Summary of Security Items from October 5 through October 11, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
aeNovo, aeNovoShop, aeNovoWYSI | Multiple input validation vulnerabilities have been reported in aeNovo, aeNovoShop, and aeNovoWYSI that could let remote malicious users perform SQL injection or Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | aeNovo SQL Injection or Cross-Site Scripting | Medium | Security Focus, ID: 15036, 15038, October 7, 2005 |
| aspReady FAQ Manager | An input validation vulnerability has been reported in aspReady FAQ Manager that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required. | aspReady FAQ Manager SQL Injection | Medium | Security Tracker, Alert ID: 1015015, October 6, 2005 |
GFI MailSecurity for Exchange/ SMTP 8.1 | A buffer overflow vulnerability has been reported in GFI MailSecurity that could let remote malicious users execute arbitrary code or cause a Denial of Service. A vendor patch is available: Currently we are not aware of any exploits for this vulnerability. | GFI MailSecurity Arbitrary Code Execution or Denial of Service | High | Security Focus, ID 15081, October 11, 2005 |
vrAZMain.dll 5.8.22.137 in ViRobot Expert 4.0, ViRobot Advanced Server, LiveCall | A buffer overflow vulnerability has been reported in vrAZMain.dll 5.8.22.137 utilized in ViRobot Expert 4.0, ViRobot Advanced Server, LiveCall, ALZ archive processing, that could let remote malicious users execute arbitrary code. Vendor upgrade, vrAZMain.dll 5.9.22.154, available via online update. Currently we are not aware of any exploits for this vulnerability. | Hauri Arbitrary Code Execution | High | Secunia, Advisory: SA16852, October 6, 2005 |
MailEnable Enterprise 1.1, Professional 1.6
| A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code. Vendor hotfix available: An exploit has been published. | MailEnable Arbitrary Code Execution | High | Secunia, Advisory: SA17010, October 4, 2005 Security Focus, ID: 15006, October 7, 2005 |
Client Service for NetWare | A buffer overflow vulnerability has been reported in Client Service for NetWare that could let malicious users execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Client Service for NetWare Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-046, October 11, 2005 |
Collaboration Data Objects | A buffer overflow vulnerability has been reported in Collaboration Data Objects that could let remote malicious users execute arbitrary code. Vendor fix available: A Proof of Concept exploit script has been published. | Microsoft Collaboration Data Objects Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-048, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 |
DirectX DirectShow 7.0 to 9.0c | A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft DirectX DirectShow Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-050, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Internet Explorer 5.01, 5.5, 6.0 | A vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code. Vendor fix available: An exploit has been published. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-052, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Network Connection Manager | A vulnerability has been reported in Network Connection Manager that could let malicious users cause a Denial of Service. Vendor fix available: An exploit has been published. | Microsoft Network Connection Manager Denial of Service | Low | Microsoft Security Bulletin MS05-045, October 11, 2005 |
Windows FTP Client | An input validation vulnerability has been reported in Windows FTP Client that could let remote malicious users to obtain arbitrary file control. Vendor fix available: A Proof of Concept exploit script has been published. | Microsoft Windows FTP Client Arbitrary File Control | Medium | Microsoft, Security Bulletin MS05-044, October 11, 2005 |
Windows Microsoft Distribution Transaction Coordinator (MSDTC) and COM+ | A buffer overflow vulnerability has been reported in Windows MSDTC and COM+ that could let local or remote malicious users execute arbitrary code, obtain elevated privileges or cause a Denial of Service. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service | High | Microsoft, Security Bulletin MS05-051, October 11, 2005 US-CERT VU#180868, Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Windows Plug and Play | A buffer overflow vulnerability has been reported in Windows Plug and Play that could let malicious users execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Plug and Play Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-047, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Windows Shell | A vulnerability has been reported in Windows Shell that could let malicious users execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Shell Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-049, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 |
Windows XP Wireless Zero Configuration Service
| A vulnerability has been reported in Windows XP Wireless Zero Configuration Service that could let remote malicious users disclose information. No workaround or patch available at time of publishing. There is no exploit code required. | Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure | Medium | Security Focus, ID: 15008, October 4, 2005 |
WinRar prior to 3.51 | Multiple vulnerabilities have been reported in WinRar that could let remote malicious users to execute arbitrary code. Upgrade to newest version: Currently we are not aware of any exploits for this vulnerability. | WinRAR Arbitrary Code Execution | High | Secunia, Advisory: SA16973, October 11, 2005 |
Symantec AntiVirus Scan Engine 4.0, 4.3 | A buffer overflow vulnerability has been reported in Symantec AntiVirus that could let remote malicious users execute arbitrary code. Vendor upgrade available: Currently we are not aware of any exploits for this vulnerability. | Symantec Anti Virus Arbitrary Code Execution | High | Symantec Security Response, SYM05-017, October 4, 2005 |
Webroot Desktop Firewall 1.3.0.43 | Multiple vulnerabilities have been reported in Webroot Desktop Firewall that could let local malicious users bypass authentication or execute arbitrary code. Upgrade to version 1.3.0.5.2 using the applications 'Check for Updates' functionality. Currently we are not aware of any exploits for these vulnerabilities. | Webroot Desktop Firewall Authentication Bypassing or Arbitrary Code Execution | High | Security Focus, ID; 15016, October 6, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Apache 2.0.x | A vulnerability has been reported in 'modules/ssl/ssl_engine_ Patch available at: OpenPKG: RedHat: Ubuntu: SGI: Debian: Mandriva: Slackware: Trustix: Debian: Gentoo: Avaya: Conectiva: TurboLinux: There is no exploit code required. | Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass | Medium | Security Tracker Alert ID: 1014833, September 1, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005 RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005 Ubuntu Security Notice, USN-177-1, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Debian Security Advisory, DSA 805-1, September 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005 Slackware Security Advisory, SSA:2005-251-02, September 9, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Debian Security Advisory DSA 807-1, September 12, 2005 Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Avaya Security Advisory, ASA-2005-204, September 23, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005 HP Security Bulletin, |
ARC 5.21 j | A vulnerability has been reported due to the insecure creation of temporary new archives by 'arc' and 'marc' before renamed to the user specified filename, which could let a malicious user obtain sensitive information. Debian: There is no exploit code required. | Arc Insecure Temporary File Creation | Medium | Secunia Advisory: SA16805, September 16, 2005 Debian Security Advisory, DSA 843-1, October 5, 2005 |
Bacula 1.36 .3 | Vulnerabilities have been reported in 'autoconf/randpass' and 'scripts/mtx-changer.in' due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files. The vulnerabilities have been fixed in the CVS repositories. SUSE: There is no exploit code required. | Bacula Insecure Temporary File Creation | Medium | Secunia Advisory: SA16866, September 20, 2005 SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
Cyphor 0.19 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'lostpwd.php' due to insufficient sanitization of the 'email' and 'nick' parameters and in 'newmsg.php' due to insufficient sanitization of the 'fid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'include/footer.php' due to insufficient sanitization of the 't_login' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits and an exploit script has been published. | Cyphor Cross-Site Scripting & SQL Injection | Medium | Security Focus, Bugtraq ID: 15049, October 10, 2005 Secunia Advisory: SA17104, October 10, 2005 |
mason 0.13.92 | A vulnerability has been reported in 'debian/postinst' due to a missing call to 'update-rc.d' after configuring mason, which could leave the system without a firewall and a false sense of security. Upgrade available at: There is no exploit code required. | Debian Linux Firewall Loading Failure | Medium | Debian Security Advisory, DSA 845-1, October 6, 2005 |
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 | A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions. Trustix: Mandriva: RedHat: SGI: SCO: Avaya: Conectiva: Ubuntu: Debian: There is no exploit code required. | Medium | Bugtraq, 395703, Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 Mandriva RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 SCO Security Advisory, SCOSA-2005.32, August 18, 2005 Avaya Security Advisory, ASA-2005-191, September 6, 2005 Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005 Ubuntu Security Notice, USN-189-1, September 29, 2005 Debian Security Advisory, DSA 846-1, October 7, 2005 | |
cpio 2.6 | A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information. Gentoo: Trustix: Mandriva: SCO: Avaya: Conectiva: Ubuntu: Debian: A Proof of Concept exploit has been published. | Medium | Bugtraq, Gentoo Linux Security Advisory, GLSA Trustix Secure Mandriva Linux Security Update Advisory, MDKSA2005: SCO Security Advisory, SCOSA-2005.32, August 18, 2005 Avaya Security Advisory, ASA-2005-191, September 6, 2005 Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005 Ubuntu Security Notice, USN-189-1, September 29, 2005 Debian Security Advisory, DSA 846-1, October 7, 2005 | |
Texinfo 4.7 | A vulnerability has been reported in 'textindex.c' due to insecure creation of temporary files by the 'sort_offline()' function, which could let a malicious user create/ overwrite arbitrary files. Gentoo: Mandriva: Ubuntu: There is no exploit code required. | GNU Texinfo Insecure Temporary File Creation | Medium | Security Focus, Bugtraq ID: 14854, September 15, 2005 Gentoo Linux Security Advisory, GLSA 200510-04, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:175, October 6, 2005 Ubuntu Security Notice, USN-194-1, October 06, 2005 |
Graphviz 2.2.1 | A vulnerability has been reported in '/dotty/dotty/dotty.lefty' due to the insecure creation of temporary files, which could let a malicious user overwrite arbitrary files. Update available at: Debian: There is no exploit code required. | Graphviz Insecure Temporary File Creation | Medium | Debian Security Advisory, DSA 857-1, October 10, 2005 |
Hiki 0.8-0.8.2 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'login' link due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported due to an unspecified error when handling access to missing pages, which could let a remote malicious user execute arbitrary HTML and script code. Updates available at: http://hikiwiki.org/en/ There is no exploit code required. | Hiki Multiple Cross-Site Scripting | Medium | Hiki Advisory, 2005-08-04, October 6, 2005 |
Hylafax 4.2.1 | Several vulnerabilities have been reported: a vulnerability was reported in the 'xferfaxstats' script due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files; and a vulnerability was reported because ownership of the UNIX domain socket is not created or verified, which could let a malicious user obtain sensitive information and cause a Denial of Service. Gentoo: Mandriva: There is no exploit code required. | HylaFAX Insecure Temporary File Creation | Medium | Security Focus, Bugtraq ID: 14907, September 22, 2005 Gentoo Linux Security Advisory, GLSA 200509-21, September 30, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:177, October 7, 2005 |
SqWebMail 5.0.4 | A vulnerability has been reported because the '<script>' tag can be used in HTML comments, which could let a remote malicious user execute arbitrary code when malicious email is viewed. Patch available at: Debian: Ubuntu: There is no exploit code required; however, a Proof of Concept exploit has been published. | SqWebMail HTML Email Script Tag Script Injection | Medium | Secunia Advisory: SA16704, September 6, 2005 Debian Security Advisory DSA 820-1, September 24, 2005 Ubuntu Security Notice, USN-201-1, October 11, 2005 |
SqWebMail 5.0.4, 5.0 .1, 5.0.0, 4.0.5 -4.0.7, 4.0.4.20040524, 3.6.1, 3.6 .0, 3.5.0-3.5.3 , 3.4.1 | A vulnerability has been reported due to insufficient sanitization of HTML emails, which could let a remote malicious user execute arbitrary HTML and script code. Updates available at: Debian: Ubuntu: There is no exploit code required; however, a Proof of Concept exploit has been published. | Medium | Secunia Advisory: SA16600, August 29, 2005 Debian Security Advisory, DSA 793-1, September 1, 2005 Ubuntu Security Notice, USN-201-1, October 11, 2005 | |
Kaspersky Antivirus for Linux Servers 5.0.5, AntiVirus for Linux Workstations 5.0.5, Anti-Virus Personal 5.0.227; | A buffer overflow vulnerability has been reported in the scan engine when parsing a malformed 'CHM' file, which could let a remote malicious user execute arbitrary code. The vendor has released a signature update to address this issue. Users with updated signatures released after July 2005 are not vulnerable. Currently we are not aware of any exploits for this vulnerability. | Kaspersky Anti-Virus Engine Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15054, October 10, 2005 |
KOffice 1.4.1, 1.4, 1.3-1.3.5, 1.2.1, 1.2 | A buffer overflow vulnerability has been reported when handling a malformed RTF file, which could let a remote malicious user execute arbitrary code. Upgrades available at: Patches available at: Currently we are not aware of any exploits for this vulnerability. | KDE KOffice KWord RTF Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15060, October 11, 2005 |
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, class=bodytext>3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5 | Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets. Fedora: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Ubuntu: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-06.xml"> Mandriva: FreeBSD: Avaya: TurboLinux: SUSE: F5: Debian: Exploit scripts have been published. | Low | Bugtraq, Fedora Update Notification, Trustix Secure Ubuntu Security Notice, Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005 Mandriva Linux Security Update Advisory, Security Focus, 13392, May 12, 2005 FreeBSD Security Advisory, Avaya Security Advisory, Turbolinux SUSE Security Summary Security Focus, 13392, July 21, 2005 Debian Security Advisory, DSA 850-1, October 9, 2005 | |
MasqMail 0.2.18 | Several vulnerabilities have been reported: a vulnerability was reported in the email address due to a sanitization error when the message fails to be sent, which could let a malicious user execute arbitrary commands with privileges of the mail user; and a vulnerability was reported when handling log files due to an unspecified error, which could let a remote malicious user overwrite arbitrary files. Mandriva: Debian: There is no exploit code required. | MasqMail Elevated Privileges | Medium | Mandriva Linux Security Update Advisory, MDKSA-2005:168, September 20, 2005 Debian Security Advisory, DSA 848-1, October 8, 2005 |
Firefox 1.0.7, 1.0.6 | A remote Denial of Service vulnerability has been reported in the 'iframe' tag due to an error when handling overly large size attributes. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Mozilla Firefox IFRAME Handling Remote Denial of Service | Low | Security Tracker Alert ID: 1015011, October 6, 2005 |
DIA 0.91-0.94; | A vulnerability has been reported in 'plug-ins/python/diasvg_ Ubuntu: Gentoo: SUSE: Debian: A Proof of Concept exploit has been published. | DIA Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID: 15000, October 3, 2005 Ubuntu Security Notice, USN-193-1, October 04, 2005 Gentoo Linux Security Advisory, GLSA 200510-06, October 6, 2005 SUSE Security Summary Report. SUSE-SR:2005:022, October 7, 2005 Debian Security Advisory DSA, 847-1, October 8, 2005 |
Cfengine 2.1.9, 2.1.8, 2.1.7 p1, 2.1 .0a9, 2.1.0a8, 2.1.0a6, 2.0.1-2.0.7 p1-p3, 2.0 .8p1, 2.0 .8, 2.0 .0, 1.6 a11, 1.6 a10, 1.5.3 -4, | Several vulnerabilities have been reported: a vulnerability was reported in '/bin/cfmailfilter' and '/contrib/cfcron.in' due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files; and a vulnerability was reported in 'contrib/vicf.in/ due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files. Debian: Ubuntu: There is no exploit code required. | Cfengine Insecure Temporary Files | Medium | Debian Security Advisories, DSA 835-1 & 836-1, October 1, 2005 Ubuntu Security Notice, USN-198-1, October 10, 2005 |
Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6 | A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges. A fixed version (5.8.4 or later) is available at: Ubuntu: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200501-38.xml"> Debian:
href="http://security.debian.org/pool/updates/main/p/perl/"> TurboLinux: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Fedora: Avaya: RedHat: Currently we are not aware of any exploits for this vulnerability. | Medium | Ubuntu Security Notice, USN-94-1 March 09, 2005 Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005 Debian Security Advisory, DSA 696-1 , March 22, 2005 Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005 HP Security Bulletin, HPSBUX01208, June 16, 2005 Secunia, Advisory: SA16193, July 25, 2005 Avaya Security Advisory, ASA-2005-196, September 13, 2005 RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005 | |
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, MandrakeSoft Corporate Server 3.0 x86_64, 3.0, 2.1 x86_64, 2.1; Hylafax Hylafax 4.2.1 | A vulnerability has been reported due to a failure to implement UNIX domain network communication securely, which could let a malicious user obtain sensitive information.
Mandriva: There is no exploit code required. | Multiple Vendors HylaFAX Insecure UNIX Domain Socket Usage | Medium | Mandriva Linux Security Update Advisory, MDKSA-2005:177, October 7, 2005 |
RedHat Fedora Core3; | A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data. Update available at: Fedora: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Mandriva: Fedora: Ubuntu: TurboLinux: Slackware: IPCop: IBM: Debian: A Proof of Concept exploit script has been published. | TCPDump BGP Decoding Routines Denial of Service | Low | Security Tracker Alert, 1014133, June 8, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Mandriva Linux Security Update Advisory, Fedora Update Notification, Ubuntu Security Notice, Turbolinux Slackware Security Security Focus, Bugtraq ID: 13906, August 26, 2005 Security Focus, Bugtraq ID: 13906, October 3, 2005 Debian Security Advisory, DSA 854-1, October 9, 2005 |
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; | A format string vulnerability has been reported when displaying an invalid-handle error message, which could let a remote malicious user execute arbitrary code. RedHat: Fedora: Debian: Gentoo: SUSE: An exploit script has been published. | RealNetworks RealPlayer & Helix Player Format String | High | RedHat Security Advisory, RHSA-2005:788-3, September 27, 2005 Fedora Update Notifications, Debian Security Advisory DSA 826-1, September 29, 2005 Gentoo Linux Security Advisory, GLSA 200510-07, October 7, 2005 SUSE Security Announcement, SUSE-SA:2005:059, October 10, 2005 |
Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1 | A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences. Upgrades available at: Ubuntu: Debian: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Squid NTLM Authentication Remote Denial of Service | Low | Secunia Advisory: SA16992, September 30, 2005 Ubuntu Security Notice, USN-192-1, September 30, 2005 Debian Security Advisory, DSA 828-1, September 30, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005 |
SuSE Linux Enterprise Server 9, Linux 9.3 x86_64; | A vulnerability has been reported in 'ptrace' 64-bit platforms which could let a malicious user access kernel memory pages. SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit PTrace Kernel Memory Access | Medium | SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
SuSE Linux Professional | A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code. Patches available at: Ubuntu: SUSE: RedHat: Mandriva: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel XFRM Array Index Buffer Overflow | High | Security Focus, 14477, August 5, 2005 Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Ubuntu Linux 5.0 4 amd64, 4.1 ia64; | A Denial of Service has been reported in 'ptrace()' due to insufficient validation of memory addresses. Updates available at: Ubuntu: SUSE: RedHat: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'ptrace()' Denial of Service | Low | Ubuntu Security Notice, USN-137-1, June 08, 2005 SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Multiple Vendors Linux Kernel 64 Bit 'AR-RSC' Register Access (Updated) |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A vulnerability was reported has been reported in the 'mmap()' function because memory maps can be created with a start address after the end address, which could let a malicious user cause a Denial of Service or potentially obtain elevated privileges. Ubuntu: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'MMap()' Denial of Service | Medium | Ubuntu Security Notice, USN-137-1, June 08, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Gentoo Linux; | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-15.xml"> Ubuntu: http://security.ubuntu. Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> TurboLinux: RedHat: RedHat: http://rhn.redhat. Currently we are not aware of any exploits for these vulnerabilities. | High | Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005 Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005 RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005 | |
Linux kernel
| A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges. Updates available at: SUSE: RedHat: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit 'AR-RSC' Register Access | Medium | Security Tracker Alert ID: 1014275, June 23, 2005 SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
|
Linux kernel 2.6.8, 2.6.10 | A vulnerability has been reported in the EXT2/EXT3 file systems, which could let a remote malicious user bypass access controls.
Ubuntu: Mandriva: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel EXT2/EXT3 File Access Bypass | Medium | Security Focus, Bugtraq ID: 14792, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Linux kernel 2.6.8, 2.6.10 | A remote Denial of Service vulnerability has been reported in the 'ipt_recent' module when specially crafted packets are sent. Ubuntu: Mandriva: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'Ipt_recent' Remote Denial of Service | Low | Security Focus, Bugtraq ID: 14791, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Linux kernel 2.6.8-2.6.10, 2.4.21 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service. Ubuntu: Trustix: Fedora: RedHat: Mandriva: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service | High | Secunia Advisory: SA16747, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Linux kernel 2.6-2.6.12 .1 | A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu: This issue has been addressed in Linux kernel 2.6.13-rc7. SUSE: RedHat: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPSec Policies Authorization Bypass | Medium | Ubuntu Security Notice, USN-169-1, August 19, 2005 Security Focus, Bugtraq ID 14609, August 19, 2005 Security Focus, Bugtraq ID 14609, August 25, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/ Patches available at: There is no exploit code required. | Linux Kernel Denial of Service & Information Disclosure | Medium | Secunia Advisory: SA17114, October 12, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel USB Subsystem Denials of Service | Low | Secunia Advisory: SA16969, September 27, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Linux Kernel 2.6-2.6.14 | Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_ Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Denials of Service CAN-2005-3053 | Low | Ubuntu Security Notice, USN-199-1, October 10, 2005 |
Linux kernel | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION Patches available at: Ubuntu: : Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> RedHat: There is no exploit code required. | Linux Kernel Management Denials of Service | Low | Secunia Advisory: SA16355, August 9, 2005 Ubuntu Security Notice, USN-169-1, August 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 |
Novell Evolution 2.0.2-2.0.4; LibTIFF 3.6.1; sy Software Products CUPS 1.1.12-1.1.23, 1.1.10, 1.1.7, 1.1.6, 1.1.4 -5, 1.1.4-3, 1.1.4 -2, 1.1.4, 1.1.1, 1.0.4 -8, 1.0.4; Ubuntu 4.10, 5.04 | A remote Denial of Service vulnerability has been reported due to insufficient validation of specific header values. Libtiff: Ubuntu: Mandriva: TurboLinux: Conectiva: A Proof of Concept exploit has been published. | LibTiff Tiff Image Header Remote Denial of Service
| Low | Security Focus Bugtraq ID 14417, July 29, 2005 Ubuntu Security Notice, USN-156-1, July 29, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:142, August 18, 2005 Turbolinux Security Advisory, TLSA-2005-89, September 5, 2005 Conectiva Linux Announcement, CLSA-2005:1021, October 6, 2005 |
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 | A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_ SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security. OpenSSL: FreeBSD: RedHat: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors OpenSSL Insecure Protocol Negotiation | Medium | OpenSSL Security Advisory, October 11, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005 RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005 |
Turbolinux
| Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code. MIT: Mandriva: Fedora: RedHat: Sun: SuSE: Trustix: TurboLinux: SGI: Debian: Conectiva: Sun: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Kerberos V5 Multiple Vulnerabilities | High | MIT krb5 Security Advisory, RedHat Security Advisory, Sun(sm) Alert Notification, 101809, July 12, 2005 Fedora Update Notifications, SUSE Security Summary Turbolinux Mandriva Linux Security Update Advisory, Trustix Secure SGI Security Advisory, 20050703-01-U, July 15, 2005 Debian Security Advisory, Conectiva Linux Advisory, Sun(sm) Alert Notification RedHat Security Advisory, RHSA-2005:562-15, Updated October 5, 2005 |
util-linux 2.8-2.13; | A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges. Updates available at: Slackware: Trustix: Ubuntu: Gentoo: Mandriva: Debian: SUSE: Conectiva: Sun: There is no exploit code required. | Util-Linux UMount Remounting Filesystem Elevated Privileges | Medium | Security Focus, Bugtraq ID: 14816, September 12, 2005 Slackware Security Advisory, SSA:2005-255-02, September 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Ubuntu Security Notice, USN-184-1, September 19, 2005 Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005 Debian Security Advisory, DSA 823-1, September 29, 2005 SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005 Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005 Sun(sm) Alert Notification |
xine xine-lib 1.1.0, 1.0-1.0.2, 0.9.13; Ubuntu Linux 5.0 4 powerpc, i386, amd64, ppc, ia64, ia32; | A format string vulnerability has been reported in 'input_cdda.c' when writing CD metadata retrieved from a CDDB server to a cache file, which could let a remote malicious user execute arbitrary code. Gentoo: Ubuntu: Slackware: Mandriva: Debian: An exploit script has been published. | Multiple Vendors CDDB Client Format String | High | Gentoo Linux Security Advisory, GLSA 200510-08, October 8, 200 Ubuntu Security Notice, USN-196-1, October 10, 2005 Slackware Security Advisory, SSA:2005-283-01, October 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:180, October 11, 2005 Debian Security Advisory, DSA 863-1, October 12, 2005
|
Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1 | A remote Denial of Service vulnerability has been reported when handling stream-based protocols. Upgrades available at: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Fedora: RedHat: Mandriva: Ubuntu: RedHat: Currently we are not aware of any exploits for this vulnerability. | Net-SNMP | Low | Secunia Trustix Secure Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005 Ubuntu Security Notice, USN-190-1, September 29, 2005 RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005 |
Net-snmp 5.x | A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writeable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code with ROOT privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-18.xml"> Fedora: RedHat: RedHat: There is no exploit code required. | High | Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:373-23, September 28, 2005 RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005 | |
OpenVMPS 1.3 | A format string vulnerability has been reported in the 'vmps_log()' function when logging various information using 'syslog(),' which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | OpenVMPS Logging Function Format String | High | Securiteam, October 12, 2005 |
Vixie Cron 4.1 | A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information. Fedora: RedHat: There is no exploit code required; however, a Proof of Concept exploit script has been published. | Medium | Security Focus, 13024, April 6, 2005 Fedora Update Notification, Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:361-19, October 5, 2005 | |
phpMyAdmin 2.6.4 -pl1 | A vulnerability has been reported in 'libraries/grab_globals.lib.php' due to insufficient verification of the 'subform' array parameter before including files, which could let a malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPMyAdmin File Include | Medium | Secunia Advisory: SA17137, October 11, 2005 |
IRIX 6.5.22 m | An input validation vulnerability has been reported in 'runpriv' when the user supplied command line is used to run authorized commands, which could let a malicious user execute arbitrary code with root privileges. Patch available at: http://support.sgi.com/ There is no exploit code required; however, a Proof of Concept exploit has been published. | SGI IRIX 'runpriv' Input Validation | High | Security Tracker Alert ID: 1015031, October 10, 2005 |
Shorewall 2.0.x, 2.2.x, 2.4.x | A vulnerability has been reported due to a failure to properly implement expected firewall rules for MAC address-based filtering, which could let a remote malicious user bypass firewall rules. Hotfixes available at: Mandriva: Gentoo: Debian: Ubuntu: There is no exploit code required. | Shorewall MACLIST Firewall Rules Bypass | Medium | Secunia Advisory: SA16087, Mandriva Linux Security Update Advisory, MDKSA-2005:123, July 21, 2005 Gentoo Linux Security Advisory [ERRATA UPDATE], GLSA 200507-20:02, September 17, 2005 Debian Security Advisory, DSA 849-1, October 8, 2005 Ubuntu Security Notice, USN-197-1, October 10, 2005 |
slocate 2.7 | A Denial of Service vulnerability has been reported when a specially crafted directory structure that contains long paths is submitted. Mandriva: TurboLinux: RedHat: RedHat: There is no exploit code required. | slocate Long Path Denial of Service | Low | Mandriva Linux Security Update Advisory, MDKSA-2005:147, August 22, 2005 Turbolinux Security Advisory, TLSA-2005-91, September 20, 2005 RedHat Security Advisory, RHSA-2005:345-24, September 28, 2005 RedHat Security Advisory, RHSA-2005:346-19, October 5, 2005 |
ONE Directory Server 5.2 patch 3, 5.2 | A vulnerability has been reported in the HTTP admin interface due to an unspecified error, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Directory Server Remote Arbitrary Code Execution | High | NGSSoftware Insight Security Research Advisory, October 6, 2005 |
Linux Professional 10.0 OSS, 10.0 , Linux Personal 10.0 OSS, beagle 10.0 | A Denial of Service vulnerability has been reported in the PowerSave daemon due to a flaw in the installed permissions. SUSE: There is no exploit code required. | SUSE Linux PowerSave Daemon Denial of Service | Low | SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
Linux Professional 9.3 x86_64, 9.3, Linux Personal 9.3 x86_64, 9.3 | A buffer overflow vulnerability has been reported in Yast, which could let a malicious user execute arbitrary code with superuser privileges. SUSE: A Proof of Concept exploit has been published. | SuSE YaST Buffer Overflow | High | Security Focus, Bugtraq ID: 14861, September 16, 2005 SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
SuSE Linux Standard Server 8.0, Linux School Server for i386, LINUX Retail Solution 8.0, SuSE Linux Openexchange Server 4.0, Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 10.0, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, 8.2, Linux Personal 10.0 OSS, 10.0, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, 8.2, Linux Enterprise Server 9, 8, Linux Desktop 1.0 | A vulnerability has been reported due to insecure permissions, which could let a malicious user overwrite package meta files.
SUSE: There is no exploit code required. | SuSE YaST Package Repositories Insecure Permissions | Medium | SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
tomboy 10.0, 9.3; liferea 10.0; blam 10.0, 9.3; beagle 10.0, 9.3; banshee 10.0 | A vulnerability has been reported in the 'LD_LIBRARY_PATH' variable because it is handled in an unsafe manner by affected binaries, which could let a malicious user obtain elevated privileges.
SUSE: Currently we are not aware of any exploits for this vulnerability. | SUSE Linux Elevated Privileges | Medium | SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
resmgr | Multiple vulnerabilities have been reported which could permit unauthorized access to USB devices.
SUSE: Currently we are not aware of any exploits for these vulnerabilities. | SUSE ResMgr Unauthorized USB Device Access | Medium | SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version imap-2004g: Debian: Gentoo: Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | High | Secunia, Advisory: SA17062, October 5, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 |
up-imapproxy 1.2.4, 1.2.3 | A format string vulnerability has been reported in the 'ParseBannerAndCapability()' function when processing the banner or capability line received from the IMAP server, which could let a remote malicious user execute arbitrary code. Debian: Currently we are not aware of any exploits for this vulnerability. | up-imapproxy Format String | High | Debian Security Advisory DSA 852-1, October 9, 2005 |
Webmin 1.220, 1.210, 1.200; Usermin 1.150, 1.140, 1.130 | A vulnerability has been reported in 'miniserv.pl' due to an input validation error in the authentication process, which could let a remote malicious user bypass certain security restrictions. Webmin: Usermin: Gentoo: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Webmin / Usermin Remote PAM Authentication Bypass | Medium | SNS Advisory No.83, September 20, 2005 Gentoo Linux Security Advisory, GLSA 200509-17, September 24, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:176, October 7, 2005 |
Weex 2.6.1 .5, 2.6.1 | A format string vulnerability has been reported in the 'Log_Flush()' function when flushing an error log entry that contains format string specifiers, which could let a remote malicious user execute arbitrary code.
Gentoo: Debian: Currently we are not aware of any exploits for this vulnerability. | Weex Format String | High | Secunia Advisory: SA17028, October 3, 2005 Gentoo Linux Security Advisory, GLSA 200510-09, October 8, 2005 Debian Security Advisory, DSA 855-1, October 10, 2005 |
xloadimage 4.1 | A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code. Debian: http://security.debian. Currently we are not aware of any exploits for this vulnerability. | Xloadimage NIFF Image Buffer Overflow | High | Debian Security Advisories, DSA 858-1 & 859-1, October 10, 2005 |
Ruby 1.6 - 1.6.8, 1.8 - 1.8.2 | A vulnerability has been reported in 'eval.c' due to a flaw in the logic that implements the SAFE level checks, which could let a remote malicious user bypass access restrictions to execute scripting code. Patches available at: Updates available at: Gentoo: Ubuntu: Debian: There is no exploit code required. | Ruby Safe Level Restrictions Bypass | Medium | Security Tracker Alert ID: 1014948, September 21, 2005 Gentoo Linux Security Advisory, GLSA 200510-05, October 6, 2005 Ubuntu Security Notice, USN-195-1, October 10, 2005 Debian Security Advisories, DSA 860-1 & DSA 862-1, October 11, 2005 |
Zeroblog 1.2 a, 1.1 f | A Cross-Site Scripting vulnerability has been reported in 'thread.php' due to insufficient sanitization of the 'threadID' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Zeroblog Cross-Site Scripting | Medium | Security Focus Bugtraq ID: 15078, October 11, 2005 |
Zope 2.6-2.8.1 | A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'RestructuredText' functionality via the web. The impact was not specified. Hotfix available at: Currently we are not aware of any exploits for this vulnerability. | Zope 'Restructured Text' Unspecified Security Vulnerability | Not Specified | Zope Security Alert, October 12, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Accelerated Enterprise Solutions Accelerated | An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Accelerated E Solutions SQL Injection | Medium | Security Focus, Bugtraq ID: 15077, October 11, 2005 |
PHP Advanced Transfer Manager 1.30 | A Cross-Site Scripting vulnerability has been reported because HTML documents can be uploaded to a location inside the web root, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Advanced Transfer Cross-Site Scripting
| Medium | Security Tracker Alert ID: 1015021, October 10, 2005 |
WebLogic Express 6.x, 7.x, 8.x, 9.x, WebLogic Server 6.x, 7.x, 8.x, 9.x | BEA has released 24 advisories identifying various vulnerabilities affecting BEA WebLogic Server and WebLogic Express, which could let a local/remote malicious user facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers. A vulnerability was reported due to an error in the thread handling of the server; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user; a vulnerability was reported because Java client applications using the SSL protocol without specifying a user, may in certain situations be communicating insecurely with an unencrypted protocol; a vulnerability was reported when a Java client application creates both an insecure and secure connection to a server; a vulnerability was reported due to an error when deploying Web applications and EJBs; a vulnerability was reported because audit events may be posted with incorrect severity levels that have auditing enabled; a vulnerability was reported because IP addresses of machines behind a firewall can be disclosed via NAT (Network Address Translation); a vulnerability was reported in the 'nodemanager.config' file because the passphrase for the trust keystore is stored in clear text; a vulnerability was reported because Principals from a derived Principal class are not properly validated in certain situations; a vulnerability was reported because the servlet root URL pattern is not properly protecting servlets; a vulnerability was reported when restricting an unspecified internal servlet in the Administration server; a vulnerability was reported when importing security policies from other operating systems; a vulnerability was reported because the passphrase for the private key used to configure SSL is displayed in clear text on the terminal and stored in clear text in the server log file when creating a WebLogic server domain via the configuration wizard; a vulnerability was reported because certain servlet resources may not be properly protected after an error occurs during deployment when the 'fullyDelegateAuthorization' mode is enabled; a vulnerability was reported because system properties which may contain sensitive information are logged to the server log file; a vulnerability was reported because the password used to boot the server is stored in clear text in the Windows registry; a vulnerability was reported because a password that is included in a subject when using the IIOP (Internet Inter-ORB Protocol) protocol may be exposed in an exception to a remote client or in the server log; a vulnerability was reported because the lockout mechanism can be exploited to lockout the administrator via multiple incorrect login requests; a vulnerability was reported because a Deployer can use the weblogic.Deployer command using the insecure t3 protocol in communication with the Administration server; a vulnerability was reported because Multicast messages are sent in clear text in clusters; a vulnerability was reported when handling incorrect log records; a vulnerability was reported when handling malformed HTTP requests; a vulnerability was reported when handling servlets doing relative forwarding; and a vulnerability was reported in the userlockout security mechanism because more login requests than intended can be performed. Update information available at: Some of these vulnerabilities do not require exploit code. | BEA WebLogic Server & WebLogic Express Multiple Vulnerabilities | Medium | Security Advisories, BEA05-80.02, BEA05-85 - BEA05-107, October 10, 2005 |
Ethereal | Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version 0.10.12: Fedora: Mandriva: RedHat: SUSE: Avaya: SGI: Conectiva: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Denial of Service or Arbitrary Code Execution CAN-2005-2361 | High | Secunia, Advisory: SA16225, July 27, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005 RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005 SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005 Avaya Security Advisory, ASA-2005-185, August 30, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Conectiva Linux Announce-ment, CLSA-2005:1003, September 13, 2005 Debian Security Advisory, DSA 853-1, October 9, 2005
|
OpenView Event Correlation Services 3.31-3.33 Windows, 3.31-3.33 Solaris, 3.31-3.33 Linux, 3.31-3.33 HP-UX | A vulnerability has been reported in the 'cgi-bin/ecscmg.ovpl' script due to insufficient validation of user-supplied input before using as part of a system command, which could let a remote malicious user obtain elevated privileges. As a workaround, the vendor indicates that you can move the 'ecscmg.ovpl' file from the cgi-bin directory into another directory. The directory should not have write permissions for ordinary users. Patches available at: Currently we are not aware of any exploits for this vulnerability. | HP OpenView Event Correlation Services Remote Elevated Privileges | Medium | HP Security Bulletin, HPSBMA01225, September 4, 2005 HP Security Bulletin, HPSBMA01225, October 4, 2005 |
Tivoli Monitoring for Web Infrastructure 5.1.2, 5.1, 5.0 | Multiple remote Denial of Service vulnerabilities have been reported when older versions of IBM HTTP server are installed with the WHC (Web Health Console). Update information available at: Currently we are not aware of any exploits for these vulnerabilities. | IBM Tivoli Monitoring Web Health Console Multiple Denial of Service | Low | Secunia Advisory: SA17065, October 5, 2005 |
Py2Play 0.1.7 | A vulnerability has been reported due to insufficient validation/ restriction of serialized Python objects (pickles) used when receiving objects over a peer-to-peer game network, which could let a remote malicious user execute arbitrary code. Gentoo: Debian: There is no exploit code required. | Py2Play Object Remote Python Code Execution | High | Gentoo Linux Security Advisory GLSA 200509-09, September 17, 2005 Debian Security Advisory, DSA 856-1, October 10, 2005 |
MediaWiki 1.4.10 | A vulnerability has been reported because mediawiki Wiki edit submission handling could cause corruption of the previous revision in the database if an abnormal URL was used. SUSE: There is no exploit code required. | MediaWiki Database Corruption | Medium | SUSE Security Summary Report, SUSE-SR:2005:022, October 7, 2005 |
MediaWiki 1.5 alpha1&2, bet1-beta3, 1.4-1.4.10, 1.3.13, 1.3-1.3.11 | A Cross-Site Scripting vulnerability has been reported in inline style attributes due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | Medium | Security Focus, Bugtraq ID: 15024, October 6, 2005 | |
SquirrelMail Address Add Plugin 2.0, 1.9
| A Cross-Site Scripting vulnerability has been reported in 'add.php' due to insufficient sanitization of the 'first' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Update available at: Mandriva: There is no exploit code required; however, a Proof of Concept exploit has been published. | SquirrelMail Cross-Site Scripting | Medium | Security Tracker Alert ID: 1014988, September 29, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:178, October 11, 2005 |
Firefox 1.0.6; | A vulnerability has been reported which could let a remote malicious user execute arbitrary commands via shell metacharacters in a URL.
Upgrades available at: RedHat: http://rhn.redhat.com/ Ubuntu: Mandriva: Fedora: Slackware: SGI: Conectiva: Fedora: TurboLinux: Slackware: Mandriva: Ubuntu: There is no exploit code required; however, a Proof of Concept exploit has been published. | Mozilla Browser/Firefox Arbitrary Command Execution | High | Security Focus Bugtraq ID: 14888, September 21, 2005 Security Focus Bugtraq ID: 14888, September 22, 2005 RedHat Security Advisories, RHSA-2005:785-9 & 789-11, September 22, 2005 Ubuntu Security Notices, USN-USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 Slackware Security Advisory, SSA:2005-278-01, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 Ubuntu Security Notice, USN-200-1, October 11, 2005 |
Mozilla Browser prior to 1.7.8; | A vulnerability was reported due to a failure in the application to properly verify Document Object Model (DOM) property values, which could let a remote malicious user execute arbitrary code. Firefox: Mozilla Browser Suite: TurboLinux:: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/ Ubuntu: SUSE: SGI: Fedora: Ubuntu: http://security.ubuntu. HP: Debian: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Mozilla Suite And Firefox DOM Property Overrides href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1532">CAN-2005-1532 | High | Mozilla Foundation Security Advisory, Turbolinux Security Advisory, RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005 Ubuntu Security Notice, USN-134-1, May 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 SGI Security Advisory, 20050503-01-U, June 8, 2005 SUSE Security Announcement, SUSE-SA:2005:030, June 9, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 HP Security Bulletin, Debian Security Advisory, DSA 781-1, August 23, 2005 Ubuntu Security Notice, USN-155-3, October 04, 2005 |
Netscape 8.0.3.3, 7.2;
| A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code. Patches available at: RedHat: http://rhn.redhat.com/ Fedora: Ubuntu: Gentoo: Slackware: Gentoo: Conectiva: Fedora: Debian: TurboLinux: Mandriva: A Proof of Concept exploit script has been published. | Mozilla/Netscape/ | High | Security Focus, Bugtraq ID: 14784, September 10, 2005 RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-181-1, September 12, 2005 Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005 Security Focus, Bugtraq ID: 14784, September 22, 2005 Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 837-1, October 2, 2005 Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 HP Security Bulletin, Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 |
Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7 | A vulnerability was reported when processing 'javascript:' URLs, which could let a remote malicious user execute arbitrary code. Firefox: Mozilla Browser Suite: TurboLinux:: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/ Ubuntu: SUSE: SGI: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | High | Mozilla Foundation Security Advisory, Turbolinux Security Advisory, RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005 Ubuntu Security Notice, USN-134-1, May 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 SGI Security Advisory, 20050503-01-U, June 8, 2005 SUSE Security Announcement, SUSE-SA:2005:030, June 9, 2005 Ubuntu Security Notice, USN-155-3, October 04, 2005 | |
Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11 | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks. Firefox: Mozilla Browser: RedHat: Ubuntu: Mandriva: Fedora: Slackware: SGI: Conectiva: Gentoo: SUSE: Fedora: Debian: TurboLinux: Mandriva: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Mozilla Browser / Firefox Multiple Vulnerabilities CAN-2005-2701 | High | Mozilla Foundation Security Advisory, 2005-58, September 22, 2005 RedHat Security Advisory, RHSA-2005:789-11, September 22, 2005 Ubuntu Security Notices, USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Gentoo Linux Security Advisory [UPDATE] , September 29, 2005 SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 838-1, October 2, 2005 Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 Ubuntu Security Notice, USN-200-1, October 11, 2005 |
Windows XP, Server 2003 Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000 Berbers V5 Release 1.3.6 AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers | An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server. Updates available: RedHat: Microsoft: SUSE: AAA: Trustix: RedHat: SGI: Mandriva: Microsoft: Bulletin revised to communicate the availability of security updates for Services for UNIX 2.0 and Services for UNIX 2.1. The “Security Update Information” section has also be revised with updated information related to the additional security updates. F5: SCO: RedHat: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor Telnet Client Information Disclosure | Medium | Microsoft, iD EFENSE Security Advisory, June 14, 2005 Red Hat Security Advisory, Microsoft Security Bulletin, SUSE Security Summary AAA Security Advisory, ASA-2005-145, Trustix Secure Linux Security Advisory, TSLSA-2005-0030, RedHat Security Advisory, RHSA-2005:567-08, July 12, 2005 SGI Security Advisories, 20050605-01-U, 20050702-01-U, & 20050703-01-U, July 12 & 15, 2005 Microsoft Security Bulletin, Mandriva Linux Security Update Advisory, MDKSA-2005:119, July 14, 2005 SCO Security Advisory, SCOSA-2005.35, September 1, 2005 RedHat Security Advisory, RHSA-2005:562-15, Updated October 5, 2005 |
complete list available at: | A vulnerability has been reported in multiple antivirus products when processing a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header, which could let malformed archive files bypass detection.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Multiple Vendor Antivirus Products Malformed Archives Scan Bypass | Medium | Security Focus, Bugtraq ID: 15046, October 8, 2005 |
PHPXMLRPC 1.1.1; | A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC : Pear: Drupal: eGroupWare: MailWatch: Nucleus: RedHat: Ubuntu: Mandriva: Gentoo: http://security.gentoo http://security.gentoo. Fedora: Debian: SUSE: Gentoo: http://security.gentoo. Slackware: Debian: SGI: Slackware: Gentoo: Debian: Debian: Conectiva: There is no exploit code required. | PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID 14560, August 15, 2995 Security Focus, Bugtraq ID 14560, August 18, 2995 RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18, Fedora Update Notifications, Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Gentoo Linux Security Advisory, GLSA GLSA 200508-20& 200508-21, August 30 & 31, 2005 Slackware Security Advisory, SSA:2005-242-02, August 31, 2005 Debian Security Advisory, DSA 798-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Slackware Security Advisories, SSA:2005-251-03 & 251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 840-1, October 4, 2005 Debian Security Advisory, DSA 842-1, October 4, 2005 Conectiva Linux Announcement, CLSA-2005:1024, October 7, 2005 |
See href="http://www.kb.cert.org/vuls/id/222750">US-CERT VU#222750 for complete list | Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) do not adequately validate ICMP error messages, which could let a remote malicious user cause a Denial of Service. Cisco: IBM: RedHat:
href="http://rhn.redhat.com/errata/"> Sun: ALAXALA: Customers are advised to contact the vendor in regards to obtaining and applying the appropriate update. HP: HP: HPSBTU01210 Rev 1: New ERP kits are available for HP Tru64 Unix V5.1B-3, V5.1B-2/PK4, and V5.1A PK6. Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendor TCP/IP Implementation ICMP Remote Denial of Service
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060">CAN-2004-1060 | Low | Sun(sm) Alert Notification, 57746, April 29, 2005 Security Focus, 13124, May 21, 2005 HP Security Bulletin, HP Security Bulletin, HPSBUX0116 Rev 4, July 19, 2005 HP Security Bulletin, |
| my Webland MyBloggie 2.1.3 | An SQL injection vulnerability has been reported in the 'search.php' script due to insufficient validation of the user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | MyBloggie SQL Injection | Medium | Security Focus, Bugtraq ID: 15017, October 6, 2005 |
MySQL 4.0 .0-4.0.11, 5.0 .0- 5.0.4 | A vulnerability has been reported in the 'mysql_install_db' script due to the insecure creation of temporary files, which could let a malicious user obtain unauthorized access. Fedora: Debian: RedHat: There is no exploit code required. | MySQL 'mysql_install_db' Insecure Temporary File Creation | Medium | Security Focus, 13660, Fedora Update Notification, Debian Security Advisory, DSA 783-1, August 24, 2005 RedHat Security Advisory, RHSA-2005:685-5, October 5, 2005 |
MySQL 5.0 .0-0-5.0.4, 4.1 .0-0-4.1.5, 4.0.24, 4.0.21, 4.0.20 , 4.0.18, 4.0 .0-4.0.15 | A buffer overflow vulnerability has been reported due to insufficient bounds checking of data that is supplied as an argument in a user-defined function, which could let a remote malicious user execute arbitrary code. This issue is reportedly addressed in MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta available at: Mandriva: Ubuntu: Debian: SUSE: Debian: Conectiva: Currently we are not aware of any exploits for this vulnerability. | MySQL User-Defined Function Buffer Overflow | High | Security Focus 14509 , August 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:163, September 12, 2005 Ubuntu Security Notice, USN-180-1, September 12, 2005 Debian Security Advisories, DSA 829-1 & 831-1, September 30, 2005 SUSE Security Summary Report, Debian Security Advisory, DSA 833-1, October 1, 2005 Conectiva Linux Announcement, CLSA-2005:1023, October 6, 2005 |
NetMail 3.52 C1, 3.52 A-C, 3.52 | A buffer overflow vulnerability has been reported in the Network Messaging Application Protocol (NMAP) due to a boundary error when handling an overly long user name in the 'USER' command, which could let a remote malicious user execute arbitrary code. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Novell NetMail NMAP Agent Remote Buffer Overflow | High | Novell Technical Information Documents, TID2972340, TID2972433, & TID2972438, October 10, 2005 |
OpenSSH 4.1, 4.0, p1 | Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials. Upgrades available at: Fedora: Trustix: Slackware: Fedora: RedHat: Mandriva: There is no exploit code required. | OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials | Medium | Secunia Advisory: SA16686, September 2, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Slackware Security Advisory, SSA:2005-251-03, September 9, 2005 Fedora Update Notification, RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005 |
OpenVPN 2.0 , 1.6 .0, 1.5 .0, 1.4.0-1.4.3, 1.3.2 , 1.2.1 | Multiple remote Denial of Service vulnerabilities have been reported: a Denial of Service vulnerability was reported when flushing the OpenSSL error due to a failed client certificate authentication; a Denial of Service vulnerability was reported when flushing the OpenSSL error when a received packet fails to decrypt; a Denial of Service vulnerability was reported when configured in the 'dev tap' ethernet bridging mode; and a Denial of Service vulnerability was reported when two or more clients connect to the server at the same time using the same client certificate.
Upgrades available at: Mandriva: SUSE: Debian: There is no exploit code required. | OpenVPN Multiple Remote Denials of Service | Low | Secunia Advisory: SA16463, August 19, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:145, August 22, 2005 SUSE Security Summary Report, SUSE-SR:2005:020, September 12, 2005 Debian Security Advisory, DSA 851-1, October 9, 2005 |
Additional Images 1.x (module for osCommerce | An SQL injection vulnerability has been reported in 'product_info.php' due to insufficient sanitization of the 'products_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | OScommerce SQL Injection | Medium | Secunia Advisory: SA17082, October 6, 2005 |
PHP-Fusion 6.0.109 | SQL injection vulnerabilities have been reported in 'photogallery.php' due to insufficient sanitization of the 'album' and 'photo' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required. | PHP-Fusion Multiple SQL Injection | Medium | Secunia Advisory: SA17048, October 4, 2005 Security Focus, Bugtraq ID: 15005, October 6, 2005 |
FGSW-2402RS 1.2 (firmware) | A vulnerability has been reported because a default password exits for resetting the password, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing. There is no exploit code required. | Planet Technology FGSW-2402RS Switch Backdoor Password | Medium | Security Focus, Bugtraq ID: 15014, October 6, 2005 |
Java System Application Server 7.0 UR6 Standard Edition, 7.0 UR6 Platform Edition, 7.0 UR5 Standard Edition, 7.0 UR5 Platform Edition, 7.0 UR4, 7.0 2004Q2 R2 Standard, 7.0 2004Q2 R2 Enterprise, 7.0 2004Q2 R1Standard, 7.0 2004Q2 R1Enterprise, 7.0 Standard Edition, 7.0 Platform Edition, Enterprise Edition, 7.0 2004Q2 | A vulnerability has been reported due to an unspecified error in the Java Server Page, which could let a remote malicious user obtain sensitive information.
Patch information available at: Currently we are not aware of any exploits for this vulnerability. | Sun Java System Application Server Java Server Page Information Disclosure | Medium | Sun(sm) Alert Notification Sun Alert ID: 101910, October 11, 2005 |
TellMe 1.2 | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'q_IP' and 'q_Host parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'q_Host' parameter due to insufficient sanitization before using as a command line to 'whois,' which could let a remote malicious user obtain sensitive information. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | TellMe Cross-Site Scripting & Information Disclosure | Medium | Secunia Advisory: SA17078, October 6, 2005 |
Utopia News Pro 1.1.3 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'header.php' due to insufficient sanitization of the 'sitetitle' parameter and in 'footer.php' due to insufficient sanitization of the 'version' and 'query_count' parameters, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'news.php' due to insufficient sanitization of the 'newsid' parameter before using in a SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Utopia News Pro Cross-Site Scripting & SQL Injection | Medium | Security Tracker Alert ID: 1015016, October 7, 2005 |
NetBackup Server 6.0, 5.1, 5.0, NetBackup Enterprise Server 6.0, 5.1, 5.0, NetBackup DataCenter 4.5 MP, 4.5 FP, NetBackup BusinessServer 4.5 MP, 4.5 FP | A format string vulnerability has been reported in the Java user-interface, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. Patch information available at: Currently we are not aware of any exploits for this vulnerability. | VERITAS NetBackup Java User-Interface Remote Format String | High | Veritas Document ID: 279085, October 12, 2005 |
versatile | Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of some input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'imagewin.php' due to insufficient sanitization of the 'file' parameter and in 'dereferrer.php' due to insufficient sanitization of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported when the 'getversions.php' script is accessed directly, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however an exploit script has been published. | versatile BulletinBoard Cross-Site Scripting, SQL Injection & Information Disclosure | Medium | Secunia Advisory: SA17174, October 12, 2005 |
Libwww 5.4 | Multiple unspecified vulnerabilities have been reported including a buffer overflow and vulnerabilities related to the handling of multipart/byteranges content. The impact was not specified.
Fedora: Currently we are not aware of any exploits for these vulnerabilities. | W3C Libwww Multiple Unspecified Vulnerabilities | Not Specified | Fedora Update Notifications, FEDORA- 2005-952 & 953, October 7, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Industry unites on next-gen Wi-Fi: Some of the world's biggest IT companies have united behind the 802.11n standard for next-generation wireless broadband.
The Enhanced Wireless Consortium (EWC) which includes Intel, Apple, Sony, and Cisco promote the standard. Source: http://www.vnunet.com/vnunet/news/2143664/industry-unites-generation-wi. - Competitors Catching Up With Symbian Smartphone Platform: Study: According to a study released by ABI Research, the Symbian OS still is the world's dominant smartphone operating system, but Microsoft's Windows Mobile is gaining and Linux could catch on as well.
The study doesn't predict market shares for each of the platforms but, discusses their strengths and weaknesses. Source: http://www.mobilepipeline.com/showArticle.jhtml?articleID=172300427. - Securing mobile data more important than viruses: According to speakers at Symbian's Smartphone Show in London, enterprises with workers that can access corporate data from mobile devices should be less concerned about mobile viruses and more focused on setting and enforcing rules for securing the data.
Very few real mobile viruses have actually proliferated in the market. Source: http://www.infoworld.com/article/05/10/12/HNsecuringmobiledata_1.html. - Attackers Could Text Message Cell Services To Death: According to a group of academic researchers from Pennsylvania State University, cell phone networks are so vulnerable to denial-of-service-style attacks that an assault carried out by a mid-sized bot network could bring down the United States' entire mobile infrastructure. A paper that will be presented at the ACM Conference on Computer and Communications Security in November, outlines how an attack exploiting weaknesses in SMS (Short Message Service) could overload a cell network, and bring both voice and text messaging to a screeching stop.
Source: http://www.techweb.com/showArticle.jhtml?
articleID=171203666. - Wireless Applications Not Quite Ready For Prime Time: At the Mobile Business Expo, the opening keynote speaker disproved that wireless applications are ready for large-scale deployments. Several things need to occur before this can happen. Carriers have to start focusing on business users more, and the industry has to move away from proprietary mobile applications, such as the ones Research In Motion offers for BlackBerry devices, and toward open standard applications that truly extend mobile applications beyond E-mail. Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=
0OCJICEMD4WTWQSNDBECKH0CJUMEKJVN?articleID=171204530 .
Wireless Vulnerabilities
- Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure: A vulnerability has been reported in Windows XP Wireless Zero Configuration Service that could let remote malicious users disclose information.
- Linux Kernel Denial of Service & Information Disclosure: A vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| October 12, 2005 | caigw.c | No | Script that exploits the CA iGateway Debug Mode HTTP GET Request Buffer Overflow vulnerability. |
| October 12, 2005 | MallocMaleficarum.txt | N/A | The Malloc Maleficarum discusses the next generation of possible glibc malloc exploitation techniques. |
| October 12, 2005 | phpshopSQL.txt | Yes | Exploit details for the PhpShop SQL Injection vulnerability. |
| October 12, 2005 | r57phpbb_admin2exec.pl.txt | No | Exploit for the Remote phpBB Command Execution vulnerability. |
| October 12, 2005 | VAstacksmash.txt | N/A | A paper that presents an attack that works by exploiting static addresses in Linux. |
| October 11, 2005 | versatile_xpl.php versatile100RC2_xpl.html | No | Exploits for the VersatileBulletinBoard Multiple SQL Injection vulnerabilities. |
| October 10, 2005 | phpmyadmin_locfile.pl | No | Proof of Concept exploit for the PHPMyAdmin File Include vulnerability. |
| October 10, 2005 | xine-cddb-server.pl | Yes | Script that exploits the Xine-Lib Remote CDDB Information Format String vulnerability. |
| October 8, 2005 | aenovoSQL.txt | No | Detailed exploitation for the Aenovo SQL injection & Cross-Site Scripting vulnerabilities. |
| October 8, 2005 | AVCraftedArchive.txt | No | Exploitation details for the Anti-Virus bypass archive vulnerability. |
| October 8, 2005 | cyphor.php | No | Script that exploits the Cyphor Cross-Site Scripting and SQL Injection Vulnerabilities. |
| October 8, 2005 | cyphor019.html | No | Proof of Concept exploit for the Cyphor Cross-Site Scripting & SQL Injection vulnerabilities. |
| October 8, 2005 | phpCounter.txt | No | Exploitation details for the PHPCounter Cross-Site Scripting & SQL injection vulnerabilities. |
| October 8, 2005 | smackthestack.txt | N/A | A whitepaper that discusses five creative methods used to overcome various stack protection patches. These methods are not limited to this patch, but provide a different approach to the buffer overflow exploiting scheme. |
| October 8, 2005 | xine-cddb-server.pl.txt | Yes | Proof of Concept exploit for the Multiple Vendors CDDB Client Format String vulnerability. |
| October 7, 2005 | mailenable.cpp | Yes | Exploit for the MailEnable Arbitrary Code Execution vulnerability. |
| October 7, 2005 | utopia_xpl.php | No | Exploit for the Utopia News Pro SQL Injection vulnerability. |
| October 7, 2005 | utopia113.html | No | Proof of Concept exploit for the Utopia News Pro Cross-Site Scripting & SQL Injection vulnerabilities. |
| October 7, 2005 | xloadFlaws.tgz | Yes | Proof of Concept exploit for the Xloadimage Image Title Name Buffer Overflow vulnerabilities. |
| October 6, 2005 | amap-5.2.tar.gz | N/A | A next-generation scanning tool that allows you to identify the applications that are running on a specific port by connecting to the port(s) and sending trigger packets. |
| October 6, 2005 | caigw-win32.c | No | Exploit for the Computer Associates Multiple Product HTTP Request Remote Unspecified Buffer Overflow vulnerability. |
| October 6, 2005 | hydra-5.0-src.tar.gz | N/A | A high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. |
| October 6, 2005 | no-nx.pdf | N/A | A whitepaper that analyzes NX technology weaknesses and contains sample code for the Hammer/Linux platform. |
| October 6, 2005 | THC-Scan-2.01.zip | N/A | A wardialer that works under DOS, Win95/98/NT/2K/XP, and all DOS emulators (UNiX) on all 80x86 processors. |
[back to
top]
name=trends>Trends
- Survey: IT spending to rise in 2006: In survey results released by Gartner, U.S. companies plan to hike their spending on technology by 5.5 percent in 2006. The increased technology investments will be spent on application development and integration. Spending on security and storage segments will level off in 2006, and mobile devices will become a major purchasing priority. In addition, development tools and middleware will also attract investment. Source: http://news.com.com/Survey+IT+
spending+to+rise+in+2006/2100-7342_3-5893853.html?tag=nefd.top . - Spyware threat escalating, expert warns: According to security experts spyware is becoming increasingly more sophisticated. Users are failing to take basic steps to protect themselves against this threat. This is a problem that should scare big businesses as they face up to the fact that important data could be leaking out of their organizations daily. Source: http://news.com.com/Spyware+threat+
escalating%2C+expert+warns/2100-1029_3-5893267.html?tag=cd.top. - Malicious attack trends: good, bad, and worse: According to Symantec’s Internet Security Threat Report, Vol. VII, automated code and for-profit hackers have information theft on the rise. Even though the Symantec report represents just one vendor’s view on the changing threat space, Symantec is pulling its data from 24,000 sensors in more than 180 companies participating in its DeepSight Threat Management System and Symantec Managed Security Services.
Source: http://www.infoworld.com/article/05/10/07/41OPsecadvise_1.html?source=rss
&url=http://www.infoworld.com/article/05/10/07/41OPsecadvise_1.html. - The Four Most Dangerous Security Myths: Network security is all about nightmares.The four more dangerous security myths are: patches always fix the security hole; SSL is secure; Theoretical vulnerabilities don't pose a danger: and Wireless networks are inherently insecure. Source: http://www.networkingpipeline.com/handson/171204280.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. |
| 2 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 3 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 4 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 5 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 6 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 7 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 8 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 9 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 10 | Netsky-Z | Win32 Worm | Stable | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
Table updated October 10, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.