Summary of Security Items from December 1 through December 7, 2004
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
MDaemon 7.2, 6.8.0-6.8.5 | A vulnerability exists due to a failure to properly drop privileges prior to executing child process, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required. | Alt-N MDaemon Privilege Escalation | Medium | SecurityFocus, November 23, 2004 SecurityFocus, November 30, 2004 |
Burut Kreed 1.5 | Multiple vulnerabilities exist: a format string vulnerability exists, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability exists when a malicious user submits a large UDP datagram; and a remote Denial of Service vulnerability exists when a malicious nickname or model type is submitted. No workaround or patch available at time of publishing. An exploit script has been published. | Burut Kreed Game Server Multiple Remote Vulnerabilities | Low/High (High if arbitrary code can be executed) | Secunia Advisory, SA13361, December 3, 2004 |
CNS Network Registrar 6.0-6.0.5 .4, 6.1-6.1.1 .3 | Multiple remote Denial of Service vulnerabilities exist in the Domain Name Service and Dynamic Host Configuration Protocol server components when a malicious user submits a specially crafted packet sequence. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Cisco CNS Network Registrar DNS & DHCP Server Remote Denial of Service | Low | Cisco Security Advisory, cisco-sa-20041202, December 2, 2004 |
Unicenter Remote Control English 6.0 SP1 (Build 6.0.77), GA 6.0 (6.0.56.3), QO48974 6.0 (Build 6.0.74), Unicenter Remote Control French 6.0 SP1 (Build 6.0.77), GA 6.0 (Build 6.0.74), Unicenter Remote Control German 6.0 SP1 (Build 6.0.77), GA 6.0 (Build 6.0.74) | A vulnerability exists due to an unspecified error in the URC Management Console, which could let a remote malicious user obtain unauthorized administrative access. There is no exploit code required. Currently we are not aware of any exploits for this vulnerability. | Computer Associates Unicenter Remote Control Remote Authentication Bypass | High | SecurityFocus, December 3, 2004 |
Mercury (win32 version) 4.0 1a | Multiple stack-based buffer overflow vulnerabilities exist in the IMAP server implementation due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code. Update available at: Exploit scripts have been published. | Mercury Mail Multiple Remote IMAP Stack Buffer Overflows | High | Bugtraq, December 1, 2004 |
CuteFTP 6.0 | Multiple buffer overflow vulnerabilities exist in the command and response functionality due to insufficient validation of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | GlobalScape CuteFTP Multiple Command Response Buffer Overflow | Low/ High (High if arbitrary code can be executed) | SecurityTracker Alert ID, 1012366, November 30, 2004 |
GetRight 5.2a & prior | A buffer overflow vulnerability exists in the 'DUNZIP32.DLL' component when a specially crafted skin file is created, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GetRight 'DUNZIP32.DLL' Buffer Overflow | High | Secunia Advisory, SA13391, December 7, 2004 |
Hosting Controller v.6.1 Hotfix 1.4 | Several vulnerabilities exist: a vulnerability exists in 'Statsbrowse.asp' due to a flaw that lets remote malicious users view arbitrary directories; and a vulnerability exists in 'Generalbrowser.asp' due to a flaw that lets remote malicious user view arbitrary files.
The vendor has released a patch. Proofs of Concept exploits have been published. | Hosting Controller 'Statsbrowse.asp' & 'Generalbrowse.asp' Information Disclosure | Medium | SecurityTracker Alert ID, 1012426, December 5, 2004 |
Remote Execute 2.x | A remote Denial of Service vulnerability exists due to an error in the connection handling.
Update available at: http://www.ibexsoftware.com/downloadRemoteExecute.asp Currently we are not aware of any exploits for this vulnerability. | IBEX Software Remote Execute Denial of Service | Low | SecurityTracker Alert, 1012445, December 7, 2004 |
WS_FTP Server 5.03, 2004.10.14 | Several vulnerabilities were reported that could permit a remote authenticated malicious user to execute arbitrary code on the target system. A remote authenticated user can trigger a buffer overflow in several FTP commands. The SITE, XMKD, MKD, and RFNR FTP commands are affected. A remote user can cause the FTP service to crash or execute arbitrary code. No workaround or patch available at time of publishing. Exploit scripts have been published. | IpSwitch WS_FTP Buffer Overflow | High | SecurityTracker Alert ID: 1012353, November 29, 2004 SecurityFocus, November 30, 2004 |
Windows 2000/XP Resource Kit
| Several vulnerabilities exist in the 'w3who.dll' Microsoft ISAPI extension in the Windows 2000/XP Resource Kit: Cross-Site Scripting vulnerabilities exist when displaying HTTP headers and in error messages, which could let a remote malicious user execute arbitrary HTML and script code; and a buffer overflow vulnerability exists when processing input parameters, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Microsoft Windows Resource Kit 'w3who.dll' Buffer Overflow & Input Validation CVE Names: | High | Exaprobe Security Advisory, December 6, 2004 |
ISA Server 2000, Proxy Server 2.0 | A spoofing vulnerability exists that could enable a malicious user to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious web site. Updates available at: V2.0 (November 9, 2004): Bulletin updated to reflect the release of an updated ISA Server 2000 security update for the German language only. This issue does not affect any other language version of this security update. The Security Update Replacement section has also been revised. V3.0 (November 16, 2004): Bulletin updated to reflect the release of updated ISA Server 2000 security updates for all languages. These issues affected customers using ISA Server 2000 Service Pack 1 or using Windows 2000 Service Pack 3. The Security Update Replacement section has also been revised. Microsoft Security Bulletin updated to reflect a revised Security Update Information section for the Proxy 2.0 Service Pack 1 security update. V3.2: Bulletin updated to reflect a revised Security Update Information section for the Proxy 2.0 Service Pack 1 security update. This update documents that the Proxy 2.0 Service Pack 1 security update uses local date and time information instead of UTC date and time information. Currently we are not aware of any exploits for this vulnerability. | Microsoft Server Spoofing CVE Name: | Medium | Microsoft Security Bulletin, MS04-039 2.0, 3.0, 3.1, November 19, 2004 (Updated) Microsoft Security Bulletin, MS04-039 Rev 3.2, November 30, 2004
|
Internet Explorer 6 | A vulnerability exists when processing FTP URLs, which could let a remote malicious user execute arbitrary commands.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft Internet Explorer FTP URL Processing Input Validation | High | 7a69ezine Advisories , December 7, 2004 |
Internet Explorer 6.0 SP1, | A remote buffer overflow vulnerability exists due to insufficient boundary checks performed by the application and results in a Denial of Service condition. Arbitrary code execution may be possible as well.
Patches available at: Microsoft Knowledge Base Article 889293 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. An exploit script has been published. | Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow CVE Name: | Low/High (High if arbitrary code can be executed) | SecurityFocus, Bugtraq ID 11515, October 25, 2004 Packetstorm, November 4, 2004 Microsoft Security Bulletin, MS04-040, December 1, 2004 Technical Cyber Security Alert, TA04-336A, December 3, 2004 |
Internet Explorer 6.0, SP1&2, Windows XP 64-bit Edition SP1 | A vulnerability exists which could let a remote malicious user execute arbitrary HTML and script code if a maliciously constructed file were 'dragged and dropped.' No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft Internet Explorer Drag & Drop | High | SecurityFocus, November 29, 2004 |
Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP Service Pack 2, Windows 98, Windows 98 SE, Windows ME, Internet Explorer 5.5; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0, | Multiple vulnerabilities are corrected with Microsoft Security Update MS04-038. These vulnerabilities include: Cascading Style Sheets (CSS) Heap Memory Corruption Vulnerability; Similar Method Name Redirection Cross Domain Vulnerability; Install Engine Vulnerability; Drag and Drop Vulnerability; Address Bar Spoofing on Double Byte Character Set Locale Vulnerability; Plug-in Navigation Address Bar Spoofing Vulnerability; Script in Image Tag File Download Vulnerability; SSL Caching Vulnerability. These vulnerabilities could allow remote code execution. A vulnerability exists in the Microsoft MSN 'heartbeat.ocx' component, used by Internet Explorer on some MSN gaming sites Updates available at:
href="http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx"> Avaya: Customers are advised to follow Microsoft's guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details: Updated the ActiveX control name from "Heartbeat.ocx" to "Hrtbeat.ocx", added GUID information to the Security Update Information section. A Proof of Concept exploit has been published. | Microsoft Internet Explorer Security Update CVE Names: | High | Microsoft Security Bulletin, MS04-038, October 12, 2004 US-CERT Cyber Security Alert SA04-286A, October 12, 2004 US-CERT Vulnerability Notes VU#637760, October 13, 2004, VU#625616, October 15, 2004, VU#431576, VU#630720, & VU#291304, October 18, 2004, VU#673134 & VU#795720, October 19, 2004 SecurityFocus, October 18, 2004 Microsoft Security Bulletin, MS04-038, November 9, 2004 SecurityFocus, November 29, 2004 |
Small Business Server 2000, 2003, Windows 2000 Advanced Server , SP1-SP4, Windows 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, NT Enterprise Server 4.0, SP1-SP6a, NT Server 4.0, SP1-SP6a, NT Terminal Server 4.0, SP1-SP6a, Windows Server 2003 Datacenter Edition, 64-bit, Server 2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition | A buffer overflow vulnerability exists in the Microsoft Windows Internet Name Service (WINS), which could let a remote malicious user execute arbitrary code with SYSTEM level privileges.
Workaround available at: There is no exploit circulating at this time. | Microsoft Windows WINS Buffer Overflow | High | SecurityFocus, November 30, 2004 US-CERT Vulnerability Note VU#145134, December 6, 2004 |
JanaServer 2 2.4.0-2.4.4 | Two vulnerabilities exist: a remote Denial of Service vulnerability exists in the'http-server' module when a malicious user submits a specially crafted HTTP request that contains a large of '%' characters to port 2506; and a remote Denial of Service vulnerability exists in the 'pna-proxy' module when handling Real Player requests. Updates available at: An exploit script has been published. | JanaServer 2 Multiple Remote Denial of Service | Low | Bugtraq, November 30, 2004 |
| name=unix>UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 | A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections. Apache:
href="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-349.html"> SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-21.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Conectiva: Fedora: Apple: Currently we are not aware of any exploits for this vulnerability. | Low | SecurityFocus, September 6, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004 Gentoo Linux Security Advisory, GLSA 200409-21, September 16, 2004 Trustix Secure Linux Security Advisory,TSLSA-2004-0047, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004 Fedora Update Notification, HP Security Bulletin, Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 | |
Apache 2.0.50 | A remote Denial of Service vulnerability exists in 'char_buffer_read()' when using a RewriteRule to reverse proxy SSL connections. Patch available at: SUSE:
href="ftp://ftp.suse.com/pub/suse/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-463.html"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-21.xml"> Trustix:
href="http://www.trustix.org/errata/2004/0047/"> Conectiva: Fedora: HP: Apple: There is | Low | SecurityTracker Alert ID, 1011213, September 10, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004 RedHat Security Advisory, RHSA-2004:463-09, September 15, 2004 Gentoo Linux Security Advisory GLSA 200409-21, September 16, 2004 Trustix Secure Linux Security Advisory , TSLSA-2004-0047, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004 Fedora Update Notification, HP Security Bulletin, Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 | |
Apache Software Foundation Apache 1.3.26‑1.3.29, 1.3.31; | A buffer overflow vulnerability exists in Apache mod_proxy when a ‘ContentLength:’ header is submitted that contains a large negative value, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Patches available at: OpenBSD: OpenPKG: Gentoo: Mandrake: SGI: Fedora Legacy: Slackware: Trustix: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" TurboLinux: Apple: Currently we are not aware of any exploits for this vulnerability. | Apache Mod_Proxy Remote Buffer Overflow
CVE Name: | Low/High (High if arbitrary code can be executed) | SecurityTracker Alert, 1010462, June 10, 2004 Gentoo Linux Security Advisory, GLSA 200406-16, June 22, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:065, June 29, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.029, June 11, 2004 SGI Security Advisory, 20040605-01-U, June 21, 2004 Fedora Legacy Update Advisory, FLSA:1737, October 14, 2004 US-Cert Vulnerability Note VU#541310, October 19, 2004 Slackware Security Advisory, SSA:2004-299-01, October 26, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004 Turbolinux Security Announcement, November 18, 2004 Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Mac OS X 10.2.8 Client Mac OS X 10.2.8 Server Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability was reported in Apache running on an Apple HFS+ filesystem. A remote malicious user may be able to directly access file data or resource fork contents. Apple reported that a remote user can supply a specially crafted HTTP request to bypass the Apache file handler and directly access certain content using the special file names. The Apple HFS+ filesystem permits files to have multiple data streams and be access via special filenames. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Apache File Handlers Bypass & Directly Access CVE Name: | Medium | Apple Security Update, December 2, 2004 |
Mac OS X 10.2.8 Client Mac OS X 10.2.8 Server Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability was reported in Apache when running on Mac OS X with the Apple HFS+ filesystem. A remote malicious user may be able to gain access to certain files on the system. Apple reported that the web server configuration does not properly block access to '.DS_Store' files and files that start with the string '.ht'. The web server operates in a case sensitive manner but the HFS+ filesystem is case insensitive. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Apache on Apple HFS+ '.DS_Store' Files Disclosure CVE Name: | Medium | Apple Security Update, December 2, 2004 |
Mac OS X 10.2.8 Client Mac OS X 10.2.8 Server Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability was reported in Apple's AppKit. One application may be able to access ostensibly secure data from another application in the same window. The vendor reported that in some cases, secure input is not properly enabled. As a result, an application may be able to read characters entered into a secure text field of another window in that session. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple AppKit Secure Input CVE Name: | Medium | Apple Security Update, December 2, 2004 |
Mac OS X 10.2.8 Client Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability exists in the Cyrus IMAP server when used with Kerberos authentication, affecting Mac OS X and possibly other operating systems which could allow a remote authenticated malicious user to gain access to another mailbox on the target system.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Cyrus IMAP Server Remote Mailbox Access CVE Name: | Medium | Apple Security Update, December 2, 2004 |
Mac OS X 10.2.8 Server Mac OS X 10.3.6 Server | A vulnerability was reported in Apache mod_digest_apple. A remote malicious user can replay previously recorded authentication credentials. Apple reported that that a remote user may be able to exploit this flaw to gain access to the target web service. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Apache mod_digest_apple Authentication Credentials Replay CVE Name: | Medium | Apple Security Update, December 2, 2004 |
Mac OS X 10.2.8 Server Mac OS X 10.3.6 Server | A vulnerability exists in Apples's QuickTime Streaming Server. A remote malicious user can cause Denial of Service conditions. Apple reported that a remote user can send specially crafted DESCRIBE requests to the target streaming server to cause Denial of Service conditions. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple QuickTime Streaming Server Remote Denial of Service CVE Name: | Low | Apple Security Update, December 2, 2004 |
Mac OS X 10.3.6 Client; Mac OS X 10.3.6 Server | A vulnerability exists in HIToolbox that could allow a physically local malicious user to quit applications with a special key combination when in kiosk mode. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple HIToolbox Kiosk Mode Application Quit CVE Name: | Low | Apple Security Update, December 2, 2004 |
Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability exists in Postfix when using CRAM-MD5 authentication. A remote malicious user may be able to send mail via the target system. Apple reported that in some situations, a remote user may be able to replay previously recorded CRAM-MD5 authentication credentials during a small time period to send mail via the system. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Postfix CRAM-MD5 Replay Attack CVE Name: | Medium | Apple Security Update, December 2, 2004 |
Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability exists in PSNormalizer in the conversion of PostScript files to PDF format that could allow a remote malicious user to execute arbitrary code. Apple reported that a remote user can create a specially crafted PostScript document that, when converted by the target user, will execute arbitrary code with the privileges of the target user.
Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple PSNormalizer Buffer Overflow CVE Name: | High | Apple Security Update, December 2, 2004 |
Mac OS X 10.3.6 Client Mac OS X 10.3.6 Server | A vulnerability exists in Mac OS X Terminal. The terminal may display the incorrect 'Secure Keyboard Entry'. The vendor reported that the 'Secure Keyboard Entry' menu setting may be displayed when it is not active. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Terminal Incorrect 'Secure Keyboard Entry' Status CVE Name: | Low | Apple Security Update, December 2, 2004 |
| Caolan McNamara & Dom Lachowicz wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0 | A buffer overflow vulnerability exists in the 'strcat()' function call due to the insecure bounds checking, which could let a remote malicious user execute arbitrary code. Updates available at:
href="http://www.abisource.com/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode =show&root=/cvsroot&subdir=wv&command=DIFF_FRAMESET&root=/cvsroot&file=field.c&rev1=1.19&rev2=1.20"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200407-11.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> Debian:
href="http://security.debian.org/pool/updates/main/w/wv/"> A Proof of Concept exploit has been published. | High | Securiteam, July 11, 2004 iDEFENSE Security Advisory, July 9, 2004 Conectiva Linux Security Announcement, CLA-2004:863, September 10, 2004 Debian Security Advisory, DSA 550-1, September 20, 2004 Debian Security Advisory, DSA 579-1, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:902, December 1, 2004 | |
imlib 1.x | Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library. Gentoo: Currently we are not aware of any exploits for these vulnerabilities. | Carsten Haitzler imlib Image Decoding Integer Overflow CVE Name: | High | Secunia Advisory ID: SA13381, December 7, 2004 |
Debian GNU/Linux 3.0, Debian GNU/Linux unstable alias sid | A vulnerability exists in hpsockd, which can be exploited by malicious people to cause a Denial of Service and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error, which can be exploited to cause a buffer overflow. Updates available: Currently we are not aware of any exploits for this vulnerability. | Debian hpsockd Buffer Overflow Vulnerability
| Low/High (High if arbitrary code can be executed) | Debian Security Advisory DSA-604-1, December 2, 2004 |
AbiWord 2.0.7 and prior | A vulnerability exists in the "wv" library of AbiWord, which could be exploited by an attacker to compromise a user's system. Update to version 2.0.8 or later available at: Fedora: http://download.fedora.redhat.com/pub/ http://download.fedora.redhat.com/pub Conectiva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Dom Lachowicz AbiWord "wv" Library Buffer Overflow | High | AbiWord 2.0.7-2.0.9 Changes Secunia, SA12136 and SA12146, July 26, 2004 Secunia Advisory ID: SA13344, December 2, 2004 SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
Blog Torrent Preview Version 0.8 | A vulnerability exists that could permit a remote malicious user to view files on the target system. The 'btdownload.php' script does not properly validate user-supplied input in the 'file' parameter. A remote user can submit a specially crafted URL to traverse the directory and view arbitrary files with the privileges of the target web service. A fix is available via CVS at: A Proof of Concept exploit has been published. | Downhill Battle Blog Torrent 'btdownload.php' Input Validation | Medium | SecurityTracker Alert ID: 1012390, December 2, 2004 |
Ansel 2.1 | Multiple vulnerabilities exist which can be exploited by malicious people to conduct SQL injection and script insertion attacks. Input passed to the "image" parameter is not properly sanitized before being used in a SQL query. Also, input passed to the album name field is not properly sanitized before being used. Update to version 2.2: ftp://heron.sdsc.edu/pub/ansel-2.2.tar.gz Currently we are not aware of any exploits for these vulnerabilities. | Federico D. Sacerdoti Ansel "image" SQL Injection & Script Insertion | High | Secunia Advisory ID: SA12856, December 6, 2004 |
FreeBSD Kernel
| A vulnerability exists in the kernel which can be exploited by malicious, local users to gain knowledge of sensitive information or cause a Denial of Service. The vulnerability is caused due to an error in "/proc/curproc/cmdline" of the procfs file system and "/proc/self/cmdline" of the linprocfs file system when reading an argument vector from a process address space. This can be exploited to disclose parts of kernel memory or crash a vulnerable system. Successful exploitation requires that the procfs or linprocfs file system is mounted.
Patches available: Currently we are not aware of any exploits for this vulnerability. | FreeBSD Kernel Memory Disclosure CVE Name: | Medium | FreeBSD-SA-04:17 Security Advisory, December 1, 2004 |
gdlib 2.0.23, 2.0.26-2.0.28 | A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
OpenPKG: Ubuntu: Gentoo: Debian: Fedora: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Trustix: SUSE: Debian: An exploit script has been published. | GD Graphics Library Remote Integer Overflow CVE Name: | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004 Ubuntu Security Notice, USN-21-1, November 9, 2004 Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004 Fedora Update Notifications, Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004 Ubuntu Security Notice, USN-25-1, November 16, 2004 SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004 Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004 |
mirrorselect-0.88 and prior
| A vulnerability exists in mirrorselect, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.The vulnerability is caused due to temporary files being created Update to "app-portage/mirrorselect-0.89" or later: http://security.gentoo.org/glsa/glsa-200412-05.xml Currently we are not aware of any exploits for this vulnerability. | Gentoo mirrorselect Insecure Temporary File Creation | Medium | Gentoo Security Advisory, GLSA 200412-05 / mirrorselect, December 7, 2004 |
PDFlib | Multiple overflow vulnerabilities exists in PDFlib which can be exploited by malicious people to execute arbitrary code or cause a Denial of Service. Update to "media-libs/pdflib-5.0.4_p1" or later available at: http://security.gentoo.org/glsa/glsa-200412-02.xml Currently we are not aware of any exploits for this vulnerability. | Gentoo PDFlib Buffer Overflow
| High | Gentoo Linux Security Advisory, GLSA 200412-02 / PDFlib, December 2, 2004 |
perl | Multiple vulnerabilities exist which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.
Update to "perl-5.8.5-r2" or later: Currently we are not aware of any exploits for these vulnerabilities. | Gentoo Perl Privilege Escalation | Medium | Gentoo Security Advisory, GLSA 200412-04 / perl, December 7, 2004 |
Big Medium 1.0 | A vulnerability exists due to an unspecified error, which could let a remote malicious user execute arbitrary code. Update available at: Currently we are not aware of any exploits for this vulnerability. | Global Moxie Big Medium Remote Script Code Execution | High | SecurityFocus, December 2, 2004 |
AIX 5.1, 5.2, 5.3 | A vulnerability has been reported in AIX, which can be exploited by malicious, local users to inject arbitrary data into the ODM (Object Data Manager) or cause a vulnerable system to hang during boot.The vulnerability is caused due to an unspecified error within the system startup scripts. Apply APARs: Currently we are not aware of any exploits for this vulnerability. | IBM AIX Unspecified System Startup Scripts | Low | SecurityTracker Alert ID: 1012419, December 3, 2004 |
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, | A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code. Upgrades available at: Redhat: Ubuntu: Gentoo: Debian: SUSE: Mandrakesoft: Currently we are not aware of any exploits for this vulnerability. | ImageMagick Remote EXIF Parsing Buffer Overflow CVE Name: | High | SecurityTracker Alert ID, 1011946, October 26, 2004 Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004 Debian Security Advisory DSA 593-1, November 16, 2004 SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004 SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004 Mandrakesoft Security Advisory, MDKSA-2004:143, December 6, 2004 |
KDE Konqueror 3.3.1 and prior | A vulnerability exists in the processing of FTP URLs that could allow a remote malicious user to cause FTP commands to be executed. A remote user can create a specially crafted FTP URL that, when loaded by the target user, will execute arbitrary FTP commands on the specified FTP server. The commands can be appended to the URL, separated by the string '%0a'. The target user must first be authenticated against the FTP server for the exploit to work. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | KDE Konqueror Input Validation | High | SecurityTracker Alert ID: 1012443, December 7, 2004 |
LibTIFF 3.6.1 | Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code. Debian: Gentoo: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/ OpenPKG: Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-577.html">http://rhn.redhat.com/errata/RHSA-2004-577.html Slackware: Conectiva: ftp://atualizacoes.conectiva.com.br/ Proofs of Concept exploits have been published. | LibTIFF Buffer Overflows CVE Name: | Low/High (High if arbitrary code can be execute) | Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004 Fedora Update Notification, OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004 Debian Security Advisory, DSA 567-1, October 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004 SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004 RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004 Slackware Security Advisory, SSA:2004-305-02, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:888, November 8, 2004 US-CERT Vulnerability Notes VU#687568 & VU#948752, December 1, 2004 |
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4; MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64; | A buffer overflow vulnerability exists in the apr-util library's IPv6 URI parsing functionality due to insufficient validation, which could let a remote malicious user execute arbitrary code. Note: On Linux based Unix variants this issue can only be exploited to trigger a Denial of Service condition. Patch available at: Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Redhat:
href="http://rhn.redhat.com/errata/RHSA-2004-463.html"> SUSE:
href="ftp://ftp.suse.com/pub/suse"> Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> TurboLinux: Conectiva: Fedora: HP: Apple: Current | Low/High (High if arbitrary code can be executed) | SecurityFocus, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004 Fedora Update Notifications, HP Security Bulletin, Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 | |
Carnegie Mellon University Cyrus IMAP Server 2.1.7, 2.1.9, 2.1.10, 2.1.16, 2.2 .0 ALPHA, 2.2.1 BETA, 2.2.2 BETA, 2.2.3-2.2.8; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0-2.2; | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PROXY' and 'LOGIN' commands if the 'IMAPMAGICPLUS' option is enabled, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument parser for the 'PARTIAL' command, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument handler for the 'FETCH' command, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handler for the 'APPEND' command, which could let a remote malicious user execute arbitrary code. Carnegie Mellon University: Debian: Gentoo: Mandrake: Trustix: Ubuntu: Conectiva: Fedora: OpenPKG: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Cyrus IMAPD Multiple Remote Vulnerabilities CVE Names: | High | Securiteam, November 23, 2004 Debian Security Advisory, DSA 597-1, November 25, 2004 Gentoo Linux Security Advisory, GLSA 200411-34, November 25, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:139, November 26, 2004 Trustix Secure Linux Advisory, TSL-2004-0063. November 29, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.051, November 29, 2004 Conectiva Linux Security Announcement, CLA-2004:904, December 1, 2004 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2004:043, December 3, 2004 |
Carnegie Mellon University Cyrus IMAP Server 2.2.9 & prior | A buffer overflow vulnerability exists in the 'imap magic plus' support code, which could let a remote malicious user execute arbitrary code. Update available at: Gentoo: Mandrake: Fedora: Conectiva: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Cyrus IMAP 'imap magic plus' Buffer Overflow CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200411-34, November 25, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:139, November 26, 2004 Secunia SA13349, December 2, 2004 Secunia Advisory ID: SA13346, December 2, 2004 Secunia Advisory ID: 13366, December 6, 2004 |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9 | A vulnerability exists in 'iptables.c' and 'ip6tables.c' due to a failure to load the required modules, which could lead to a false sense of security because firewall rules may not always be loaded.
Debian: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Fedora: SUSE: There is no exploit code required. | IpTables Initialization Failure CVE Name: | Medium | Debian Security Advisory, DSA 580-1 , November 1, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004 SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 Fedora Update Notification, |
GD Graphics Library gdlib 1.8.4, 2.0.1, 2.0.20-2.0.23, 2.0.26-2.0.28 | Multiple buffer overflow vulnerabilities exist due to insufficient bounds checking prior to processing user-supplied strings, which could let a remote malicious user execute arbitrary code. Fedora: Ubuntu: Trustix: Debian: Currently we are not aware of any exploits for these vulnerabilities. | GD Graphics Library Multiple Remote Buffer Overflows CVE Name: | High | SecurityTracker, 1012195, November 11, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004 Debian Security Advisories, DSA 601-1 & 601-2, November 29, 2004 |
gzip | A vulnerability exists in the gzip(1) command, which could let a malicious user access the files of other users that were processed using gzip. Sun Solaris:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1"> Mandrakesoft: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Gzip File Access | Medium | Sun(sm) Alert Notification, 57600, October 1, 2004 US-CERT Vulnerability Note VU#635998, October 18, 2004 Mandrakesoft Security Advisory, MDKSA-2004:142, December 6, 2004 |
nfs-utils 1.0.6 | A vulnerability exists due to an error in the NFS statd server in "statd.c" where the "SIGPIPE" signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely. Upgrade to 1.0.7-pre1: Mandrakesoft: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors nfs-utils "SIGPIPE" TCP Connection Termination Denial of Service
| Low | Secunia Advisory ID: SA13384, December 7, 2004 |
OpenSSH 3.0 p1-3.0.2 pl1, 3.0-3.0.2, 3.1-3.5, 3.1pl1, 3.2.2 p1, 3.2.3 p1, 3.3 p1-3.5pl1, 3.6.1 p1&pl2, 3.6.1, 3.7, 3.7.1, 3.7 p1&pl2, 3.7.1 p1, 3.8.1 p1, 3.9.1 pl1 | An information disclosure vulnerability exists in the portable version of OpenSSH that is distributed for operating systems other than its native OpenBSD platform, which could let a remote malicious user obtain sensitive information. Ubuntu: There is no exploit code required. | OpenSSH-portable Remote Information Disclosure CVE Name: | Medium | Ubuntu Security Notice, USN-34-1 November 30, 2004 |
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc, | Multiple double-free vulnerabilities exist due to inconsistent memory handling routines in the krb5 library: various double-free errors exist in the KDC (Key Distribution Center) cleanup code and in client libraries, which could let a remote malicious user execute arbitrary code; various double-free errors exist in the 'krb5_rd_cred()' function, which could let a remote malicious user execute arbitrary code; a double-free vulnerability exists in krb524d, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in ASN.1 decoder when handling indefinite length BER encodings, which could let a remote malicious user cause a Denial of Service. MIT Kerberos: Cisco: Debian:
href="http://security.debian.org/pool/updates/main/k/krb5/ "> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-09.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Sun: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/ "> Conectiva: OpenPKG:
href="ftp://ftp.openpkg.org/release/"> TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/"> IBM: Apple: Currently we are not aware of any exploits for these vulnerabilities. | Kerberos 5 Double-Free Vulnerabilities CVE Names: | Low/High (High if arbitrary code can be executed) | MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004 US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004 US-CERT Vulnerability Notes, VU#350792, VU#795632, VU#866472, September 3, 2004 Conectiva Security Advisory, CLSA-2004:860, September 9, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.039, September 13, 2004 Turbolinux Security Advisory TLSA-2004-22, September 15, 2004 IBM Security Advisory, September 30, 2004 Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 |
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc, | A remote Denial of Service vulnerability exists in the ASN.1 decoder when decoding a malformed ASN.1 buffer. MIT Kerberos:
href="http://web.mit.edu/kerberos/advisories/"> Cisco:
href="http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml"> Debian:
href="http://security.debian.org/pool/updates/main/k/krb5/ "> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-09.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57631-1&searchclause="> Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/ "> Conectiva:
href="http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000860">http://distro.conectiva.com.br/atualizacoes OpenPKG: TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/"> Apple: Currently we are not aware of any exploits for this vulnerability. | Low | MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004 US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004 US-CERT Vulnerability Note VU#550464, September 3, 2004 Conectiva Security Advisory, CLSA-2004:860, September 9, 2004 OpenPKG Security Advisory , OpenPKG-SA-2004.039, September 13, 2004 Turbolinux Security Advisory TLSA-2004-22, September 15, 2004 Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 | |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code. Debian: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200410-20.xml"> KDE: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/"> Conectiva: Debian: SUSE: Update: Currently we are not aware of any exploits for these vulnerabilities.
| Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows CVE Names: | High | SecurityTracker Alert ID, 1011865, October 21, 2004 Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004 Debian Security Advisory, DSA 599-1, November 25, 2004 SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1; | Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. lmlib:
href="http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/"> ImageMagick:
href="http://www.imagemagick.org/www/download.html "> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-12.xml"> Mandrake: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Debian: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-465.html"> SUSE: TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/"> Conectiva: Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1&searchclause=">
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1&searchclause=">http://sunsolve.sun.com/search/document.do? TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-480.html"> Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | IMLib/IMLib2 Multiple BMP Image
CVE Names: | Low/High (High if arbitrary code can be executed) | SecurityFocus, September 1, 2004 Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, 2004 Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004 RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004 Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004 Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004 Turbolinux Security Announcement, October 5, 2004 RedHat Security Update, RHSA-2004:480-05, October 20, 2004 Ubuntu Security Notice USN-35-1, November 30, 2004 |
Gentoo Linux; | Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service. Fedora: Gentoo: SUSE: X.org: Fedora: RedHat: Currently we are not aware of any exploits for these vulnerabilities | LibXPM Multiple Vulnerabilities CVE Name: | Low/ Medium/ High (Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed) | X.Org Foundation Security Advisory, November 17, 2004 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004 Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004 Fedora Security Update Notifications RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004 |
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9
| Multiple vulnerabilities exist due to various errors in the 'load_elf_binary' function of the 'binfmt_elf.c' file, which could let a malicious user obtain elevated privileges and potentially execute arbitrary code.
Patch available at: Trustix: Fedora: SUSE: Red Hat: Proofs of Concept exploit scripts have been published. | Multiple Vendors Linux Kernel BINFMT_ELF Loader Multiple Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Bugtraq, November 11, 2004 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 Red Hat Advisory: RHSA-2004:549-10, December 2, 2004
|
Linux Kernel 2.4-2.4.27, 2.6-2.6.9; Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0-2.2; | Multiple remote Denial of Service vulnerabilities exist in the SMB filesystem (SMBFS) implementation due to various errors when handling server responses. This could also possibly lead to the execution of arbitrary code.
Upgrades available at: Trustix: Ubuntu: Fedora: SUSE: Red Hat: Currently we are not aware of any exploits for these vulnerabilities | Multiple Vendors smbfs Filesystem Memory Errors Remote Denial of Service CVE Names: | Low/High (High if arbitrary code can be executed) | e-matters GmbH Security Advisory, November 11, 2004 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 Red Hat Advisory: RHSA-2004:549-10, December 2, 2004 |
Linux kernel 2.6.x, 2.4.x , SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9 | Two vulnerabilities exist: a Denial of Service vulnerability exists via a specially crafted 'a.out' binary; and a vulnerability exists due to a race condition in the memory management, which could let a malicious user obtain sensitive information. SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Local DoS & Memory Content Disclosure CVE Name: | Low/ Medium (Medium if sensitive information can be obtained) | Secunia Advisory, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 |
Linux Kernel AMD64/EM64T prior to 2.4.23 | A vulnerability exists in the Linux kernel running on AMD's AMD64 and Intel's EM64T which may allow a local malicious user to gain elevated privileges. A local user can exploit a flaw in the setting of TSS limits to cause the system to crash or to potentially gain elevated privileges. A fixed version (2.4.23) is available: Red Hat: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel AMD64/EM64T TSS Limit Elevated Privileges CVE Name: | Medium | Red Hat Advisory: RHSA-2004:549-10, December 2, 2004 |
Linux Kernel USB Driver prior to 2.4.27 | A vulnerability exists in certain USB drivers because uninitialized structures are used and then 'copy_to_user(...)' kernel calls are made from these structures, which could let a malicious user obtain obtain uninitialized kernel memory contents. Update available at:
href=" http://kernel.org/"> Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml"> Trustix: RedHat: We are not aware of any exploits for this vulnerability. | Medium | US-CERT Vulnerability Note VU#981134, October 25, 2004 RedHat Security Advisory, December 2, 2004 | |
LVM Logical Volume Management Utilities 1.0.4, 1.0.7, 1.0.8 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Ubuntu: Debian: Gentoo: Mandrakesoft: There is no exploit code required. | Multiple Vendors Trustix LVM Utilities Insecure Temporary File Creation CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Ubuntu Security Notice, USN-15-1, November 1, 2004 Debian Security Advisory, DSA 583-1, November 3, 2004 Gentoo Linux Security Advisory, GLSA 200411-22, November 11, 2004 Mandrakesoft Security Advisory, MDKSA-2004:144, December 6, 2004 |
gnubiff | A remote malicious user can send unterminated lines, an unterminated response to the IMAP SELECT, SEARCH, and FETCH commands, or an unterminated response to the POP3 TOP command to cause Denial of Service conditions. The vendor has released a fixed version (2.0.3), available at: http://sourceforge.net/project/showfiles.php?group_id=94176 Currently we are not aware of any exploits for this vulnerability. | Nicolas Rougier gnubiff Denial of Service | Low | SecurityTracker Alert ID: 1012367, December 1, 2004 |
Open Motif 2.x, Motif 1.x | Multiple vulnerabilities have been reported in Motif and Open Motif, Updated versions of Open Motif and a patch are available. A Fedora: Red Hat: Currently we are not aware of any exploits for these vulnerabilities. | Open Group Motif / Open Motif libXpm Vulnerabilities CVE Names: | High | Integrated Computer Solutions Secunia Advisory ID: SA13353, December 2, 2004 RedHat Security Advisory: RHSA-2004:537-17, December 2, 2004 |
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Gentoo: Ubuntu: Debian: Mandrakesoft: There is no exploit code required. | OpenSSL CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004 Ubuntu Security Notice, USN-24-1, November 11, 2004 Debian Security Advisory Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004 |
paFileDB 3.1 | Multiple vulnerabilities exists that could allow a remote malicious user to view the administrator's hashed password and determine the installation path. If the 'sessions' method is used, a remote user can access the sessions directory and, if the administrator is logged in, view the administrator's hashed password.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | PHP Arena paFileDB Hashed Passwords Access | Medium | SecurityTracker Alert ID: 1012421, December 3, 2004 |
phpMyAdmin 2.5 .0-2.5.7, 2.6 .0pl1&2 | Multiple Cross-Site Scripting vulnerabilities exist: a vulnerability exists in 'config.inc.php' if the 'PmaAbsoluteUri' parameter is not set, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in 'read_dump.php' due to insufficient validation of the 'zero_rows' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to insufficient validation of inputs on the confirm page, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at: Gentoo: Proofs of Concept exploits have been published. | PHPMyAdmin Multiple Remote Cross-Site Scripting | High | netVigilance Security Advisory 5, November 19, 2004 Gentoo Linux Security Advisory, GLSA 200411-36, November 27, 2004 |
rssh 2.2.2 | A vulnerability exists which can be exploited to bypass certain security restrictions. The problem is that some of the predefined applications support flags, which allows command execution. This can be exploited to bypass the shell restriction and execute arbitrary commands. Gentoo: Currently we are not aware of any exploits for this vulnerability. | pizzashack rssh Security Bypass | High | Secunia Advisory ID: SA13363, December 3, 2004 Gentoo Linux Security Advisory, GLSA 200412-01 / scponly, December 3, 2004 |
PNG Development Group libpng 1.2.5 and 1.0.15 | Multiple vulnerabilities exist in the libpng library which could allow a remote malicious user to crash or execute arbitrary code on an affected system. These vulnerabilities include:
If using original, update to libpng version 1.2.6rc1 (release candidate 1) available at:
href="http://www.libpng.org/pub/png/libpng.html"> Conectiva:
href="http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000856"> Debian:
href="http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00139.html"> Gentoo: Mandrakesoft:
href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079"> RedHat SUSE: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/"> Sun Solaris:
href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57617"> HP-UX: GraphicsMagick:
href="http://www.graphicsmagick.org/www/download.html "> ImageMagick:
href="http://www.imagemagick.org/www/download.html"> Slackware:
href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.439243"> Yahoo:
href="http://messenger.yahoo.com/"> SUSE: SCO: Fedora Legacy: Sun: A Proof of Concept exploit has been published. | Multiple Vulnerabilities in libpng CVE Names: | High | US-CERT Technical Cyber Security Alert TA04-217A, August 4, 2004 US-CERT Vulnerability Notes VU#160448, VU#388984, VU#817368, VU#236656, VU#477512, VU#286464, August 4, 2004 SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004 SCO Security Advisory, SCOSA-2004.16, October 12, 2004 Fedora Legacy Update Advisory, FLSA:2089, October 27, 2004
Sun(sm) Alert Notification, 57683, November 30, 2004 |
| Red Hat
Linux kernel-2.4.20-8.athlon.rpm, 2.4.20-8.i386.rpm, 2.4.20-8.i586.rpm, 2.4.20-8.i686.rpm, kernel-smp-2.4.20-8.athlon.rpm, kernel-smp-2.4.20-8.i586.rpm , kernel-smp-2.4.20-8.i686.rpm , kernel-source-2.4.20-8.i386.rpm, Linux 8.0, i686, i386 | A buffer overflow vulnerability exists in the ‘ubsec_keysetup()’ function in '/drivers/crypto/bcm/pkey.c,' which could let a malicious user cause a Denial of Service or possibly execute arbitrary code. Red Hat: Currently we are not aware of any exploits for this vulnerability. | Red Hat BCM5820 Linux Driver Buffer Overflow CVE Name: | High/Low (High if arbitrary code can be executed; and Low if a DoS) | SecurityTracker Alert, 1010575, Red Hat Advisory: RHSA-2004:549-10, December 2, 2004 |
Gaim Festival Plug-in 0.68, 0.68.2, 0.70, 0.71, 0.76, 0.77, 0.78, 0.81, 1.0 | A remote Denial of Service vulnerability exists because the plug-in does not handle certain characters correctly. There is no exploit code required. Currently we are not aware of any exploits for this vulnerability. | Sandino Flores Moreno Gaim Festival Plug-in Remote Denial of Service | Low | SecurityFocus, December 3, 2004 |
scponly prior to 4.0
| A vulnerability exists which can be exploited to bypass certain security restrictions. The problem is that some of the predefined applications support flags, which allows command execution. This can be exploited to bypass the shell restriction and execute arbitrary commands. Updates available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Sublimation scponly Security Bypass | High | Bugtraq, December 2, 2004 Gentoo Linux Security Advisory, GLSA 200412-01 / scponly, December 3, 2004 |
Sun Solaris 7, 8, 9 | There is a buffer overflow vulnerability in the ping(1M) command that could allow a local malicious user obtain elevated privileges. Patches available at: As a workaround, Sun indicates that you can remove the set user id (setuid) bit: # chmod u-s /usr/sbin/ping Currently we are not aware of any exploits for this vulnerability. | Sun Solaris 'ping' Buffer Overflow | Medium | Sun Alert Notification 57675, November 30, 2004 |
SUSE Linux 9.1 and SUSE Linux | There is a vulnerability in the evolution SSL certificate handling which leads to untrusted certificates. Update: Currently we are not aware of any exploits for this vulnerability. | SUSE evolution SSL Handling | Medium | SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
All SUSE Linux based products | Several protocol handlers in the network analysis tool ethereal have security problems which could lead bad network input to ethereal crashing. Update: Currently we are not aware of any exploits for this vulnerability. | SUSE ethereal Denial of Service CVE Names: | Low | SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
All SUSE Linux based products | Several GNOME vfs handlers had problematic code, for instance unsafe argument evaluation and similar. Update: Currently we are not aware of any exploits for this vulnerability. | SUSE GNOME Input Validation | Low | SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
Linux 9.1, Linux Enterprise Server 9 | A vulnerability exists because a malicious user can send commands to SCSI devices, which potentially results in the failure of the targeted device to further operate. This may result in the permanent, unrecoverable destruction of SCSI devices, requiring that they be sent to the vendor for service or replacement.
Update available at: Currently we are not aware of any exploits for this vulnerability. | SUSE Linux Kernel Unauthorized SCSI Command | Medium | SUSE Security Announcement, SUSE-SA:2004:042, December 1, 2004 |
Linux Enterprise Server 9 | A remote Denial of Service and storage corruption vulnerability exists due to a memory corruption in the NFS 'readdirplus' command. Update available at: Currently we are not aware of any exploits for this vulnerability. | SUSE Linux Enterprise Server NFS Remote Denial Of Service & Storage Corruption | Low/ Medium (Medium if data is corrupted) | SUSE Security Announcement, SUSE-SA:2004:042, December 1, 2004 |
SUSE Linux 8.1 and SUSE Linux Enterprise Server 8 | A buffer overflow fix in the resolver libraries of glibc 2.2 was found missing. Update: Currently we are not aware of any exploits for this vulnerability. | SUSE glibc Buffer Overflow CVE Name: | Low | SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
SUSE Linux 8.2 up to 9.2, and SUSE Linux Enterprise Server 9 | There is a vulnerability in resmgr which is used for handling permissions of normal desktop based devices (audio, video, USB, and similar). It was possible for a remotely logged in malicious user to gain access to the virtual desktop group through resmgr indirectly gaining access to the desktop devices. Update: Currently we are not aware of any exploits for this vulnerability. | SUSE resmgr Access | Medium | SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 |
file 4.11 and prior (Trustix) | A vulnerability exists in the ELF header parsing code in 'file'. A malicious user may be able to create a specially crafted ELF file that, when processed using 'file', may be able to modify the stack and potentially execute arbitrary code. Update to version 4.12: Currently we are not aware of any exploits for this vulnerability. | Trustix 'File' Processing ELF Headers Stack Overflow | High | Trustix Secure Linux Advisory #2004-0063, November 26, 2004 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
PHProjekt 2.0, 2.0.1, 2.1 a, 2.1-2.4, 3.0-3.2, 4.2 | A vulnerability exists in 'setup.php' because arbitrary PHP scripts can be uploaded, including operating system commands, which could let a remote malicious user modify the configuration and execute arbitrary scripts. Patch available at: Currently we are not aware of any exploits for this vulnerability. | PHProjekt 'setup.php' File Upload | High | Secunia Advisory, SA13355, December 2, 2004 |
Jakarta Lucene 1.4.2 | A Cross-Site Scripting vulnerability exists in the SP demo page (src/jsp/results.jsp) due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Update available at: There is no exploit code required. | Apache Jakarta Results.JSP Remote Cross-Site Scripting | High | SecurityFocus, December 3, 2004 |
2650 Multiservice Platform, 2650XM Multiservice Platform, 2651 Multiservice Platform, 2651XM Multiservice Platform, | A remote Denial of Service vulnerability exists when a malicious user submits specially crafted DHCP packets that will remain in the queue. Updated Software version table - 12.2(20)EW. Updates and workarounds available at: An exploit script is not required. | Cisco IOS DHCP Input Queue Blocking Remote Denial of Service | Low | Cisco Security Advisory, 63312, November 10, 2004 US-CERT Vulnerability Note VU#630104, November 11, 2004 Technical Cyber Security Alert, TA04-316A, November 11, 2004 Cisco Security Advisory, 63312, Rev. 1.2, December 1, 2004 |
FreeImage 3.0.0-3.0.4, 3.1 .0, 3.2 .0, 3.2.1, 3.3.0, 3.4 .0, 3.5 .0 | A buffer overflow vulnerability exists when processing ILBM (InterLeaved BitMap) images, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | FreeImage Interleaved Bitmap Image Buffer Overflow | Low/ High (High if arbitrary code can be executed) | Secunia Advisory, SA13331, November 30, 2004 |
Groupmax World Wide Web 03-11-/B, 03-10-/H, 03-00, 02-31-/I, 02-20-/A, 02-20, 02-00, | Two vulnerabilities exist: a Cross-Site Scripting vulnerability exists due to insufficient sanitization of 'QUERY' before being returned to users, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability exists due to insufficient input validation when handling template names, which could let a remote malicious user obtain sensitive information. Update information available at: There is no exploit code required. | Groupmax World Wide Web Cross-Site Scripting & Directory Traversal | Medium/ High (High if arbitrary code can be executed) | Hitachi Security Advisory, HS04-007, November 29, 2004 |
WebSphere Commerce 5.x | A vulnerability exists if store views update the database or directly invoke commands that perform the database update, which could let a remote malicious user obtain sensitive information. WebSphere Commerce fixes can be obtained by contacting the vendor. Currently we are not aware of any exploits for this vulnerability. | IBM WebSphere Commerce Default User Information Disclosure | Medium | Secunia Advisory, SA13234, December 3, 2004 |
Archive::Zip 1.13, | Remote exploitation of an exceptional condition error in multiple vendors' anti-virus software allows malicious users to bypass security protections by evading virus detection. The problem specifically exists in the parsing of .zip archive headers. This vulnerability affects multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV. Instructions for Computer Associates, Eset, Kaspersky, McAfee, Sophos, and RAV are available at: http://www.idefense.com/application/poi/display?id Gentoo: Mandrakelinux 10.1 and Mandrakelinux 10.1/X86_64: A fix for F-Secure is available at:: SUSE: A Proof of Concept exploit script has been published. | Multiple Vendor Anti-Virus Software Detection Evasion CVE Names:
| High | iDEFENSE Security Advisory, October 18, 2004 Secunia Advisory ID: SA13038, November 1, 2004 SecurityFocus, Bugtraq ID: 11448, November 2, 2004 SecurityTracker Alert ID: 1012057, November 3, 2004 SecurityFocus, November 15, 2004 SecurityFocus, November 29, 2004 |
NetMail 3.x
| A vulnerability exists because the NMAP (Network Messaging Application Protocol) authentication credential is set automatically during installation and not changed after the installation has finished, which could let a remote malicious user obtain access to the mail store data with read/write Novell indicates that you should use the NMAP Server Credential Generator (nmapcred) to set a unique NMAP authentication credential. Currently we are not aware of any exploits for this vulnerability. | Novell NetMail Default Authentication Credentials | Medium | Secunia Advisory, SA13377, December 6, 2004 |
Serendipity 0.3, 0.4, 0.5-pl1, 0.5, 0.6 -rc1&2, 0.6 -pl1-13, 0.6, 0.7 -rc1, 0.7 -beta1-beta4, 0.7 | A Cross-Site Scripting vulnerability exists in 'compat.php' due to insufficient sanitization of the 'searchTerm parameter, which could let a remote malicious user execute arbitrary HTML and script code. Update available at: There is no exploit code required. | S9Y Serendipity Remote Cross-Site Scripting | High | SecurityTracker Alert ID, 1012383, December 2, 2004 |
SquirrelMail 1.x | A Cross-Site Scripting vulnerability exists in the 'decodeHeader()' function in 'mime.php' when processing encoded text in headers due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Patch available at: Gentoo: Conectiva: Fedora: http://download.fedora.redhat. An exploit script is not required. | SquirrelMail Cross-Site Scripting CVE Name: | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200411-25, November 17, 2004 Fedora Update Notifications, Conectiva Linux Security Announcement, CLA-2004:905, December 2, 2004 |
SurgarCRM 2.5 & prior | Several vulnerabilities exist: a Cross-Site Scripting vulnerability exists which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists due to insufficient validation of the 'record' variable, which could let a remote malicious user inject arbitrary SQL commands; and a vulnerability exists which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | SugarCRM Multiple Input Validation | Medium/ High (High if arbitrary code can be executed) | SecurityTracker Alert ID, 1012373, December 2, 2004 |
Sun Java JRE 1.3.x, 1.4.x, | A vulnerability exists due to a design error because untrusted applets for some private and restricted classes used internally can create and transfer objects, which could let a remote malicious user turn off the Java security manager and disable the sandbox restrictions for untrusted applets. Updates available at: Conectiva: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Sun Java Plug-in Sandbox Security Bypass CVE Name: | Medium | Sun(sm) Alert Notification, 57591, November 22, 2004 US-CERT Vulnerability Note, VU#760344, November 23, 2004 Conectiva Linux Security Announcement, CLA-2004:900, November 26, 2004 Gentoo Linux Security Advisory, GLSA 200411-38, November 29, 2004 HP Security Bulletin,
|
ViewCVS 0.9.2 & prior | A vulnerability exists because it is possible to access CVSROOT and forbidden directories via the tarball generation functionality, which could let malicious user bypass security restrictions.
Debian: http://security.debian.org/pool/updates/main/v/viewcvs/ Currently we are not aware of any exploits for this vulnerability. | ViewCVS Ignores 'hide_cvsroot' and 'forbidden' Settings | Medium | SecurityTracker Alert ID, 1012431, December 6, 2004 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| December 7, 2004 | stripwire-1.1.tar.gz | N/A | A tool which demonstrates vulnerabilities in md5 checks. |
| December 2, 2004 | kreedexec.zip | No | Exploit for the Burut Kreed Game Server Multiple Remote vulnerabilities. |
| December 1, 2004 | mercury.py ex_MERCURY.c ex_MERCURY2.c | Yes | Scripps that exploit the Mercury Mail Multiple Remote IMAP Stack Buffer Overflow vulnerabilities. |
| November 30, 2004 | janados.zip | Yes | Exploit for the JanaServer 2 Multiple Remote Denial of Service vulnerabilities. |
| November 30, 2004 | WeBrute | N/A | A Brute Forcing tool to discover hidden directories, files or parameters in the URL # of a webserver. |
| November 30, 2004 | WS_FTP_Overflow.pl ws_ftpOverflowExploitByNoPh0BiA.c | No | Scripts that exploit the IpSwitch WS_FTP Buffer Overflow vulnerability. |
name=trends>Trends
- MessageLabs Publishes 2004 Email Security Trends and 2005 Predictions Report.
- The report found that phishing-related online identity theft has established itself as the principal threat of 2004 and may signal the beginning of a wave of email attacks targeted at individuals and small groups of companies.
- Spam and virus ratios also rose over the last 12 months. During the year, the virus infection average ratio was 1 in 16, compared to 2003 when it was 1 in 33.
- Recent evidence also suggests that Trojans and other malicious code have been developed during 2004 specifically to compromise particular organizations. Tailored malicious activity ranging from blackmailing online gaming sites with Denial of Service (DoS) attacks to threats to send out child pornography in the name of a particular organization.
- For more information, see: http://www.messagelabs.com/news/pressreleases/detail/default.asp?contentItemId=1245®ion=
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Netsky-D | Win32 Worm | Slight Increase | March 2004 |
3 | Zafi-B | Win32 Worm | Slight Decrease | June 2004 |
4 | Bagle-AT | Win32 Worm | Decrease | October 2004 |
5 | Sober-I | Win32 Worm | New to Table | November 2004 |
6 | Netsky-Z | Win32 Worm | Decrease | April 2004 |
7 | Netsky-Q | Win32 Worm | Increase | March 2004 |
8 | Bagle-AA | Win32 Worm | Decrease | April 2004 |
9 | Bagle-AU | Win32 Worm | New to Table | October 2004 |
10 | Netsky-B | Win32 Worm | Decrease | February 2004 |
Table Updated December 6, 2004
Viruses or Trojans Considered to be a High Level of Threat
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Name |
face="Arial, Helvetica, sans-serif">Aliases |
face="Arial, Helvetica, sans-serif">Type |
| Agobot-OL | WORM_AGOBOT.ACE W32/Gaobot.worm.gen.q Backdoor.Win32.Agobot.gen | Win32 Worm |
| HTML_IFRAMEBOF.B | HTML Virus | |
| I-Worm.Lovgate.ad | W32/Lovgate.ah@MM W32.Lovgate.AD@mm Win32.HLLM.MyDoom.based W32/Lovgate-F Win32/Lovgate.AH@mm Worm/Lovgate.AD W32/Lovgate.AK@mm Win32:Lovgate-AK I-Worm/Lovgate Win32.LovGate.AC@mm Worm.Lovgate.AC W32/Lovgate.AO Win32/Lovgate.AK (Eset) | Win32 Worm |
| I-Worm.Mabutu.a | W32/Mabutu.a@MM W32.Mota.B@mm Win32.HLLM.Mabutu W32/Mabutu-A Win32/Mabutu.A@mm Worm/Mabutu.A W32/Mabuto.B@mm Win32:Mabutu-Dll I-Worm/Mabutu.A Win32.Mabutu.B@mm Worm.Mabutu.A.3 W32/Mabutu.A.worm Win32/Mabutu.A | Win32 Worm |
| JS.Kidrash | JavaScript Virus | |
| PWS-Banker.d | Trojan | |
| PWSteal.Tarno.K | Trojan | |
| QLowZones-4 | Trojan | |
| Troj/Agent-BF | Trojan-Downloader.Win32.Agent.ea | Trojan |
| Troj/Banker-BG | Trojan | |
| Trojan.Frutca | Trojan | |
| Trojan.Wlogo | Trojan | |
| W32.Aidid | Win32 Virus | |
| W32.Atak.B@mm | Win32 Worm | |
| W32.Beagle@mm!enc | Win32 Worm | |
| W32.Salga.A@mm | W32/Salga.a@MM | Win32 Worm |
| W32.Setclo | W32/Setclo.worm | Win32 Worm |
| W32/Agobot-NZ | Backdoor.Win32.Agobot.gen | Win32 Worm |
| W32/Agobot-OH | DOS_AGOBOT.GEN Backdoor.Win32.Agobot.gen | Win32 Worm |
| W32/Atak-E | Win32 Worm | |
| W32/Rbot-QX | WORM_RBOT.XQ Backdoor.Win32.Rbot.gen W32/Sdbot.worm.gen.j | Win32 Worm |
| W32/Rbot-RC | WORM_SDBOT.AFI Backdoor.Win32.Rbot.dy | Win32 Worm |
| W32/Rbot-RE | Win32 Worm | |
| W32/Rbot-RF | Win32 Worm | |
| W32/Sdbot-RU | W32/Sdbot.worm.gen Win32.IRCBot.a | Win32 Worm |
| W32/Wurmark-A | Email-Worm.Win32.Wurmark.a W32/Mugly.b@MM | Win32 Worm |
| Win32.Fuzzorin | TROJ_AGENT.GG Generic BackDoor.p Win32.Fuzzorin.A Win32/Fuzzorin.A.Trojan Win32.Fuzzorin.B Win32.Fuzzorin.C Win32.Fuzzorin.D W32/SillyTrojan.N@bd Trojan.Win32.Helodor.a | Trojan |
| Win32.Orpheus.A | W32/Hpl.worm.dll W32.Orpheus.A WORM_ORPHEUS.A Worm.Win32.Orpheus.a | Win32 Worm |
| Win32.Yanz.A | Win32/Yaha.Variant.Worm I-Worm.Yanz.a WORM_YANZ.A Yanz.A@mm W32/Yanz-A W32/Yanzi.A@mm | Win32 Worm |
| WORM_ATAK.D | I-Worm/Atak.C W32/Atak.d@MM W32/Atak-D W32/Atak.D.worm | Internet Worm |
| WORM_RBOT.ADD | Internet Worm |
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.