.

Linux Kernel Console Keymap Arbitrary Command Injection

CVE-2005-3257

Security Focus, Bugtraq ID: 15122, October 17, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4

A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself.

Upgrades available

Fedora

SUSE

Mandriva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTrace 'CLONE_
THREAD' Denial of Service

CVE-2005-3783

Secunia Advisory: SA17761, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15

A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.

Patches available

Trustix

RedHat

RedHat

DSA-1017

DSA-1018

An exploit script has been published.

Linux Kernel PrintK Local Denial of Service

CVE-2005-3857

Security Focus, Bugtraq ID: 15627, November 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory, DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4

 

A Denial of Service vulnerability has been reported because processes are improperly auto-reaped when they are being ptraced.

Patches available

Fedora

Trustix

SUSE

RedHat

Mandriva

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTraced Denial of Service

CVE-2005-3784

Security Focus, Bugtraq ID: 15625, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel prior to 2.6.15

A memory disclosure vulnerability has been reported in the 'ProcFS' kernel, which could let a malicious user obtain sensitive information.

Update available

Fedora

RedHat

Ubuntu

SuSE

SuSE

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ProcFS Kernel Memory Disclosure

CVE-2005-4605

Security Focus, Bugtraq ID: 16284, January 17, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Ubuntu Security Notice, USN-244-1, January 18, 2006

SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

RealOne Helix Player 1.x,
RealOne Player v1, v2,
RealPlayer 10.x, 8,
RealPlayer Enterprise 1.x;Gentoo Linux; SuSE Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the handling of the 'chunked' Transfer-Encoding method due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when processing SWF files due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to the incorrect use of the 'CreateProcess()' API when executing other programs, which could let a remote malicious user execute arbitrary code.

Updates available

Gentoo

SuSE

RedHat

Currently we are not aware of any exploits for these vulnerabilities.

RealNetworks Products Multiple Buffer Overflow

CVE-2005-2922
CVE-2005-2936
CVE-2006-0323

7
(CVE-2005-2936)

7
(CVE-2006-0323)

 

Secunia Advisory: SA19358, March 27, 2006

Gentoo Linux Security Advisory, GLSA 200603-24, March 26, 2006

SUSE Security Announcement, SUSE-SA:2006:018, March 23, 2006

RedHat Security Advisory, RHSA-2006:0257-9, March 22, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
Linux kernel 2.6.9

A Denial of Service vulnerability has been reported in the 'mq_open' system call.

RedHat

Ubuntu

SuSE

SuSE

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 'mq_open' System Call Denial of Service

CVE-2005-3356

Security Focus, Bugtraq ID: 16283, January 17, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Ubuntu Security Notice, USN-244-1, January 18, 2006

SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Rolo Rolo 011;
LibVC LibVC 003

A buffer overflow vulnerability has been reported in the 'count_vcards' function in 'vc.c' when reading lines from an input vcard (.vcf) file, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

LibVC Buffer Overflow

CVE-2006-1356

5.6 Secunia Advisory: SA19295, March 27, 2006

Multiple Vendors

SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
Linux kernel 2.6-2.6.13, Linux kernel 2.4-2.4.32

 

A Denial of Service vulnerability has been reported in FlowLable.

Upgrades available

SUSE

RedHat

RedHat

Mandriva

RedHat

RedHat

Mandriva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPv6 FlowLable Denial of Service

CVE-2005-3806

Security Focus, Bugtraq ID: 15729, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

SuSE Linux Professional 9.3 x86_64, 9.3, Linux Personal 9.3 x86_64, 9.3;
Linux kernel 2.6.11-2.6.12 .5

A Denial of Service vulnerability has been reported in 'handle_stop_signal()' due to a race condition.

Updates available

SuSE

Debian

There is no exploit code required.

Linux Kernel Denial of Service

CVE-2005-3847

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.10, 2.4-2.4.28

A vulnerability has been reported in the SDLA driver, which could let a malicious user unauthorized access.

Updates available

Ubuntu

Mandriva

DSA-1017

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access

CVE-2006-0096

 

Ubuntu Security Notice, USN-244-1 January 18, 2006

Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1

A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.

Ubuntu

SUSE

Mandriva

Conectiva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ISO File System Remote Denial of Service

CVE-2005-2457

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory.
DSA-1018-1, March 24, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5

 

Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.

Updates available

Ubuntu

Mandriva

SUSE

Gentoo

RedHat

SGI

Conectiva

SUSE

Debian

Currently we are not aware of any exploits for these vulnerabilities.

GNOME Evolution Multiple Format String

CVE-2005-2549
CVE-2005-2550

8
(CVE-2005-2549)

8
(CVE-2005-2550)

Secunia Advisory: SA16394, August 11, 2005

Ubuntu Security Notice, USN-166-1, August 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:141, August 18, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

Gentoo Linux Security Advisory, GLSA 200508-12, August 23, 200

RedHat Security Advisory, RHSA-2005:267-10, August 29, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announce-ment, CLSA-2005:1004, September 13, 2005

SUSE Security Announcement, SUSE-SA:2005:054, September 16, 2005

Debian Security Advisory,
DSA-1016-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 5.0 4, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.13

A Denial of Service vulnerability has been reported in the '/proc/scsi/sg/devices' file due to a memory leak.

Ubuntu

Mandriva

SUSE

Conectiva

RedHat

Debian

A Proof of Concept exploit has been published.

Linux Kernel SCSI ProcFS Denial of Service

CVE-2005-2800

2.3

Security Focus, Bugtraq ID: 14790, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15

A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.

Updates available

Ubuntu

Trustix

Fedora

RedHat

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel DM-Crypt Local Information Disclosure

CVE-2006-0095

Security Focus, Bugtraq ID: 16301, January 18, 2006

Ubuntu Security Notice, USN-244-1 January 18, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Secunia Advisory: SA18774, February 8, 2006

RedHat Security Advisory, RHSA-2006:0132-31, March 7, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix

Gentoo

Mandriva

Ubuntu

Fedora

SUSE

RedHat

SGI

Conectiva

TurboLinux

Fedora

Fedora

Debian

There is no exploit code required.

netpbm Arbitrary Code Execution

CVE-2005-2471


7

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005

Ubuntu Security Notice, USN-164-1, August 11, 2005

Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005

Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005

Fedora Update Notification,
FEDORA-2005-000, January 5, 2006

Fedora Update Notification,
FEDORA-2006-112, February 16, 2006

Debian Security Advisory,
DSA-1021-1, March 28, 2006

Rahul Dhesi

Zoo 2.10

A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

SuSE

Gentoo

Debian

SuSE

Currently we are not aware of any exploits for this vulnerability.

zoo Buffer Overflow

CVE-2006-0855

3.9

Security Tracker Alert ID: 1015668, February 23, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006

Debian Security Advisory, DSA 991-1, March 10, 2006

SUSE Security Summary Report, SUSE-SR:2006:006, March 24, 2006

Sendmail Consortium

Sendmail prior to 8.13.6

A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.

Updates available

RHSA-2006:0264-8

RHSA-2006:0265-9

Fedora

Gentoo

AIX

Sun

SuSE

FreeBSD

Slackware

OpenBSD

Avaya

Debian

HP

NetBSD

A Proof of Concept exploit script, sendtest.c, has been published.

Sendmail Asynchronous Signal Handling Remote Code Execution

CVE-2006-0058

8

Internet Security Systems Protection Advisory, March 22, 2006

Technical Cyber Security Alert TA06-081A

US-CERT VU#834865

RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006

Sun(sm) Alert Notification
Sun Alert ID: 102262, March 24, 2006

Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006

SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006

Slackware Security Advisory, SSA:2006-081-01, March 22, 2006

Avaya Security Advisory, ASA-2006-074, March 24, 2006

Debian Security Advisory,
DSA-1015-1, March 24, 2006

HP Security Bulletin,
HPSBUX02108, March 27, 2006

NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006

Source
workshop

Newsletter 1.0

An SQL injection vulnerability has been reported in 'Newsletter.PHP' due to insufficient sanitization of the 'newsletteremail' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Sourceworkshop Newsletter SQL Injection

CVE-2006-1533

Not Available Security Focus, Bugtraq ID: 17304, March 29, 2006

Source
workshop

vCounter 1.0

An SQL injection vulnerability has been reported in 'vCounter.PHP' due to insufficient sanitization of the 'url' parameter using '_SERVER['REQUEST
_URI']' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

vCounter SQL Injection

CVE-2006-1499

Not Available Secunia Advisory: SA19422, March 29, 2006

Sun Microsystems, Inc.

Solaris 8, 9

A vulnerability has been reported in the 'usr/ucb/ps' command because environment variables and values of all processes are revealed to an unprivileged user.

Patches available

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris Process Environment Disclosure

CVE-1999-1587

Not Available Sun(sm) Alert Notification
Sun Alert ID: 102215, March 27, 2006

Webcheck

Webcheck prior to 1.9.6

An HTML injection vulnerability has been reported due to an input validation error in the parsing of website content when crawling websites, which could let a remote malicious user execute arbitrary HTML and script code.

Update available

Vulnerability can be exploited with a web browser.

Webcheck HTML Injection

CVE-2006-1321

2.3 Security Focus, Bugtraq ID: 17212, March 24, 2006
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

Active
Campaign Inc.

SupportTrio 2.50.2

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'terms' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code; and a path disclosure vulnerability has been reported in 'index.php' and 'pdf.php' when accessed with invalid input.

No workaround or patch available at time of publishing.

Vulnerability may be exploited with a web client; however, a Proof of Concept exploit has been published.

ActiveCampaign SupportTrio Cross-Site Scripting & Path Disclosure

CVE-2006-1487
CVE-2006-1488

2.3
(CVE-2006-1487)

2.3
(CVE-2006-1488)

Security Focus, Bugtraq ID: 17276, March 27, 2006

AL-Caricatier

AL-Caricatier 2.5

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

AL-Caricatier Multiple Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17289, March 28, 2006

Arab Portal System

Arab Portal System 2.0

A Cross-Site Scripting vulnerability has been reported in 'online.php' and 'download.php' due to insufficient sanitization of the 'title' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Arab Portal Cross-Site Scripting

CVE-2006-1504

Not Available Secunia Advisory: SA19445, March 29, 2006

Arabless.
com

SaphpLesson 2.0

An SQL injection vulnerability has been reported in 'Print.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

SaphpLesson SQL Injection

CVE-2006-1420

2.3 Security Focus, Bugtraq ID: 17239, March 27, 2006

Arthur Konze WebDesign

AkoComment 2.0

Multiple SQL injection vulnerabilities have been reported in 'adkcomment.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

AkoComment Multiple SQL Injection

CVE-2006-1421

1.9 Security Focus, Bugtraq ID: 17241, March 27, 2006

CoMoblog

CoMoblog 1.0

A Cross-Site Scripting vulnerability has been reported in 'Img.php' due to insufficient sanitization of the 'i' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

CoMoblog Cross-Site Scripting

CVE-2006-1377

KAPDA::#37 Advisory, March 23, 2006

ConfTool

ConfTool 1.1

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

ConfTool Cross-Site Scripting

CVE-2006-1482

7 Security Focus, Bugtraq ID: 17231, March 27, 2006

csDoom

csDoom 2005 0.7 & prior

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'SV_BroadcastPrintf()' function when handling chat messages that are sent from a client, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in the 'SV_SetupUserInfo()' function when handling a user's nickname and teamname when a player joins the server, which could let a remote malicious user execute arbitrary code; and a format string vulnerability was reported in the 'PrintString()' function when displaying text strings in the console and in the game screen, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available

A Proof of Concept exploit script, csdoombof.zip, has been published.

csDoom Format String & Buffer Overflows

CVE-2006-1402
CVE-2006-1403

7
(CVE-2006-1402)

3.3
(CVE-2006-1403)

Secunia Advisory: SA19389, March 27, 2006

Daniel Stenberg

curl 7.15-7.15.2

A buffer overflow vulnerability has been reported when parsing a URL that contains the TPTP protocol prefix 'tfpt://' due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.

Updates available

Gentoo

Fedora

Trustix

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL TFTP URL Parser Buffer Overflow

CVE-2006-1061

Security Focus, Bugtraq ID: 17154, March 20, 2006

Gentoo Linux Security Advisory, GLSA 200603-19, March 21, 2006

Fedora Update Notification,
FEDORA-2006-189, March 21, 2006

Trustix Secure Linux Security Advisory #2006-0016, March 24, 2006

DeltaScripts

PHP Classifieds 6.20, 6.18

A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'searchword' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

PHP Classifieds Cross-Site Scripting

CVE-2006-1532

Not Available Secunia Advisory: SA19440, March 29, 2006

DSPortal

DSLogin 1.0

Multiple SQL-injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

DSLogin Multiple SQL Injection

CVE-2006-1238

7 Security Focus, Bugtraq ID: 17262, March 27, 2006

Easy
Moblog

EasyMoblog 0.5.1, 0.5

A Cross-Site Scripting vulnerability has been reported in 'Img.php' due to insufficient sanitization of the 'i' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

EasyMoblog Cross-Site Scripting

CVE-2006-1377

KAPDA::#37 Advisory, March 23, 2006

Formfields Team

AdMan 1.0.20051221

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'viewStatement.php' due to insufficient sanitization of the 'transactions_offset' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a path disclosure vulnerability was reported in 'viewPricingScheme.php' and 'editCampaign.php' because it is possible to obtain sensitive information when accessed directly.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited via a web client; however,a Proof of Concept exploit has been published.

AdMan SQL Injection & Path Disclosure

CVE-2006-1374
CVE-2006-1375

7
(CVE-2006-1374)

2.3
(CVE-2006-1375)

 

Secunia Advisory: SA19351, March 27, 2006

Horde

Horde 3.0-3.0.9, 3.1

A vulnerability has been reported in Help Viewer which could let a remote malicious user execute arbitrary PHP code.

Updates available

Vulnerability can be exploited via a web client.

Horde Help Viewer Remote PHP Code Execution

CVE-2006-1491

7 Security Focus, Bugtraq ID: 17292, March 29, 2006

IBM

Tivoli Business Systems Manager 3.1

A Cross-Site Scripting vulnerability has been reported in 'APWC_Win_Main.JSP' due to insufficient sanitization of the 'skin' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Interim fix information

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

IBM Tivoli Business Systems Manager Cross-Site Scripting

CVE-2006-1384

Security Tracker Alert ID: 1015822, March 24, 2006

JJW Web Design

phpBooking
Calendar 1.0c

An SQL injection vulnerability has been reported in 'Details_View.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

PHPBooking
Calendar SQL Injection

CVE-2006-1422

2.3 Security Focus, Bugtraq ID: 17230, March 27, 2006

Metisware

Instructor 1.3

A Cross-Site Scripting vulnerability has been reported in '/MyTasks/PersonalTask
Create.asp' due to insufficient sanitization of the 'vchTaskHeader' parameter before using, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Metisware Instructor Cross-Site Scripting

CVE-2006-1400

2.3 Secunia Advisory: SA19385, March 27, 2006

MH Software

Connect Daily 3.2.9, 3.2.8

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Connect Daily Cross-Site Scripting

CVE-2006-1508

Not Available Secunia Advisory: SA19434, March 28, 2006

Multiple Vendors

phpPgAds phpPgAds 2.0.7;
phpAdsNew phpAdsNew 2.0.7

Multiple input validation vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of certain parameters in the banner delivery scripts before displayed in the admin interface, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability as reported in the login form due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

phpAdNews

phpPgAds

Vulnerabilities can be exploited via a web client.

PHPAdsNew & PHPPGAds Multiple Input Validation

CVE-2006-1397

2.3 Security Focus, Bugtraq ID: 17251, March 27, 2006

NetOffice

NetOffice 2.6 b2, 2.5.3 -pl1

An SQL injection vulnerability has been reported in 'Sendpassword.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, PHPCollab_NetOffice
_SQLINJ.php, has been published.

NetOffice SQL Injection

CVE-2006-1495

7 Security Focus, Bugtraq ID: 17286, March 28, 2006

Noah Grey

Greymatter 1.21 a-d, 1.21, 1.3.1, 1.3, 1.2, 1.1 b

A file upload vulnerability has been reported in 'gm-upload.cgi' due to an error, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited with a web client; however, Proof of Concept exploit scripts, greymatter.pl and greymatter.c, have been published.

Noah Grey Greymatter Arbitrary File Upload

CVE-2006-1485

4.2 Secunia Advisory: SA19423, March 28, 2006

Nuked-Klan

Nuked-Klan 1.7.5 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

Nuked-Klan SQL Injection

CVE-2006-1419

2.3 Security Focus, Bugtraq ID: 17233, March 27, 2006

null
branded.tk

Null News 2005.7.27

SQL injection vulnerabilities have been reported in 'sub.php' and 'unsub.php' due to insufficient sanitization of the 'user_username' parameter and in 'lostpass.php,' 'sub.php,' and 'unsub.php' due to insufficient sanitization of the 'user_email' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Null news Multiple SQL Injection

CVE-2006-1534

Not Available Secunia Advisory: SA19413, March 29, 2006

OneOrZero

OneOrZero Helpdesk 1.6.3.0

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

OneOrZero Helpdesk SQL Injection

CVE-2006-1501

Not Available Secunia Advisory: SA19446, March 29, 2006

Pablo Software Solutions

Baby FTP Server 1.24

A vulnerability has been reported because the FTP server returns different error messages depending on whether a file exists outside the FTP root directory or not, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Baby FTP Server Information Disclosure

CVE-2006-1383

 

Security Focus, Bugtraq ID: 17205, March 23, 2006

phoetux.net

PhxContacts 0.93.1 & prior

A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

PhxContacts Cross-Site Scripting

CVE-2006-1535

Not Available Security Focus, Bugtraq ID: 17307, March 29, 2006

phoetux.net

PhxContacts 0.93.1 & prior

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

PhxContacts Multiple SQL Injection

CVE-2006-1536

Not Available Security Focus, Bugtraq ID: 17306, March 29, 2006

PHP Group

PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x

A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information.

The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Information Disclosure

CVE-2006-1490

2.3 Secunia Advisory: SA19383, March 29, 2006

PHP Lite Calendar Express

PHP Lite Calendar Express 2.2

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Calendar Express Multiple Cross-Site Scripting

CVE-2006-1401

2.3 Security Focus, Bugtraq ID: 17240, March 27, 2006

PHP Lite

Meeting Reserve 1.0 beta

A Cross-Site Scripting vulnerability has been reported in 'searchresult.php' due to insufficient sanitization of the 'search_term' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Meeting Reserve Cross-Site Scripting

CVE-2006-1399

2.3 Secunia Advisory: SA19372, March 27, 2006

PHP

PHP 5.1.1, 5.1

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the 'mysqli' extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code.

PHP

Mandriva

Ubuntu

Gentoo

There is no exploit code required.

Multiple PHP Vulnerabilities

CVE-2006-0207
CVE-2006-0208

2.3
(CVE-2006-0208)

 

Secunia Advisory: SA18431, January 13, 2006

Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006

Ubuntu Security Notice, USN-261-1, March 10, 2006

Gentoo Linux Security Advisory, GLSA 200603-22, March 22, 2006

PHP Script Index

PHP Script Index 0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'search' parameter before returning to the use, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited with a web browser.

PHP Script Index Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17297, March 29, 2006

PHP Ticket

PHP Ticket 0.6, 0.5, 0.71

An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'frm_search_in' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, phpticket.pl, has been published.

PHP Ticket SQL Injection

CVE-2006-1481

4.2 Secunia Advisory: SA19412, March 27, 2006

phpCOIN

phpCOIN 1.2-1.2.2

Cross-Site Scripting vulnerabilities have been reported in 'mod.php' and 'mod_print.php' due to insufficient sanitization of the 'fs' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.

phpCOIN Multiple Cross-Site Scripting

CVE-2006-1428

Security Focus, Bugtraq ID: 17279, March 28, 2006

PhpCollab

PHPCollab 2.5.rc3, 2.4

An SQL injection vulnerability has been reported in 'sendpassword.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, PHPCollab_NetOffice
_SQLINJ.php, has been published.

PhpCollab SQL Injection

CVE-2006-1495

7 Security Focus, Bugtraq ID: 17283, March 28, 2006

PHPKIT

PHPKIT 1.6.03

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPKIT Cross-Site Scripting

CVE-2006-1507

Not Available Security Focus, Bugtraq ID: 17291, March 29, 2006

phpmyfamily

phpmyfamily 1.4.0.

An SQL injection vulnerability has been reported in 'people.php' due to insufficient sanitization of the 'person' parameter and in 'passthru.php' due to insufficient sanitization of the 'pwdUser' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

phpmyfamily SQL Injection

CVE-2005-0841

Secunia Advisory: SA14642, March 25, 2006

phpmyfamily

phpmyfamily 1.4.1

A Cross-Site Scripting vulnerability has been reported in 'track.php' due to insufficient sanitization of the 'name' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

PHPmyfamily Cross-Site Scripting

CVE-2006-1425

Secunia Advisory: SA19409, March 28, 2006

Pixel Motion

Pixel Motion 0

SQL injection vulnerabilities have been reported in '/admin/index.php' due to insufficient sanitization of the 'user' and 'pass' parameters and in 'index.php' due to insufficient sanitization of the 'date' parameter before using in an SQL query, which could let a remote malicious execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

Pixel Motion Multiple SQL Injection

CVE-2006-1426

7 Security Focus, Bugtraq ID: 17260, March 28, 2006

Sixal

G-Book 1.0

An HTML injection vulnerability has been reported in 'guestbook.php' due to insufficient sanitization of the 'g_message' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

G-Book HTML Injection

CVE-2006-1398

2.3 Security Focus, Bugtraq ID: 17253, March 27, 2006

SkinTech

phpNewsManager 1.48

SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

PHPNewsManager Multiple SQL Injection
Not Available Security Focus, Bugtraq ID: 17301, March 29, 2006

Tachyon
decay.net

VSNS Lemon 3.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'name' parameter when adding a comment, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'functions/final_
functions.php' due to insufficient authentication, which could let a remote malicious user bypass authentication; and an SQL injection vulnerability was reported in 'functions/final_
functions.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Tachyondecay VSNS Lemon Multiple Vulnerabilities
Not Available Secunia Advisory: SA19420, March 28, 2006

TFT Gallery

TFT Gallery 0.10

A vulnerability has been reported because user credentials are stored in the 'admin/passwd' file inside the web root, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, tftgallery_0.10_
exploit.pl, has been published.

TFT Gallery Administrator Password Information Disclosure

CVE-2006-1412

2.3 Security Focus, Bugtraq ID: 17250, March 27, 2006

Tilde

Tilde CMS 3

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Tilde CMS SQL Injection

CVE-2006-1500

Not Available Security Focus, Bugtraq ID: 17299, March 29, 2006

TWiki

TWiki 20040902, 20040901, 04x00x01, 04x00x00, 01-Sep-2001, 01-Feb-2003, 01-Dec-2001

Several vulnerabilities have been reported: a vulnerability was reported in the 'rdiff' and 'preview' scripts because it is possible to view restricted content; and a remote Denial of Service vulnerability was reported due to an error in the handling of circular references for the '%INCLUDE' statement.

Hotfix (CVE-2006-1386)

Hotifx (CVE-2006-1387)

Vulnerabilities can be exploited through use of a web client.

TWiki Information Disclosure & Remote Denial of Service

CVE-2006-1386
CVE-2006-1387

7
(CVE-2006-1386)

1.4
(CVE-2006-1387)

Secunia Advisory: SA19410 , March 27, 2006

University of Washington

Pubcookie 3.3, 3.2.1, 3.2, 3.1.1, 3.1, 3.0, 1.0, 3.2.1a

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerabilities could be exploited with a web browser.

Pubcookies Multiple Cross-Site Scripting

CVE-2006-1392
CVE-2006-1393

2.3
(CVE-2006-1392)

2.3
(CVE-2006-1393)

Security Focus, Bugtraq ID: 17221, March 24, 2006

US-CERT VU#314540

US-CERT VU#337585

VBulletin

ImpEx 1.74

A file include vulnerability has been reported in 'ImpExData.php' due to insufficient verification of the 'systempath' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, vBulletin-ImpEx-rfi.php, has been published.

VBulletin ImpEx Remote File Include

CVE-2006-1382

XOR Crew Security Advisory, March 22, 2006

Veritas Software

NetBackup Enterprise Server 6.0, 5.1, 5.0, NetBackup DataCenter 4.5 MP, 4.5 FP, NetBackup BusinesServer 4.5 MP, 4.5 FP

Multiple buffer overflow vulnerabilities have been reported in the volume manager (vmd) daemon, the NetBackup Catalog (bpdbm) daemon, and the NetBackup Sharepoint Services server (bpspsserver) daemon due to boundary errors, which could let a remote malicious user execute arbitrary code.

Patches available

Currently we are not aware of any exploits for these vulnerabilities.

VERITAS NetBackup Remote Buffer Overflows

CVE-2006-0989
CVE-2006-0990
CVE-2006-0991

6
(CVE-2006-0989)

6
(CVE-2006-0990)

6
(CVE-2006-0991)

Security Tracker Alert ID: 1015832, March 27, 2006

US-CERT VU#880801

US-CERT VU#744137

US-CERT VU#377441

vihor.de

VihorDesign 0

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a Directory Traversal has been reported in 'index.php' which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

VihorDesign Cross-Site Scripting & Directory Traversal

CVE-2006-1496
CVE-2006-1497

2.3
(CVE-2006-1496)

2.3
(CVE-2006-1497)

Security Focus, Bugtraq ID: 17226, March 22, 2006

VWar

VWar 1.5 & prior

A file include vulnerability has been reported in 'include/functions
_install.PHP' due to insufficient verification if the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_RCE.php, has been published.

Virtual War File Inclusion

CVE-2006-1503

Not Available

Secunia Advisory: SA19438, March 29, 2006

WEBalbum

WEBalbum 2.02pl

A vulnerability has been reported in the 'skin2' cookie due to insufficient sanitization in cookies before using them in includes, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

An exploit script, webalbum.php, has been published.

WEBalbum Remote Command Execution

CVE-2006-1480

5.6 Security Focus, Bugtraq ID: 17228, March 24, 2006

Xpdf

Xpdf 3.01

A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code.

Gentoo

Fedora

RedHat

RedHat

Ubuntu

Debian

Debian

Debian

Slackware

Slackware

Gentoo

Debian

SCO

Currently we are not aware of any exploits for this vulnerability.

Xpdf PDF Splash Remote Buffer Overflow

CVE-2006-0301

Secunia Advisory: SA18677, February 1, 2006

Gentoo Linux Security Advisories, GLSA 200602-04 & GLSA 200602-05, February 12, 2006

Fedora Update Notifications,
FEDORA-2006-103, FEDORA-2006-104, & FEDORA-2006-105, February 10, 2006

RedHat Security Advisories, RHSA-2006:0201-3 & RHSA-2006:0206-3, February 13, 2006

Ubuntu Security Notice, USN-249-1, February 13, 2006

Debian Security Advisories,
DSA-971-1, DSA-972-1 & DSA-974-1, February 14 & 15, 2006

Slackware Security Advisories, SSA:2006-045-04& SSA:2006-045-09, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200602-12, February 21, 2006

Debian Security Advisory,
DSA-998-1, March 14, 2006

SCO Security Advisory, SCOSA-2006.15, March 22, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
  • Bluetooth Gets a Major Speed Boost: Transmission speed will increase in the Bluetooth wireless standard used in cell phones and other small devices, broadening its scope to enable high-definition video and files for digital music players like the iPod. The industry group behind Bluetooth said that it would boost transfer speeds in the next few years by incorporating a new radio technology, known as ultra-wideband, or UWB.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.
  • Exploit for Vulnerability in Microsoft Internet Explorer: US-CERT is aware of an active exploitation of a vulnerability in the way Microsoft Internet Explorer handles certain DHTML methods.
  • TSP Phishing Scams: US-CERT continues to receive reports of phishing scams that target online users and Federal government web sites. Specifically, sites that provide online benefits are being targeted. Recently, the phishing scam targeted the Thrift Savings Plan (TSP), a retirement savings plan for United States government employees and members of the uniformed services. For more information please see Thrift Savings Plan (TSP) at URL: http://www.tsp.gov/
  • Profiting From ID Theft: Identity theft has become the fastest-growing crime in the United States, with about 9 million victims in 2005.
  • Top Execs Insist Too Little Is Spent On IT: Survey: According to a survey commissioned by Managed Objects, almost half of senior corporate executives believe their companies are spending too little on IT this year. Interviews with 230 U.S. executives showed that 46 percent believed their companies weren't spending enough on IT, compared to 10 percent who said too much was being spent and 44 percent who said spending was just about right.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm
Stable
March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Zafi-B Win32 Worm
Stable
June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3 Lovgate.w Win32 Worm
Stable
April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4 Mytob-GH Win32 Worm
Stable
November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5 Netsky-D Win32 Worm
Stable
March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6 Mytob-AS Win32 Worm
Stable
June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Sober-Z Win32 Worm
Stable
December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8 Mytob.C Win32 Worm
Stable
March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
9 Zafi-D Win32 Worm
Stable
December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
10 Mytob-BE Win32 Worm
Stable
June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.

Table updated March 28, 2006

[back to top]

 

 

 

Last updated

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Caloris Planitia Technologies

Online Quiz System

Multiple input validation vulnerabilities have been reported in Online Quiz System that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Online Quiz System Cross-Site Scripting

CVE-2006-1417

2.3 Security Focus, ID: 17255, March 27, 2006

Caloris Planitia Technologies

School Management System

An input validation vulnerability has been reported in School Management System that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Caloris Planitia Technologies School Management System Cross-Site Scripting

CVE-2006-1418

2.3 Security Focus, ID: 17257, March 27, 2006

Desiderata Software

Blazix 1.2.5 for Windows

A vulnerability has been reported in Blazix that could let remote malicious users disclose information.

Blazix 1.2.6

Currently we are not aware of any exploits for these vulnerabilities.

Blazix Information Disclosure

CVE-2006-1483

2.3 Security Tracker, Alert ID: 1015837, March 28, 2006
Explorer XP

An input validation vulnerability has been reported in Explorer XP that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Explorer XP Cross-Site Scripting

CVE-2006-1493

2.3 Security Tracker, Alert ID: 1015840, March 28, 2006

FusionZONE

ClassifiedZONE 1.2

A vulnerability has been reported in ClassifiedZONE that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

ClassifiedZONE Cross-Site Scripting

CVE-2006-1429

2.3 Secunia, Advisory: SA19427, March 28, 2006

FusionZONE

CouponZONE 4.2

A vulnerability has been reported in CouponZONE that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

CouponZONE Cross-Site Scripting

CVE-2006-1431

2.3 Secunia, Advisory: SA19430, March 28, 2006

FusionZONE

RealestateZONE 4.2

A vulnerability has been reported in RealestateZONE that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

RealestateZONE Cross-Site Scripting

CVE-2006-1486

2.3 Secunia, Advisory: SA19427, March 28, 2006

HTMLJunction

EZHomePagePro 1.5

Multiple vulnerabilities have been reported in EZHomePagePro that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

EZHomePagePro Cross-Site Scripting

CVE-2006-1413

2.3 Secunia, Advisory: SA19386, March 27, 2006

Internet Security Systems

BlackIce PC Desktop for Windows 3.6, BlackICE PC Protection consumer edition, BlackICE Server Protection consumer edition, BlackICE Agent for Server corporate edition, RealSecure Desktop 3.6, corporate 7.0

A vulnerability has been reported in multiple Internet Security Systems products, help dialog privilege error, that could let local malicious users obtain elevated privileges or execute arbitrary code.

Preventa Desktop and Preventa Server are not vulnerable.

There is no exploit code required.

Multiple Internet Security Systems Product Privilege Elevation or Arbitrary Code Execution

CVE-2005-2711

7 Secunia, Advisory: SA19327, March 24, 2006

KYE Systems

Genius VideoCAM NB

A vulnerability has been reported in Genius VideoCAM NB that could let local malicious users obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

Genius VideoCAM NB Privilege Elevation

CVE-2006-1484

7 Security Focus, ID: 17284, March 28, 2006

Microsoft

.NET Framework SDK 1.1 SP1 and prior

Multiple buffer overflow vulnerabilities have been reported in the .NET Framework SDK, ildasm DLL disassembly and MSIL tools, that could let remote malicious users cause a Denial of Service, execute arbitrary code, or obtain unauthorized access.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, BufferOverFlowInILASM
andILDASM.zip, has been published.

Microsoft .NET Framework SDK Multiple Vulnerabilities

CVE-2006-1510
CVE-2006-1511

Not Available

Secunia, Advisory: SA19406, March 27, 2006

Security Focus, ID: 17243, March 27

Microsoft

Internet Explorer 6.0 SP2 and prior

A vulnerability has been reported in Internet Explorer, createtextrange command, that could let remote malicious users execute arbitrary code.

Microsoft

Proof of Concept exploit scripts, ie_checkbox.pm and IE_exp.c, have been published.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2006-1359

7

Microsoft, Security Advisory 917077, March 23, 2006

US-CERT VU#876678

Microsoft

Internet Explorer 6.0, 6.0 SP1, 6.0 SP2

An unspecified vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code, HTA applications.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2006-1388

7 Security Tracker, Alert ID: 1015800, March 21, 2006

Microsoft

Office XP, XP SP1, XP SP2, XP SP3

A vulnerability has been reported in Office XP, array index, that could let remote malicious users cause a denial of service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, excel_03262006.rar, has been published.

Microsoft Office XP Denial of Service

CVE-2006-1540

Not Available Security Focus, ID: 17252, March 27, 2006
Orion Application Server 2.0.5, 2.0.6

A vulnerability has been reported in Orion Application Server that could let remote malicious users disclose information, JSP source code.

Orion Application Server 2.0.7

There is no exploit code required.

Orion Application Server Source Code Disclosure

CVE-2006-0816

2.3 Security Tracker, Alert ID: 1015823, March 23, 3006

Pablo Software Solutions

Baby ASP Web Server 1.5, 2.7.2

Quick 'n Easy Web Server 3.0.6, 3.1

A vulnerability has been reported in Baby ASP Web Server and Quick 'n Easy Web Server that could let remote malicious users disclose information, ASP source code.

Pablo Software Solutions Quick 'n Easy Web Server 3.1.1

Currently we are not aware of any exploits for these vulnerabilities.

Pablo Software Solutions Web Server Source Code Disclosure

CVE-2006-1391

2.3 Security Focus, ID: 17222, March 24, 2006

PuttySoft

dotNetBB Forums 2.42EC SP 3

An input validation vulnerability has been reported in dotNetBB Forums that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

dotNetBB Forums Cross-Site Scripting

CVE-2006-1415

2.3 Secunia, Advisory: SA19398, March 27, 2006

RealPlayer 8, 10, 10.0.6, 10.5, RealOne Player, and RealPlayer Enterprise

A buffer overflow vulnerability has been reported in RealPlayer, Mimio Broadcast file processing, that could let remote malicious users execute arbitrary code.

RealPlayer

There is no exploit code required.

RealPlayer Arbitrary Code Execution

CVE-2006-1370

7 Security Tracker, Alert ID: 1015810, March 24, 2006

Sheer Vision Technologies

SweetSuite .NET CMS 2.1

An input validation vulnerability has been reported in SweetSuite.NET CMS, 'search.aspx', that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

SweetSuite.NET CMS Cross-Site Scripting

CVE-2006-1405

4.7 Secunia, Advisory: SA19399, March 27, 2006
Toast Forums 1.6

A vulnerability has been reported in Toast Forums that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Toast Forums Cross-Site Scripting

CVE-2006-1414

2.3 Security Focus, ID: 17249, March 27, 2006
uniForum 4

Multiple vulnerabilities have been reported in uniForm that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

uniForum Cross-Site Scripting

CVE-2006-1406

2.3 Security Focus, ID: 17245, March 27, 2006
Vavoom 1.19.1 and prior

Multiple vulnerabilities have been reported in Vavoom that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, vaboom.zip, has been published.

Vavoom Two Denial of Service Vulnerabilities

CVE-2006-1408
CVE-2006-1409

2.3 (CVE-2006-1408)

2.3 (CVE-2006-1409)

Secunia, Advisory: SA19388, March 27, 2006

Web Host Automation Ltd.

Helm 3.2.10 beta

Multiple input validation vulnerabilities have been reported in Helm that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Helm Cross-Site Scripting

CVE-2005-4747

Not Available Security Focus, ID: 17263, March 27, 2006

Xigla Software

Absolute FAQ Manager .NET 4.0

An input validation vulnerability has been reported in Absolute FAQ Manager that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Absolute FAQ Manager Cross-Site Scripting

CVE-2006-1416

2.3 Secunia, Advisory: SA19396, March 27, 2006

Xigla Software

Absolute Live Support XE 2.0

A vulnerability has been reported in Absolute Live Support XE that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Absolute Live Support XE Arbitrary Code Execution

CVE-2006-1410

2.3 Secunia, Advisory: SA19415, March 37, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

AnyPortal
(php)

AnyPortal(php) 0.1

A Directory Traversal vulnerability has been reported in 'siteman.php3' due to insufficient sanitization of the 'F' parameter before using to create, edit, or view files, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

AnyPortal(PHP) Directory Traversal

CVE-2000-1240
CVE-2003-1298

Not Available Secunia Advisory: SA19359, March 23, 2006

BlankOL

BlankOL 1.0

Cross-Site Scripting vulnerabilities have been reported in 'bol.cgi' due to insufficient sanitization of the 'file' and 'function' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

BlankOL Multiple Cross-Site Scripting

CVE-2006-1404

4.7 Secunia Advisory: SA19387, March 27, 2006

Cholod.com

Cholod Mysql based message board

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'mb.cgi' due to insufficient sanitization of the 'name,' 'subject,' and 'message' parameters when posting a message, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'mb.cgi' due to insufficient sanitization of the 'topicnumber' and 'threadnumber' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client.

Cholod Mysql based message board Cross-Site Scripting & SQL Injection

CVE-2006-1395
CVE-2006-1396

7
(CVE-2006-1395)

2.3
(CVE-2006-1396)

 

Secunia Advisory: SA19439, March 29, 2006

Daniel Stenberg

curl 7.12-7.15, 7.11.2

 

A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.

Upgrades available

Mandriva

Fedora

Debian

Fedora

OpenPKG

Gentoo

RedHat

OpenOffice

Gentoo

SCO

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL URL Parser Buffer Overflow

CVE-2005-4077

Security Focus, Bugtraq ID: 15756, December 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005

Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005

Debian Security Advisory, DSA 919-1, December 12, 2005

Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005

RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005

Secunia Advisory: SA19261, March 16, 2006

Gentoo Linux Security Advisory, GLSA 200603-25, March 27, 2006

SCO Security Advisory, SCOSA-2006.16, March 28, 2006

Debian

Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A vulnerability has been reported in multiple Debian GNU/Linux packages due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries, which could let a malicious user execute arbitrary code.

Debian GNU/Linux has released fixed builds of the following package:

- libapache2-svn

There is no exploit code required.

Debian GNU/Linux Multiple Packages Insecure RUNPATH
Not Available Security Focus, Bugtraq ID: 17288, March 29, 2006

DRZES, LLC.

CONTROLzx HMS 3.3.4

Cross-Site Scripting vulnerabilities have been reported in 'dedicated_order.php' due to insufficient sanitization of the 'dedicatedPlanID' parameter, in 'shared_order.php' due to insufficient sanitization of the 'sharedPlanID' parameter, in 'customers/server_
management.php' due to insufficient sanitization of the 'plan_id' parameter, and in 'customers/forgotpass.php' due to insufficient sanitization of the 'customerEmailAddress' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities may be exploited with a web client; however, Proof of Concept exploits have been published.

CONTROLzx HMS Multiple Cross-Site Scripting

CVE-2006-1430

Secunia Advisory: SA19432, March 28, 2006

Free
RADIUS

FreeRADIUS 1.0-1.0.5

A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.

Updates available

SuSE

Currently we are not aware of any exploits for this vulnerability.

FreeRADIUS EAP-MSCHAPv2 Authentication Bypass

CVE-2006-1354

8

Security Focus, Bugtraq ID: 17171, March 21, 2006

SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006

Free
RADIUS

FreeRADIUS 1.0.4, 1.0.3

Multiple buffer overflow vulnerabilities have been reported in 'RLM_SQLCounter' due to insufficient bounds checking on user-supplied input, which could let a remote malicious user cause a Denial of Service.

Updates available

Currently we are not aware of any exploits for these vulnerabilities.

FreeRADIUS Multiple RLM_SQL
Counter Buffer Overflow

CVE-2005-4746

Not Available Security Focus, Bugtraq ID: 17293, March 29, 2006

Free
RADIUS

FreeRADIUS 1.0.4, 1.0.3

An SQL injection vulnerability has been reported in 'RLM_SQLCounter' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Updates available

There is no exploit code required.

FreeRadius RLM_SQL
Counter SQL Injection

CVE-2005-4745

Not Available Security Focus, Bugtraq ID: 17294, March 29, 2006

Gentoo

Linux

A vulnerability has been reported in 'Tetris-bsd.scores' due to a design error, which could let a malicious user obtain elevated privileges.

Update available

There is no exploit code required.

Tetris-BSD Elevated Privileges

CVE-2006-1539

Not Available Gentoo Linux Security Advisory, GLSA 200603-26, March 29, 2006

Gentoo

Linux 1.4 _rc1-rc3, 1.4, 1.2, 1.1 a, 0.7, 0.5

Several vulnerabilities have been reported due to NetHack, SlashEM, and Falcon's Eye games being incompatible with the system used for managing games on Gentoo Linux, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Gentoo nethack / falconseye / slashem Elevated Privileges

CVE-2006-1390

4.9 Gentoo Linux Security Advisory, GLSA 200603-23, March 23, 2006

Hewlett Packard Company

HP-UX B.11.23, B.11.11, B.11.00

A Denial of Service vulnerability has been reported in 'passwd(1)' due to a failure to handle exceptional conditions.

Patch information

Currently we are not aware of any exploits for this vulnerability.

HP-UX Passwd Unspecified Local Denial of Service

CVE-2006-1509

Not Available HP Security Bulletin, HPSBUX02103, March 26, 2006

Image
Magick

ImageMagick 6.2.4.5

A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands; and a format string vulnerability has been reported when handling filenames received via command line arguments, which could let a remote malicious user execute arbitrary code.

Ubuntu

Debian

Mandriva

Gentoo

RedHat

Gentoo

SGI

SuSE

There is no exploit code required.

ImageMagick Utilities Image Filename Remote Command Execution

CVE-2005-4601
CVE-2006-0082

7
(CVE-2005-4601)

3.9
(CVE-2006-0082)

Secunia Advisory: SA18261, December 30, 2005

Ubuntu Security Notice, USN-246-1, January 24, 2006

Debian Security Advisory,
DSA-957-1, January 26, 2006

Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006

Gentoo Linux Security Advisory, GLSA 200602-06, February 13, 2006

RedHat Security Advisory, RHSA-2006:0178-4, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200602-13, February 26, 2006

SGI Security Advisory, 20060301-01-U, March 8, 2006

SUSE Security Summary Report, SUSE-SR:2006:006, March 24, 2006

KisMAC

KisMAC 0.5 d4, 0.5 d, 0.2 a, 0.1 c, 0.1 b, 0.1 a, 0.12 a, 0.11 a, 0.10 a

A buffer overflow vulnerability has been reported in the 'WavePacketparse
TaggedData()' function when parsing the Cisco vendor tag for additional SSIDs in a received 802.11 management frame, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for this vulnerability.

KisMAC Remote Buffer Overflow

CVE-2006-1385

5.6 Security Focus, Bugtraq ID: 17198, March 23, 2006

MediaWiki

MediaWiki 1.5.7

An HTML injection vulnerability has been reported in the Encoded Page Link due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerability can be exploited via a web client.

MediaWiki HTML Injection

CVE-2006-1498

Not Available Security Focus, Bugtraq ID: 17269, March 27, 2006

MPlayer

MPlayer 1.0.20060329

Multiple vulnerabilities have been reported due to integer overflow errors in 'libmpdemux/asfheader.c' when handling an ASF file, and in 'libmpdemux/aviheader.c' when parsing the 'indx' chunk in an AVI file, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

MPlayer Multiple Integer Overflows

CVE-2006-1502

Not Available Secunia Advisory: SA19418, March 29, 2006

Multiple Vendors

Linux kernel 2.6-2.6.10, 2.4-2.4.28

A buffer overflow vulnerability has been reported in the 'coda_pioctl' function of the 'pioctl.c' file, which could let a malicious user cause a Denial of Service or execute arbitrary code with superuser privileges.

RedHat

RedHat

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Coda_Pioctl Local Buffer Overflow

CVE-2005-0124

Security Focus, Bugtraq ID: 14967, September 28, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Debian

Debian

Fedora

SuSE

RedHat

SGI

Debian

TurboLinux

Debian

Debian

Slackware

Slackware

Gentoo

SGI

SCO

Currently we are not aware of any exploits for these vulnerabilities.

3.9
(CVE-2005-3191)

7
(CVE-2005-3192)

3.9
(CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Debian Security Advisory, DSA-937-1, January 12, 2006

Debian Security Advisory, DSA 938-1, January 12, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006

SGI Security Advisory, 20060201-01-U, March 14, 2006

SCO Security Advisory, SCOSA-2006.15, March 22, 2006

Multiple Vendors

Linux kernel 2.6- 2.6.14

A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function.

Fedora

Upgrades available

Ubuntu

SUSE

RedHat

RedHat

RedHat

SmoothWall

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPV6 Denial of Service

CVE-2005-2973

Secunia Advisory: SA17261, October 21, 2005

Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005

Security Focus, Bugtraq ID: 15156, October 31, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Fast Lexical Analyzer Generator (Flex) prior to 2.5.33

A buffer overflow vulnerability has been reported in 'flex.skl' due to a boundary error, which could let a remote malicious user execute arbitrary code.

Updates available

Ubuntu

Gentoo

Debian

Currently we are not aware of any exploits for this vulnerability.

Flex Buffer Overflow

CVE-2006-0459

7

Secunia Advisory: SA19071, March 8, 2006

Ubuntu Security Notice, USN-260-1, March 06, 2006

Gentoo Linux Security Advisory, GLSA 200603-07, March 7, 2006

Debian Security Advisory,
DSA-1020-1, March 28, 2006

Multiple Vendors

Hewlett Packard Company HP-UX B.11.11, B.11.04, B.11.00;
Avaya Predictive Dialing System (PDS) 12.0

A remote Denial of Service vulnerability has been reported in the HP-UX 'swagentd' daemon.

HP

Avaya

There is no exploit code required.

HP-UX Swagentd Remote Denial of Service

CVE-2006-1389

3.3 Security Focus, Bugtraq ID: 17215, March 27, 2006

Multiple Vendors

KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2;
Gentoo Linux

Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.

Gentoo

Ubuntu

Fedora

Mandriva

Ubuntu

Debian

Debian

SuSE

RedHat

RedHat

Fedora

Debian

Trustix

Mandriva

RedHat

SGI

Debian

TurboLinux

Gentoo

Debian

Debian

Slackware

Slackware

SGI

SCO

Currently we are not aware of any exploits for this vulnerability.

KPdf & KWord Multiple Unspecified Buffer & Integer Overflow

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627

 

Not Available

Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006

Ubuntu Security Notice, USN-236-1, January 05, 2006

Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006

Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006

Ubuntu Security Notice, USN-236-2, January 09, 2006

Debian Security Advisory DSA 931-1, January 9, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

SUSE Security Announcement, SUSE-SA:2006:001, January 11, 2006

RedHat Security Advisories, RHSA-2006:0163-2 & RHSA-2006:0177-5, January 11, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

Debian Security Advisories, DSA 937-1, 938-1, & 940-1, January 12 & 13, 2006

Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006

Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006

SGI Security Advisory, 20060201-01-U, March 14, 2006

SCO Security Advisory, SCOSA-2006.15, March 22, 2006

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Linux Kernel

SUSE

RedHat:

RedHat

Debian

Conectiva

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CVE-2005-1761

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.4.x, 2.6.x

Vulnerabilities have been reported due to the 'sockaddr_in.sin_zero' array not being zeroed before being returned to user space programs calling certain socket functions that retrieve information about the specified socket, which could let a remote malicious user obtain sensitive information.

Vulnerability has been fixed in the 2.4 kernel branch in the CVS repositories.

An exploit script, linux_sin_zero.c, has been published.

Linux Kernel IPv4 'sockaddr_
in.sin_zero' Information Disclosure

CVE-2006-1342
CVE-2006-1343

1.6
(CVE-2006-1342)

1.6
(CVE-2006-1343)

 

Secunia Advisory: SA19357, March 23, 2006

Multiple Vendors

Linux kernel 2.6.15.1 & prior

Two vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'get_compat_timespec' function in the SPARC architecture; and a Denial of Service vulnerability was reported when single steps are performed by multiple ptrace tasks in the ia64 architecture.

Updates available

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Get_Compat_
Timespec & PTrace Local Denial of Service

CVE-2006-0482
CVE-2006-1066

1.6
(CVE-2006-0482)

1.3
(CVE-2006-1066)

Security Focus, Bugtraq ID: 17216, March 24, 2006

Debian Security Advisory
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6.8-2.6.10, 2.4.21

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Ubuntu

Trustix

Fedora

RedHat

Mandriva

RedHat

Mandriva

SUSE

Conectiva

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service

CVE-2005-2490
CVE-2005-2492

4.9 (CVE-2005-2490)

4.7 (CVE-2005-2492)

Secunia Advisory: SA16747, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .1

A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.

Ubuntu

This issue has been addressed in Linux kernel 2.6.13-rc7.

SUSE

RedHat

RedHat

Mandriva

Conectiva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPSec Policies Authorization Bypass

CVE-2005-2555

Ubuntu Security Notice, USN-169-1, August 19, 2005

Security Focus, Bugtraq ID 14609, August 19, 2005

Security Focus, Bugtraq ID 14609, August 25, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.13.1

A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.

Linux Kernel

Ubuntu

Mandriva

SUSE

Conectiva

RedHat

RedHat

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel routing_ioctl() Denial of Service

CVE-2005-3044

Security Tracker Alert ID: 1014944, September 21, 2005

Ubuntu Security Notice, USN-187-1, September 25, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_
key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.

Linux Kernel

Fedora

Trustix

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

RedHat

RedHat

RedHat

Debian

There is no exploit code required.

Linux Kernel Denial of Service & Information Disclosure

CVE-2005-3119
CVE-2005-3180
CVE-2005-3181

2.3 (CVE-2005-3119)

3.3 (CVE-2005-3180)

2.3 (CVE-2005-3181)

 

Secunia Advisory: SA17114, October 12, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

 

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'mm/mempolicy.c' when handling the policy system call; a remote Denial of Service vulnerability was reported in 'net/ipv4/fib_
frontend.c' when validating the header and payload of fib_lookup netlink messages; an off-by-one buffer overflow vulnerability was reported in 'kernel/sysctl.c,' which could let a malicious user cause a Denial of Service and potentially execute arbitrary code; and a buffer overflow vulnerability was reported in the DVB (Digital Video Broadcasting) driver subsystem, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code.

Updates available

SuSE

SuSE

Debian

An exploit script has been published.

Linux Kernel Multiple Vulnerabilities


CVE-2005-4635
CVE-2005-3358

2.3
(CVE-2005-4635)

3.5
(CVE-2005-3358)

 

Secunia Advisory: SA18216, January 4, 2006

SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'

Upgrades available

Ubuntu

RedHat

RedHat

RedHat

RedHat

DSA-1017

DSA-1018

There is no exploit code required.

Linux Kernel 'Sysctl' Denial of Service

CVE-2005-2709

Secunia Advisory: SA17504, November 9, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.

RedHat

Ubuntu

Mandriva

SUSE

Conectiva

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel USB Subsystem Denials of Service

CVE-2005-2873
CVE-2005-3055

2.3 (CVE-2005-2873)

2.3 (CVE-2005-3055)

Secunia Advisory: SA16969, September 27, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux Kernel 2.6-2.6.14

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.

Ubuntu

Trustix

RedHat

Mandriva

SUSE

Conectiva

RedHat

Debian

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors Linux Kernel Denials of Service

CVE-2005-3053
CVE-2005-3106
CVE-2005-3107
CVE-2005-3108
CVE-2005-3109
CVE-2005-3110

2.3 (CVE-2005-3053)

2.3 (CVE-2005-3106)

2.3 (CVE-2005-3107)

2.3 (CVE-2005-3108)

2.3 (CVE-2005-3109)

3.3 (CVE-2005-3110)

 

 

 

Ubuntu Security Notice, USN-199-1, October 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39

A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.

Mandriva

Fedora

Conectiva

SmoothWall

DSA-1017

DSA-1018

There is no exploit code required; however, a Proof of Concept exploit has been published.

Linux Kernel Console Keymap Arbitrary Command Injection

CVE-2005-3257

Security Focus, Bugtraq ID: 15122, October 17, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4

A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself.

Upgrades available

Fedora

SUSE

Mandriva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTrace 'CLONE_
THREAD' Denial of Service

CVE-2005-3783

Secunia Advisory: SA17761, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15

A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.

Patches available

Trustix

RedHat

RedHat

DSA-1017

DSA-1018

An exploit script has been published.

Linux Kernel PrintK Local Denial of Service

CVE-2005-3857

Security Focus, Bugtraq ID: 15627, November 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory, DSA-1018-1, March 24, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4

 

A Denial of Service vulnerability has been reported because processes are improperly auto-reaped when they are being ptraced.

Patches available

Fedora

Trustix

SUSE

RedHat

Mandriva

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTraced Denial of Service

CVE-2005-3784

Security Focus, Bugtraq ID: 15625, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Linux kernel prior to 2.6.15

A memory disclosure vulnerability has been reported in the 'ProcFS' kernel, which could let a malicious user obtain sensitive information.

Update available

Fedora

RedHat

Ubuntu

SuSE

SuSE

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ProcFS Kernel Memory Disclosure

CVE-2005-4605

Security Focus, Bugtraq ID: 16284, January 17, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Ubuntu Security Notice, USN-244-1, January 18, 2006

SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

RealOne Helix Player 1.x,
RealOne Player v1, v2,
RealPlayer 10.x, 8,
RealPlayer Enterprise 1.x;Gentoo Linux; SuSE Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the handling of the 'chunked' Transfer-Encoding method due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when processing SWF files due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to the incorrect use of the 'CreateProcess()' API when executing other programs, which could let a remote malicious user execute arbitrary code.

Updates available

Gentoo

SuSE

RedHat

Currently we are not aware of any exploits for these vulnerabilities.

RealNetworks Products Multiple Buffer Overflow

CVE-2005-2922
CVE-2005-2936
CVE-2006-0323

7
(CVE-2005-2936)

7
(CVE-2006-0323)

 

Secunia Advisory: SA19358, March 27, 2006

Gentoo Linux Security Advisory, GLSA 200603-24, March 26, 2006

SUSE Security Announcement, SUSE-SA:2006:018, March 23, 2006

RedHat Security Advisory, RHSA-2006:0257-9, March 22, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0;
Linux kernel 2.6.9

A Denial of Service vulnerability has been reported in the 'mq_open' system call.

RedHat

Ubuntu

SuSE

SuSE

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 'mq_open' System Call Denial of Service

CVE-2005-3356

Security Focus, Bugtraq ID: 16283, January 17, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Ubuntu Security Notice, USN-244-1, January 18, 2006

SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Rolo Rolo 011;
LibVC LibVC 003

A buffer overflow vulnerability has been reported in the 'count_vcards' function in 'vc.c' when reading lines from an input vcard (.vcf) file, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

LibVC Buffer Overflow

CVE-2006-1356

5.6 Secunia Advisory: SA19295, March 27, 2006

Multiple Vendors

SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
Linux kernel 2.6-2.6.13, Linux kernel 2.4-2.4.32

 

A Denial of Service vulnerability has been reported in FlowLable.

Upgrades available

SUSE

RedHat

RedHat

Mandriva

RedHat

RedHat

Mandriva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPv6 FlowLable Denial of Service

CVE-2005-3806

Security Focus, Bugtraq ID: 15729, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Multiple Vendors

SuSE Linux Professional 9.3 x86_64, 9.3, Linux Personal 9.3 x86_64, 9.3;
Linux kernel 2.6.11-2.6.12 .5

A Denial of Service vulnerability has been reported in 'handle_stop_signal()' due to a race condition.

Updates available

SuSE

Debian

There is no exploit code required.

Linux Kernel Denial of Service

CVE-2005-3847

SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.10, 2.4-2.4.28

A vulnerability has been reported in the SDLA driver, which could let a malicious user unauthorized access.

Updates available

Ubuntu

Mandriva

DSA-1017

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access

CVE-2006-0096

 

Ubuntu Security Notice, USN-244-1 January 18, 2006

Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1

A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.

Ubuntu

SUSE

Mandriva

Conectiva

DSA-1017

DSA-1018

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ISO File System Remote Denial of Service

CVE-2005-2457

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory.
DSA-1018-1, March 24, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
GNOME Evolution 2.3.1 -2.3.6 .1, 2,0- 2.2 , 1.5

 

Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.

Updates available

Ubuntu

Mandriva

SUSE

Gentoo

RedHat

SGI

Conectiva

SUSE

Debian

Currently we are not aware of any exploits for these vulnerabilities.

GNOME Evolution Multiple Format String

CVE-2005-2549
CVE-2005-2550

8
(CVE-2005-2549)

8
(CVE-2005-2550)

Secunia Advisory: SA16394, August 11, 2005

Ubuntu Security Notice, USN-166-1, August 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:141, August 18, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

Gentoo Linux Security Advisory, GLSA 200508-12, August 23, 200

RedHat Security Advisory, RHSA-2005:267-10, August 29, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announce-ment, CLSA-2005:1004, September 13, 2005

SUSE Security Announcement, SUSE-SA:2005:054, September 16, 2005

Debian Security Advisory,
DSA-1016-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 5.0 4, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.13

A Denial of Service vulnerability has been reported in the '/proc/scsi/sg/devices' file due to a memory leak.

Ubuntu

Mandriva

SUSE

Conectiva

RedHat

Debian

A Proof of Concept exploit has been published.

Linux Kernel SCSI ProcFS Denial of Service

CVE-2005-2800

2.3

Security Focus, Bugtraq ID: 14790, September 9, 2005

Ubuntu Security Notice, USN-178-1, September 09, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15

A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.

Updates available

Ubuntu

Trustix

Fedora

RedHat

Debian

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel DM-Crypt Local Information Disclosure

CVE-2006-0095

Security Focus, Bugtraq ID: 16301, January 18, 2006

Ubuntu Security Notice, USN-244-1 January 18, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Secunia Advisory: SA18774, February 8, 2006

RedHat Security Advisory, RHSA-2006:0132-31, March 7, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix

Gentoo

Mandriva

Ubuntu

Fedora

SUSE

RedHat

SGI

Conectiva

TurboLinux

Fedora

Fedora

Debian

There is no exploit code required.

netpbm Arbitrary Code Execution

CVE-2005-2471


7

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005

Ubuntu Security Notice, USN-164-1, August 11, 2005

Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005

RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005

SGI Security Advisory, 20050901-01-U, September 7, 2005

Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005

Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005

Fedora Update Notification,
FEDORA-2005-000, January 5, 2006

Fedora Update Notification,
FEDORA-2006-112, February 16, 2006

Debian Security Advisory,
DSA-1021-1, March 28, 2006

Rahul Dhesi

Zoo 2.10

A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

SuSE

Gentoo

Debian

SuSE

Currently we are not aware of any exploits for this vulnerability.

zoo Buffer Overflow

CVE-2006-0855

3.9

Security Tracker Alert ID: 1015668, February 23, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006

Debian Security Advisory, DSA 991-1, March 10, 2006

SUSE Security Summary Report, SUSE-SR:2006:006, March 24, 2006

Sendmail Consortium

Sendmail prior to 8.13.6

A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.

Updates available

RHSA-2006:0264-8

RHSA-2006:0265-9

Fedora

Gentoo

AIX

Sun

SuSE

FreeBSD

Slackware

OpenBSD

Avaya

Debian

HP

NetBSD

A Proof of Concept exploit script, sendtest.c, has been published.

Sendmail Asynchronous Signal Handling Remote Code Execution

CVE-2006-0058

8

Internet Security Systems Protection Advisory, March 22, 2006

Technical Cyber Security Alert TA06-081A

US-CERT VU#834865

RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006

Sun(sm) Alert Notification
Sun Alert ID: 102262, March 24, 2006

Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006

SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006

Slackware Security Advisory, SSA:2006-081-01, March 22, 2006

Avaya Security Advisory, ASA-2006-074, March 24, 2006

Debian Security Advisory,
DSA-1015-1, March 24, 2006

HP Security Bulletin,
HPSBUX02108, March 27, 2006

NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006

Source
workshop

Newsletter 1.0

An SQL injection vulnerability has been reported in 'Newsletter.PHP' due to insufficient sanitization of the 'newsletteremail' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Sourceworkshop Newsletter SQL Injection

CVE-2006-1533

Not Available Security Focus, Bugtraq ID: 17304, March 29, 2006

Source
workshop

vCounter 1.0

An SQL injection vulnerability has been reported in 'vCounter.PHP' due to insufficient sanitization of the 'url' parameter using '_SERVER['REQUEST
_URI']' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

vCounter SQL Injection

CVE-2006-1499

Not Available Secunia Advisory: SA19422, March 29, 2006

Sun Microsystems, Inc.

Solaris 8, 9

A vulnerability has been reported in the 'usr/ucb/ps' command because environment variables and values of all processes are revealed to an unprivileged user.

Patches available

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris Process Environment Disclosure

CVE-1999-1587

Not Available Sun(sm) Alert Notification
Sun Alert ID: 102215, March 27, 2006

Webcheck

Webcheck prior to 1.9.6

An HTML injection vulnerability has been reported due to an input validation error in the parsing of website content when crawling websites, which could let a remote malicious user execute arbitrary HTML and script code.

Update available

Vulnerability can be exploited with a web browser.

Webcheck HTML Injection

CVE-2006-1321

2.3 Security Focus, Bugtraq ID: 17212, March 24, 2006
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

Active
Campaign Inc.

SupportTrio 2.50.2

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'terms' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code; and a path disclosure vulnerability has been reported in 'index.php' and 'pdf.php' when accessed with invalid input.

No workaround or patch available at time of publishing.

Vulnerability may be exploited with a web client; however, a Proof of Concept exploit has been published.

ActiveCampaign SupportTrio Cross-Site Scripting & Path Disclosure

CVE-2006-1487
CVE-2006-1488

2.3
(CVE-2006-1487)

2.3
(CVE-2006-1488)

Security Focus, Bugtraq ID: 17276, March 27, 2006

AL-Caricatier

AL-Caricatier 2.5

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

AL-Caricatier Multiple Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17289, March 28, 2006

Arab Portal System

Arab Portal System 2.0

A Cross-Site Scripting vulnerability has been reported in 'online.php' and 'download.php' due to insufficient sanitization of the 'title' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Arab Portal Cross-Site Scripting

CVE-2006-1504

Not Available Secunia Advisory: SA19445, March 29, 2006

Arabless.
com

SaphpLesson 2.0

An SQL injection vulnerability has been reported in 'Print.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

SaphpLesson SQL Injection

CVE-2006-1420

2.3 Security Focus, Bugtraq ID: 17239, March 27, 2006

Arthur Konze WebDesign

AkoComment 2.0

Multiple SQL injection vulnerabilities have been reported in 'adkcomment.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

AkoComment Multiple SQL Injection

CVE-2006-1421

1.9 Security Focus, Bugtraq ID: 17241, March 27, 2006

CoMoblog

CoMoblog 1.0

A Cross-Site Scripting vulnerability has been reported in 'Img.php' due to insufficient sanitization of the 'i' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

CoMoblog Cross-Site Scripting

CVE-2006-1377

KAPDA::#37 Advisory, March 23, 2006

ConfTool

ConfTool 1.1

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

ConfTool Cross-Site Scripting

CVE-2006-1482

7 Security Focus, Bugtraq ID: 17231, March 27, 2006

csDoom

csDoom 2005 0.7 & prior

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'SV_BroadcastPrintf()' function when handling chat messages that are sent from a client, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in the 'SV_SetupUserInfo()' function when handling a user's nickname and teamname when a player joins the server, which could let a remote malicious user execute arbitrary code; and a format string vulnerability was reported in the 'PrintString()' function when displaying text strings in the console and in the game screen, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available

A Proof of Concept exploit script, csdoombof.zip, has been published.

csDoom Format String & Buffer Overflows

CVE-2006-1402
CVE-2006-1403

7
(CVE-2006-1402)

3.3
(CVE-2006-1403)

Secunia Advisory: SA19389, March 27, 2006

Daniel Stenberg

curl 7.15-7.15.2

A buffer overflow vulnerability has been reported when parsing a URL that contains the TPTP protocol prefix 'tfpt://' due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.

Updates available

Gentoo

Fedora

Trustix

Currently we are not aware of any exploits for this vulnerability.

cURL / libcURL TFTP URL Parser Buffer Overflow

CVE-2006-1061

Security Focus, Bugtraq ID: 17154, March 20, 2006

Gentoo Linux Security Advisory, GLSA 200603-19, March 21, 2006

Fedora Update Notification,
FEDORA-2006-189, March 21, 2006

Trustix Secure Linux Security Advisory #2006-0016, March 24, 2006

DeltaScripts

PHP Classifieds 6.20, 6.18

A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'searchword' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

PHP Classifieds Cross-Site Scripting

CVE-2006-1532

Not Available Secunia Advisory: SA19440, March 29, 2006

DSPortal

DSLogin 1.0

Multiple SQL-injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

DSLogin Multiple SQL Injection

CVE-2006-1238

7 Security Focus, Bugtraq ID: 17262, March 27, 2006

Easy
Moblog

EasyMoblog 0.5.1, 0.5

A Cross-Site Scripting vulnerability has been reported in 'Img.php' due to insufficient sanitization of the 'i' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

EasyMoblog Cross-Site Scripting

CVE-2006-1377

KAPDA::#37 Advisory, March 23, 2006

Formfields Team

AdMan 1.0.20051221

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'viewStatement.php' due to insufficient sanitization of the 'transactions_offset' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a path disclosure vulnerability was reported in 'viewPricingScheme.php' and 'editCampaign.php' because it is possible to obtain sensitive information when accessed directly.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited via a web client; however,a Proof of Concept exploit has been published.

AdMan SQL Injection & Path Disclosure

CVE-2006-1374
CVE-2006-1375

7
(CVE-2006-1374)

2.3
(CVE-2006-1375)

 

Secunia Advisory: SA19351, March 27, 2006

Horde

Horde 3.0-3.0.9, 3.1

A vulnerability has been reported in Help Viewer which could let a remote malicious user execute arbitrary PHP code.

Updates available

Vulnerability can be exploited via a web client.

Horde Help Viewer Remote PHP Code Execution

CVE-2006-1491

7 Security Focus, Bugtraq ID: 17292, March 29, 2006

IBM

Tivoli Business Systems Manager 3.1

A Cross-Site Scripting vulnerability has been reported in 'APWC_Win_Main.JSP' due to insufficient sanitization of the 'skin' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Interim fix information

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

IBM Tivoli Business Systems Manager Cross-Site Scripting

CVE-2006-1384

Security Tracker Alert ID: 1015822, March 24, 2006

JJW Web Design

phpBooking
Calendar 1.0c

An SQL injection vulnerability has been reported in 'Details_View.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

PHPBooking
Calendar SQL Injection

CVE-2006-1422

2.3 Security Focus, Bugtraq ID: 17230, March 27, 2006

Metisware

Instructor 1.3

A Cross-Site Scripting vulnerability has been reported in '/MyTasks/PersonalTask
Create.asp' due to insufficient sanitization of the 'vchTaskHeader' parameter before using, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Metisware Instructor Cross-Site Scripting

CVE-2006-1400

2.3 Secunia Advisory: SA19385, March 27, 2006

MH Software

Connect Daily 3.2.9, 3.2.8

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Connect Daily Cross-Site Scripting

CVE-2006-1508

Not Available Secunia Advisory: SA19434, March 28, 2006

Multiple Vendors

phpPgAds phpPgAds 2.0.7;
phpAdsNew phpAdsNew 2.0.7

Multiple input validation vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of certain parameters in the banner delivery scripts before displayed in the admin interface, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability as reported in the login form due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

phpAdNews

phpPgAds

Vulnerabilities can be exploited via a web client.

PHPAdsNew & PHPPGAds Multiple Input Validation

CVE-2006-1397

2.3 Security Focus, Bugtraq ID: 17251, March 27, 2006

NetOffice

NetOffice 2.6 b2, 2.5.3 -pl1

An SQL injection vulnerability has been reported in 'Sendpassword.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, PHPCollab_NetOffice
_SQLINJ.php, has been published.

NetOffice SQL Injection

CVE-2006-1495

7 Security Focus, Bugtraq ID: 17286, March 28, 2006

Noah Grey

Greymatter 1.21 a-d, 1.21, 1.3.1, 1.3, 1.2, 1.1 b

A file upload vulnerability has been reported in 'gm-upload.cgi' due to an error, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited with a web client; however, Proof of Concept exploit scripts, greymatter.pl and greymatter.c, have been published.

Noah Grey Greymatter Arbitrary File Upload

CVE-2006-1485

4.2 Secunia Advisory: SA19423, March 28, 2006

Nuked-Klan

Nuked-Klan 1.7.5 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

Nuked-Klan SQL Injection

CVE-2006-1419

2.3 Security Focus, Bugtraq ID: 17233, March 27, 2006

null
branded.tk

Null News 2005.7.27

SQL injection vulnerabilities have been reported in 'sub.php' and 'unsub.php' due to insufficient sanitization of the 'user_username' parameter and in 'lostpass.php,' 'sub.php,' and 'unsub.php' due to insufficient sanitization of the 'user_email' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Null news Multiple SQL Injection

CVE-2006-1534

Not Available Secunia Advisory: SA19413, March 29, 2006

OneOrZero

OneOrZero Helpdesk 1.6.3.0

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

OneOrZero Helpdesk SQL Injection

CVE-2006-1501

Not Available Secunia Advisory: SA19446, March 29, 2006

Pablo Software Solutions

Baby FTP Server 1.24

A vulnerability has been reported because the FTP server returns different error messages depending on whether a file exists outside the FTP root directory or not, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Baby FTP Server Information Disclosure

CVE-2006-1383

 

Security Focus, Bugtraq ID: 17205, March 23, 2006

phoetux.net

PhxContacts 0.93.1 & prior

A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

PhxContacts Cross-Site Scripting

CVE-2006-1535

Not Available Security Focus, Bugtraq ID: 17307, March 29, 2006

phoetux.net

PhxContacts 0.93.1 & prior

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

PhxContacts Multiple SQL Injection

CVE-2006-1536

Not Available Security Focus, Bugtraq ID: 17306, March 29, 2006

PHP Group

PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x

A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information.

The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Information Disclosure

CVE-2006-1490

2.3 Secunia Advisory: SA19383, March 29, 2006

PHP Lite Calendar Express

PHP Lite Calendar Express 2.2

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Calendar Express Multiple Cross-Site Scripting

CVE-2006-1401

2.3 Security Focus, Bugtraq ID: 17240, March 27, 2006

PHP Lite

Meeting Reserve 1.0 beta

A Cross-Site Scripting vulnerability has been reported in 'searchresult.php' due to insufficient sanitization of the 'search_term' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Meeting Reserve Cross-Site Scripting

CVE-2006-1399

2.3 Secunia Advisory: SA19372, March 27, 2006

PHP

PHP 5.1.1, 5.1

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the 'mysqli' extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code.

PHP

Mandriva

Ubuntu

Gentoo

There is no exploit code required.

Multiple PHP Vulnerabilities

CVE-2006-0207
CVE-2006-0208

2.3
(CVE-2006-0208)

 

Secunia Advisory: SA18431, January 13, 2006

Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006

Ubuntu Security Notice, USN-261-1, March 10, 2006

Gentoo Linux Security Advisory, GLSA 200603-22, March 22, 2006

PHP Script Index

PHP Script Index 0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'search' parameter before returning to the use, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited with a web browser.

PHP Script Index Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17297, March 29, 2006

PHP Ticket

PHP Ticket 0.6, 0.5, 0.71

An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'frm_search_in' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, phpticket.pl, has been published.

PHP Ticket SQL Injection

CVE-2006-1481

4.2 Secunia Advisory: SA19412, March 27, 2006

phpCOIN

phpCOIN 1.2-1.2.2

Cross-Site Scripting vulnerabilities have been reported in 'mod.php' and 'mod_print.php' due to insufficient sanitization of the 'fs' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.

phpCOIN Multiple Cross-Site Scripting

CVE-2006-1428

Security Focus, Bugtraq ID: 17279, March 28, 2006

PhpCollab

PHPCollab 2.5.rc3, 2.4

An SQL injection vulnerability has been reported in 'sendpassword.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, PHPCollab_NetOffice
_SQLINJ.php, has been published.

PhpCollab SQL Injection

CVE-2006-1495

7 Security Focus, Bugtraq ID: 17283, March 28, 2006

PHPKIT

PHPKIT 1.6.03

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPKIT Cross-Site Scripting

CVE-2006-1507

Not Available Security Focus, Bugtraq ID: 17291, March 29, 2006

phpmyfamily

phpmyfamily 1.4.0.

An SQL injection vulnerability has been reported in 'people.php' due to insufficient sanitization of the 'person' parameter and in 'passthru.php' due to insufficient sanitization of the 'pwdUser' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

phpmyfamily SQL Injection

CVE-2005-0841

Secunia Advisory: SA14642, March 25, 2006

phpmyfamily

phpmyfamily 1.4.1

A Cross-Site Scripting vulnerability has been reported in 'track.php' due to insufficient sanitization of the 'name' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

PHPmyfamily Cross-Site Scripting

CVE-2006-1425

Secunia Advisory: SA19409, March 28, 2006

Pixel Motion

Pixel Motion 0

SQL injection vulnerabilities have been reported in '/admin/index.php' due to insufficient sanitization of the 'user' and 'pass' parameters and in 'index.php' due to insufficient sanitization of the 'date' parameter before using in an SQL query, which could let a remote malicious execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

Pixel Motion Multiple SQL Injection

CVE-2006-1426

7 Security Focus, Bugtraq ID: 17260, March 28, 2006

Sixal

G-Book 1.0

An HTML injection vulnerability has been reported in 'guestbook.php' due to insufficient sanitization of the 'g_message' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

G-Book HTML Injection

CVE-2006-1398

2.3 Security Focus, Bugtraq ID: 17253, March 27, 2006

SkinTech

phpNewsManager 1.48

SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

PHPNewsManager Multiple SQL Injection
Not Available Security Focus, Bugtraq ID: 17301, March 29, 2006

Tachyon
decay.net

VSNS Lemon 3.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'name' parameter when adding a comment, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'functions/final_
functions.php' due to insufficient authentication, which could let a remote malicious user bypass authentication; and an SQL injection vulnerability was reported in 'functions/final_
functions.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Tachyondecay VSNS Lemon Multiple Vulnerabilities
Not Available Secunia Advisory: SA19420, March 28, 2006

TFT Gallery

TFT Gallery 0.10

A vulnerability has been reported because user credentials are stored in the 'admin/passwd' file inside the web root, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, tftgallery_0.10_
exploit.pl, has been published.

TFT Gallery Administrator Password Information Disclosure

CVE-2006-1412

2.3 Security Focus, Bugtraq ID: 17250, March 27, 2006

Tilde

Tilde CMS 3

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

Tilde CMS SQL Injection

CVE-2006-1500

Not Available Security Focus, Bugtraq ID: 17299, March 29, 2006

TWiki

TWiki 20040902, 20040901, 04x00x01, 04x00x00, 01-Sep-2001, 01-Feb-2003, 01-Dec-2001

Several vulnerabilities have been reported: a vulnerability was reported in the 'rdiff' and 'preview' scripts because it is possible to view restricted content; and a remote Denial of Service vulnerability was reported due to an error in the handling of circular references for the '%INCLUDE' statement.

Hotfix (CVE-2006-1386)

Hotifx (CVE-2006-1387)

Vulnerabilities can be exploited through use of a web client.

TWiki Information Disclosure & Remote Denial of Service

CVE-2006-1386
CVE-2006-1387

7
(CVE-2006-1386)

1.4
(CVE-2006-1387)

Secunia Advisory: SA19410 , March 27, 2006

University of Washington

Pubcookie 3.3, 3.2.1, 3.2, 3.1.1, 3.1, 3.0, 1.0, 3.2.1a

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerabilities could be exploited with a web browser.

Pubcookies Multiple Cross-Site Scripting

CVE-2006-1392
CVE-2006-1393

2.3
(CVE-2006-1392)

2.3
(CVE-2006-1393)

Security Focus, Bugtraq ID: 17221, March 24, 2006

US-CERT VU#314540

US-CERT VU#337585

VBulletin

ImpEx 1.74

A file include vulnerability has been reported in 'ImpExData.php' due to insufficient verification of the 'systempath' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, vBulletin-ImpEx-rfi.php, has been published.

VBulletin ImpEx Remote File Include

CVE-2006-1382

XOR Crew Security Advisory, March 22, 2006

Veritas Software

NetBackup Enterprise Server 6.0, 5.1, 5.0, NetBackup DataCenter 4.5 MP, 4.5 FP, NetBackup BusinesServer 4.5 MP, 4.5 FP

Multiple buffer overflow vulnerabilities have been reported in the volume manager (vmd) daemon, the NetBackup Catalog (bpdbm) daemon, and the NetBackup Sharepoint Services server (bpspsserver) daemon due to boundary errors, which could let a remote malicious user execute arbitrary code.

Patches available

Currently we are not aware of any exploits for these vulnerabilities.

VERITAS NetBackup Remote Buffer Overflows

CVE-2006-0989
CVE-2006-0990
CVE-2006-0991

6
(CVE-2006-0989)

6
(CVE-2006-0990)

6
(CVE-2006-0991)

Security Tracker Alert ID: 1015832, March 27, 2006

US-CERT VU#880801

US-CERT VU#744137

US-CERT VU#377441

vihor.de

VihorDesign 0

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a Directory Traversal has been reported in 'index.php' which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

VihorDesign Cross-Site Scripting & Directory Traversal

CVE-2006-1496
CVE-2006-1497

2.3
(CVE-2006-1496)

2.3
(CVE-2006-1497)

Security Focus, Bugtraq ID: 17226, March 22, 2006

VWar

VWar 1.5 & prior

A file include vulnerability has been reported in 'include/functions
_install.PHP' due to insufficient verification if the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_RCE.php, has been published.

Virtual War File Inclusion

CVE-2006-1503

Not Available

Secunia Advisory: SA19438, March 29, 2006

WEBalbum

WEBalbum 2.02pl

A vulnerability has been reported in the 'skin2' cookie due to insufficient sanitization in cookies before using them in includes, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

An exploit script, webalbum.php, has been published.

WEBalbum Remote Command Execution

CVE-2006-1480

5.6 Security Focus, Bugtraq ID: 17228, March 24, 2006

Xpdf

Xpdf 3.01

A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code.

Gentoo

Fedora

RedHat

RedHat

Ubuntu

Debian

Debian

Debian

Slackware

Slackware

Gentoo

Debian

SCO

Currently we are not aware of any exploits for this vulnerability.

Xpdf PDF Splash Remote Buffer Overflow

CVE-2006-0301

Secunia Advisory: SA18677, February 1, 2006

Gentoo Linux Security Advisories, GLSA 200602-04 & GLSA 200602-05, February 12, 2006

Fedora Update Notifications,
FEDORA-2006-103, FEDORA-2006-104, & FEDORA-2006-105, February 10, 2006

RedHat Security Advisories, RHSA-2006:0201-3 & RHSA-2006:0206-3, February 13, 2006

Ubuntu Security Notice, USN-249-1, February 13, 2006

Debian Security Advisories,
DSA-971-1, DSA-972-1 & DSA-974-1, February 14 & 15, 2006

Slackware Security Advisories, SSA:2006-045-04& SSA:2006-045-09, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200602-12, February 21, 2006

Debian Security Advisory,
DSA-998-1, March 14, 2006

SCO Security Advisory, SCOSA-2006.15, March 22, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
  • Bluetooth Gets a Major Speed Boost: Transmission speed will increase in the Bluetooth wireless standard used in cell phones and other small devices, broadening its scope to enable high-definition video and files for digital music players like the iPod. The industry group behind Bluetooth said that it would boost transfer speeds in the next few years by incorporating a new radio technology, known as ultra-wideband, or UWB.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.
  • Exploit for Vulnerability in Microsoft Internet Explorer: US-CERT is aware of an active exploitation of a vulnerability in the way Microsoft Internet Explorer handles certain DHTML methods.
  • TSP Phishing Scams: US-CERT continues to receive reports of phishing scams that target online users and Federal government web sites. Specifically, sites that provide online benefits are being targeted. Recently, the phishing scam targeted the Thrift Savings Plan (TSP), a retirement savings plan for United States government employees and members of the uniformed services. For more information please see Thrift Savings Plan (TSP) at URL: http://www.tsp.gov/
  • Profiting From ID Theft: Identity theft has become the fastest-growing crime in the United States, with about 9 million victims in 2005.
  • Top Execs Insist Too Little Is Spent On IT: Survey: According to a survey commissioned by Managed Objects, almost half of senior corporate executives believe their companies are spending too little on IT this year. Interviews with 230 U.S. executives showed that 46 percent believed their companies weren't spending enough on IT, compared to 10 percent who said too much was being spent and 44 percent who said spending was just about right.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm
Stable
March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Zafi-B Win32 Worm
Stable
June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3 Lovgate.w Win32 Worm
Stable
April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4 Mytob-GH Win32 Worm
Stable
November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5 Netsky-D Win32 Worm
Stable
March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6 Mytob-AS Win32 Worm
Stable
June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Sober-Z Win32 Worm
Stable
December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8 Mytob.C Win32 Worm
Stable
March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
9 Zafi-D Win32 Worm
Stable
December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
10 Mytob-BE Win32 Worm
Stable
June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.

Table updated March 28, 2006

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top