Summary of Security Items from February 23 through March 1, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
PeerFTP_5
| A vulnerability exists in the 'Program Files\AcuteWebsight\PeerFTP_5\PeerFTP.ini' file, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. An exploit script has been published. | PeerFTP_5 FTP Password Disclosure | Medium | SecurityTracker Alert, 1013263, February 23, 2005 |
| ArGoSoft
FTP Server 1.0, 1.2.2.2, 1.4.1 .1-1.4.1.9, 1.4.2.0-1.4.2.2, 1.4.2 .7 | A vulnerability exists in the 'SITE COPY' command because shortcut files can be copied, which could let a malicious user obtain sensitive information.
Upgrades available at: There is no exploit code required. | ArGoSoft FTP Server 'SITE COPY' Shortcut File | Medium | Secunia Advisory, SA14372, February 23, 2005 |
Einstein 1.01 & prior | A vulnerability exists because usernames and passwords are stored in plaintext form in the Windows Registry, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing. An exploit script has been published. | Einstein Password Disclosure | Medium | SecurityTracker Alert, 1013316, February 28, 2005 |
| CIS WebServer 3.5.13 | A Directory Traversal vulnerability exists when handling certain types of requests, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | CIS WebServer Remote Directory Traversal | Medium | SecurityFocus, 12662, February 25, 2005 |
SendLink 1.5 | A vulnerability exists in 'Program Files\SendLink\User\data.eat' because passwords are stored in plaintext, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. An exploit script has been published. | SendLink Password Disclosure | Medium | SecurityTracker Alert, 1013269, February 23, 2005 |
eXeem 0.21 | A vulnerability exists because plaintext passwords and configuration data is stored in the Windows Registry, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing. An exploit script has been published. | eXeem Password Disclosure | Medium | SecurityTracker Alert, 1013266, February 23, 2005 |
Gaim 1.1.3; possibly other versions | A remote Denial of Service vulnerability exists in the file transfer feature.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Gaim File Transfer Remote Denial of Service | Low | SecurityTracker Alert, 1013300, February 28, 2005
|
LanGuard Network Security Scanner 5.0 | A vulnerability exists in 'Inss.exe' because loaded saved credentials are stored in memory, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. An exploit script has been published. | GFI LANguard Network Security Scanner Password Disclosure | Medium | Hat-Squad Advisory, February 28, 2005 |
Golden FTP Server Pro 2.05b & prior | A buffer overflow vulnerability exists when a specially crafted RNTO command is submitted, which could let a remote malicious user execute arbitrary code. Update available at: http://www.goldenftpserver.com/ An exploit script has been published. | High | Secunia Advisory, | |
ChatAnywhere 2.72a | A vulnerability exists in the 'Program Files\Chat Anywhere\room\[chatroomname].ini' file because passwords and usernames are stored in plaintext, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. An exploit script has been published. | Chat Anywhere Password Disclosure | Medium | SecurityTracker Alert, 1013270, February 23, 2005 |
Scrapland 1.0 | Several remote Denial of Service vulnerabilities exist due to a failure to handle exceptional conditions. No workaround or patch available at time of publishing. An exploit script has been published. | MercurySteam Scrapland Game Server Remote Denials of Service | Low | Secunia Advisory, SA14435, March 1, 2005 |
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 | A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at: V1.1: Bulletin updated to clarify prerequisites V1.2: Bulletin updated to add an additional FAQ as well as clarify install steps under Update Information. Currently we are not aware of any exploits for this vulnerability. | Microsoft Office URL File Location Handling Buffer Overflow | High | Microsoft Security Bulletin, MS05-005, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A Microsoft Security Bulletin, MS05-005 V1.1, February 15, 2005 Microsoft Security Bulletin, MS05-005 V1.2, February 23, 2005 |
Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003 | A remote code execution vulnerability exists in the Windows Server 2003 SMTP component due to the way Domain Name System (DNS) lookups are handled. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4. Updates available at:
href="http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx"> Bulletin updated to clarify restart requirement for Windows Server 2003 and Windows XP 64-Bit. Bulletin updated to advise of the availability of an update for Exchange 2000 Server. V2.1: Bulletin updated to clarify restart requirement for Exchange 2000 Server Currently we are not aware of any exploits for this vulnerability. | High | Microsoft Security Bulletin, MS04-035, October 12, 2004 US-CERT Cyber Security Alert, SA04-286A Microsoft Security Bulletin MS04-035, November 9, 2004 Microsoft Security Bulletin MS04-035 V2.0 February 8, 2005 Microsoft Security Bulletin MS04-035 V2.1 February 23, 2005 | |
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4 | A vulnerability exists due to the way group policies are enforced, which could let a malicious user bypass drive access restriction. No workaround or patch available at time of publishing. There is no exploit code required. | Microsoft Windows 2000 Group Restriction Bypass | Medium | SecurityFocus, 12641, February 23, 2005 |
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server | A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Patches available at: V1.1: Bulletin updated to reflect a revised “Security Update Information” section for Windows Server 2003 Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows License Logging Service Buffer Overflow | Low/High (High if arbitrary code can be executed) | Microsoft Security Bulletin, MS05-010, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A Microsoft Security Bulletin, MS05-010 V1.1, February 23, 2005 |
Mozilla Browser 1.7.5, Firefox 1.0, | A vulnerability exists because popup windows can overlay modal dialogs, which could lead to a false sense of security.
Fedora: Mozilla: Proofs of Concept exploits have been published. | Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing | Medium | Securiteam, January 11, 2005 Fedora Update Notification, |
Winamp 5.07 | A remote Denial of Service vulnerability exists due to a failure to properly process '.mp4' and '.m4a' files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Nullsoft Winamp Malformed MP4 Remote Denial of Service | Low | SecurityTracker Alert ID, 1012525, December 15, 2004 |
WebConnect 6.4.4, 6.5 | Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits a request that has an MS-DOS device name; and a vulnerability exists in the ''jretest.html' script due to insufficient validation of the 'WCP_USER' parameter, which could let a remote malicious user obtain sensitive information. Updates available at: http://www.oc.com/solutions/webconnect.jsp Exploit scripts have been published. | WebConnect Remote Denial of Service and Information Disclosure | Low/Medium (Medium if sensitive information can be obtained) | CIRT Advisory, February 20, 2005 PacketStorm, February 26, 2005 |
RaidenHTTPD 1.1.32 | Several vulnerabilities exist: a vulnerability exists in the default installation CGI scripts, which could let a malicious user obtain sensitive information; and a buffer overflow vulnerability exists when processing long URI HTTP requests, which could let a malicious user execute arbitrary code. Upgrade available at: Currently we are not aware of any exploits for these vulnerabilities. | RaidenHTTPD Multiple Remote Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | SIG^2 Vulnerability Research Advisory, March 1, 2005 |
KNet 1.0, 1.2, 1.3, 1.4 c, 1.4 b | A buffer overflow vulnerability exists due to a failure to securely copy user-supplied input into finite process buffers, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Stormy Studios KNet Remote Buffer Overflow | High | SecurityFocus, 12671, February 25, 2005 |
BadBlue 2.55 | A buffer overflow vulnerability exists in 'ext.dll' in the 'mfcisapicommand' parameter due to a boundary error when processing HTTP requests, which could let a remote malicious user execute arbitrary code. Upgrade available at: http://badblue.com/bb95.exe Exploit scripts have been published. | High | SIA International Security Advisory, February 26, 2005 | |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Cyrus IMAP Server 2.x
| Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.
Update available at: Gentoo: SUSE: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Cyrus IMAP Server Multiple Remote Buffer Overflows | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200502-29, February 23, 2005 SUSE Security Announcement, SUSE-SA:2005:009, February 24, 2005 Ubuntu Security Notice USN-87-1, February 28, 2005 |
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 | Several vulnerabilities exist: a buffer overflow vulnerability exists in 'digestmda5.c,' which could let a remote malicious user execute arbitrary code; and an input validation vulnerability exists in the 'SASL_PATH' environment variable, which could let a malicious user execute arbitrary code. Fedora: Gentoo: Mandrake: RedHat: Trustix: Debian: Conectiva: OpenPGK: FedoraLegacy: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Cyrus SASL Buffer Overflow & Input Validation | High | SecurityTracker Alert ID: 1011568, October 7, 2004 Debian Security Advisories DSA 563-2, 563-3, & 568-1, October 12, 14, & 16, 2004 Conectiva Linux Security Announcement, CLA-2004:889, November 11, 2004 OpenPKG Security Advisory, OpenPKG Security Advisory, January 28, 2005 Fedora Legacy Update Advisory, FLSA:2137, February 17, 2005 SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
DNA mkbold-mkitalic 0.1-0.6 | A format string vulnerability exists when converting BDF font files, which could let a remote malicious user execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | DNA MKBold-MKItalic Remote Format String | High | Secunia Advisory: SA14398, February 25, 2005 |
reportbug 2.60, 2.6 | Multiple vulnerabilities exist: a vulnerability exists in '.reportbugrc' files because it contains world-readable permissions, which could let a malicious user obtain sensitive information; and a vulnerability exists in 'smtppasswd' password setting because it is included in '.bugreportrc' which could let a malicious user obtain sensitive information. Ubuntu: There is no exploit code required. | Debian Reportbug Multiple Information Disclosure | Medium | Ubuntu Security Notice USN-88-1 , February 28, 2005 |
GNU Midnight Commander Project Midnight Commander 4.x | Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code. Debian: SUSE: Gentoo: TurboLinux: Currently we are not aware of any exploits for these vulnerabilities. | Midnight Commander Multiple Vulnerabilities CAN-2004-1004 | Low/ Medium/ High (Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed) | SecurityTracker Alert, 1012903, January 14, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Gentoo Linux Security Advisory, GLSA 200502-24, February 17, 2005 Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
Emacs prior to 21.4.17
| A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at: Debian: Fedora: Ubuntu: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Debian: SUSE: Currently we are not aware of any exploits for this vulnerability. | Emacs Format String | High | SecurityTracker Alert, 1013100, February 7, 2005 Debian Security Advisory, Ubuntu Security Notice, USN-76-1, February 7, 2005 Fedora Update Notifications Gentoo Linux Security Advisory, GLSA 200502-20, February 15, 2005 Mandrakelinux Security Update Advisory,MDKSA-2005:03, February 15, 2005 Debian Security Advisory, DSA 685-1, February 17, 2005 SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
Vim 6.x, GVim 6.x | Multiple vulnerabilities exist which can be exploited by local malicious users to gain escalated privileges. The vulnerabilities are caused due to some errors in the modelines options. This can be exploited to execute shell commands when a malicious file is opened. Successful exploitation can lead to escalated privileges but requires that modelines is enabled. Apply patch for vim 6.3: ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045 Gentoo: RedHat: Avaya: OpenPKG: ftp.openpkg.org Mandrake: Ubuntu: Fedora: Currently we are not aware of any exploits for these vulnerabilities. | GNU Vim / Gvim Modelines Command Execution Vulnerabilities | Medium | Gentoo Linux Security Advisory, GLSA 200412-10 / vim, December 15, 2004 Fedora Legacy Update Advisory, FLSA:2343, February 24, 2005 |
wget 1.9.1 | A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window. SUSE: A Proof of Concept exploit script has been published. | GNU wget File Creation & Overwrite | Medium | SecurityTracker Alert ID: 1012472, December 10, 2004 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
xine prior to 0.99.3 | Multiple vulnerabilities exist that could allow a remote user to execute arbitrary code on the target user's system. There is a buffer overflow in pnm_get_chunk() in the processing of the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG, and CONT_TAG parameters. The vendor has issued a fixed version of xine-lib (1-rc8), available at: http://xinehq.de/index.php/releases A patch is also available at: Conectiva: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" SUSE: TurboLinux: A Proof of Concept exploit has been published. | GNU xine Buffer | High | iDEFENSE Security Advisory 12.21.04 Gentoo, GLSA 200501-07, January 6, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
xine-lib 1.x | Multiple vulnerabilities with unknown impacts exist due to errors in the PNM and Real RTSP clients. Update to version 1-rc8: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" SUSE: TurboLinux: Currently we are not aware of any exploits for these vulnerabilities. | GNU xine-lib | Not Specified | Secunia Advisory, SA13496, December 16, 2004 Gentoo Linux Security Advisory, GLSA 200501-07, January 6, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:011, January 19, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
HP-UX B.11.00, B.11.04, B.11.11, B.11.22, B.11.23 | A vulnerability exists in ftpd which could let a remote malicious user obtain unauthorized access.
Updates available at: Currently we are not aware of any exploits for this vulnerability. | HP-UX | Medium | HP Security Bulletin, HPSBUX01119, February 23, 2005 |
HP-UX 11.x | A vulnerability exists in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the debug logging routine of ftpd. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long command request. Successful exploitation may allow execution of arbitrary code, but requires that the FTP daemon is configured to log debug information (not default setting). Apply patches: Currently we are not aware of any exploits for this vulnerability. | Hewlett Packard HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability | High | iDEFENSE Security Advisory 12.21.04 HP Security Bulletin, HPSBUX01118, February 9, 2005 |
AIX 5.2, 5.3 | A format string vulnerability exists in auditselect, which could let a malicious user obtain root privileges. Updates available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX auditselect Format String | High | SecurityTracker Alert, 1013103, February 8, 2005 |
wpa_supplicant prior to 0.2.7 and 0.3.8 | A remote Denial of Service vulnerability exists in 'wpa.c' when processing WPA2 frames due to insufficient validation of the Key Data Length. Update available at: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | Jouni Malinen wpa_supplicant Remote Denial of Service | Low | SecurityTracker Alert, 1013226, February 17, 2005 Gentoo Linux Security Advisory, GLSA 200502-22, February 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
ProZilla Download Accelerator 1.0 x, 1.3.0-1.3.4, 1.3.5 .2, 1.3.5 .1, 1.3.5-1.3.5.2 1.3.6 | A vulnerability exists due to improper implementation of a formatted string function when handling initial server responses, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. An exploit script has been published. | ProZilla Initial Server Response Format String | High | SecurityFocus, 12635, February 23, 2005 |
cmd5checkpw 0.20-0.22 | A vulnerability exists in the 'poppasswd' file, which could let a malicious user obtain sensitive information. Gentoo: There is no exploit code required. | Cmd5checkpw Poppasswd Disclosure | Medium | Gentoo Linux Security Advisor, GLSA 200502-30, February 25, 2005 |
NASM 0.98.38 | A vulnerability was reported in NASM. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted asm file that, when processed by the target user with NASM, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the error() function in 'preproc.c.' Gentoo: Debian: Mandrake: TurboLinux: A Proof of Concept exploit script has been published. | LGPL NASM error() Buffer Overflow | High | Secunia Advisory ID, SA13523, December 17, 2004 Debian Security Advisory Mandrakelinux Security Update Advisory, MDKSA-2005:004, January 6, 2005 Turbolinux Security Announcement, TLSA- 24022005, February 24, 2005 |
Kerberos 5 krb5-1.3.5 & prior; Avaya S8700/S8500/S8300 (CM2.0 and later), MN100, Intuity LX 1.1- 5.x, Modular Messaging MSS | A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code. A patch is available at: Gentoo: Debian: Conectiva: Ubuntu: Avaya: Sun: Currently we are not aware of any exploits for this vulnerability. | Kerberos | High | SecurityTracker Alert ID, 1012640, December 20, 2004 Gentoo GLSA 200501-05, January 5, 2005 Ubuntu Security Notice, USN-58-1, January 10, 2005 Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005 Avaya Security Advisory, ASA-2005-036, February 7, 2005 Sun(sm) Alert Notification, 57712, February 25, 2005
|
Firefox 1.0 | A vulnerability exists because a predictable name issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information.
Update available at: An exploit has been published. | Mozilla Firefox Predictable Plugin Temporary Directory | Low/Medium (Medium if user/system information can be modified) | Mozilla Foundation Security Advisory, 2005-28, February 25, 2005 |
Bernd Johanness Wueb kppp 1.1.3; | A vulnerability exists due to a file descriptor leak, which could let a malicious user obtain sensitive information. Patch available at: ftp://ftp.kde.org/pub/kde/security_patches There is no exploit code required. | KPPP Privileged File Descriptor Information Disclosure | Medium | iDEFENSE Security Advisory, February 28, 2005 |
FreeNX 0.2 -0-0.2 -3, 0.2.4-0.2.7 | A vulnerability exists in the 'XAUTHORITY' environment variable, which could let a malicious user bypass authentication. Update available at: SuSE: There is no exploit code required. | Medium | SUSE Security Summary Report, ID: SUSE-SR:2005:006, February 25, 2005 | |
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Converged Communications Server 2.0, | A vulnerability was reported in the Linux kernel in the auxiliary message (scm) layer. A local malicious user can cause Denial of Service conditions. A local user can send a specially crafted auxiliary message to a socket to trigger a deadlock condition in the __scm_send() function. Ubuntu: SUSE: Trustix: Red Hat: Fedora: Mandrake: FedoraLegacy: TurboLinux: A Proof of Concept exploit script has been published. | Multiple Vendors Linux Kernel Auxiliary Message Layer State Error | Low | iSEC Security Research Advisory 0019, December 14, 2004 SecurityFocus, December 25, 2004 Secunia, SA13706, January 4, 2005 Avaya Security Advisory, ASA-2005-006, January 14, 2006 Mandrake Security Advisory, MDKSA-2005:022, January 26, 200 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100, | Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions. SUSE: Trustix: Ubuntu: Fedora: Mandrake: RedHat: TurboLinux: FedoraLegacy: A Proof of Concept exploit script has been published. | Multiple Vendors Linux Kernel IGMP Integer Underflow | Low/ Medium (Medium if elevated privileges can be obtained) | iSEC Security Research Advisory 0018, December 14, 2004 SecurityFocus, December 25, 2005 Secunia, SA13706, January 4, 2005 Avaya Security Advisory, ASA-2005-006, January 14, 2006 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Turbolinux Security Announcement , February 28, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Linux Kernel 2.4.x; Avaya Intuity LX, Avaya MN100, | Two vulnerabilities exist in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) A boundary error exists in the system call handling in the 32bit system call emulation on AMD64 / Intel EM64T systems. 2) An unspecified error within the memory management handling of ELF executables in "load_elf_binary" can be exploited to crash the system via a specially crafted ELF binary (this issue only affects Kernel versions prior to 2.4.26). Issue 2 has been fixed in Kernel version 2.4.26 and later. Red Hat: FedoraLegacy: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel 32bit System Call Emulation and ELF Binary | Medium | Secunia, SA SA13627, December 24, 2004 Red Hat RHSA-2004-689, December 23, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Linux Kernel 2.6.x | Some potential vulnerabilities exist with an unknown impact in the Linux Kernel. The vulnerabilities are caused due to boundary errors within the 'sys32_ni_syscall()' and 'sys32_vm86_warning()' functions and can be exploited to cause buffer overflows. Immediate consequences of exploitation of this vulnerability could be a kernel panic. It is not currently known whether this vulnerability may be leveraged to provide for execution of arbitrary code. Patches are available at: http://linux.bkbits.net:8080/linux-2.6/ Ubuntu: SUSE: Fedora: Mandrake: TurboLinux: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel 'sys32_ni_syscall' and 'sys32_vm86_warning' Buffer Overflows | Low/High (High if arbitrary code can be executed) | Secunia Advisory ID, SA13410, December 9, 2004 SecurityFocus, December 14, 2004 SecurityFocus, December 25, 2004 Secunia, SA13706, January 4, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux Kernel versions except 2.6.9 | A race condition vulnerability exists in the Linux Kernel terminal subsystem. This issue is related to terminal locking and is exposed when a remote malicious user connects to the computer through a PPP dialup port. When the remote user issues the switch from console to PPP, there is a small window of opportunity to send data that will trigger the vulnerability. This may cause a Denial of Service. This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases: http://www.kernel.org/pub/linux/kernel/ Ubuntu: Mandrake: FedoraLegacy: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel Terminal Locking Race Condition | Low | SecurityFocus, December 14, 2004 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 Turbolinux Security Announcement , February 28, 2005
|
bsmtpd bsmtpd 2.3;
| A vulnerability exists in the bsmtpd daemon due to insufficient sanitization of e-mail addresses, which could let a remote malicious user execute arbitrary code.
Debian: Currently we are not aware of any exploits for this vulnerability. | BSMTPD Remote Arbitrary Command Execution | High | Debian Security Advisory, DSA 690-1, February 25, 2005 |
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 | A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code. SUSE: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows | High | iDEFENSE Security Advisory, February 21, 2005 SUSE Security Announcements, SUSE-SR:2005:006 & SUSE-SA:2005:011, February 25 & 28, 2005 Ubuntu Security Notice, USN-86-1, February 28, 2005 |
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5; | A remote Denial of Service vulnerability exists during the decompression process due to a failure to handle malformed input. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200408-26.xml"> FileZilla:
href="http://sourceforge.net/project/showfiles.php?group_id=21558"> OpenBSD: OpenPKG: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/ "> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Mandrake: Conectiva: SCO:
href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17"> Fedora: FedoraLegacy: We are not aware of any exploits for this vulnerability. | Low | SecurityFocus, August 25, 2004 SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004 Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004 US-CERT VU#238678, October 1, 2004 SCO Security Advisory, SCOSA-2004.17, October 19, 2004 Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004 Fedora Update Notification, Fedora Legacy Update Advisory, FLSA:2043, February 24, 2005 | |
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service. Debian: Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/ pub/fedora/linux/core/updates/ Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> RedHat:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200409-28.xml"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> Fedora: We are not aware of any exploits for these vulnerabilities. | gdk-pixbug BMP, ICO, and XPM Image Processing Errors
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753">CAN-2004-0753 | Low/High (High if arbitrary code can be executed) | SecurityTracker Alert ID, 1011285, September 17, 2004 Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004 US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004 Conectiva Linux Security Announcement, CLA-2004:875, October 18, 2004 Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005 |
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
| Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu: Gentoo: Mandrake: RedHat: SGI: SUSE: Trustix: IBM: Proofs of Concept exploits have been published. | Perl SuidPerl Multiple Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | Ubuntu Security Notice, USN-72-1, February 2, 2005 MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005 RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005 IBM SECURITY ADVISORY, February 28, 2005 |
Linux Kernel 2.2, 2.4, 2.6 | Several buffer overflow vulnerabilities exist in 'drivers/char/moxa.c' due to insufficient validation of user-supplied inputs to the 'MoxaDriverloctl(),' ' moxaloadbios(),' moxaloadcode(),' and 'moxaload320b()' functions, which could let a malicious user execute arbitrary code with root privileges. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Moxa Char Driver Buffer Overflows | High | SecurityTracker Alert, 1013273, February 23, 2005 |
Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10 | A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.
Fedora: Trustix: Ubuntu: SuSE: RedHat: http://rhn.redhat.com/errata/ Mandrake: RedHat: FedoraLegacy: SuSE: TurboLinux: Exploit scripts have been published. | Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges | High | SecurityTracker Alert, 1012862, January 12, 2005 SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 RedHat Security Advisory, RHSA-2005:016-13 & 017-14, January 21, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27; Avaya Converged Communications Server 2.0, | A vulnerability exists in the 'AF_UNIX' address family due to a serialization error, which could let a malicious user obtain elevated privileges or possibly execute arbitrary code.
Upgrades available at: SUSE: Ubuntu: Red Hat: Fedora: Mandrake: FedoraLegacy: http://download.fedoralegacy.org/redhat/ TurboLinux: Currently we are not aware of any exploits for this vulnerability.
| Medium/ High (High if arbitrary code can be executed) | Bugtraq, November 19, 2004 SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 SecurityFocus, December 14, 2004 Fedora Update Notifications, FEDORA-2004-581 & 582, January 4, 2005 Avaya Security Advisory, ASA-2005-006, January 14, 2006 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 Turbolinux Security Announcement , February 28, 2005 | |
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2, 2.6 -test1-test11, 2.6-2.6.10, 2.6.10 rc1; RedHat Desktop 3.0, Enterprise Linux WS 3, Linux ES 3, Linux AS 3; | A Denial of Service vulnerability exists in the audit subsystem of the Linux kernel. .
RedHat: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Audit Subsystem Denial of Service | Low | RedHat Security Advisory, RHSA-2005:043-13, January 18, 2005 SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 |
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing | A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are not properly processed, which could let a remote malicious user execute arbitrary code with root privileges. Fedora: Trustix: Ubuntu: Mandrake: Ubuntu: RedHat: FedoraLegacy: TurboLinux: Another exploit script has been published. | Linux Kernel uselib() Root Privileges | High | iSEC Security Research Advisory, January 7, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 PacketStorm, January 27, 2005 Avaya Security Advisory, ASA-2005-034, February 8, 2005 Ubuntu Security Notice, USN-57-1, February 9, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2 | A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at: Trustix: RedHat: http://rhn.redhat.com/errata/ Mandrake: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Overlapping VMAs | Low/High (High if root access can be obtained) | Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m January 18 & 21, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Avaya Converged Communications Server 2.0,
| Multiple vulnerabilities exist due to various errors in the 'load_elf_binary' function of the 'binfmt_elf.c' file, which could let a malicious user obtain elevated privileges and potentially execute arbitrary code.
Patch available at: Trustix: Fedora: SUSE: Red Hat: RedHat: http://rhn.redhat.com/errata/ Mandrake: FedoraLegacy: Proofs of Concept exploit scripts have been published. | Multiple Vendors Linux Kernel BINFMT_ELF | Medium/ High (High if arbitrary code can be executed) | Bugtraq, November 11, 2004 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 Red Hat Advisory: RHSA-2004:549-10, December 2, 2004 RedHat Security Advisories, RHSA-2004:504-13 & 505-14, December 13, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
|
Linux Kernel 2.4-2.4.27, 2.6-2.6.9; Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0-2.2; | Multiple remote Denial of Service vulnerabilities exist in the SMB filesystem (SMBFS) implementation due to various errors when handling server responses. This could also possibly lead to the execution of arbitrary code.
Upgrades available at: Trustix: Ubuntu: Fedora: SUSE: Red Hat: RedHat: Ubuntu: Mandrake: FedoraLegacy: SUSE: TurboLinux: Currently we are not aware of any exploits for these vulnerabilities
| Multiple Vendors smbfs Filesystem Memory Errors Remote Denial of Service | Low/High (High if arbitrary code can be executed) | e-matters GmbH Security Advisory, November 11, 2004 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 Red Hat Advisory: RHSA-2004:549-10, December 2, 2004 Ubuntu Security Notice, USN-39-1, December 16, 2004 RedHat Security Advisories, RHSA-2004:504-13 & 505-14, December 13, 2004 SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 US-CERT VU#726198, February 1, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux Kernel 2.6 - 2.6.10 rc2 | The DRM module in the Linux kernel is susceptible to a local Denial of Service vulnerability. This vulnerability likely results in the corruption of video memory, crashing the X server. Malicious users may be able to modify the video output. Ubuntu: RedHat: FedoraLegacy: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel Local DRM Denial of Service | Low | Ubuntu Security Notice USN-38-1 December 14, 2004 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Linux Kernel 2.6 - 2.6.10 rc2 | The Linux kernel /proc filesystem is susceptible to an information disclosure vulnerability. This issue is due to a race-condition allowing unauthorized access to potentially sensitive process information. This vulnerability may allow malicious local users to gain access to potentially sensitive environment variables in other users processes.
Ubuntu: Mandrake: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel PROC Filesystem Local Information Disclosure | Medium | Ubuntu Security Notice USN-38-1 December 14, 2004 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux Kernel 2.6 - 2.6.10 rc2 | The Linux kernel is prone to a local Denial of Service vulnerability. This vulnerability is reported to exist when 'CONFIG_SECURITY_NETWORK=y' and 'CONFIG_SECURITY_SELINUX=y' options are set in the Linux kernel. A local attacker may exploit this vulnerability to trigger a kernel panic and effectively deny service to legitimate users. Ubuntu: Fedora: Mandrake: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel Sock_DGram_SendMsg Local Denial of Service | Low | Ubuntu Security Notice USN-38-1 December 14, 2004 Fedora Update Notifications, FEDORA-2004-581 & 582, January 4, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Turbolinux Security Announcement , February 28, 2005 |
Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3 | An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.
Fedora: SuSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel | High | Bugtraq, January 7, 2005 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 |
Linux kernel 2.6 -test1-test11, 2.6-l 2.6.8; SuSE Linux 9.1 | A remote Denial of Service vulnerability exists in the iptables logging rules due to an integer underflow. Update available at: SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Mandrake: TurboLinux: A Proof of Concept exploit script has been published. | Low | SuSE Security Announcement, SUSE-SA:2004:037, October 20, 2004 Packetstorm, November 5, 2004 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Turbolinux Security Announcement , February 28, 2005 | |
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 | Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges. RedHat: Ubuntu: FedoraLegacy: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Multiple Vulnerabilities | Low/Medium (Low if a DoS) | Ubuntu Security Notice, USN-82-1, February 15, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Linux kernel 2.6.x, 2.4.x , SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Turbolinux Turbolinux Server 10.0 | Two vulnerabilities exist: a Denial of Service vulnerability exists via a specially crafted 'a.out' binary; and a vulnerability exists due to a race condition in the memory management, which could let a malicious user obtain sensitive information. SUSE: TurboLinux: Ubuntu: Trustix: Mandrake: FedoraLegacy: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Local DoS & | Low/ Medium (Medium if sensitive information can be obtained)
| Secunia Advisory, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 SecurityFocus, December 16, 2004 Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
Linux Kernel USB Driver prior to 2.4.27; Avaya Converged Communications Server 2.0, | A vulnerability exists in certain USB drivers because uninitialized structures are used and then 'copy_to_user(...)' kernel calls are made from these structures, which could let a malicious user obtain obtain uninitialized kernel memory contents. Update available at:
href=" http://kernel.org/"> Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml"> Trustix: Red Hat: FedoraLegacy: We are not aware of any exploits for this vulnerability. | Medium | US-CERT VU#981134, October 25, 2004 Trustix, TSLSA-2004-0041: kernel, August 9, 2004 Red Hat Security Advisories, RHSA-2004:505-14 & 505-13, December 13, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005
| |
Linux Kernel; Avaya Converged Communications Server 2.0, | A vulnerability exists in the Linux kernel io_edgeport driver. A local user with a USB dongle can cause the kernel to crash or may be able to gain elevated privileges on the target system. The flaw resides in the edge_startup() function in 'drivers/usb/serial/io_edgeport.c'.
Red Hat: Fedora: FedoraLegacy: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel | Low/ Medium (Medium if elevated privileges can be obtained) | SecurityTracker Alert ID: 1012477, December 10, 2004 Fedora Update Notifications, Avaya Security Advisory, ASA-2005-006, January 14, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 |
PHP 4.0.1-4.0.7, PHP PHP 4.1 .0-4.1.2, 4.2 .0-4.2.3, 4.3-4.3.10; SuSE Linux 9.0 x86_64, 9.0, 9.1 x86_64, 9.1, Linux Enterprise Server 9 | A Denial of Service vulnerability exists in the 'readfile()' function.
SuSE: There is no exploit code required. | PHP4 'readfile()' Denial of Service | Low | SUSE Security Summary Report, ID: SUSE-SR:2005:006, February 25, 2005 |
NX Server 1.3-1.3.2 | Several vulnerabilities exist: a vulnerability exists in the authority file due to an error in the way the file is handled, which could let a malicious user bypass authentication; and a vulnerability exists in the authority file when it is read and interrupted by a signal, which could let a malicious user bypass authentication.
Update available at: http://www.nomachine.com/download.php SUSE: Currently we are not aware of any exploits for these vulnerability. | NX Server X Server Authentication Bypass | Medium | Secunia Advisory, SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
|
Gaim 1.0-1.0.2, 1.1.1, 1.1.2 | Multiple remote Denial of Service vulnerabilities exist: a vulnerability exists when a remote malicious ICQ or AIM user submits certain malformed SNAC packets; and a vulnerability exists when parsing malformed HTML data.
Upgrades available at: Fedora: Ubuntu: There is no exploit code required. | Gaim Multiple Remote Denials of Service | Low | Gaim Advisory, February 17, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-85-1 February 25, 2005 |
Open Server 5.0-5.0.7 | A buffer overflow vulnerability exists in the scosession due to insufficient validation of user-supplied input strings prior to copying them to finite process buffers, which could let a malicious user execute arbitrary code. Updates available at: Currently we are not aware of any exploits for this vulnerability. | SCO scosession Buffer Overflow | High | SCO Security Advisory, SCOSA-2005.5, January 26, 2005 |
Squid Web Proxy Cache 2.5 .STABLE5-STABLE8 | A remote Denial of Service vulnerability exists when performing a Fully Qualify Domain Name (FQDN) lookup and and unexpected response is received. Patches available at: Gentoo: Ubuntu: Fedora: SUSE: Debian: Mandrake: Currently we are not aware of any exploits for this vulnerability. | Squid Proxy FQDN Remote Denial of Service | Low | Secunia Advisory, Gentoo Linux Security Advisory GLSA, 200502-25, February 18, 2005 Ubuntu Security Notice, USN-84-1, February 21, 2005 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2005:008, February 21, 2005 Debian Security Advisory, DSA 688-1, February 23, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:047, February 24, 2005 |
Solaris 9.0 _x86, 9.0 | A Denial of Service vulnerability exists in the Standard Type Services Framework Font Server Daemon (stfontserverd). Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris STFontServerD Denial of Service | Low | Sun(sm) Alert Notification, 57738, February 24, 2005 |
Typespeed 0.4.1 | A local format string vulnerability exists which could let a malicious user obtain elevated privileges. Debian: Proof of Concept exploit script has been published. | Typespeed Format String | Medium | Debian Security Advisory DSA 684-1, February 16, 2005 PacketStorm, February 25, 2005 |
Uim 4.5 | A vulnerability exists in the Uim library because environment variables contents are always trusted, which could let a malicious user obtain elevated privileges.
Upgrade available at: Mandrake: Gentoo: Currently we are not aware of any exploits for this vulnerability. | UIM LibUIM Elevated Privileges | Medium | SecurityFocus, 12604, February 21, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:046, February 24, 2005 Gentoo Linux Security Advisory, GLSA 200502-31, February 28, 2005 |
imap 2004b, 2004a, 2004, 2002b-2002e | A vulnerability exists due to a logic error in the Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) code, which could let a remote malicious user bypass authentication. Update available at: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" RedHat: SUSE: Currently we are not aware of any exploits for this vulnerability. | University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass | Medium | US-CERT VU#702777, January 27, 2005 Gentoo Linux Security Advisory, GLSA 200502-02, February 2, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 2005 RedHat Security Advisory, RHSA-2005:128-06, February 23, 2005 SUSE Security Announcements, SUSE-SR:2005:006 & SUSE-SA:2005:012, February 25 & March 1, 2005 |
VIM 6.0-6.2, 6.3.011, 6.3.025, 6.3 .030, 6.3.044, 6.3 .045 | Multiple vulnerabilities exist in 'tcltags' and 'vimspell.sh' due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files. Ubuntu: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" RedHat: Fedora: There is no exploit required. | Vim Insecure Temporary File Creation | Medium | Secunia Advisory, Ubuntu Security Notice, USN-61-1, January 18, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 200 Fedora Legacy Update Advisory, FLSA:2343, February 24, 2005 |
UnAce 1.0, 1.1, 1.2 b | Several vulnerabilities exist: a buffer overflow vulnerability exists in the ACE archive due to an incorrect 'strncpy()' call, which could let a remote malicious user execute arbitrary code; two other buffer overflow vulnerabilities exist when archive name command line arguments are longer than 15,600 characters and when printing strings are processed, which could let a remote malicious user execute code; and a Directory Traversal vulnerability exists due to improper filename character processing, which could let a remote malicious user obtain sensitive information. Gentoo: There is not exploit code required; however, Proofs of Concept exploits have been published. | Winace UnAce ACE Archive Remote Directory Traversal & Buffer Overflow | Medium/ High (High if arbitrary code can be executed) | SecurityTracker Alert, 1013265, February 23, 2005 |
Libxml2 2.6.12-2.6.14 | Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the 'xmlNanoFTPScanProxy()' function in 'nanoftp.c,' which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code. Upgrades available at: OpenPKG: Trustix: Fedora: Gentoo: Mandrake: OpenPKG: Trustix: Ubuntu: RedHat: Conectiva: RedHat (libxml): Apple: TurboLinux: Ubuntu: An exploit script has been published. | xmlsoft.org Libxml2 Multiple Remote Stack Buffer Overflows | High | SecurityTracker Alert I, 1011941, October 28, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200411-05, November 2,2 004 Mandrakelinux Security Update Advisory, MDKSA-2004:127, November 4, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.050, November 1, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0055, November 1, 2004 Ubuntu Security Notice, USN-10-1, November 1, 2004 Red Hat Security Advisory, RHSA-2004:615-11, November 12, 2004 Conectiva Linux Security Announcement, CLA-2004:890, November 18, 2004 Red Hat Security Advisory, RHSA-2004:650-03, December 16, 2004 Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 Turbolinux Security Advisory, TLSA-2005-11, January 26, 2005 Ubuntu Security Notice, USN-89-1, February 28, 2005 |
| id=multiple name=multiple>Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
mod_python | A vulnerability exists in mod_python in the publisher handler that could permit a remote malicious user to view certain python objects. A remote user can submit a specially crafted URL to view the names and values of variables. Red Hat: Ubuntu: Fedora: Gentoo: Trustix: Debian: Currently we are not aware of any exploits for this vulnerability. | Apache mod_python Information Disclosure Vulnerability | Medium | SecurityTracker Alert ID, 1013156, February 11, 2005 Red Hat RHSA-2005:104-03, February 10, 2005 Ubuntu, USN-80-1 February 11, 2005 Trustix #2005-0003, February 11, 2005 Debian, DSA-689-1, February 23, 2005 |
phpWebSite 0.10.0 and prior | A vulnerability exists in the Announce module that could let a remote malicious user who has privileges to upload image files execute arbitrary commands. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Appalachian State phpWebSite Arbitrary Code Execution Vulnerability | High | SecurityFocus, Bugtraq ID: 12653, February 25, 2005 |
Arkeia Network Backup 5.3.x and prior | A buffer overflow vulnerability exists that could let a remote malicious user execute arbitrary code on the target system. The software does not properly validate 'type 77' request packets. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Arkeia Network Backup Access Vulnerability | High | SecurityTracker Alert ID: 1013256, |
ACNS Software Version 4.2 and prior | Multiple vulnerabilities exist that could let remote users cause a Denial of Service. These are due to errors within the processing of TCP connections, IP packets, and network packets. he vulnerabilities affect devices configured as a transparent, forward, or reverse proxy server. A default password may also be available in the administrative account. Updates available: Currently we are not aware of any exploits for these vulnerabilities. | Cisco ACNS Denial of Service Vulnerabilities CAN-2005-0601 | Low | Cisco Security Advisory: 64069 Revision 1.0, February 24, 2005 |
Cisco IPVC-3510-MCU, | A vulnerability exists in some Cisco videoconferencing products that could permit a remote malicious user to gain control of the system using common default SNMP community strings. Cisco has issued a workaround available at:
href="http://www.cisco.com/public/technotes/cisco-sa-20050202-ipvc.shtml">http://www.cisco.com/public/ Revision 1.1: Added products to "Products Confirmed Not Vulnerable" list. Updated opening paragraph of "Obtaining Fixed Software" section. Revision 1.2:Added paragraph to "Workarounds" section. Currently we are not aware of any exploits for this vulnerability. | Cisco IP/VC Remote Access | High | Cisco Security Advisory 63894, February 2, 2005 Cisco Security Advisory 63894, Revision 1.2 & 1.2, February 23 & 25, 2005 |
AlterPath Manager 1.2.1 and prior | Multiple vulnerabilities exist that could let a local malicious user bypass security restrictions and disclose system information. This is due to errors in "consoleConnect.jsp," "saveUser.do, " and "/about.html" The vulnerabilities will reportedly be fixed in version 1.2.5. Currently we are not aware of any exploits for these vulnerabilities. | Cyclades AlterPath Manager Access Vulnerability | Medium | CIRT Advisories 200502, 200503, 200501, February 23, 2005 |
CubeCart 2.0 - 2.0.5 | Multiple vulnerabilities exist that could let a remote user determine the installation path and conduct Cross-Site Scripting attacks. This is due to input validation errors in the 'admin/Settings.inc.php' script. A remote user can also directly call certain scripts to display the installation path. The vendor has issued a fixed version (2.0.6) to correct the path disclosure flaws but not the Cross-Site Scripting flaws, available at: http://www.cubecart.com/site/downloads/ A Proof of Concept exploit has been published. | Devellion CubeCart Cross-Site Scripting and Information Disclosure Vulnerabilities | High | SecurityFocus, Bugtraq ID: 12658, February 25, 2005 |
FCKeditor 2.0 RC2 | A vulnerability exists that could let a remote user can upload arbitrary files to the target system. Systems running PHP-Nuke and Mambo may be affected. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Frederico Knabben FCKeditor May Permit Arbitrary File Upload | Medium | SecurityFocus, Bugtraq ID: 12676, February 28, 2005 |
AWStats 6.3 and prior | Multiple vulnerabilities exist which could permit local malicious users to gain escalated privileges, disclose system information, and cause a Denial of Service. This is due to errors in "awstats.pl" and the "loadplugin" and "pluginmode" parameters input validation. The vulnerabilities have reportedly been fixed in the CVS repository. An exploit script has been published. | GNU AWStats Multiple Vulnerabilities CAN-2005-0435 | Low/ Medium (Medium if sensitive information can be obtained or elevated privileges are obtained) | SecurityFocus, Bugtraq ID 12545, February 14, 2005 |
Gaim prior to 1.1.4 | A vulnerability exists in the processing of HTML that could let a remote malicious user crash the Gaim client. This is due to a NULL pointer dereference.
A fixed version (1.1.4) is available at: http://gaim.sourceforge.net/downloads.php Ubuntu: Fedora: http://download.fedora.redhat.com/ Currently we are not aware of any exploits for this vulnerability. | GNU Gaim Denial of Service Vulnerability | Low | Sourceforge.net Gaim Vulnerability Note, February 24, 2005 |
PBLang 4.65 | Multiple vulnerabilities exist that could permit a remote malicious user to conduct Cross-Site Scripting attacks. This is due to improper input validation in the 'search.php' script. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GNU PBLang Cross-Site Scripting Vulnerability | High | SecurityTracker Alert ID: 1013277, February 23, 2005 |
PunBB 1.2.1 | Multiple vulnerabilities exist that could let a remote malicious user inject SQL commands. This is due to input validation errors in the 'register.php', 'profile.php', and 'moderate.php' scripts. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GNU PunBB SQL Injection Vulnerability | High | SecurityTracker Alert ID: 1013294, February 25, 2005 |
WebMod 0.47 (Half-LifeDedicated Server plugin) | A vulnerability exists that could let a remote malicious user cause a Denial of Service or execute arbitrary code. This is due to a boundary error in the handling of POST data in "server.cpp". Update to version 0.48: http://djeyl.net/w.php Currently we are not aware of any exploits for this vulnerability. | GNU WebMod "Content-Length" Remote Code Execution Vulnerability | Low/ (High if arbitrary code can be executed) | SecurityFocus, Bugtraq ID: 12679, February 28, 2005 |
ginp 0.x | A vulnerability exists that could let a remote malicious user gain knowledge of sensitive information. This is due to an input validation error that could permit a directory traversal attack. Update to version 0.22: http://sourceforge.net/project/ Currently we are not aware of any exploits for this vulnerability. | GPL ginp Information Disclosure Vulnerability | Medium | SecurityFocus,12642, February 23, 2005 |
Hardware Management Console (HMC) | A vulnerability exists that could let a local malicious users obtain escalated privileges. This is due to an error in the Guided Setup Wizard. Apply APAR MB00913 for Version 4 Release 2.0 and later: http://techsupport.services.ibm.com/ Currently we are not aware of any exploits for this vulnerability. | IBM Hardware Management Console | Medium | Secunia SA14377, February 24, 2005 |
iG Shop 1.2 | A vulnerability exists that could let a remote malicious user inject SQL commands. This is due to improper input validation in the 'page.php' script. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | iGeneric iG Shop SQL Execution Vulnerability | High | SecurityTracker Alert ID: 1013268, February, 23 2005 |
A vulnerability exists that could let a remote malicious user inject arbitrary shell commands. This is because some configuration options can be manipulated. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | ImageGallery Twiki Plugin Shell Command Injection | High | Secunia SA14384, February 25, 2005 | |
Mitel Model 3300 ICP PBX (prior to 4.2.2.11) | A vulnerability exists in the web interface that could let a remote malicious user hijack sessions. This is because the web interface uses a predictable session ID number for authentication purposes. Update to version (4.2.2.11). A Proof of Concept exploit has been published. | Mitel 3300 ICP PBX Session Hijack Vulnerability | Medium | Corsaire Security Advisory --c040817-002, February 28, 2005 |
Mitel Model 3300 ICP PBX (prior to 5.2) | A vulnerability exists in the web interface that could let a remote user deny service. A user could establish 50 sessions to consume all available web sessions. This is due to input validation errors in the 'esm_validate.asp' script. Update to version (5.2). A Proof of Concept exploit has been published. | Mitel 3300 ICP PBX Denial of Service Vulnerability | Low | Corsaire Security Advisory --c040817-003, February 28, 2005 |
Firefox 1.0 | A vulnerability exists in the XPCOM implementation that could let a remote malicious user execute arbitrary code. The exploit can be automated in conjunction with other reported vulnerabilities so no user interaction is required.
A fixed version (1.0.1) is available at: http://www.mozilla.org/products/firefox/all.html A Proof of Concept exploit has been published. | Mozilla Firefox Remote Code Execution Vulnerability | High | SecurityTracker Alert ID: 1013301, February 25, 2005 |
Mozilla 1.7.x and prior Mozilla Firefox 1.x and prior Mozilla Thunderbird 1.x and prior | Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system. Firefox: Update to version 1.0.1: http://www.mozilla.org/products/firefox/ Mozilla: Thunderbird: Fedora update for Firefox: http://download.fedora.redhat.com/ Currently we are not aware of any exploits for these vulnerabilities. | Mozilla / Firefox / Thunderbird Multiple Vulnerabilities CAN-2005-0255 | Medium | Mozilla Foundation Security Advisories 2005-14, 15, 17, 18, 19, 20, 21, 24, 28 |
Firefox 1.0 | There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows. A fix is available via the CVS repository Fedora:
href="ftp://aix.software.ibm.com/aix/efixes/security/perl58x.tar.Z"> A Proof of Concept exploit has been published. | Mozilla Firefox Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230 | High | SecurityTracker Alert ID: 1013108, February 8, 2005 Fedora Update Notification, |
Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0 | A vulnerability exists which can be exploited by malicious people to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box. Upgrade available at: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Currently we are not aware of any exploits for this vulnerability. | Medium | Secunia SA13599, January 4, 2005 Fedora Update Notification, | |
Mozilla 1.7.3 Mozilla Firefox 1.0 for Windows | A vulnerability exists that could let remote malicious users trick users into downloading malicious files. This is because the the browser uses the different criteria to determine the the file type when saving the downloaded file. Updated versions are available. Mozilla Firefox 1.0.1: http://www.mozilla.org/products/firefox/ Mozilla 1.7.5: http://www.mozilla.org/products/mozilla1.x/ Currently we are not aware of any exploits for this vulnerability. | Mozilla / Firefox Download Spoofing Vulnerability | Medium | Secunia SA13258, March 1, 2005 Mozilla Foundation Security Advisory 2005-22 |
Mozilla Firefox 1.0 and 1.0.1 | A vulnerability exists that could let remote malicious users conduct Cross-Site Scripting attacks. This is due to missing URI handler validation No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting Vulnerability | High | Secunia SA14406, March 1, 2005 |
phpBB 2.0.12 and prior | A vulnerability exists that could let a remote malicious user bypass certain security restrictions. This is due to errors in sessiondata['autologinid'], auto_login_key, and viewtopic.php. Update to version 2.0.13. An exploit script has been published. | phpBB "autologinid" Security Bypass | Medium | phpBB 2.0.13 Release Notes, February 27, 2005 |
phpBB 2.0.11 | Multiple vulnerabilities exist which remote malicious users could exploit to disclose and delete sensitive information. This is due to errors in the avatar handling functions. Update to version 2.0.12: http://www.phpbb.com/downloads.php Gentoo: Currently we are not aware of any exploits for these vulnerabilities. | phpBB Information Disclosure Vulnerability | Medium | phpBB Advisory 265423, February 21, 2005 Gentoo inux Security Advisory, GLSA 200503-02, March 1, 2005 |
phpMyAdmin 2.6.1 | Multiple vulnerabilities exist that could let remote users conduct Cross-Site Scripting attacks and disclose sensitive information. This is due to input validation errors in "select_server.lib.php", "display_tbl_links.lib.php", "theme_left.css.php", "theme_right.css.php", "phpmyadmin.css.php", and"database_interface.lib.php." Update to version 2.6.1-pl1: http://sourceforge.net/project/ A Proof of Concept exploit script has been published. | phpMyAdmin Cross-Site Scripting and Information Disclosure Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | Sourceforge.net, phpMyAdmin Project Tracker 1149383 and 1149381, February 22, 2005 |
PostNuke 0.750, 0.760RC2 | Vulnerabilities exist that could let a remote malicious user inject SQL commands. The following modules do not properly validate user input: pnadmin.php, past.php, dl-util.php, dl-s earch.php, admin.php, index.php. Updates are available at: http://news.postnuke.com/ Exploit scripts have been published. | PostNuke SQL Injection Vulnerability | High | SecurityTracker Alert ID: 1013324, February 28, 2005 |
SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4 | A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected. Patches for Python 2.2, 2.3, and 2.4, available at:
href="http://python.org/security/PSF-2005-001/patch.txt">http://python.org/security/ The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1. Debian:
href="http://www.debian.org/security/2005/dsa-666"> Gentoo: Mandrakesoft:
href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:035"> Trustix:
href="http://www.trustix.org/errata/2005/0003/"> Red Hat:
href="http://rhn.redhat.com/errata/RHSA-2005-109.html"> SUSE: Debian:
href="http://security.debian.org/pool/updates/main/liba/libapache-mod-python/"> Currently we are not aware of any exploits for this vulnerability. | Python SimpleXMLRPCServer Remote Code
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089">CAN-2005-0089 | High | Python Security Advisory: PSF-2005-001, February 3, 2005 Gentoo, GLSA 200502-09, February 08, 2005 Mandrakesoft, MDKSA-2005:035, February 10, 2005 Trustix #2005-0003, February 11, 2005 RedHat Security Advisory, RHSA-2005:109-04, February 14, 2005 SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005 Debian Security Advisory, DSA 689-1, February 23, 2005 |
Soldier of Fortune II 1.03 gold and prior | A vulnerability exists that could let a a remote malicious user cause the target game service to crash. A remote user can send a specially crafted cl_guid value to trigger a memory access error. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Raven Soldier of Fortune II Denial of Service Vulnerability | Low | SecurityTracker Alert ID: 1013291, February 24, 2005 |
Sun Java JRE 1.3.x, 1.4.x, | A vulnerability exists due to a design error because untrusted applets for some private and restricted classes used internally can create and transfer objects, which could let a remote malicious user turn off the Java security manager and disable the sandbox restrictions for untrusted applets. Updates available at:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/10/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200411-38.xml"> HP:
href="http://www.hp.com/go/java"> Symantec:
href="http://securityresponse.symantec.com/avcenter/security/Content/2005.01.04.html"> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Apple:
href="http://docs.info.apple.com/article.html?artnum=300980"> Currently we are not aware of any exploits for this vulnerability. | Medium | Sun(sm) Alert Notification, 57591, November 22, 2004 US-CERT VU#760344, November 23, 2004 Conectiva Linux Security Announcement, CLA-2004:900, November 26, 2004 Gentoo Linux Security Advisory, GLSA 200411-38, November 29, 2004 HP Security Bulletin, Sun(sm) Alert Notification, 57591, January 6, 2005 (Updated) Symantec Security Response, SYM05-001, SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Apple Security Update, APPLE-SA-2005-02-22, February 22, 2005 | |
Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.68 and later than 1.5Z) Gateway Security 360/360R (firmware builds prior to build Gateway Security 460/460R (firmware builds prior to build Nexland Pro800turbo (firmware builds prior to build 1.6X and later | Vulnerabilities exist in various Symantec firewall devices, which may disclose sensitive information to malicious people. This is due to an error in the SMTP binding functionality of certain devices with ISP load-balancing capabilities. The vendor has issued updated firmware releases: http://www.symantec.com/techsupp Currently we are not aware of any exploits for these vulnerabilities. | Symantec Firewall Devices SMTP Binding Configuration Bypass | Medium | Symantec Security Bulletin, SYM05-004, February 28, 2005 |
Client / Server / Messaging Suite for SMB | A vulnerability exists in multiple Trend Micro virus products that could let a remote malicious user execute arbitrary code. This is due to a boundary error in the AntiVirus library when processing ARJ files that could be exploited to cause a heap-based buffer overflow. Update information available at: Currently we are not aware of any exploits for this vulnerability. | Trend Micro AntiVirus Library Heap Overflow | High | Internet Security Systems Protection Advisory February 24, 2005 |
University of California (BSD License) PostgreSQL 7.x, 8.x | Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration. Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7:
href="http://wwwmaster.postgresql.org/download/mirrors-ftp">http://wwwmaster.postgresql. Ubuntu:
href="http://www.ubuntulinux.org/support/documentation/usn/usn-71-1"> Debian:
href="http://www.debian.org/security/2005/dsa-668"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200502-08.xml"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-141.html"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200502-19.xml"> Debian:
href="http://security.debian.org/pool/updates/main/p/postgresql/"> Mandrakesoft:
href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:040"> SUSE: Currently we are not aware of any exploits for these vulnerabilities. | University of California PostgreSQL Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227">CAN-2005-0227 | Medium/ High (High if arbitrary code can be executed) | PostgreSQL Security Release, February 1, 2005 Ubuntu Security Notice USN-71-1 February 01, 2005 Debian Security Advisory Gentoo GLSA 200502-08, February 7, 2005 Fedora Update Notifications, Ubuntu Security Notice,e USN-79-1 , February 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 Gentoo Linux Security Advisory, GLSA 200502-19, February 14, 2005 RedHat Security Advisory, RHSA-2005:141-06, February 14, 2005 Debian Security Advisory, DSA 683-1, February 15, 2005 Mandrakesoft, MDKSA-2005:040, February 17, 2005 SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 |
MediaWiki prior to 1.3.11 | Multiple vulnerabilities exist in MediaWiki that could let a remote malicious user conduct Cross-Site Scripting attacks and permit a remote authenticated administrator to delete certain files on the system. Input validation errors exist in various fields. A fixed version (1.3.11) is available at: http://sourceforge.net/project/ Currently we are not aware of any exploits for these vulnerabilities. | Wikimedia MediaWiki Cross-Site Scripting Attacks and Directory Traversal Vulnerability | Medium/ High (High if arbitrary code can be executed) | SecurityFocus, Bugtraq ID: 12625, February 28, 2005 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| March 1, 2005 | einstein101.txt | No | Exploit for the Einstein Password Disclosure vulnerability. |
| March 1, 2005 | phpbbsession.c | Yes | Script that exploits the phpBB "autologinid" Security Bypass vulnerability. |
| March 1, 2005 | postnukeSQL0760.txt postnukeXSS.txt postnukeSQL0760-2.txt | Yes | Detailed exploitation for the PostNuke SQL Injection Vulnerability. |
| February 28, 2005 | badBlueExploit.cpp badBlueBufferOverflowExpl.c badblue25.c badblue.cpp | Yes | Exploits for the Working Resources BadBlue MFCISAPICommand Remote Buffer Overflow vulnerability. |
| February 28, 2005 | scrapboom.zip | No | Proof of Concept exploit for the MercurySteam Scrapland Game Server Remote Denial of Service vulnerabilities. |
| February 26, 2005 | ChatAnywhere.c | No | Script that exploits the Chat Anywhere Password Disclosure vulnerability. |
| February 26, 2005 | dbmac.tar.gz | N/A | MacSpoof DB is a database of MAC prefixes for spoofing your MAC address in Linux. |
| February 26, 2005 | eXeem021.c | No | Script that exploits the eXeem Password Disclosure vulnerability. |
| February 26, 2005 | mb111-zk.txt | N/A | MercuryBoard blind bruteforcing utility. |
| February 26, 2005 | phpMyAdmin261.txt | Yes | Detailed exploitation for the phpMyAdmin Cross-Site Scripting and Information Disclosure Vulnerabilities. |
| February 26, 2005 | rkhunter-1.2.1.tar.gz | N/A | Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. |
| February 26, 2005 | SendLink.c | No | Script that exploits the SendLink Password Disclosure vulnerability. |
| February 26, 2005 | sileAWSxpl_v5.7-6.2.c | Yes | Script that exploits the GNU AWStats Multiple Vulnerabilities. |
| February 26, 2005 | webconnect.pl webconnect.c | Yes | Exploits for the OpenConnect Systems WebConnect Remote Denial of Service and Information Disclosure vulnerability. |
| February 26, 2005 | WifiScanner-0.9.6.tar.gz | N/A | WifiScanner is an analyzer and detector of 802.11b stations and access points that can listen alternatively on all the 14 channels, write packet information in real time, search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. |
| February 26, 2005 | wuftpd262DoS.c | No | Script that exploits the Wu-FTPD Globbing Denial of Service vulnerability. |
| February 25, 2005 | 3CDaemon.c | No | Script that exploits the 3Com 3CDaemon Multiple Remote Vulnerabilities. |
| February 25, 2005 | a2ps.c | Yes | Proof of Concept exploit for the GNU a2ps Filenames Shell Commands Execution vulnerability. |
| February 25, 2005 | brute_cisco.exp | N/A | Brute force utility for Cisco password authentication. |
| February 25, 2005 | cfengineRSA.c | Yes | Script that exploits the Cfengine RSA Authentication Heap Corruption vulnerability. |
| February 25, 2005 | cisco-torch-0.3b.tar.bz2 | N/A | Cisco Torch mass scanning, fingerprinting, and exploitation tool. |
| February 25, 2005 | exwormshoutcast.c shoutcastPoC.c | Yes | Exploits for the Nullsoft SHOUTcast File Request Format String vulnerability. |
| February 25, 2005 | kNetBufferOverflowPoC.c knetDoS104c.txt | No | Proof of Concept exploit for the Stormy Studios KNet Remote Buffer Overflow vulnerability. |
| February 25, 2005 | PeerFTP_5.c | No | Script that exploits the PeerFTP_5 FTP Password Disclosure vulnerability. |
| February 25, 2005 | savant31FR.txt | No | Exploit for the Savant Web Server Remote Buffer Overflow vulnerability. |
| February 25, 2005 | TCW690.txt | No | Script that exploits the Thomson TCW690 Cable Modem Multiple vulnerabilities. |
| February 25, 2005 | un-typed.c | Yes | Proof of Concept exploit for the Typespeed Format String vulnerability. |
| February 24, 2005 | sof2guidboom.zip | No | Exploit for the Raven Software Soldier Of Fortune 2 Remote Denial Of Service vulnerability |
| February 23, 2005 | elog_unix_win.c | No | Script that exploits the ELOG Web Logbook Attached Filename Remote Buffer Overflow vulnerability. |
| February 23, 2005 | prozillaFormatString.c | No | Script that exploits the ProZilla Initial Server Response Remote Client-Side Format String vulnerability. |
| February 23, 2005 | unAceBufferOverflowPOC.zip | No | Script that exploits the Winace UnAce Buffer Overflow vulnerability. |
name=trends>Trends
- A redirection script on eBay's site is being exploited by phisers that makes fraudulent emails look more convincing. For more information, see "eBay provides backdoor for phishers" located at: http://www.theregister.co.uk/2005/02/28/ebay_phishing_backdoor/.
- Federal authorities are investigating two e-mail scams, including one targeting families of soldiers killed in Iraq, that claim to be connected to the Homeland Security Department. For more information, see: "E-Mail Scams Exploit Homeland Security And Soldiers Killed In Iraq" located at: http://www.informationweek.com/story/showArticle.jhtml?articleID=60402476
- Britain’s Home Office has launched a high-profile campaign to secure the Internet against hacking groups using networks of infected computers to launch worm, spam and denial of service attacks against critical businesses and services. The campaign, which features a Website and an alert service to help non-IT specialists protect their computer systems, is designed to plug one of the weakest links in security on the Internet: home and small business PCs. The campaign will encourage home users and small businesses to sign up to an alert service, run by the National Infrastructure Security Coordination Centre (NISCC), part of the Home Office, which will give advice on urgent threats that affect home PCs, PDAs and mobile phones. . For more on the new service, visit http://www.itsafe.gov.uk. For more information, see "Home Office in drive to stamp out botnets" located at: http://www.computerweekly.com/articles/article.asp?liArticleID=136955&liArticleTypeID
=1&liCategoryID=2&liChannelID=22&liFlavourID=1&sSearch=&nPage=1
href="#top">[back to top]
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Bagle.BJ | Win32 Worm | Increase | January 2005 |
2 | Netsky-P | Win32 Worm | Slight Decrease | March 2004 |
3 | Zafi-D | Win32 Worm | Slight Decrease | December 2004 |
4 | Netsky-Q | Win32 Worm | Stable | March 2004 |
5 | Zafi-B | Win32 Worm | Decrease | June 2004 |
6 | Netsky-D | Win32 Worm | Slight Decrease | March 2004 |
7 | Netsky-B | Win32 Worm | Slight Increase | February 2004 |
8 | Bagle-AU | Win32 Worm | Increase | October 2004 |
9 | Lovegate.W | Win32 Worm | New to Table | April 2004 |
10 | Bagle-BB | Win32 Worm | Return to Table | September 2004 |
Table Updated March 1, 2005
Viruses or Trojans Considered to be a High Level of Threat
- BagleDI-L: A new variant of Bagle, BagleDl-L, is a Trojan horse that damages security applications and attempts to connect with a number of Web sites. According to antivirus companies F-Secure and Sophos, these Web sites currently contain no malicious code, but both companies believe this could soon change. For this Trojan to work, a certain amount of social engineering is required because the e-mails contain a ZIP-file attachment that must be opened to display the programs "doc_01.exe" or "prs_03.exe," which must also be run manually to infect a computer. For more information see: http://news.com.com/New+Bagle+damages+security+software/2100-7349_3-5594201.html?tag=nefd.top
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.