 |
Summary of Security Items from December 8 through December 14, 2004
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
21-6 Productions
Orbz 2.10 and prior |
A vulnerability exists due to a boundary error when handling
join requests. This can be exploited to cause a buffer overflow by
supplying an overly long password. Successful exploitation may allow execution of arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
21-6 Productions Orbz Password Field Buffer Overflow |
High |
Secunia Advisory ID, SA13327, November 30, 2004
PacketStorm, December 12, 2004 |
AMAX Information Technologies Inc.
Winmail Server 4.0 (Build 1112) |
A vulnerability exists when the 'admin/chgpwd.php,' 'admin/domain.php,' or 'admin/user.php'
script is accessed directly, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Winmail Server 'chgpwd.php', 'domain.php', and 'user.php' Information Disclosure |
Medium |
GSSIT - Global Security Solution IT Advisory, December 13, 2004 |
Clearswift
MIMEsweeper for SMTP 5.0, 5.0.5 |
A remote Denial of Service vulnerability exists in the Security Service when processing PDF files.
Updates available at:
http://www.clearswift.com/download/info.aspx?ID=562
Currently we are not aware of any exploits for this vulnerability. |
Clearswift MIMEsweeper For SMTP Remote Denial of Service |
Low |
Secunia Advisory, SA13411, December 10, 2004 |
Code-Crafters
Ability Server 2.25-2.34 |
A buffer overflow vulnerability exists in the processing of the APPE FTP command, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
Ability Server 'APPE FTP' Command Buffer Overflow |
High |
SecurityTracker Alert ID, 1012464, December 8, 2004 |
CoffeeCup Software
CoffeeCup Direct FTP 6.0, 6.2, CoffeeCup Free FTP 6.0, 6.2 |
A buffer overflow vulnerability exists due to the way long buffer file names are handled, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Another exploit script has been published. |
CoffeeCup Direct/Free FTP ActiveX Component Remote Buffer Overflow |
High |
Secunia Advisory,
SA13282, November 23, 2004
PacketStorm December 11, 2004 |
David Harris
Mercury (win32 version) 4.0 1a |
Multiple stack-based buffer overflow vulnerabilities exist in the IMAP server implementation due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
Update available at:
ftp://ftp.usm.maine.edu/pegasus/
mercury32/m32-401b.zip
An exploit script has been published. |
Mercury Mail Multiple Remote IMAP Stack Buffer Overflows |
High |
Bugtraq, December 1, 2004
PacketStorm, December 12, 2004 |
Digital Illusions
Codename Eagle 1.42 & prior |
A remote Denial of Service vulnerability exists when a malicious user submits an empty UDP datagram.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Codename Eagle UDP Packet Processing Remote Denial of Service |
Low |
Secunia Advisory,
SA13423, December 13, 2004 |
Headlight Software, Inc.
GetRight 5.2a & prior |
A buffer overflow vulnerability exists in the 'DUNZIP32.DLL' component when a specially crafted skin file is created, which could let a remote malicious user execute arbitrary code.
Upgrade available at:
http://www.getright.com/get.html
A Proof of Concept exploit has been published. |
GetRight 'DUNZIP32.DLL' Buffer Overflow |
High |
Secunia Advisory,
SA13391, December 7, 2004
SecurityFocus, December 7, 2004 |
IBEX Software
Remote Execute 2.x |
A remote Denial of Service vulnerability exists due to an error in the connection handling.
Update available at: http://www.ibexsoftware.com/downloadRemoteExecute.asp
Currently we are not aware of any exploits for this vulnerability. |
IBEX Software Remote Execute Denial of Service |
Low |
SecurityTracker Alert, 1012445, December 7, 2004
US-CERT Vulnerability Note, VU#136424, December 10, 2004 |
IpSwitch
WS_FTP Server 5.03, 2004.10.14 |
Several vulnerabilities were reported that could permit a remote authenticated malicious user to execute arbitrary code on the target system. A remote authenticated user can trigger a buffer overflow in several FTP commands. The SITE, XMKD, MKD, and RFNR FTP commands are affected. A remote user can cause the FTP service to crash or execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
IpSwitch WS_FTP Buffer Overflow |
High |
SecurityTracker Alert ID: 1012353, November 29, 2004
PacketStorm, December 11, 2004 |
Kerio
Personal Firewall 4.0.6-4.0.10, 4.0.16, 4.1-4.1.2, Personal Firewall 2 2.1-2.1.5 |
A Denial of Service vulnerability exists due to insufficient sanitization of SPI parameters that are received from hooked APIs.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Kerio Personal Firewall Local Denial of Service |
Low |
SecurityFocus, December 8, 2004 |
Kerio
WinRoute Firewall 6.0-6.0.8 |
A remote Denial of Service, a DNS cache poisoning, and an information disclosure vulnerability exist, which could let a remote malicious user obtain sensitive information, manipulate the DNS cache, and cause the computer to crash or hang.
The vendor has released WinRoute Firewall version 6.0.9 resolving this issue. Users running the affected firewall are advised to contact the vendor for more information on obtaining the upgrade.
Currently we are not aware of any exploits for these vulnerabilities.
|
Kerio WinRoute Firewall Multiple Unspecified Remote
|
Low/ Medium
(Medium if sensitive information can be obtained)
|
SecurityFocus, December 10, 2004 |
MailEnable
MailEnable Professional Edition v1.52, MailEnable Enterprise Edition v1.01 |
Two vulnerabilities exist in the IMAP service that could permit a remote malicious user to execute arbitrary code. A remote user can trigger a stack-based buffer overflow or an object pointer overwrite to execute arbitrary code on the target system.
The vendor has issued a fix, available at:
http://mailenable.com/hotfix.asp
An exploit script has been published. |
MailEnable Stack Overflow & Pointer Overwrite |
High |
Hat-Squad Security Team Advisory, November 25, 2004
PacketStorm, December 11, 2004 |
Microsoft
Internet Explorer 6.0 SP1,
Microsoft Internet Explorer 6.0
Avaya DefinityOne Media Servers R6-12, IP600, Media Servers R6-R12, IP600 Media Servers
Avaya Modular Messaging S3400,
S3400 Message Application Server,
S8100 Media Servers R6-R12 |
A remote buffer overflow vulnerability exists due to insufficient boundary checks performed by the application and results in a Denial of Service condition. Arbitrary code execution may be possible as well.
Patches available at:
http://www.microsoft.com/technet/
security/bulletin/ms04-040.mspx
Note: Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 or MS04-038 should not install this update. Instead customers should deploy update 889669.
Microsoft Knowledge Base Article 889293 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
Avaya: http://support.avaya.com/japple/css/
japple?temp.groupID=128450&temp.selectedFamily=
128451&temp.selectedProduct=154235&temp.
selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=212001&
PAGE=avaya.css.CSSLvl1Detail&execute
Transaction=avaya.css.UsageUpdate()
An exploit script has been published. |
Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow
CVE Name:
CAN-2004-1050
|
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, Bugtraq ID 11515, October 25, 2004
Packetstorm, November 4, 2004
Microsoft Security Bulletin, MS04-040, December 1, 2004
Technical Cyber Security Alert, TA04-336A, December 3, 2004
Avaya Security Advisory, ASA-2004-085, December 9, 2004 |
Microsoft
Internet Explorer 6.0, SP1 |
A vulnerability exists in the 'sysimage://' protocol handler because the existence of a file can be detected, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
An exploit script is not required; however, a Proof of Concept exploit script has been published.
|
Microsoft Internet Explorer Sysimage Protocol Handler Information Disclosure |
|
Bugtraq, December 7, 2004 |
Microsoft
SharePoint Portal Server SP3, 2003, 2001 SP3
Microsoft SharePoint Portal Server 2001, SP1-SP2A |
A vulnerability exists due to an error when installing SPS components using a user account with a password containing a leading dash, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required.
|
Microsoft Office SharePoint Portal Server Information Disclosure |
Medium |
SecurityFocus, December 10, 2004 |
Microsoft
Internet Explorer 5.0.1, SP1-SP4, 5.0.1 for Windows NT 4.0/98/95/2000, 5.5, SP1&SP2, preview, 6.0, SP1&SP2, Internet Explorer Macintosh Edition 5.2.3 |
A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Vulnerability has appeared in the press and other public media. |
Microsoft Internet Explorer Remote Window Hijacking
CVE Name:
CAN-2004-1155
|
Medium |
Secunia Advisory, SA13251, December 10, 2004 |
Microsoft
Internet Explorer 6.0, SP1&SP2
|
A vulnerability exists due to a failure to present the URI address of HTML and script code loaded into the search pane, which could let a remote malicious user present web pages to users that seem to originate from a trusted location.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Microsoft Internet Explorer Search Pane URI Obfuscation |
Medium |
Bugtraq, December 8, 2004 |
Microsoft
Windows (ME), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (2003), Windows (XP) |
A vulnerability was reported that could allow a remote user to execute arbitrary code on the target system. A remote user can send a specially crafted WINS packet to the target server on TCP port 42 to modify a memory pointer and write arbitrary contents to arbitrary memory locations.
UPDATE: The WINS service is installed and enabled by default on Microsoft Small Business Server 2000/2003. However, the ports used for the service are reportedly not remotely accessible by default on Small Business Server.
Updates available at: http://www.microsoft.com/technet/security/
bulletin/MS04-045.mspx
A Proof of Concept exploit has been published. |
|
High |
US-CERT Vulnerability Note VU#145134, November 29, 2004
SecurityFocus, December 6, 2004
Microsoft Security Bulletin, SB04-045, December 14, 2004 |
Microsoft
Windows NT Server 4.0 SP6a, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition, SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME
|
Several vulnerabilities exist due to boundary errors in the table
and font conversion in the Word for Windows 6.0 converter, which could let a remote malicious user execute arbitrary code. Note: Exploitation requires that the handler for Word for Windows 6.0
converter is enabled.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-041.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Microsoft Security Bulletin, MS04-041, December 14, 2004 |
Microsoft
Windows NT Server 4.0 SP6a , NT Server 4.0 Terminal Server Edition SP6
|
Several vulnerabilities exist: A remote Denial of Service vulnerability exists when a malicious user submits a specially crafted DHCP message to the DHCP server; and a vulnerability exists when handling DHCP request traffic due to an unchecked buffer, which could let a remote malicious user execute arbitrary code.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-042.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin, MS04-042, December 14, 2004 |
Microsoft
Windows NT Server 4.0 SP6a, NT Server 4.0 Terminal Server Edition SP6, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME |
A buffer overflow vulnerability exists due to boundary errors in the handling of
HyperTerminal session files and telnet URLs, which could let a remote malicious user execute arbitrary code.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx
Currently we are not aware of any exploits for this vulnerability. |
Microsoft HyperTerminal Remote Code Execution
CVE Name:
CAN-2004-0568
|
High |
Microsoft Security Bulletin, MS04-043, December 14, 2004 |
Microsoft
Windows NT Server 4.0 SP6a, NT Server 4.0 Terminal Server Edition SP6, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME
|
Several vulnerabilities exist: a vulnerability exists due to an unchecked buffer in the
handling of data sent through a LPC (Local Procedure Call) port, which could let a remote malicious user execute arbitrary code with elevated privileges; and a vulnerability exists due to an error in the validation of
identity tokens in LSASS (Local Security Authority Subsystem
Service), which could let a remote malicious user obtain elevated privileges.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx
Currently we are not aware of any exploits for these vulnerabilities. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Microsoft Security Bulletin, SB04-044, December 14, 2004 |
Microsoft
Windows NT Server 4.0 SP 6a, NT Server 4.0 Terminal Server Edition SP 6, Windows 2000 Server SP 3 & SP4, Windows Server 2003, 2003 64-Bit Edition
|
A vulnerability exists due to an unchecked buffer in the handling of the 'Name' parameter from certain packets, which could let a remote malicious user execute arbitrary code.
Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Microsoft Security Bulletin, SB04-045, December 14, 2004 |
Microsoft
Microsoft .NET Framework 1.x, Digital Image Pro 7.x, 9.x, Digital Image Suite 9.x, Frontpage 2002, Greetings 2002, Internet Explorer 6, Office 2003 Professional Edition, 2003 Small Business Edition, 2003 Standard Edition, 2003 Student and Teacher Edition, Office XP, Outlook 2002, 2003, Picture It! 2002, 7.x, 9.x, PowerPoint 2002, Producer for Microsoft Office PowerPoint 2003, Project 2002, 2003, Publisher 2002, Visio 2002, 2003, Visual Studio .NET 2002, 2003, Word 2002;
Avaya DefinityOne Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers |
A buffer overflow vulnerability exists in the processing of JPEG image formats, which could let a remote malicious user execute arbitrary code.
Frequently asked questions regarding this vulnerability and the patch can be found at: http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Bulletin updated to advise on the availability of additional security updates. Standalone security updates for The Microsoft .NET Framework version 1.0 Service Pack 2 and The Microsoft .NET Framework version 1.1 are now available. Security updates for Microsoft Visual FoxPro 8.0 and the Microsoft Visual FoxPro 8.0 runtime are also now available. Bulletin updated to reflect the release of Windows Messenger 5.1 that contains an updated version of the affected file. The MS04-028 Enterprise Update Scanning Tool has been updated to detect and deploy the additional security updates.
Another exploit script has been published. |
Microsoft JPEG Processing Buffer Overflow
CVE Name:
CAN-2004-0200
|
High |
Microsoft Security Bulletin, MS04-028, September 14, 2004
US-CERT Vulnerability Note VU#297462, September 14, 2004
Technical Cyber Security Alert TA04-260A, September 16, 2004
SecurityFocus, September 17, 2004
SecurityFocus, September 28, 2004
Packet Storm, October 7, 2004.
Microsoft Security Bulletin, MS04-028, V3.0 December 14, 2004 |
Multiple Vendors
Archive::Zip 1.13,
F-Secure Anti-Virus for Microsoft Exchange 6.30, 6.30 SR1, and 6.31,
Computer Associates,
Eset,
Kaspersky,
McAfee,
Sophos,
RAV |
Remote exploitation of an exceptional condition error in multiple vendors' anti-virus software allows malicious users to bypass security protections by evading virus detection. The problem specifically exists in the parsing of .zip archive headers. This vulnerability affects multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV.
Instructions for Computer Associates, Eset, Kaspersky, McAfee, Sophos, and RAV are available at: http://www.idefense.com/application/poi/display?id
=153&type=vulnerabilities&flashstatus=true
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-31.xml
Mandrakelinux 10.1 and Mandrakelinux 10.1/X86_64:
http://www.mandrakesoft.com/security/advisories
A fix for F-Secure is available at::
ftp://ftp.f-secure.com/support/
hotfix/fsav-mse/fsavmse63x-02.zip
SUSE:
http://www.SUSE.com/en/private/
download/updates/92_i386.html
A Proof of Concept exploit script has been published. |
|
High |
iDEFENSE Security Advisory, October 18, 2004
Secunia Advisory ID: SA13038, November 1, 2004
SecurityFocus, Bugtraq ID: 11448, November 2, 2004
SecurityTracker Alert ID: 1012057, November 3, 2004
SecurityFocus, November 15, 2004
SecurityFocus, November 29, 2004
US-CERT Vulnerability Note, VU#968818, December 13, 2004 |
Netscape
Navigator 7.0, 7.0.2, 7.1-7.2 |
A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Vulnerability has appeared in the press and other public media. |
|
Medium |
Secunia Advisory,
SA13402, December 8, 2004 |
Nullsoft
Winamp 5.05 |
A vulnerability exists which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the 'IN_CDDA.dll' file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted '.m3u' playlist. Successful exploitation allows execution of arbitrary code.
Update to version 5.0.6:
http://www.winamp.com/player/
An exploit script has been published. |
Nullsoft Winamp 'IN_CDDA.dll' Buffer Overflow |
High |
Security-Assessment Vulnerability Advisory, November 23, 2004
PacketStorm, December 11, 2004 |
Open Text Corporation
FirstClass 8.0 |
A remote Denial of Service vulnerability exists in the HTTP Daemon Search function.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
OpenText FirstClass HTTP Daemon Search Function Remote Denial of Service |
Low |
SecurityTracker Alert ID, 1012478, December 11, 2004 |
Symantec
Windows LiveUpdate prior to v2.5, Norton SystemWorks 2001-2004, Norton AntiVirus and Pro 2001-2004, Norton Internet Security and Pro 2001-2004,
Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0
|
A vulnerability exists in the LiveUpdate GUI during an interactive LiveUpdate session when running the scheduled 'NetDetect' task, which could let a remote malicious user execute arbitrary commands.
The vendor has issued a fixed version of LiveUpdate (2.5), available via LiveUpdate.
Currently we are not aware of any exploits for this vulnerability. |
Symantec LiveUpdate NetDetect Scheduled Task |
High |
SecurityTracker Alert ID, 1012492, December 13, 2004 |
WeOnlyDo!
wodFtpDLX ActiveX component, wodFtpDLX ActiveX component 2.1.1 8 |
A buffer overflow vulnerability exists due to the way long buffer file names are handled, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.weonlydo.com/index.asp?showform=FtpDLX
Exploit scripts have been published. |
WeOnlyDo! wodFtpDLX ActiveX Component Remote Buffer Overflow |
High |
Securiteam, November 23, 2004
PacketStorm December 11, 2004 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Adobe
Adobe Version Cue on Mac OS X |
A vulnerability exists that could permit a local malicious user to obtain root privileges on the target system. The scripts used to start and stop Adobe Version Cue are configured with set user id (setuid) root user privileges and do not validate the path names. A local user can create specially crafted scripts and modify the current path to point to the directory containing those scripts. When Adobe Version Cue is started or stopped, the scripts will run with root user privileges.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Adobe Version Cue Start/Stop Scripts Arbitrary Script Execution |
High |
SecurityTracker Alert ID: 1012446, December 7, 2004 |
Apache Software Foundation
Apache 2.0.35-2.0.52 |
A vulnerability exists when the 'SSLCipherSuite' directive is used in a directory or location context to require a restricted set of cipher suites, which could let a remote malicious user bypass security policies and obtain sensitive information.
OpenPKG:
ftp://ftp.openpkg.org/release/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-21.xml
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesoft.com/security/advisories
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-562.html
SuSE: In the process of releasing packages.
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-600.html
There is no exploit code required.
|
Apache mod_ssl SSLCipherSuite Access Validation
CVE Name:
CAN-2004-0885
|
Medium |
OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004
Gentoo Linux Security Advisory, GLSA 200410-21, October 22, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:122, November 2, 2004
Conectiva Linux Security Announcement, CLA-2004:885, November 4, 2004
Fedora Update Notification,
FEDORA-2004-420, November 12, 2004
RedHat Security Advisory, RHSA-2004:562-11, November 12, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
RedHat Security Advisory, RHSA-2004:600-12, December 13, 2004 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31 |
A buffer overflow vulnerability exists in the 'get_tag()' function, which could let a malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-03.xml
Slackware:
ftp://ftp.slackware.com/pub/slackware/s
Trustix:
http://http.trustix.org/pub/trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-600.html
Exploit scripts have been published. |
|
High |
SecurityFocus, October 20, 2004
Slackware Security Advisory, SA:2004-305-01, November 1, 2004
Gentoo Linux Security Advisory, GLSA 200411-03, November 2, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:134, November 17,2004
Turbolinux Security Announcement, November 18, 2004
Red Hat Advisory: RHSA-2004:600-12, December 13, 2004 |
Apple
Darwin
Streaming Server 5.0.1 on Mac OS X 10.2.8 or 10.3.6 Server |
A vulnerability exists due to an input validation error in the handling of 'DESCRIBE' requests. This can be exploited to cause a vulnerable server to crash by sending a specially crafted request for a location containing a null byte.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/
Currently we are not aware of any exploits for this vulnerability. |
Apple Darwin Streaming Server DESCRIBE Null Byte Denial of Service
CVE Name:
CAN-2004-1123
|
Low |
iDEFENSE Advisory 12.03.04 |
Apple
Safari 1.2.4 |
A vulnerability exists which could allow a remote malicious user to inject content into an open window in certain cases to spoof web site contents. If the target name of an open window is known, a remote user can create Javascript that, when loaded by the target user, will display arbitrary content in the opened window. A remote user can exploit this to spoof the content of potentially trusted web sites.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Apple Safari Open Windows Injection |
Medium |
SecurityTracker Alert ID: 1012459, December 8, 2004 |
ARJ Software Inc.
UNARJ 2.62-2.65
|
A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings prior to processing, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/pub/fedora
/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-29.xml
SUSE:
http://www.suse.de/de/security/2004_03_sr.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Currently we are not aware of any exploits for this vulnerability. |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SecurityTracker Alert I,: 1012194, November 11, 2004
Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004
SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004
Fedora Update Notification
FEDORA-2004-414, December 11, 2004 |
Atari
Atari800 1.3.1 & prior |
Several buffer overflow vulnerabilities exist in the 'log.c' and 'rt-config.c' files due to insufficient boundary checks, which could let a malicious user execute arbitrary code with root privileges.
The vendor reports that the vulnerability described in 'log.c' is fixed in versions after 2003-11-13, and that they are currently looking into the issue in 'rt-config.c'.
An exploit script has been published. |
Atari800 Emulator Multiple Buffer Overflows |
High |
Securiteam, November 25, 2004
PacketStorm, December 11, 2004 |
BitWizard
mtr 0.55 through 0.65 |
A vulnerability exists which can be exploited by malicious, local users to perform certain actions with escalated privileges.The vulnerability is caused due to an off-by-one error in the keybinding routine in "mtr_curses_keyaction()". This may be exploited by supplying specially crafted, overly long input. Exploitation requires that mtr is setuid "root" and not compiled with gcc 3.x.
Update to version 0.67:
ftp://ftp.bitwizard.nl/mtr/
Currently we are not aware of any exploits for this vulnerability. |
BitWizard mtr 'mtr_curses_keyaction()' Function Buffer Overflow |
Medium |
Secunia Advisory ID:
SA13430, December 14, 2004 |
Carnegie Mellon University
Cyrus IMAP Server 2.2.9 and prior versions |
A vulnerability exists in the mysasl_canon_user() function that could allow a remote user to execute arbitrary code on the target system. An off-by-one error exists in the mysasl_canon_user() function that may result in an unterminated user name string. A remote user may be able to trigger the buffer overflow to execute arbitrary code on the target system with the privileges of the target IMAP process.
The vendor has issued a fixed version (2.2.10), available at: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
Currently we are not aware of any exploits for this vulnerability. |
Carnegie Mellon Cyrus IMAP Server Off-by-one Overflow
CVE Name:
CAN-2004-1067 |
High |
SecurityTracker Alert ID: 1012474, December 10, 2004 |
Carsten Haitzler
imlib 1.x |
Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library.
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-03.xml
Red Hat:
http://rhn.redhat.com/errata/RHSA-2004-651.html
Currently we are not aware of any exploits for these vulnerabilities. |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026
CAN-2004-1025 |
High |
Secunia Advisory ID:
SA13381, December 7, 2004
Red Hat Advisory, RHSA-2004:651-03, December 10, 2004 |
Citadel Systems
Citadel/UX 6.27 and prior versions |
A format string vulnerability exists that could allow a remote user to execute arbitrary code on the target system. The lprintf() function in 'sysdep.c' makes an unsafe syslog() call based on user-supplied input but without providing the format string specifier or filtering the user-supplied input. A remote user can connect to the target service and supply a specially crafted string to trigger the error and cause the target service to crash or to execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
Citadel/UX Format String |
High |
No System Group, Advisory #09, December 12, 2004 |
Free Software Foundation
rootsh prior to version 1.4.1 |
A vulnerably exists in rootsh, which can be exploited by malicious, local users to bypass the logging functionality. The problem is caused due to an input validation error when handling certain xterm escape sequences. This can be exploited to generate empty syslog messages, allowing users to hide their actions in a syslog-only environment.
Update to version 1.4.1:
http://sourceforge.net/project/
showfiles.php?group_id=110309
Currently we are not aware of any exploits for this vulnerability. |
Free Software Foundation rootsh Security Bypass |
Medium |
Secunia Advisory ID: SA13405, December 9, 2004 |
GNU
a2ps 4.13 |
A vulnerability exists that could allow a malicious user to execute arbitrary shell commands on the target system. a2ps will execute shell commands contained within filenames. A user can create a specially crafted filename that, when processed by a2ps, will execute shell commands with the privileges of the a2ps process.
A patch for FreeBSD is available at:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/
print/a2ps-letter/files/patch-select.c?rev=1.1&content-type=text/plain
A Proof of Concept exploit has been published. |
GNU a2ps Filenames Shell Commands Execution |
High |
SecurityTracker Alert ID: 1012475, December 10, 2004
|
GNU
mysql_auth prior to 0.8 |
A vulnerability exists due to a memory leak in mysql_auth. The impact was not specified.
The vendor has issued a fixed version (0.8), available at: http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
GNU mysql_auth Memory Leak |
Not Specified |
SecurityTracker Alert ID: 1012500, December 14, 2004 |
GNU
Squid-2.5 |
A vulnerability exists which can be exploited by malicious people to gain knowledge of potentially sensitive information. Squid returns random error messages due to reference to freed memory in certain conditions involving a sequence of failed DNS lookups, resulting in random messages being shown as error message in response to such host names.
Apply patch: http://www.squid-cache.org/
Versions/v2/2.5/bugs/squid-2.5.STABLE7-dothost.patch
A Proof of Concept exploit has been published. |
GNU Squid Malformed Host Name |
Medium |
Squid Project Bugzilla Bug 1143, November 23, 2004 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
GNU wget File Creation & Overwrite |
Medium |
SecurityTracker Alert ID: 1012472, December 10, 2004 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=24099
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/
i/imagemagick/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-11.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/i386/update/
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:143
(Red Hat has re-issued it's update.)
http://rhn.redhat.com/errata/RHSA-2004-480.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
SecurityTracker Alert ID, 1011946, October 26, 2004
Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004
Debian Security Advisory DSA 593-1, November 16, 2004
SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004
SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004
Mandrakesoft Security Advisory, MDKSA-2004:143, December 6, 2004
Red Hat Security Advisory, RHSA-2004:636-03, December 8, 2004 |
Info-ZIP
Zip 2.3 |
A buffer overflow vulnerability exists due to a boundary error when doing recursive compression of directories with 'zip,' which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/z/zip/
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-16.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow
CVE Name:
CAN-2004-1010
|
High |
Bugtraq, November 3, 2004
Ubuntu Security Notice, USN-18-1, November 5, 2004
Fedora Update Notification,
FEDORA-2004-399 & FEDORA-2004-400, November 8 & 9, 2004
Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004
SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 |
KDE
KDE prior to 3.3.2 |
When a user creates a link to a remote file using various KDE applications, the resulting link may include authentication credentials for the remote system. This may include Samba passwords for files located on SMB servers.
Patches are available:
http://www.kde.org/info/security/advisory-20041209-1.txt
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
KDE Security Advisory, December 9, 2004 |
KDE
Konqueror 3.2.2-6
|
A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
KDE Konqueror Window Injection |
Medium |
Secunia Advisory ID: SA13254, December 8, 2004
|
Larry Wall
Perl 5.8.3 |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/
Gentoo:
http://security.gentoo.org/glsa/glsa-200412-04.xml
There is no exploit code required. |
|
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice, USN-16-1, November 3, 2004
Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004 |
libtiff.org
LibTIFF 3.6.1 |
Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-11.xml
Fedora:
http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
KDE: Update to version 3.3.2:
http://kde.org/download/
Apple Mac OS X:
http://www.apple.com/swupdates/
Proofs of Concept exploits have been published.
|
|
Low/High
(High if arbitrary code can be execute)
|
Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004
Debian Security Advisory, DSA 567-1, October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004
SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004
Slackware Security Advisory, SSA:2004-305-02, November 1, 2004
Conectiva Linux Security Announcement, CLA-2004:888, November 8, 2004
US-CERT Vulnerability Notes VU#687568 & VU#948752, December 1, 2004
Gentoo Linux Security Advisory, GLSA 200412-02, December 6, 2004
KDE Security Advisory, December 9, 2004
Apple Security Update SA-2004-12-02 |
MediaWiki
MediaWiki 1.3.8 |
A vulnerability exists which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient validation of files uploaded to the "images" directory located inside the web root. This can be exploited to upload and execute arbitrary malicious scripts.
Update to version 1.3.9:
http://wikipedia.sourceforge.net/
A Proof of Concept exploit has been published. |
MediaWiki 'images' Arbitrary Script Upload and Execution |
High |
Secunia Advisory ID:
SA13419, December 13, 2004 |
Multiple Vendors
file 4.11 and prior (Trustix) |
A vulnerability exists in the ELF header parsing code in 'file'. A malicious user may be able to create a specially crafted ELF file that, when processed using 'file', may be able to modify the stack and potentially execute arbitrary code.
Update to version 4.12:
ftp://ftp.astron.com/pub/file/
Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200412-07.xml
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors 'File' Processing ELF Headers Stack Overflow |
|
Trustix Secure Linux Advisory #2004-0063, November 26, 2004
Gentoo Linux Security Advisory, GLSA 200412-07/ file, December 13, 2004 |
Multiple Vendors
Gentoo Linux;
Samba Samba 3.0-3.0.7
|
A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation.
Patch available at:
http://us4.samba.org/samba/ftp/patches/security
/samba-3.0.7-CAN-2004-0930.patch
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-21.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-632.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SGI:
http://www.sgi.com/support/security/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux
/TurboLinux/ia32/Server/10/updates/
There is no exploit code required. |
|
Low |
SecurityFocus, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004
Conectiva Linux Security Announcement, CLA-2004:899, November 25, 2004
Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004
Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004
SGI Security Advisory, 20041201-01-P, December 13, 2004 |
Multiple Vendors
gzip |
A vulnerability exists in the gzip(1) command, which could let a malicious user access the files of other users that were processed using gzip.
Sun Solaris:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57600-1
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:142
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Debian:
http://www.debian.org/security/2004/dsa-588
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Sun(sm) Alert Notification, 57600, October 1, 2004
US-CERT Vulnerability Note VU#635998, October 18, 2004
Mandrakesoft Security Advisory, MDKSA-2004:142, December 6, 2004
Trustix Advisory TSL-2004-0050, September 30, 2004
Debian Security Advisory DSA 588-1, November 8, 2004 |
Multiple Vendors
Linux Kernel 2.6.x |
Some potential vulnerabilities exist with an unknown impact in the Linux Kernel. The vulnerabilities are caused due to boundary errors within the
"sys32_ni_syscall()" and "sys32_vm86_warning()" functions and can be exploited to cause buffer overflows. The attack vectors and impact are currently unknown.
Patches are available at:
http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
http://linux.bkbits.net:8080/linux-2.6/
gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors Linux Kernel 'sys32_ni_syscall' and 'sys32_vm86_warning' Buffer Overflows |
Not Specified |
Secunia Advisory ID: SA13410, December 9, 2004 |
Multiple Vendors
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1 |
A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.
Upgrades available at:
http://dev.mysql.com/downloads/mysql/4.0.html
OpenPKG:
ftp.openpkg.org
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-611.html
SuSE:
ftp://ftp.suse.com/pub/suse
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/m
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
There is no exploit code required.
|
MySQL Database Unauthorized GRANT Privilege
CVE Name:
CAN-2004-0957
|
Medium |
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Fedora Update Notification,
FEDORA-2004-530, December 8, 2004 |
Multiple Vendors
nfs-utils 1.0.6 |
A vulnerability exists due to an error in the NFS statd server in "statd.c" where the "SIGPIPE" signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely.
Upgrade to 1.0.7-pre1:
http://sourceforge.net/project/
showfiles.php?group_id=14&package_id=174
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:146
Debian:
http://www.debian.org/security/2004/dsa-606
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendors nfs-utils "SIGPIPE" TCP Connection Termination Denial of Service
|
Low |
Secunia Advisory ID: SA13384, December 7, 2004
Debian Security Advisory
DSA-606-1 nfs-utils, December 8, 2004 |
Multiple Vendors
perl |
Multiple vulnerabilities exist which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the file system. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.
Gentoo: update to "perl-5.8.5-r2" or later:
http://security.gentoo.org/glsa/glsa-200412-04.xml
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors Perl Insecure Temporary File Creation |
Medium |
Gentoo Security Advisory, GLSA 200412-04 / perl, December 7, 2004
Trustix Secure Linux Bugfix Advisory #2004-0050, November 30, 2004
Ubuntu Security Notice USN-16-1 November 02, 2004 |
Multiple Vendors
Samba 3.0 - 3.0.7; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, 2.1, ES 3, 2.1 IA64, 2.1, AS 3, 2.1 IA64, 2.1; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A buffer overflow vulnerability exists in the 'QFILEPATHINFO' request handler when constructing 'TRANSACT2_QFILEPATHINFO' responses, which could let a remote malicious user execute arbitrary code.
Update available at:
http://www.samba.org/samba/download/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
Ubuntu Upgrade samba-doc_
3.0.7-1ubuntu6.2_all.deb
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux
/TurboLinux/ia32/Server/10/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
e-matters GmbH Security Advisory, November 14, 2004
SuSE Security Announcement, SUSE-SA:2004:040, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Ubuntu Security Notice, USN-29-1, November 18, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:136, November 19, 2004
US-CERT Vulnerability Note VU#457622, November 19, 2004
Conectiva Linux Security Announcement, CLA-2004:899, November 25, 2004
Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004
Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004 |
Multiple Vendors
Unix OpenBSD 3.3, 3.4;
XFree86 X11R6 4.1 .0, 4.1–12,
4.1–11, 4.2 .0, 4.2 1, 4.2.1 Errata, 4.3 |
A buffer overflow vulnerability exists in the 'font.alias' file due to insufficient validation of user supplied data, which could let a malicious user obtain ROOT privileges.
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
Immunix:
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/
Mandrake:
http://www.mandrakesecure.net/en/advisories/
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/
RedHat:
ftp://updates.redhat.com/9/en/os/
Slackware:
ftp://ftp.slackware.com/pub/slackware/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/10/updates/
Xfree86:
ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff
A Proof of Concept exploit has been published. |
Multiple Vendors XFree86 Font Information File Buffer Overflow
CVE Name:
CAN-2004-0083 |
High |
iDEFENSE Security Advisory, February 10, 2004.
Slackware Security Advisory, SSA:2004-043-02, February 12, 2004.
Fedora Update Notification, FEDORA-2004-069, February 13, 2004.
Immunix Secured OS Security Advisory, IMNX-2004-73-002-01, February 13, 2004.
Mandrake Linux Security Update Advisory, MDKSA-2004:012, February 13, 2004.
Red Hat Security Advisories, RHSA-2004:059-01& RHSA-2004:060-16, February 13, 2004.
TurboLinux Security Advisory, TLSA-2004-5, February 17, 2004.
US-CERT Vulnerability Note VU#820006, December 7, 2004
|
Multiple Vendors
Easy Software Products CUPS 1.1.14-1.1.20; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
|
A Denial of Service vulnerability exists in 'scheduler/dirsvc.c' due to insufficient validation of UDP datagrams.
Update available at:
http://www.cups.org/software.php
Debian:
http://security.debian.org/pool/updates/main/c/cupsys/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
RedHat:
http://rhn.redhat.com/
SuSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
ALTLinux:
http://altlinux.com/index.php?
module=sisyphus&package=cups
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-25.xml
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Apple:
http://www.apple.com/support/security/
security_updates.html
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57646-1&searchclause=
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Fedora Legacy:
http://download.fedoralegacy.org/fedora/1/updates/
SCO:
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15
TurboLinux: ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/
A Proof of Concept exploit has been published. |
|
Low |
SecurityTracker Alert ID, 1011283, September 15, 2004
ALTLinux Advisory, September 17, 2004
Gentoo Linux Security Advisory GLSA 200409-25, September 20, 2004
Slackware Security Advisory, SSA:2004-266-01, September 23, 2004
Fedora Update Notification,
FEDORA-2004-275, September 28, 2004
Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004
Sun(sm) Alert Notification, 57646, October 7, 2004
SCO Security Advisory, COSA-2004.15, October 12, 2004
Conectiva Linux Security Announcement, CLA-2004:872, October 14, 2004
Fedora Legacy Update Advisory, FLSA:2072, October 16, 2004
Turbolinux Security Advisory, TLSA-2004-33, December 8, 2004 |
Multiple Vendors
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14 |
Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
lmlib:
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
ImageMagick:
http://www.imagemagick.org/www/download.html
Gentoo:
http://security.gentoo.org/glsa/glsa-200409-12.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-465.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Sun:
http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57648-1&searchclause=
http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57645-1&searchclause=
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-480.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/i
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-636.html
Currently we are not aware of any exploits for these vulnerabilities.
|
IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows
CVE Names:
CAN-2004-0817
CAN-2004-0802 |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 1, 2004
Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, 2004
Fedora Update Notifications,
FEDORA-2004-300 &301, September 9, 2004
Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004
RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004
Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004
Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004
Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004
Turbolinux Security Announcement, October 5, 2004
RedHat Security Update, RHSA-2004:480-05, October 20, 2004
Ubuntu Security Notice USN-35-1, November 30, 2004
RedHat Security Advisory, RHSA-2004:636-03, December 8, 2004 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service.
Fedora:
http://download.fedora.redhat.com
/pub/fedora/linux/core/updates
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-28.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
X.org:
http://www.x.org/pub/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-537.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:137 (libxpm)
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:138 (XFree86)
Debian:
http://www.debian.org/security/2004/dsa-607 (XFree86)
Currently we are not aware of any exploits for these vulnerabilities |
Multiple Vendors LibXPM Multiple Vulnerabilities
CVE Name:
CAN-2004-0914
|
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code | |
| |
