ALWIL Software

Avast! Antivirus Home Edition 4.6, Professional Edition 4.6

Updates available at:
http://www.avast.com/eng/updates.html

Currently we are not aware of any exploits for this vulnerability.

Bungie Studios

Halo: Combat Evolved 1.06 and 1.00 (Custom Edition) and prior

A vulnerability has been reported that could let remote malicious users cause a Denial of Service. The vulnerability is caused due to an error in the communication handling.

The vulnerability will reportedly be fixed in version 1.07.

A Proof of Concept exploit has been published.

Luigi Auriemma, May 24, 2005

Secunia SA15501, May 24, 2005

Clever's Games

Terminator 3: War of the Machines 1.16

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to insufficient boundary checks before copying user-supplied data in sensitive process buffers, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a failure to handle exceptional conditions.

No workaround or patch available at time of publishing.

An exploit script has been published for the buffer overflow vulnerability.

Computer Associates

CA InoculateIT 6.0; eTrust Antivirus r6.0, r7.0, r7.1, eTrust Antivirus for the Gateway r7.0, r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection; BrightStor ARCserve Backup (BAB) r11.1 Windows; eTrust EZ Antivirus r6.2 - r7.0.5, eTrust EZ Armor r1.0 - r2.4.4, eTrust EZ Armor LE r2.0 - r3.0.0.14; Vet Antivirus r10.66 & prior

A vulnerability has been reported in Computer Associates Vet Antivirus engine that could let a remote user execute arbitrary code. A remote user can create a specially crafted Microsoft Office document that will trigger an integer overflow and execute arbitrary code.

A fix is available for most of the affected products:
http://www3.ca.com/securityadvisor/
vulninfo/vuln.aspx?id=32896

The fix is available automatically as part of the daily Vet Signature updates (May 3, 2005).

Currently we are not aware of any exploits for this vulnerability.

Compuware

DriverStudio 3.1, 3.2

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

dotnetindex

Active News Manager 2.x

A vulnerability has been reported that could let remote malicious users conduct SQL injection attacks. Input passed to the username and password fields in 'login.asp' isn't
properly validated.

No workaround or patch available at time of publishing.

There is no exploit script required; however, a Proof of Concept exploit has been published.

Firefly Studios

Stronghold 2 1.2

A remote Denial of Service vulnerability has been reported due to an error when handling overly long nicknames.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

FutureSoft

TFTP Server 2000 1.0 .0.1

Several vulnerabilities were reported: a buffer overflow vulnerability was reported due to boundary errors when handling Read and Write requests, which could let a remote malicious user execute arbitrary code; and a Directory Traversal vulnerability was reported due to insufficient input validation, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Hosting Controller

Hosting Controller 6.1, Hotfixes 2.0, 1.9, 1.7, 1.4

A vulnerability has been reported in 'UserProfile.asp' due to insufficient authentication, which could let a malicious user bypass authentication and modify profile information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Hosting Controller

Hosting Controller 6.x

An SQL injection vulnerability has been reported in 'resellerresources.asp' due to insufficient sanitization of the 'jresourceid' parameter before used in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

India Software

Solution Shopping Cart

An SQL injection vulnerability has been reported in the 'shopcart/signin.asp' script due to insufficient validation of the 'password' parameter, which could let a remote malicious user execute arbitrary SQL commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MailEnable

MailEnable Enterprise Edition 1.x,
MailEnable Professional 1.x

A vulnerability has been reported during SMTP authentication, which could let a remote malicious user cause a Denial of Service.

Apply update:
http://www.mailenable.com/
hotfix/MEIMSM-HF050523.zip

Currently we are not aware of any exploits for this vulnerability.

MaxWebPortal.com

MaxWebPortal 1.35, 1.36, 2.0, 20050418 Next

An input validation vulnerability has been reported in the 'password.asp' script that could let a remote user inject SQL commands. The 'memKey' parameter is not properly validated.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Microsoft

Internet Explorer 6.0 SP2

A remote Denial of Service vulnerability has been reported when the browser handles a specially crafted JavaScript 'onLoad' handler.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Microsoft

Internet Explorer 6.0 SP2

A remote Denial of Service vulnerability has been reported when a malformed URI is added to the list of restricted sites.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Microsoft

RDP 4.0, 5.0-5.2

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft

Windows 98SE

A remote Denial of Service vulnerability has been reported in the 'user32.dll' library when icon files that contain large size values are submitted.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Microsoft

Windows XP Home, SP1 & SP2, XP Professional, SP1 & SP2

A Denial of Service vulnerability has been reported when a malicious user generates excessive expired and unused security contexts.

Microsoft has released KB article 890196 to address this issue available at:
http://support.microsoft.com/kb/
890196/EN-US/#appliesto

Currently we are not aware of any exploits for this vulnerability.

Microsoft

Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2

Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code.

Patches available at: href="http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx">

http://www.microsoft.com/technet/

security/bulletin/MS05-009.mspx

V1.1: Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger.

V1.2: Bulletin updated with correct file version information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to "Non-Affected Software" list.

V2.0: The update for Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) was failing to install when distributed via SMS or AutoUpdate. An updated package corrects this behavior.

V2.1: Bulletin updated to update the "Security Update Information" section for the Microsoft Windows Messenger 4.7.0.2009 (when running on Windows XP Service Pack 1) security update.

V2.2: Updated the "deployment" section of Microsoft Windows Messenger version 4.7.0.2009 for the correct command.

V2.3: Updated the "Security Update Information" section for Microsoft Windows Messenger version 4.7.0.2009 with the correct setup switches.

An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability.

Microsoft Media Player & Windows/MSN Messenger PNG Processing

href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1244">CAN-2004-1244

href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597 href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1244">

Microsoft Security Bulletin, MS05-009, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#259890

Security Focus, February 10, 2005

Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005

Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005

Microsoft Security Bulletin, MS05-009 V2.0, April 12, 2005

Microsoft Security Bulletin, MS05-009 V2.1, May 11, 2005

Microsoft Security Bulletin, MS05-009 V2.2, May 11, 2005

Microsoft Security Bulletin, MS05-009 V2.3, May 25, 2005

Newmad Technologies

PicoWebServer 1.0

A buffer overflow vulnerability has been reported when handling long HTTP GET requests, which could let a remote malicious user cause a Denial or Service or execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

os4e

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ServersCheck

ServersCheck 5.9 .0, 5.10 .0

A Directory Traversal vulnerability has been reported due to insufficient validation of user-supplied input, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WMR Simpson

BookReview 1.0 beta

Several vulnerabilities have been reported: an input validation vulnerability was reported that could let a remote malicious user conduct Cross-Site Scripting attacks. Several scripts are affected: 'index.php,' 'add_contents.htm,' 'add_review.htm,' 'suggest_category.htm,' 'contact.htm,' 'add_booklist.htm,' 'add_url.htm,' 'search.htm,' 'suggest_review.htm,' and 'add_classification.htm;' and a vulnerability was reported because remote malicious user can obtain the path of the
web server via certain parameters to search.htm.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

zon.cn

ZonGG 1.2

A vulnerability has been reported that could let a remote malicious user inject SQL commands. The 'ad/login.asp' script does not properly validate user-supplied input in the password parameter.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

4D Inc.

WebSTAR 5.3.3, 5.4

A buffer overflow vulnerability has been reported in the Tomcat plugin due to a boundary error when processing URLs, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Updates available at:
http://www.4d.com/products/
downloads_4dws.html

An exploit script has been published.

Securiteam, May 8, 2005

Security Focus, 13538, May 26, 2005

Apple

Keynote 2, 2.0.1

A vulnerability has been reported that could let a remote malicious user obtain files from the target user's system. A remote user can create a specially crafted Keynote presentation that, when loaded by the target user via the 'keynote:' URL handler, can access files on the target user's system.

A fixed version (2.0.2) is available via Software Updates or at: http://www.apple.com/support/downloads/

Currently we are not aware of any exploits for this vulnerability.

Apple Keynote 'keynote:' Lets Remote Users Access Local Files

CAN-2005-1408

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/">http://security.ubuntu.com/

ubuntu/pool/main/b/bzip2/

Mandriva:

href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/

security/advisories

Debian:
http://security.debian.org/
pool/updates/main/b/bzip2/

There is no exploit code required.

Security Focus,

12954,

March 31, 2005

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005

Debian Security Advisory, DSA 730-1, May 27, 2005

Clam Anti-Virus

ClamAV 0.80 rc4, 0.81-0.83, 0.84 rc1 & rc2

A vulnerability has been reported in 'shared/misc.c' in the 'filecopy()' function when an affected file cannot be removed, which could let a malicious user execute arbitrary code.

Upgrades avail bale at:
http://prdownloads.sourceforge.net/
clamav/clamav-0.85.1.tar.gz?download

There is no exploit code required.

Ethereal Group

Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9

Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.

Upgrades available at:

href="http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz"
target=_blank>http://www.ethereal.com/

distribution/ethereal-0.10.11.tar.gz

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-03.xml">

http://security.gentoo.org/

glsa/glsa-200505-03.xml

Mandriva:

href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/

security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-427.html

An exploit script has been published.

Ethereal Security Advisory, enpa-sa-00019, May 4, 2005

Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005

RedHat Security Advisory, RHSA-2005:427-05, May 24, 2005

Ettercap

Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2

A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.sourceforge.net/
ettercap/ettercap-NG-0.7.3.tar.gz?download

Currently we are not aware of any exploits for this vulnerability.

GNU

Mailutils 0.5, 0.6

Multiple vulnerabilities have been reported that could let a remote malicious user execute arbitrary code or cause a Denial of Service. These vulnerabilities are due to a buffer overflow in the 'header_get_field_name()' function in 'mailbox/header.c'; an integer overflow in the 'fetch_io()' function; an input validation error in the imap4d server in the FETCH command; and a format string flaw in the imap4d server.

A fixed version (0.6.90) is available at:
ftp://alpha.gnu.org/gnu/mailutils/
mailutils-0.6.90.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-20.xml

Proofs of Concept exploits have been published.

GNU Mailutils Buffer Overflow and Format String Bugs Let Remote Users Execute Arbitrary Code

CAN-2005-1520
CAN-2005-1521
CAN-2005-1522
CAN-2005-1523

iDEFENSE Security Advisory 05.25.05

Gentoo Linux Security Advisory, GLSA 200505-20, May 27, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

No workaround or patch available at time of publishing.

There is no exploit code required.

Hewlett Packard Company

HP-UX B.11.23, B.11.22, B.11.11, B.11.04, B.11.00

A remote Denial of Service vulnerability has been reported in the Path MTU Discovery (PMTUD) functionality that is supported in the ICMP protocol.

Patches available at:
http://www1.itrc.hp.com/service/
cki/docDisplay.do?docId= HPSBUX01137

Currently we are not aware of any exploits for this vulnerability.

Hewlett Packard Company Security Advisory, HPSBUX01137, April 24, 2005

Hewlett Packard Company Security Advisory, HPSBUX01137: SSRT5954 rev.1, May 25, 2005

Hewlett-Packard

HP-UX B.11.00, B.11.11, B.11.22, B.11.23; only if converted to trusted systems

The vendor has issued the following fixes, available at: http://itrc.hp.com

For HP-UX B.11.00 - PHCO_29249 and PHNE_17030
For HP-UX B.11.11 - PHCO_33215
For HP-UX B.11.23 - PHCO_32926

For HP-UX B.11.22, action: disable remshd (OS-Core.CORE2-SHLIBS) and avoid the telnet -t option.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

Upgrades available at:

href="http://www.imagemagick.org/script/binary-releases.php"
target=_blank>http://www.imagemagick.org/

script/binary-releases.php

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/3/

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/">http://security.ubuntu.com/

ubuntu/pool/main/i/imagemagick/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-413.html

A Proof of Concept exploit has been published.

Security Focus, 13351, April 25, 2005

Fedora Update Notification

FEDORA-2005-344, April 28, 2005

Ubuntu Security Notice, USN-132-1 May 23, 2005, May 23, 2005

RedHat Security Advisory, RHSA-2005:413-04, May 25, 2005

Multiple Vendors

KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9

Patches available at:

href="http://bugs.kde.org/attachment.cgi?id=10325&action=view">http://bugs.kde.org/attachment.cgi

?id=10325&action=view

href="http://bugs.kde.org/attachment.cgi?id=10326&action=view ">http://bugs.kde.org/attachment.cgi

?id=10326&action=view

SuSE:

href="ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-3.2.1-44.46.i586.rpm"
target=_blank>ftp://ftp.suse.com/pub/suse/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200504-22.xml">

http://security.gentoo.org/

glsa/glsa-200504-22.xml

Debian:

href="http://security.debian.org/pool/updates/main/k/kdelibs/">http://security.debian.org/

pool/updates/main/k/kdelibs/

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/3/

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/">http://security.ubuntu.com/

ubuntu/pool/main/k/kdelibs/

Mandriva:

href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/

security/advisories

Conectiva:

href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-393.html">http://rhn.redhat.com/

errata/RHSA-2005-393.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/k/kdelibs/

Denial of Service Proofs of Concept exploits have been published.

SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005

Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005

Debian Security Advisory, DSA 714-1, April 26, 2005

Fedora Update Notification,

FEDORA-2005-350, May 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:085, May 12, 2005

Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005

RedHat Security Advisory, RHSA-2005:393-05, May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:013, May 18, 2005

Ubuntu Security Notice, USN-114-2, May 27, 2005

Multiple Vendors

AES AES (Rijndael);
OpenSSL Project OpenSSL 0.9.1-0.9.7

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Gentoo Linux;

GNU GDB 6.3

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-15.xml">

http://security.gentoo.org/

glsa/glsa-200505-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdb/

http://security.ubuntu.com/
ubuntu/pool/main/b/binutils/

Mandriva:

href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/

security/advisories

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Currently we are not aware of any exploits for these vulnerabilities.

Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 200

Ubuntu Security Notices, USN-135-1, 136-1 & 136-2, May 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:09, May 30, 2005

Trustix Secure Linux Security Advisory, TSL-2005-0025, May 31, 2005

Multiple Vendors

GraphicsMagick GraphicsMagick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-16.xml">

http://security.gentoo.org/

glsa/glsa-200505-16.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/imagemagick/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005

Ubuntu Security Notice, USN-132-1, May 23, 2005

Fedora Update Notification,
FEDORA-2005-395, May 26, 2005

Multiple Vendors

Linux kernel 2.2.x, 2.4.x, 2.6.x

Update available at: href="http://kernel.org/">

http://kernel.org/

Trustix:

href="http://www.trustix.org/errata/2005/0022/">http://www.trustix.org/

errata/2005/0022/

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/

ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html

An exploit script has been published.

Secunia Advisory, SA15341, May 12, 2005

Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005

Multiple Vendors

Linux Kernel 2.4.0-test1-test12, 2.4-2.4.30, 2.5.0- 2.5.69, 2.6 -test1-test11, 2.6- 2.6.9

No workaround or patch available at time of publishing.

Exploit scripts have been published.

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat: href="https://rhn.redhat.com/errata/RHSA-2005-092.html">

https://rhn.redhat.com/errata/

RHSA-2005-092.html

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/">

http://security.ubuntu.com/ubuntu/

pool/main/l/linux-source-2.6.8.1/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/1">

ftp://atualizacoes.conectiva.

com.br/

SUSE:

href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/2/

Conectiva:

href="ftp://atualizacoes.conectiva.com.br/10/">ftp://atualizacoes.conectiva.

com.br/10/

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-366.html">http://rhn.redhat.com/

errata/RHSA-2005-366.html

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-283.html">http://rhn.redhat.com/

errata/RHSA-2005-283.html

href="http://rhn.redhat.com/errata/RHSA-2005-284.html">http://rhn.redhat.com/

errata/RHSA-2005-284.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html

Currently we are not aware of any exploits for these vulnerabilities.

Ubuntu Security

Notice, USN-82-1, February 15, 2005

RedHat Security Advisory,

RHSA-2005:092-14, February 18, 2005

SUSE Security Announcement,

SUSE-SA:2005:018, March 24, 2005

Fedora Security

Update Notification,

FEDORA-2005-262, March 28, 2005

Conectiva Linux Security Announcement,

CLA-2005:945,

March 31, 2005

Fedora Update Notification

FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11, April 28, 2005

RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005

Multiple Vendors

Qpopper 4.x; Gentoo Linux

Upgrades available at:

href="ftp://ftp.qualcomm.com/eudora/servers/unix/popper/old/qpopper4.0.5.tar.gz"
target=_blank>ftp://ftp.qualcomm.com/eudora/

servers/unix/popper/old/qpopper4.0.5.tar.gz

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-17.xml">

http://security.gentoo.org/

glsa/glsa-200505-17.xml

Debian:
http://security.debian.org/
pool/updates/main/q/qpopper/

There is no exploit code required.

Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005

Secunia Advisory, SA15475, May 24, 2005

Debian Security Advisories, DSA 728-1 & 728-2, May 25 & 26, 2005

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;

XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at: link="#999999">

face="Arial, Helvetica"> href="https://bugs.freedesktop.org/attachment.cgi?id=1909">https://bugs.freedesktop.org/

attachment.cgi?id=1909

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-08.xml">

http://security.gentoo.org/glsa/

glsa-200503-08.xml

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/">

http://security.ubuntu.com/ubuntu/

pool/main/l/lesstif1-1/

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200503-15.xml">

http://security.gentoo.org/

glsa/glsa-200503-15.xml

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/x/xfree86/">

http://security.ubuntu.com/

ubuntu/pool/main/x/xfree86/

ALTLinux:

href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html">http://lists.altlinux.ru/

pipermail/security-announce/

2005-March/000287.html

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-331.html">http://rhn.redhat.com/errata/

RHSA-2005-331.html

SGI:

href="ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/">ftp://oss.sgi.com/projects/

sgi_propack/download/3/updates/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2005-044.html">

http://rhn.redhat.com/errata/

RHSA-2005-044.html

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">

http://www.mandrakesecure.net/

en/ftp.php

Mandriva:

href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/

security/advisories

Debian:

href="http://security.debian.org/pool/updates/main/x/xfree86/">http://security.debian.org/

pool/updates/main/x/xfree86/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-412.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-473.html

Currently we are not aware of any exploits for this vulnerability.

Security Focus,

12714,

March 2, 2005

Gentoo Linux

Security Advisory,

GLSA 200503-08, March 4, 2005

Ubuntu Security

Notice, USN-92-1 March 07, 2005

Gentoo Linux

Security Advisory, GLSA 200503-15,

March 12, 2005

Ubuntu Security

Notice, USN-97-1

March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,

FEDORA-2005

-272 & 273,

March 29, 2005

RedHat Security Advisory,

RHSA-2005:

331-06,

March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005

RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005

PHP Group

PHP 4.3-4.3.10; Peachtree Linux release 1

Upgrades available at:

href="http://ca.php.net/get/php-4.3.11.tar.gz/from/a/mirror"
target=_blank>http://ca.php.net/get/php

4.3.11.tar.gz/from/a/mirror

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/p/php4/">http://security.ubuntu.com/

ubuntu/pool/main/p/php4/

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200504-15.xml">http://security.gentoo.org/

glsa/glsa-200504-15.xml

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">

http://www.mandrakesecure.net/

en/ftp.php

Peachtree: href="http://peachtree.burdell.org/updates/">

http://peachtree.burdell.org/

updates/

SGI:

href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/

free/security/advisories/

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000955

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13164, April 14, 2005

Ubuntu Security Notice, USN-112-1, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Fedora Update Notification,

FEDORA-2005-315, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Conectiva Security Advisory, CLSA-2005:955, May 31, 2005

PHP Group

PHP 4.3-4.3.10; Peachtree Linux release 1

Upgrades available at:

href="http://ca.php.net/get/php-4.3.11.tar.gz/from/a/mirror"
target=_blank>http://ca.php.net/get/php

4.3.11.tar.gz/from/a/mirror

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/p/php4/">http://security.ubuntu.com/

ubuntu/pool/main/p/php4/

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200504-15.xml">http://security.gentoo.org/

glsa/glsa-200504-15.xml

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/

pub/fedora/linux/core/updates/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">

http://www.mandrakesecure.net/

en/ftp.php

Peachtree: href="http://peachtree.burdell.org/updates/">

http://peachtree.burdell.org/

updates/

TurboLinux:

href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/p

ub/TurboLinux/TurboLinux/ia32/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-405.html">http://rhn.redhat.com/

errata/RHSA-2005-405.html

SUSE:

href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

SGI:

href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/

free/security/advisories/

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000955

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13163, April 14, 2005

Ubuntu Security Notice, USN-112-1, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Fedora Update Notification,

FEDORA-2005-315, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Turbolinux Security Advisory, TLSA-2005-50, April 28, 2005

RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Conectiva Security Advisory, CLSA-2005:955, May 31, 2005

SCO

Open Server 5.0.7

A buffer overflow vulnerability has been reported in 'nwprint' due to insufficient bounds checking, which could let a malicious user obtain elevated privileges.

SCO:
ftp://ftp.sco.com/pub/updates/
OpenServer/SCOSA-2005.26

An exploit script has been published.

Bugtraq, 394864,
April 4, 2005

SCO Security Advisory, SCOSA-2005.26, May 25, 2005

WEB-DAV

Linux File System (davfs2) 0.x

A vulnerability has been reported that could let malicious, local users bypass certain security restrictions. A mounted file system fails to support UNIX permissions.

No workaround or patch available at time of publishing.

There is no exploit code required.

xine

gxine 0.4.0-0.4.4

A format string vulnerability has been reported due to insecure implementation of a formatted printing function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-19.xml

Currently we are not aware of any exploits for this vulnerability.

pst.advisory, May 21, 2005

Gentoo Linux Security Advisory, GLSA 200505-19, May 26, 2005

C'Nedra

C'Nedra 0.4

A buffer overflow vulnerability has been reported in 'game_message_functions.cpp' source file due to a boundary error in 'READ_TCP_STRING()' function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

FreeStyle

Wiki Wiki 3.5.7, Wiki WikiLite .10

A vulnerability has been reported due to insufficient sanitization of input passed in uploaded attachments, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.sourceforge.jp/
fswiki/14800/fswiki_lite_0_0_11.zip

There is no exploit code required.

FunkyASP

FunkyASPAD System 1.1

A vulnerability has been reported that could let remote malicious users conduct SQL injection attacks. This is due to improper input validation in 'admin.asp.'

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

GPL

phpStat

A vulnerability has been reported that could let a remote malicious user gain administrative access to the application. A remote user can supply a specially crafted URL to cause 'setup.php' to reset the password on a username.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

SoulBlack Security Research, May 25, 2005

Exceed 10.x, 9.x, PowerSuite 10.x,
HostExplorer 10.x,
Hummingbird Connectivity 9.x, InetD 10.x,
NFS Maestro Client 10.x, Gateway 10.x, Server 10.x

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the InetD FTPD component (ftpdw.exe) when an overly large argument is passed to a FTP command, which could let a remote malicious user cause a Denial of Service; and a buffer overflow vulnerability was reported due to a boundary error in the he InetD LPD component (Lpdw.exe) when a large amount of data is received, which could let a remote malicious user cause a Denial of Service and possible execute arbitrary code.

Patches available at:
http://connectivity.hummingbird.com/
support/nc

Currently we are not aware of any exploits for these vulnerabilities.

Secunia Advisory, SA15557, May 31, 2005

Invision Power Services

Invision Board 1.0, 1.0.1, 1.1.1, 1.1.2, 1.2, 1.3 Final, 1.3, 1.3.1 Final, 2.0 PF1&PF2, 2.0 PDR3, 2.0, Alpha 3, 2.0.1-2.0.4

No workaround or patch available at time of publishing.

There is no exploit code required.

Invision Power Services

Invision Board 1.0, 1.0.1, 1.1.1, 1.1.2, 1.2, 1.3 Final, 1.3

A vulnerability was reported because forum posts owned by other moderators can be modified through an HTTP GET request without authentication credentials, which could let a remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Invision Power Services

Invision Power Board 1.x, 2.x

Several vulnerabilities have been reported: a Cross-Site vulnerability was reported due to insufficient sanitization of the 'highlite' parameter in 'search.php' and 'topics.php,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'login.php' due to insufficient sanitization of input passed to a certain cookie ID parameter, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:

href="http://www.invisionboard.com/act.ips/download">http://www.invisionboard.com/

act.ips/download

Another exploit script has been published.

GulfTech Security

Research Advisory,

May 5, 2005

Security Focus, May 26, 2005

JAWS

JAWS 0.4, 0.5 beta2, 0.5, 0.5.1

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'Glossary' module, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in the CVS repository.

There is no exploit code required; however, a Proof of Concept exploit has been published.

L-Soft

LISTSERV 14.3, 1.8d, 1.8e

Fixed versions (14.3 level set 2005a and above) are available at:
http://www.lsoft.com/download/
listserv.asp

http://www.lsoft.com/download/
listservlite.asp

Currently we are not aware of any exploits for this vulnerability.

Security Tracker Alert ID: 1014051, May 25, 2005

NGSSoftware Insight Security Research, May 25, 2005

Mozilla

Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1, 1.0-1.0.3

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of 'IFRAME' JavaScript URLS from being executed in the context of another history list URL, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'InstallTrigger .install()' due to insufficient verification of the 'Icon URL' parameter, which could let a remote malicious user execute arbitrary JavaScript code.

Workaround:

Disable "tools/options/web-Features/>Allow web sites to install software"

Slackware:

href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/

pub/slack ware/

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200505-11.xml">http://security.gentoo.org/

glsa/glsa-200505-11.xml

TurboLinux:

href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/

pub/TurboLinux/

TurboLinux/ia32/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-434.html">http://rhn.redhat.com/

errata/RHSA-2005-434.html

href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/

errata/RHSA-2005-435.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Proofs of Concept exploit scripts have been published.

Secunia Advisory,

SA15292,

May 9, 2005

US-CERT VU#534710

US-CERT VU#648758

Slackware Security Advisory, SSA:2005-135-01, May 15, 2005

Gentoo Linux Security Advisory, GLSA 200505-11, May 16, 2005

Turbolinux Security Advisory, TLSA-2005

-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005

Ubuntu Security Notice, USN-134-1, May 26, 2005

Mozilla

Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7

Firefox:

href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/

products/firefox/

Mozilla Browser Suite:

href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/

products/mozilla1.x/

TurboLinux::

href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/

TurboLinux/TurboLinux/ia32/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-434.html">http://rhn.redhat.com/

errata/RHSA-2005-434.html

href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/

errata/RHSA-2005-435.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Currently we are not aware of any exploits for this vulnerability.

Mozilla Foundation Security Advisory,

2005-44,

May 12, 2005

Turbolinux Security Advisory,

TLSA-2005

-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005

Ubuntu Security Notice, USN-134-1, May 26, 2005

Mozilla

Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7

Firefox:

href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/

products/firefox/

Mozilla Browser Suite:

href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/

products/mozilla1.x/

TurboLinux::

href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/

TurboLinux/TurboLinux/ia32/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-434.html">http://rhn.redhat.com/

errata/RHSA-2005-434.html

href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/

errata/RHSA-2005-435.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Currently we are not aware of any exploits for this vulnerability.

Mozilla Foundation Security Advisory,

2005-43,

May 12, 2005

Turbolinux Security Advisory,

TLSA-2005-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005

Ubuntu Security Notice, USN-134-1, May 26, 2005

Multiple Vendors

ALT Linux Compact 2.3, Junior 2.3; Apple Mac OS X 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8, Mac OS X Server 10.0, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8; MIT Kerberos 5 1.0, 5 1.0.6, 5 1.0.8, 51.1-5 1.4; Netkit Linux Netkit 0.9-0.12, 0.14-0.17, 0.17.17; Openwall GNU/*/Linux (Owl)-current, 1.0, 1.1; FreeBSD 4.10-PRERELEASE, 2.0, 4.0 .x, -RELENG, alpha, 4.0, 4.1, 4.1.1 -STABLE, -RELEASE, 4.1.1, 4.2, -STABLEpre122300, -STABLEpre050201, 4.2 -STABLE, -RELEASE,

4.2, 4.3 -STABLE, -RELENG, 4.3 -RELEASE-p38, 4.3 -RELEASE, 4.3, 4.4 -STABLE, -RELENG, -RELEASE-p42, 4.4, 4.5 -STABLEpre2002-03-07, 4.5 -STABLE,

-RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, -RELENG, 4.6 -RELEASE-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7 -RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG,

4.8 -RELEASE-p7, 4.8 -PRERELEASE, 4.8, 4.9 -RELENG, 4.9 -PRERELEASE, 4.9, 4.10 -RELENG, 4.10 -RELEASE,

4.10, 4.11 -STABLE, 5.0 -RELENG, 5.0, 5.1 -RELENG, 5.1 -RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2,

5.2.1 -RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3, 5.4 -PRERELEASE; SuSE Linux 7.0, sparc, ppc, i386, alpha, 7.1, x86, sparc, ppc, alpha, 7.2, i386

SGI IRIX 6.5.24-6.5.27

Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code.

ALTLinux: href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html">

http://lists.altlinux.ru/pipermail

/security-announce/2005-

March/000287.html

Apple:

href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05529&platform=osx&method=sa/SecUpd2005-003Pan.dmg"
target=_blank>http://wsidecar.apple.com/cgi-bin/

nph-reg3rdpty1.pl/product=05529&

platform=osx&method=sa/SecUpd

2005-003Pan.dmg

Debian: href="http://security.debian.org/pool/updates/main/n/netkit-telnet/">

http://security.debian.org/pool/

updates/main/n/netkit-telnet/

Fedora:

href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.

redhat.com/pub/fedora/

linux/core/updates/

FreeBSD:

href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch"
target=_blank>ftp://ftp.FreeBSD.org/pub/

FreeBSD/CERT/patches/

SA-05:01/

MIT Kerberos: href="http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt">

http://web.mit.edu/kerberos/|

advisories/2005-001-patch

_1.4.txt

Netkit: href="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/">

ftp://ftp.uk.linux.org/pub/linux/

Networking/netkit/

Openwall: href="http://www.openwall.com/Owl/CHANGES-current.shtml">

http://www.openwall.com/Owl/

CHANGES-current.shtml

RedHat: href="http://rhn.redhat.com/errata/RHSA-2005-327.html">

http://rhn.redhat.com/errata/

RHSA-2005-327.html

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1">

http://sunsolve.sun.com/search/

document.do?assetkey=

1-26-57755-1

SUSE:

href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/">

http://security.ubuntu.com/ubuntu/

pool/main/n/netkit-telnet/

OpenBSD:

href="http://www.openbsd.org/errata.html#telnet">http://www.openbsd.org/

errata.html#telnet

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">

http://www.mandrakesecure.net/

en/ftp.php

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200503-36.xml">http://security.gentoo.org/

glsa/glsa-200503-36.xml

href="http://security.gentoo.org/glsa/glsa-200504-01.xml">http://security.gentoo.org/

glsa/glsa-200504-01.xml

Debian:

href="http://security.debian.org/pool/updates/main/k/krb5/">http://security.debian.org/

pool/updates/main/k/krb5/

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200504-04.xml">http://security.gentoo.org/

glsa/glsa-200504-04.xml

SGI:

href="ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/">ftp://oss.sgi.com/projects/

sgi_propack/download

/3/updates/

SCO:

href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21">ftp://ftp.sco.com/pub/updates/

UnixWare/SCOSA-2005.21

Sun:

href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1">http://sunsolve.sun.com/

search/document.do?

assetkey=1-26-57761-1

Openwall:

href="http://www.openwall.com/Owl/CHANGES-current.shtml">http://www.openwall.com/

Owl/CHANGES-current.shtml

Avaya:

href="http://support.avaya.com/elmodocs2/security/ASA-2005-088_RHSA-2005-330.pdf">http://support.avaya.com/

elmodocs2/security/

ASA-2005-088_RHSA-2005-330.pdf

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200504-28.xml">http://security.gentoo.org/

glsa/glsa-200504-28.xml

TurboLinux:

href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/

TurboLinux/TurboLinux/ia32/

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1">

http://sunsolve.sun.com/search/

document.do?assetkey=1-26-57761-1

OpenWall: href="http://www.openwall.com/Owl/CHANGES-current.shtml">

http://www.openwall.com/

Owl/CHANGES-current.shtml

SCO:

href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.23">ftp://ftp.sco.com/pub/updates/

OpenServer/SCOSA-2005.23

SGI IRIX:
Apply patch 5892 for IRIX 6.5.24-6.5.27: ftp://patches.sgi.com/
support/free/security/patches/

Currently we are not aware of any exploits for these vulnerabilities.

Telnet Client 'slc_add_reply()' & 'env_opt_add()'

Buffer Overflows

href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468">CAN-2005-0468

href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469">CAN-2005-0469

iDEFENSE Security Advisory,

March 28, 2005

US-CERT VU#291924

Mandrakelinux Security Update Advisory, MDKSA-2005:061,

March 30, 2005

Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 &

April 1, 2005

Debian Security Advisory, DSA 703-1, April 1, 2005

US-CERT VU#341908

Gentoo Linux Security Advisory, GLSA 200504-04,

April 6, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Sun(sm) Alert Notification, 57761,

April 7, 2005

SCO Security Advisory, SCOSA-2005.21,

April 8, 2005

Avaya Security Advisory, ASA-2005-088, April 27, 2005

Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005

Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005

Sun(sm) Alert Notification, 57761, April 29, 2005

SCO Security Advisory, SCOSA-2005.23, May 17, 2005

SGI Security Advisory, 20050405-01-P, May 26, 2005

Multiple Vendors

Cisco Systems Cisco Aironet 1200 Series Access Point, 350 Series Access Point, Content Services Switch 11000 Series (WebNS), MGX 8200 Series Edge Concentrators, MGX 8800 Series Multiservice Switches, MGX 8900 Series Multiservice Switches, SN5400 Series Storage Routers; OpenBSD 3.x; Hitachi GR2000 Series Gigabit Routers, GR4000 Series Gigabit Routers, GS3000 Series Gigabit Switches, GS4000 Series Gigabit Switches; ALAXALA Networks AX5400S, AX7800R, AX7800S; FreeBSD FreeBSD 2.x, 3.x, 4.x

Update information available at:

href="http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml">http://www.cisco.com/warp/

public/707/cisco-sn-
20050518-tcpts.shtml

OpenBSD:

href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/015_tcp.patch"
target=_blank>ftp://ftp.openbsd.org/pub/OpenBSD/

patches/3.6/common/015_tcp.patch

Hitachi: The vendor has issued updated versions.

ALAXALA: Customers are advised to contact the vendor in regards to obtaining and applying the appropriate update.

Microsoft:

href="http://www.microsoft.com/technet/security/advisory/899480.mspx">http://www.microsoft.com/

technet/security/advisory/

899480.mspx

FreeBSD:
http://www.freebsd.org/cgi/
cvsweb.cgi/src/sys/netinet/
tcp_input.c

An exploit script has been published.

Cisco Security Notice, 64909, May 18, 2005

Microsoft Security Advisory (899480), May 18, 2005

US-CERT VU#637934

FreeBSD CVS Log, May 25, 2005

MyBulletinBoard

MyBulletinBoard RC4

A vulnerability has been reported due to insufficient sanitization of input passed to the 'website' field when updating user profiles, which could let a remote malicious user execute arbitrary HTML and script code.

Patch available at:
http://mybboard.com/community/
attachment.php?aid=862

There is no exploit code required.

NewLife Blogger

NewLife Blogger 3.0, 3.0.1, 3.1, 3.2, 3.2.3, 3.3

Several SQL injection vulnerabilities were reported due to insufficient sanitization of certain unspecified input, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://prdownloads.sourceforge.net/
nlb/nlb-3.3.1.zip?download

There is no exploit code required.

NikoSoft

WebMail 0.10-0.10.4

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.nikosoft.net/nswm/

There is no exploit code required.

Nokia

Nokia 9500

A remote Denial of Service vulnerability has been reported when handling a malformed vCard.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Security Focus, 13784, May 26, 2005

Nortel Networks

Contivity 1000 VPN Switch, 1500 VPN Switch, 1600 Secure IP Services Gateway, Contivity 2000 VPN Switch, 2500 VPN Switch, 2600 Secure IP Services Gateway, Contivity 4000 VPN Switch, 4500 Secure IP Services Gateway, Contivity 4600 Secure IP Services Gateway, VPN Router 1010, 1050, 1100, 1700, 1740, 2700, 5000, 600

A remote Denial of Service vulnerability has been reported when processing an IKE main packet (ISAKMP) header of a certain type.

Update information available at:
http://www130.nortelnetworks.com/
cgi-bin/eserv/cs/main.jsp?level=
6&category=29&subcategory=
1&DocumentOID=328562

Currently we are not aware of any exploits for this vulnerability.

NPDS

NPDS 4.8, 5.0

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of some input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability has been reported in 'reply.php' due to insufficient sanitization of the 'image_subject' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability has been reported in 'modules.php' due to insufficient sanitization of the 'terme' parameter and in 'links.php' due to insufficient sanitization of the 'query' parameter, which could let a remote malicious user execute arbitrary SQL code.

Patches available at:
http://www.npds.org/
download.php?op=geninfo&did=115

There is no exploit code required; however, Proofs of Concept exploits have been published.

NZEO

Zeroboard 4.1 pl2-pl5

A vulnerability has been reported due to an insecure implementation of the PHP 'preg_replace' function, which could let a remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

peercast.org

PeerCast 0.1211

Upgrade available at:
http://www.peercast.org
/download.php

A Proof of Concept exploit has been published.

PHP Group

PHP 4.0-4.0.7, 4.0.7 RC1-RC3, 4.1 .0-4.1.2, 4.2 .0-4.2.3, 4.3-4.3.8, 5.0 candidate 1-3, 5.0 .0-5.0.2

A vulnerability exists in the 'open_basedir' directory setting due to a failure of the cURL module to properly enforce restrictions, which could let a malicious user obtain sensitive information.

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/p/php4/">

http://security.ubuntu.com/

ubuntu/pool/main/p/php4/

FedoraLegacy: href="http://download.fedoralegacy.org/redhat/">
http://download.fedoralegacy.org
/redhat/

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957

There is no exploit code required; however, a Proof of Concept exploit has been published.

Security Tracker Alert ID, 1011984, October 28, 2004

Ubuntu Security Notice, USN-66-1, January 20, 2005

Ubuntu Security Notice, USN-66-2, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2344, March 7, 2005

Conectiva Security Advisory, CLSA-2005:957, May 31, 2005

PHP Group

PHP prior to 5.0.4; Peachtree Linux release 1

Multiple Denial of Service vulnerabilities have been reported in 'getimagesize().'

Upgrade available at:

href="http://ca.php.net/get/php-4.3.11.tar.gz/from/a/mirror"
target=_blank>http://ca.php.net/get/php-

4.3.11.tar.gz/from/a/mirror

Ubuntu:

href="http://security.ubuntu.com/ubuntu/pool/main/p/php4/">http://security.ubuntu.com/

ubuntu/pool/main/p/php4/

Slackware:

href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/

pub/slackware/

Debian:

href="http://security.debian.org/pool/updates/main/p/php3/">http://security.debian.org/

pool/updates/main/p/php3/

SUSE:

href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

Gentoo:

href="http://security.gentoo.org/glsa/glsa-200504-15.xml">http://security.gentoo.org/

glsa/glsa-200504-15.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">

http://www.mandrakesecure.net/

en/ftp.php

Peachtree: href="http://peachtree.burdell.org/updates/">

http://peachtree.burdell.org/

updates/

TurboLinux:

href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/

TurboLinux/TurboLinux/ia32/

RedHat:

href="http://rhn.redhat.com/errata/RHSA-2005-405.html">http://rhn.redhat.com/

errata/RHSA-2005-405.html

SGI:

href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/

free/security/advisories/

Debian:
http://security.debian.org/
pool/updates/main/p/php4/

Currently we are not aware of any exploits for these vulnerabilities.

iDEFENSE Security Advisory,

March 31, 2005

Ubuntu Security Notice, USN-105-1, April 05, 2005

Slackware Security Advisory, SSA:2005-

095-01,

April 6, 2005

Debian Security Advisory, DSA 708-1, April 15, 2005

SUSE Security Announcement, SUSE-SA:2005:023, April 15, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Turbolinux Security Advisory, TLSA-2005-50, April 28, 2005

RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Debian Security Advisory, DSA 729-1, May 26, 2005

PHPMailer

PHPMailer 1.7-1.7.2

A remote Denial of Service vulnerability has been reported in 'class.smtp.php' due to an error when processing overly long headers in the 'Data()' function.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

phppc.de

PHP Poll Creator 1.01

A vulnerability has been reported in 'poll_vote.php' due to insufficient verification of the 'relativer_pfad' parameter, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PowerScripts.org

PowerDownload 3.0.2, 3.0.3

A vulnerability has been reported in 'pdl-inc/pdl_header.inc.php' due to insufficient validation of the 'incdir' variable, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Qualiteam Corp.

X-Cart 4.0.8

Some input validation vulnerabilities have been reported due to insufficient validation of user-supplied input in several parameters, which could let a remote malicious user execute arbitrary SQL commands or arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Sony

Ericsson P900

A remote Denial of Service vulnerability has been reported in the Bluetooth-related Beamer application when handling a malformed file.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WordPress

WordPress 1.5, 1.5.1

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'cat_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://wordpress.org/latest.tar.gz

There is no exploit code required.

Secunia Advisory, SA15517, May 30, 2005

ZPanel

ZPanel 2.0, 2.5 beta9 & beta 10, 2.5 beta

Multiple vulnerabilities have been reported: a vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'uname' parameter, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability has been reported because installation scripts are not properly removed after installation, which could let a remote malicious user reinstall an affected installation.

No workaround or patch available at time of publishing.

An exploit script has been published.

Secunia Advisory, SA14602,
March 16, 2005

Security Focus, 12809, May 30, 2005

Script that exploits the 4D WebStar Tomcat Plugin Remote Buffer Overflow vulnerability.

Exploit for the Ethereal DistCC buffer overflow vulnerability.

Script that exploits the Randy Wable datatrac Denial of Service Vulnerability.

Script that exploits the dSMTP mail server 3.1b remote root format string vulnerability.

Denial of Service exploit for the Ethereal SMB vulnerability.

Mozilla Firefox view-source:javascript url code execution exploit proof of concept.

Mozilla Suite and Firefox script objections command execution exploit.

Exploit for the Fusion versions 3.6.1 and below headline_temp.php injection vulnerability.

Hosting Controller versions 0.6.1 and below unauthenticated user registration exploit.

Microsoft WINS remote operating system and service pack scanner.

Perl script that exploits the IMail Commerce i-mail.cgi remote command execution vulnerability.

Exploit for the Invision Power Cross-Site Scripting & SQL Injection vulnerability.

Microsoft Windows XP/2003 IPv6 remote denial of service vulnerability.

Scripts that exploits the MySQL MaxDB Remote Buffer Overflows vulnerabilities.

Exploits for the Maxwebportal versions 1.36 and below password.asp Change Password vulnerability.

This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft.

Denial of Service exploit for the Linux kernel ioctl_by_bdev() vulnerability.

Exploit for the Postnuke versions 0.750 through 0.760rc4 file inclusion vulnerability.

Script that exploits the Multiple Vendor TCP Timestamp Denial of Service vulnerability.