Summary of Security Items from August 10 through August 16, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Multiple input validation vulnerabilities have been reported in DVBBS that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | DVBBS Cross Site Scripting | Medium | Security Tracker, Alert ID: 1014632, August 8, 2005 | |
ePolicy Orchestrator 3.5 | An vulnerability has been reported in ePolicy Orchestrator that could let local malicious users disclose information and obtain elevated privileges. No workaround or patch available at time of publishing. An exploit script has been published. | ePolicy Information Disclosure and Privilege Elevation | Medium | Security Focus, ID: 14549, August 11, 2005 |
Plug and Play | A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges. Vendor fix available: Exploit scripts have been published and worm, "Worm:Win32/Zotob.A", is circulating. | Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges | High | Microsoft Security Bulletin MS05-039, August 9, 2005 Microsoft Security Advisory, 899588, August 15, 2005 |
MindAlign 5.0 | Multiple vulnerabilities have been reported in MindAlign that could let local or remote malicious users perform a Denial of Service, bypass security, conduct Cross-Site Scripting, or disclose information. Fix available through vendor: support@parlano.com Currently we are not aware of any exploits for these vulnerabilities. | MindAlign Multiple Vulnerabilities CAN-2005-2590
| Medium | NISCC Vulnerability Advisory 356752, August 12, 2005 |
eDirectory 8.7.3 iMonitor | A buffer overflow vulnerability has been reported in eDirectory iMonitor that could let remote malicious users to cause a Denial of Service or execute arbitrary code. Vendor fix available: An exploit script has been published. | Novell eDirectory Denial of Service or Arbitrary Code Execution | High | Novell, TID10098568, August 12, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Spam | A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message. A fixed version (3.0.4) is available at: http://spamassassin. Fedora: Gentoo: SUSE: RedHat: Mandriva: Debian: There is no exploit code required. | Apache SpamAssassin Lets Remote Users Deny Service | Low | Security Tracker Alert ID: 1014219, Fedora Update Notifications, Gentoo Linux Security SUSE Security Announce- RedHat Mandriva Linux Security Update Advisory, MDKSA-2005:106, Debian Security Advisory, DSA 773-1, August 11, 2005 |
Mac OS X Server 10.4-10.4.2, 10.3.9, Mac OS X 1-.4-10.4.2, 10.3.9 | Multiple security vulnerabilities have been reported: five vulnerabilities were reported ranging from buffer overflows to access validation in Apache; three vulnerabilities were reported in Appkit which could lead to the execution of arbitrary code or local account creation; an authentication bypass vulnerability was reported in Bluetooth; two vulnerabilities were reported in CoreFoundation which could result in a buffer overflow and a Denial of Service; two vulnerabilities were reported in CUPS, which could lead to a remote Denial of Service; three vulnerabilities were reported in Directory Services ranging from a buffer overflow, unauthorized account creation/deletion and and elevated privileges; a vulnerability was reported in Htoolbox that lead to information disclosure; five vulnerabilities were reported in Kerberos that could lead to a buffer overflow, arbitrary code execution and root compromise; a vulnerability was reported in 'loginwindow' which could let a malicious user obtain access to other logged in accounts; a vulnerability has been reported regarding the loss of privacy when remote images are loaded into HTML email; three security vulnerabilities have been reported in MySQL which could lead to remote arbitrary code execution; two vulnerabilities have been reported in OpenSSL which could lead to a Denial of Service; a vulnerability has been reported in ping that could lead to local privilege escalation and arbitrary code execution; a vulnerability has been reported in QuartzComposerScreen Saver, which could let remote malicious users open pages while the RSS Visualizer screen is locked; two vulnerabilities have been reported in Safari which could lead to remote command execution or have information submitted to an incorrect site; a vulnerability has been reported in SecurityInterface which could lead to sensitive information disclosure; a buffer overflow vulnerability has been reported in 'servermgrd' which ultimately lead to the execution of arbitrary code; a vulnerability has been reported in 'servermgr_ipfilter' regarding firewall settings not always being written to the Active Rules; two vulnerabilities have been reported in SquirrelMail which could lead to Cross-Site Scripting; a vulnerability was reported in 'traceroute' which could lead to remote arbitrary code execution and privilege escalation; a vulnerability was reported in 'WebKit' that could lead to arbitrary code execution regarding a malformed PDF file; multiple Cross-Site Scripting vulnerabilities have been reported in Weblog Server; a vulnerability has been reported in 'X11' that could lead to remote arbitrary code execution; and two Denial of Service vulnerabilities were reported in zlib that potentially could lead to arbitrary code execution. Patch information available at: Currently we are not aware of any exploits for these vulnerabilities. | High | Apple Security Update 2005-007, APPLE-SA-2005-08-15, August 15, 2005 | |
Safari Web Browser 1.3 | A remote Denial of Service vulnerability has been reported when certain JavaScript operations are performed. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Apple Safari Web Browser JavaScript Remote Denial of Service | Low | Security Focus 14528, August 9, 2005 |
BlueZ 2.18 & prior | A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code. Upgrades available at: Gentoo: There is no exploit code required. | BlueZ Arbitrary Command Execution
| High | Security Focus 14572, August 16, 2005 Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005 |
Centericq 4.20 | A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. Debian: Debian: There is no exploit code required. | CenterICQ | Medium | Security Debian Debian Security Advisory, DSA 773-1, August 11, 2005 |
crip 3.5 | A vulnerability has been reported due to the creation of temporary files in an insecure manner, which could let a malicious user overwrite files or cause a Denial of Service. Debian: Debian: There is no exploit code required. | Crip Helper Script Insecure Temporary File Creation | Medium | Debian Security Advisory, DSA 733-1, June 30, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
ClamAV 0.x | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'cli_scanszdd()' function in 'libclamav/scanners.c' due to a memory and file descriptor leak; and a remote Denial of Service vulnerability was reported in 'libclamav/mspack/mszipd.c' due to insufficient validation of the 'ENSURE_BITS()' macro user-supplied cabinet file header. Upgrades available at: Conectiva: Debian: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Clam Anti-Virus ClamAV Remote Denials of Service | Low | Security Tracker Alert ID: 1014332, June 29, 2005 Conectiva Linux Announce- Debian Security Advisory, DSA 737-1, July 6, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Dada Mail 2.9.2 | A vulnerability has been reported due to insufficient sanitization of archived messages before displayed, which could let a remote malicious user inject arbitrary script code. Upgrade available at: There is no exploit code required. | Dada Mail Archives HTML Injection | Medium | Secunia Advisory: SA16435, August 16, 2005 |
Fetchmail 6.2.5 | A remote buffer overflow vulnerability has been reported in the POP3 client due to insufficient boundary checks, which could let a malicious user obtain elevated privileges. Fedora: Redhat: Ubuntu: Gentoo: Debian: SGI: Currently we are not aware of any exploits for this vulnerability. | Fetchmail POP3 Client Buffer Overflow | Medium | Fedora Update Notifications, Redhat Security Advisory, RHSA-2005:640-08, July 25, 2005 Ubuntu Security Notice, USN-153-1, July 26, 2005 Gentoo Security Advisory, GLSA 200507-21, July 25, 2005 Debian Security Advisory, DSA 774-1, August 12, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 |
Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2 | A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code. Upgrades available at: Debian: Currently we are not aware of any exploits for this vulnerability. | Ettercap Remote Format String | High | Secunia Advisory, SA15535, May 31, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
FUSE 2.x | A vulnerability has been reported because certain memory is not correctly cleared before returned to users, which could let a malicious user obtain sensitive information. Update available at: Debian: A Proof of Concept exploit script has been published. | Medium | Secunia Advisory, SA15561, June 3, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 | |
Gallery 1.5 1.4 -1.4.4 -pl5 | A vulnerability has been reported in 'classes/postnuke0.7.1/user.php' when determining the gallery name due to incorrect use of the global '$name' variable, which could let a remote malicious user bypass security restrictions. Upgrades available at: There is no exploit code required. | Medium | Secunia Advisory: SA16389, August 11, 2005 | |
gEdit 2.0.2, 2.2 .0, 2.10.2 | A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Ubuntu: Gentoo: RedHat: Mandriva: TurboLinux: SGI: Debian: Debian: An exploit has been published. | High | Securiteam, Ubuntu Security Notice, Gentoo Linux Security Advisory, GLSA 200506-09, RedHat Security Advisory, Mandriva Linux Security Update Advisory, MDKSA-2005:102, Turbolinux Security Advisory, SGI Security Advisory, 20050603- Debian Security Advisory, Debian Security Advisory, DSA 773-1, August 11, 2005 | |
Ignite-UX B.3.x, C.6.x | Several vulnerabilities have been reported: a vulnerability was reported in 'add_new_client' command, which could let a malicious user obtain access to the file system or cause a Denial of Service; and a vulnerability was reported in the 'make_recovery' command, which could let a malicious user obtain sensitive information.
Patches available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | HP Ignite-UX TFTP Service Vulnerabilities | Medium | HP Security Bulletin, HPSBUX01219, August 16, 2005 |
High Availability Heartbeat 1.2.3 | An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files. Debian: Conectiva: Gentoo: Mandriva: Debian: Ubuntu: There is no exploit code required. | Heartbeat Arbitrary File Overwrite | Medium | Secunia Advisory: SA16039, Debian Security Advisory, Conectiva Linux Announce- Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:132, August 10, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 Ubuntu Security Notice, USN-165-1, August 11, 2005 Debian Security Advisory DSA 761-2 , August 15, 2005 |
HT Editor 0.8 | Several vulnerabilities have been reported: a vulnerability was reported in the Executable and Linking Format (ELF) parser due to a heap overflow, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the Portable Executable (PE) parser due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo: Debian: Currently we are not aware of any exploits for these vulnerabilities. | HT Editor ELF & PE Parser Remote Code Execution | High | Gentoo Linux Security Advisory, GLSA 200505-08, May 10, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Kadu 0.4.0 | An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service. Upgrade to version 0.4.1: Gentoo: Conectiva: Ubuntu: Debian: Currently we are not aware of any exploits for this vulnerability. | Kadu Denial of Service | Low | Secunia, Advisory: SA16238, July 27, 2005 Gentoo Security Advisory, GLSA 200507-26, July 27, 2005 Conectiva Linux Announce- Ubuntu Security Notice, Debian Security Advisory, DSA 773-1, August 11, 2005 |
Antivirus for Linux Servers 5.5 -2 | A vulnerability have been reported in '/var/log/kav/5.5/kav4unix' due to insecure default directory permissions, which could let a malicious user overwrite arbitrary files with privileges of the root user.
Users of affected packages are urged to contact the vendor for further information on obtaining fixes. There is no exploit code required; however, an exploit script has been published. | Medium | Secunia Advisory: SA16425, August 15, 2005 | |
KDE 3.0 - 3.4.2 | A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.
Patches available at: Fedora: There is no exploit code required. | KDE langen2kvtml Insecure Temporary File Creation | Medium | KDE Security Advisory, August 15, 2005 Fedora Update Notification, |
Firefox 1.0 | A vulnerability exists when a predictable name is issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information. Update available at:
alink="#999999">
href="http://www.mozilla.org/products/firefox/all.html "> Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-10.xml"> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org/ FedoraLegacy: HP: An exploit has been published. | Medium | Mozilla Foundation Security Advisory, 2005-28, February 25, 2005 SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005 Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, | |
Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64; | A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files. RedHat: http://rhn.redhat.com/errata/ http://rhn.redhat.com/errata/ Ubuntu: KDE: Mandriva: SGI: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Low | RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005 Ubuntu Security Notice, USN-163-1, August 09, 2005 KDE Security Advisory, 20050809-1, August 9, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 200-5 | |
dhcpcd 1.3.22 | A vulnerability has been reported in dhcpcd that could let a remote user perform a Denial of Service. Debian: Mandriva: Gentoo: Conectiva: RedHat: Debian:
href=" http://security.debian.org/pool/updates/main/q/qpopper/"> Currently we are not aware of any exploits for this vulnerability. | dhcpcd Denial of Service | Low | Secunia, Advisory: SA15982, July 11, 2005 Debian Security Advisory, DSA 750-1, July 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:117, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-16, July 15, 2005 Conectiva, CLSA-2005:983, July 25, 2005 RedHat Security Advisory, RHSA-2005:603-07, July 27, 2005 Debian Security Advisor, DSA 773-1, August 11, 2005 |
Qpopper 4.x; Gentoo Linux | Several vulnerabilities have been reported: a vulnerability was reported because user supplied config and trace files are processed with elevated privileges, which could let a malicious user create/overwrite arbitrary files; and a vulnerability was reported due to an unspecified error which could let a malicious user create group or world-writable files. Upgrades available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-17.xml"> Debian: SuSE: Debian:
href=" http://security.debian.org/pool/updates/main/q/qpopper/"> There is no exploit code required. | Medium | Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005 Secunia Advisory, SA15475, May 24, 2005 Debian Security Advisories, DSA 728-1 & 728-2, May 25 & 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 Debian Security Advisor, DSA 773-1, August 11, 2005 | |
RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; Easy Software Products CUPS 1.1.19 | A remote Denial of Service vulnerability has been reported when the application fails to do proper bounds checking when handling malformed PDF files. RedHat: Currently we are not aware of any exploits for this vulnerability. | Easy Software Products CUPS Remote Denial of Service | Low | RedHat Security Advisory, RHSA-2005:706-04, August 9, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported due to the way away messages are handled, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability has been reported due to an error when handling file transfers. Updates available at: http://gaim.sourceforge.net/ RedHat: http://rhn.redhat.com/errata/ Ubuntu: Gentoo: SGI: Mandriva: A Proof of Concept exploit has been published for the buffer overflow vulnerability. | Gaim AIM/ICQ Protocols Buffer Overflow & Denial of Service | High | RedHat Security Advisories, RHSA-2005:589-16 & RHSA-2005:627-11, August 9, 2005 Ubuntu Security Notice, USN-168-1, August 12, 2005 Gentoo Linux Security Advisory, GLSA 200508-06, August 15, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:139, August 16, 2005 |
UbuntuLinux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
| Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code. Updates available at: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | High | Secunia Advisory: SA16394, August 11, 2005 Ubuntu Security Notice, USN-166-1, August 11, 2005 | |
MySQL 3.x, 4.x
| Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.' Updates available at:
href="http://dev.mysql.com/downloads/mysql/"> Debian:
href=" http://security.debian.org/pool/updates/main/m/mysql"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Mandrake:
href="http://www.mandrakesoft.com/security/advisories"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/1"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/"> SuSE: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/"> FedoraLegacy: Sun: We are not aware of any exploits for these vulnerabilities. | Medium
| Secunia Advisory, SA12783, October 11, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004 Ubuntu Security Notice, USN-32-1, November 25, 2004 SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004 Fedora Update Notification, Turbolinux Security Announcement, February 17, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005 Sun(sm) Alert Notification | |
MySQL 4.x | A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges. Update available at:
href=" http://lists.mysql.com/internals/20600"> Ubuntu:
href="http://www.ubuntulinux.org/support/documentation/usn/usn-63-1"> Debian:
href="http://www.debian.org/security/2005/dsa-647"> Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200501-33.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" FedoraLegacy: Conectiva: OpenPKG: Sun: Currently we are not aware of any exploits for this vulnerability. | MySQL 'mysqlaccess.sh' Unsafe Temporary Files href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004">CAN-2005-0004 | Medium | Security Tracker Alert, 1012914, January 17,2005 Ubuntu Security Notice USN-63-1 January 18, 2005 Debian Security Advisory Gentoo GLSA 200501-33, January 23, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, 2005 Conectiva Linux Security Announcement, CLA-2005:947, April 20, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.006, April 20, 2005 Sun(sm) Alert Notification |
Namazu 2.0.13 and prior | A vulnerability exists which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Input passed to 'namazu.cgi' isn't properly sanitized before being returned to the user if the query begins from a tab ('%09'). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. Update to version 2.0.14: Fedora: Debian: SuSE: Currently we are not aware of any exploits for this vulnerability. | Namazu Cross-Site Scripting Vulnerability | Medium | Namazu Security Advisory, December 15, 2004 Debian Security Advisory, DSA 627-1, January 6, 2005 SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005 HP Security Bulletin, HPSBMA01212, August 9, 2005
|
| netpbm 10.0 | A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code. Trustix: Gentoo: Mandriva: Ubuntu: There is no exploit code required. | netpbm Arbitrary Code Execution | High | Secunia Advisory: SA16184, July 25, 2005 Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005 Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005 Ubuntu Security Notice, USN-164-1, August 11, 2005 |
Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1 | A remote Denial of Service vulnerability has been reported when handling stream-based protocols. Upgrades available at: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Fedora: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Net-SNMP | Low | Secunia Trustix Secure Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005 |
SHOUTcast 1.9.4 | A format string vulnerability exists that could allow a remote malicious user to execute arbitrary code on the target system. A remote user can supply a specially crafted request to the target server containing format string characters to cause the target service to crash or execute arbitrary code. Gentoo: Nullsoft: An exploit script has been published. | Nullsoft SHOUTcast Format String Flaw | High | Security Tracker Alert ID: 1012675, December 24, 2004 Gentoo GLSA 200501-04, January 5, 2005 Security Focus, 12096, February 19, 2005 Security Focus, 12096, August 14, 2005 |
sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64 | A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.
Updates available at: SGI: RedHat: There is no exploit code required. | RedHat Linux SysReport Proxy Information Disclosure | Medium | RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005 SGI Security Advisory, 20050603-01-U, June 23, 2005 RedHat Security Advisory, RHSA-2005:598-04, August 9, 2005 |
Gaim prior to 1.3.1 | Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message. Updates available at: Ubuntu: Gentoo: Mandriva: Fedora: RedHat: Debian: SUSE: Debian: There is no exploit code required. | Gaim Multiple Remote Denial of Services | Low | Secunia Advisory, SA15648, Ubuntu Security Notice USN-139-1, June 10, 2005 Gentoo Linux Security Advisory, GLSA 200506- Mandriva Linux Security Update Advisory, MDKSA-2005:099, Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:518-03, Debian Security Advisory, SUSE Security Summary Report, SUSE-SR:2005:017, Debian Security Advisory, DSA 773-1, August 11, 2005 |
Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f | Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code. Upgrades available at: Gentoo: SUSE: Debian: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Heimdal TelnetD | High | Secunia Advisory, SA15718, Gentoo Linux Security Advisory, GLSA 200506- SUSE Security Announcement, SUSE-SA:2005:040, Debian Security Advisory, Debian Security Advisory, DSA 773-1, August 11, 2005 |
Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11 | A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts. SUSE: Debian: Debian: There is no exploit code required. | Sendmail Milter | Low | Security Focus, 14047, June 23 SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005 Debian Security Advisory, DSA 737-1, July 6, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Sudo 1.6-1.6.8, 1.5.6-1.5.9 | A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at: OpenBSD: Ubuntu: Fedora: Slackware: Mandriva: OpenPKG: Gentoo: SUSE: TurboLinux: RedHat: Debian: Conectiva: Debian: OpenBSD: SGI: Debian: There is no exploit code required. | Todd Miller Sudo | High | Security Focus, 13993, June 20, 2005 Ubuntu Security Notice, USN-142-1, June 21, 2005 Fedora Update Notifications, Slackware Mandriva Linux Security Update Advisory, OpenPKG Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005 Trustix Secure SUSE Security Announce- Turbolinux RedHat Security Advisory, Debian Security Advisory, 735-1, July 1, 2005 Conectiva Debian Security Advisory, SGI Security Advisory, 20050702-01-U, July 12, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
gopherd 3.0.9, 3.0.7, 3.0.3 | A vulnerability has been reported in 'gopher.c' due to the failure to verify a file's existence before writing to it, which could let a malicious user obtain elevated privileges. Debian: Debian: There is no exploit code required. | Gopher Insecure Temporary File Creation | Medium | Debian Security Advisory, DSA 770-1, July 29, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Razor-agents prior to 2.72 | Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic. Updates available at: Gentoo: SUSE: Trustix: Debian: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Vipul Razor-agents Denials of Service | Low | Security Focus, Bugtraq ID 13984, June 17, 2005 Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005 SUSE Security Announce- Trustix Secure Linux Security Advisory, Debian Security Advisory, DSA 738-1, July 5,2 005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
ekg 2005- | A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. Debian: Ubuntu: Debian: There is no exploit code required. | Wojtek Kaniewski | Medium | Secunia Advisory: SA15889, Debian Security Advisory, Ubuntu Security Notice, USN-162-1, August 08, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Ekspery-mentalny | Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands. Debian: Ubuntu: Debian: There is no exploit code required. | Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection | Medium | Debian Security Advisory, Ubuntu Security Notice, USN-162-1, August 08, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Ruby 1.8.2 | A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code. Fedora: TurboLinux: Debian: Gentoo: Mandriva: RedHat: Debian: Currently we are not aware of any exploits for this vulnerability. | Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution | High | Fedora Update Notifications, Turbolinux Debian Security Advisory, DSA 748-1, July 11, 2005 Gentoo Linux Security Mandriva Linux Security Update Advisory, RedHat Security Advisory, RHSA-2005: Debian Security Advisory, DSA 773-1, August 11, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Acrobat 5.1-7.0.2 | A buffer overflow vulnerability has been reported in the core application plug-in due to an unspecified boundary error, which could let a remote malicious user execute arbitrary code. Update information available at: There is no exploit code required. | Adobe Acrobat / Reader Plug-in Buffer Overflow | High | Adobe Security Advisory, August 16, 2005 |
AOL Client Software 9.0 | A vulnerability has been reported due to a failure to secure the installation path from modifications, which could let a malicious user execute arbitrary code with SYSTEM privileges.
No workaround or patch available at time of publishing. There is no exploit code required. | AOL Client Software Arbitrary Code Execution | High | Security Focus, 14530, August 9, 2005 |
ADSL-FR4II
| Multiple vulnerabilities have been reported: a vulnerability was reported because an undocumented open port on 5678/tcp allows web management access; a Denial of Service vulnerability was reported when port scanning all ports; and a vulnerability was reported in the backup configuration file because the administrative password is in clear text. No workaround or patch available at time of publishing. There is no exploit code required. | BONA ADSL-FR4II Multiple Vulnerabilities | Medium | Secunia Advisory: SA16445, August 15, 2005 |
ClamAV 0.x | A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error. Updates available at: Gentoo: Trustix: SUSE: Debian: Conectiva: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | ClamAV Quantum Decompressor Denial of Service | Low | Secunia Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005 Gentoo Linux Security SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005 Debian Security Advisory, DSA 737-1, July 6, 2005 Conectiva Linux Announcement, CLSA-2005:973, July 6, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:113, July 12, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
CPAINT 1.3 | A vulnerability has been reported due to an unspecified error, which could let a remote malicious user execute arbitrary ASP/PHP commands or obtain sensitive information.
Upgrade available at: There is no exploit code required. | CPaint Arbitrary Command Execution & Information Disclosure | High | Security Focus, 14565, August 15, 2005 |
Discuz! 4.0 rc4 & prior | A vulnerability has been reported due to insufficient validation of user-supplied filenames on uploaded files, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required. | Discuz! Board Input Validation | High | STG Security Advisory: [SSA-20050812-27, August 15, 2005 |
Open Source Learning & Knowledge Management Tool 1.6 RC, 1.5.3-1.5.5, 1.5 , 1.4 | Multiple Directory Traversal vulnerabilities have been reported: a vulnerability was reported in '/claroline/scorm/ No workaround or patch available at time of publishing. There is no exploit code required. | Dokeos Multiple Directory Traversal | Medium | Secunia Advisory: SA16407, August 15, 2005 |
NetWorker 6.x, 7.1.3, 7.2; Sun StorEdge Enterprise Backup Software 7.0-7.2, Solstice Backup Software 6.0, 6.1
| Several vulnerabilities have been reported: a vulnerability was been reported in 'AUTH_UNIX' due to weak authentication, which could let a remote malicious user execute arbitrary commands, view/modify configuration, cause a Denial of Service, or obtain sensitive information; a vulnerability was reported due to insufficient authentication of tokens, which could let a remote malicious user execute arbitrary commands as ROOT; and a vulnerability was reported in the Legato PortMapper because any host can call 'pmap_set' and 'pmap_unset,' which could let a remote malicious user cause a Denial of Service or eavesdrop on NetWorker process communications. Patch information available at: http://www.legato.com/ http://www.legato.com/ Sun: There is no exploit code required. | EMC Legato NetWorker Multiple Vulnerabilities | High | Sun(sm) Alert Notification |
EQdkp 1.2 .0, 1.1 .0 | A vulnerability has been reported in 'session.php' due to a handling error, which could let a remote malicious user bypass security restrictions. Upgrades available at: There is no exploit code required. | EQDKP | Medium | Secunia Advisory: SA16285, August 10, 2005 |
Ethereal | Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version 0.10.12: Fedora: Mandriva: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Denial of Service or Arbitrary Code Execution CAN-2005-2361 | High | Secunia, Advisory: SA16225, July 27, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005 RedHat Security Advisory, RHSA-2005:687-03, August 10, 2005
|
ezUpload 2.2 | Multiple file include vulnerabilities have been reported due to insufficient of user-supplied input, which could let a remote malicious user obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | EZUpload Multiple Remote File Include | Medium | Security Focus 14534, August 10, 2005 |
Grandstream BudgeTone 100 Series SIP Phones | A Denial of Service vulnerability has been reported due to an error when processing large UDP datagrams. No workaround or patch available at time of publishing. There is no exploit code required; however, an exploit script has been published. | Grandstream BudgeTone Denial of Service | Low | Security Tracker Alert ID: 1014665, August 13, 2005 |
Proliant DL585 Server, Integrated Lights Out 1.80 | A vulnerability has been reported because when the server is powered down a remote malicious user can obtain unauthorized access. Updates available at: Currently we are not aware of any exploits for this vulnerability. | HP Proliant DL585 Server Unauthorized Remote Access | Medium | HP Security Bulletin, HPSBMA01220, August 11, 2005 |
Hummingbird FTP 2006, | A vulnerability has been reported due to a weak encryption algorithm when encrypting the user's password stored in the FTP profile, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Hummingbird FTP User Weak Password Encrypting | Medium | Secunia Advisory: SA16430, August 15, 2005 |
FUDForum 2.6.15 | A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | FUDForum Security Restriction Bypass | Medium | Secunia Advisory: SA16414, August 12, 2005 |
WRT54GS Firmware 4.50.6 | A vulnerability has been reported in WRT54GS Firmware that could allow remote malicious users to bypass authentication. No workaround or patch available at time of publishing. There is no exploit code required. | Linksys WRT54GS Firmware Authentication Bypassing | Medium | Security Focus, ID: 14566, August 15, 2005 |
MidiCart ASP | A vulnerability has been reported in the 'Item_Show.asp' and 'search_list.asp' scripts due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | MidiCart ASP Input Validation | Medium | Security Tracker Alert ID: 1014660, August 12, 2005 |
Firefox 0.x, 1.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.
Updates available at: Gentoo: Mandriva: Fedora: RedHat: Ubuntu: http://security.ubuntu.com/ http://security.ubuntu.com/ SUSE: Debian: http://security.debian. SGI: Exploits have been published. | Firefox Multiple Vulnerabilities CAN-2005-2260 | High | Secunia Advisory: SA16043, July 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005 Slackware Security Advisory, SSA:2005-203-01, July 22, 2005 Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005 Debian Security Advisory, DSA 775-1, August 15, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Debian Security Advisory, DSA 777-1, August 17, 2005 |
Mozilla | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'EMBED' tag for non-installed plugins when processing the 'PLUGINSPAGE' attribute due to an input validation error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because blocked popups that are opened through the GUI incorrectly run with 'chrome' privileges, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the global scope of a window or tab are not cleaned properly before navigating to a new web site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the URL of a 'favicons' icon for a web site isn't verified before changed via JavaScript, which could let a remote malicious user execute arbitrary code with elevated privileges; a vulnerability was reported because the search plugin action URL is not properly verified before used to perform a search, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to the way links are opened in a sidebar when using the '_search' target, which could let a remote malicious user execute arbitrary code; several input validation vulnerabilities were reported when handling invalid type parameters passed to 'InstallTrigger' and 'XPInstall' related objects, which could let a remote malicious user execute arbitrary code; and vulnerabilities were reported due to insufficient validation of DOM nodes in certain privileged UI code, which could let a remote malicious user execute arbitrary code. Upgrades available at:
href="http://www.mozilla.org/products/mozilla1.x/" Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-18.xml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-383.html">
href="http://rhn.redhat.com/errata/RHSA-2005-386.html">http://rhn.redhat.com/ TurboLinux: SUSE: RedHat: SGI: Ubuntu: Mandriva: FedoraLegacy: SCO: Gentoo: Fedora: Ubuntu: http://security.ubuntu.com/ HP: An exploit script has been published. | Mozilla Suite / Firefox Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0752">CAN-2005-0752
| High | Mozilla Foundation Security Advisories, 2005-35 - Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005 RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005 Turbolinux Security Advisory, SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:088, Mandriva Linux Security Update Advisory, MDKSA-2005:088-1, Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 PacketStorm, May 23, 2005 SCO Security Advisory, SCOSA-2005.29, July 1, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 HP Security Bulletin, |
Mozilla Browser prior to 1.7.8; | A vulnerability was reported due to a failure in the application to properly verify Document Object Model (DOM) property values, which could let a remote malicious user execute arbitrary code. Firefox: Mozilla Browser Suite: TurboLinux:: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/ Ubuntu: SUSE: SGI: Fedora: Ubuntu: http://security.ubuntu.com/ HP: Currently we are not aware of any exploits for this vulnerability. | Mozilla Suite And Firefox DOM Property Overrides href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1532">CAN-2005-1532 | High | Mozilla Foundation Security Advisory, Turbolinux Security Advisory, RedHat Security Advisories, RHSA-2005:434-10 & RHSA-2005:435-10, May 23 & 24, 2005 Ubuntu Security Notice, USN-134-1, May 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 SGI Security Advisory, 20050503-01-U, June 8, 2005 SUSE Security Announcement, SUSE-SA:2005:030, June 9, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 HP Security Bulletin, |
Mozilla Browser Suite prior to alink="#999999">1.7.6 ; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2 | A buffer overflow vulnerability has been reported due to a boundary error in the GIF image processing of Netscape extension 2 blocks, which could let a remote malicious user execute arbitrary code.
Mozilla Browser Suite; Thunderbird: Firefox: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/"> Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123"> FedoraLegacy: HP: An exploit script has been published. | High | Mozilla Foundation Security Advisory 2005-30, March 23, 2005 Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 Security Focus, 12881, July 5, 2005 HP Security Bulletin, | |
Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2 | A vulnerability has been reported when processing drag and drop operations due to insecure XUL script loading, which could let a remote malicious user execute arbitrary code. Mozilla Browser: Firefox: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123"> RedHat: SGI: Mandriva: FedoraLegacy: HP: A Proof of Concept exploit has been published. | High | Mozilla Foundation Security Advisory 2005-32, March 23, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501 Mandriva Linux Security Update Advisory, MDKSA-2005:088, Mandriva Linux Security Update Advisory, MDKSA-2005:088-1, Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, | |
Mozilla Thunderbird 1.0, Firefox 1.0.6 | A vulnerability has been reported when overly long URIs are submitted, which could let a remote malicious user obfuscate the URI of a link.
No workaround or patch available at time of publishing. There is no exploit code required. | Mozilla Firefox And Thunderbird Long URI Obfuscation | Medium | Security Focus, 14526, August 9, 2005 |
Firefox 1.0 | A vulnerability exists in the XPCOM implementation that could let a remote malicious user execute arbitrary code. The exploit can be automated in conjunction with other reported vulnerabilities so no user interaction is required. A fixed version (1.0.1) is available at:
href="http://www.mozilla.org/products/firefox/all.html">http://www.mozilla.org/ Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml"> SGI: Mandriva: FedoraLegacy: HP: A Proof of Concept exploit has been published. | High | Security Tracker Alert ID: 1013301, February 25, 2005 Gentoo Linux Security Advisory GLSA 200503-30. March 25, 2005 SGI Security Advisory, 20050501 Mandriva Linux Security Update Advisory, MDKSA-2005:088, Mandriva Linux Security Update Advisory, MDKSA-2005:088-1, Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, | |
Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x Mozilla Firefox 0.x Mozilla Thunderbird 0.x | Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that can permit users to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information. Mozilla: Update to version 1.7.5:
href="http://www.mozilla.org/products/mozilla1.x/ "> Firefox: Update to version 1.0:
href="http://www.mozilla.org/products/firefox/"> Thunderbird: Update to version 1.0:
href="http://www.mozilla.org/products/thunderbird/"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123"> RedHat: SGI: Mandriva: FedoraLegacy: HP: Currently we are not aware of any exploits for these vulnerabilities. | Mozilla Firefox,
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141">CAN-2005-0141 | High
| Mozilla Foundation Security Advisory 2005-01, 03, 04, 07, 08, 09, 10, 11, 12 Fedora Update Notification, Slackware Security Advisory, SSA:2005- RedHat SGI Security Advisory, 20050501 Mandriva Linux Mandriva Linux Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, |
Mozilla 1.7.3 | A heap overflow vulnerability exists in the processing of NNTP URLs. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted 'news://' URL that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The flaw resides in the *MSG_UnEscapeSearchUrl() function in 'nsNNTPProtocol.cpp'.
The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/ Gentoo: SGI: SuSE: HP: HP: A Proof of Concept exploit has been published. | Mozilla Buffer Overflow in Processing NNTP URLs | High | iSEC Security ResearchAdvisory, December 29, 2004 Gentoo Linux Security Advisor, GLSA 200501-03, January 5, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 HP Security Advisory, HPSBTU01114, February 4, 2005 HP Security Bulletin, |
Mozilla 1.7.x and prior Mozilla Firefox 1.x and prior Mozilla Thunderbird 1.x and prior Netscape Netscape 7.2 | Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system. Firefox: Update to version 1.0.1:
href="http://www.mozilla.org/products/firefox/"> Mozilla: Thunderbird: Fedora update for Firefox:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Red Hat:
href="http://rhn.redhat.com/errata/RHSA-2005-176.html"> Gentoo: SUSE: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org/ Slackware: SGI: FedoraLegacy: HP: Currently we are not aware of any exploits for these vulnerabilities. | Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255 | High | Mozilla Foundation Security Advisories 2005-14, 15, 17, 18, 19, 20, 21, 24, 28 Red Hat RHSA-2005:176-11, March 1, 2005 Gentoo, GLSA 200503-10, March 4, 2005 SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032, March 25, 2005 Slackware Security Advisory, SSA:2005-085-01, March 27, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, |
Mozilla Firefox 1.0 and 1.0.1 | A vulnerability exists that could let remote malicious users conduct Cross-Site Scripting attacks. This is due to missing URI handler validation when dragging an image with a "javascript:" URL to the address bar. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml"> RedHat: SGI: Mandriva: FedoraLegacy: HP: A Proof of Concept exploit has been published. | Medium | Secunia SA14406, March 1, 2005 Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Mandriva Linux Security Update, MDKSA-2005:088-1, Advisory, May 17, 2005 Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, | |
Mozilla Firefox 1.0; Gentoo Linux; Thunderbird 0.6, 0.7- 0.7.3, 0.8, 0.9, 1.0, 1.0.1; | There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows. A fix is available via the CVS repository Fedora:
href="ftp://aix.software.ibm.com/aix/efixes/security/perl58x.tar.Z"> Red Hat:
href="http://rhn.redhat.com/errata/RHSA-2005-176.html"> Gentoo: Thunderbird:
href="http://download.mozilla.org/?product=thunderbird-1.0.2&os=win Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml"> RedHat: SGI: FedoraLegacy: HP: A Proof of Concept exploit has been published. | Mozilla Firefox Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230 | High | Security Tracker Alert ID: 1013108, February 8, 2005 Fedora Update Notification, Red Hat RHSA-2005:176-11, March 1, 2005 Gentoo, GLSA 200503-10, March 4, 2005 Security Focus, 12468, March 22, 2005 Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 HP Security Bulletin, |
Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon 0.9; Netscape 7.2 | A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information. The vendor has issued a fix, available via CVS. RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-383.html">
href="http://rhn.redhat.com/errata/RHSA-2005-386.html">http://rhn.redhat.com/ Slackware:
href="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> TurboLinux: SUSE: RedHat: SGI: Mandriva: FedoraLegacy: SCO: Gentoo: Fedora: Ubuntu: http://security.ubuntu.com/ HP: There is no exploit code required; however, a Proof of Concept exploit has been published. | Mozilla Suite/Firefox JavaScript Lambda Information Disclosure href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989">CAN-2005-0989 | Medium | Security Tracker Alert, 1013635, April 4, 2005 Security Focus, 12988, April 16, 2005 RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08, Turbolinux Slackware Security Advisory, SSA:2005-111-04, April 22, 2005 SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:088, Mandriva Linux Security Update Advisory, MDKSA-2005:088-1, Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 SCO Security Advisory, SCOSA-2005.29, July 1, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 HP Security Bulletin, |
ALT Linux | Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code. ALTLinux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Apple: Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet/"> Fedora: FreeBSD: MIT Kerberos:
href="http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt"> Netkit:
href="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/"> Openwall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-327.html"> Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1"> SUSE: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/"> OpenBSD: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-01.xml">http://security.gentoo.org/ Debian: Gentoo: SGI: SCO: Sun: Openwall: Avaya: Gentoo: TurboLinux: Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1"> OpenWall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml"> SCO: SGI IRIX: Debian: Conectiva: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Avaya: FedoraLegacy: Slackware: Debian:
href="http://security.debian.org/pool/updates/main/k/krb4/"> Currently we are not aware of any exploits for these vulnerabilities. | Telnet Client 'slc_add_reply()' & 'env_opt_add()'
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468">CAN-2005-0468 | High | iDEFENSE Security Advisory, Mandrakelinux Security Update Advisory, MDKSA-2005:061, Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 & Debian Security Advisory, DSA 703-1, April 1, 2005 Gentoo Linux Security Advisory, GLSA 200504-04, SGI Security Advisory, 20050401-01-U, April 6, 2005 Sun(sm) Alert Notification, 57761, SCO Security Advisory, SCOSA-2005.21, Avaya Security Advisory, ASA-2005-088, April 27, 2005 Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005 Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005 Sun(sm) Alert Notification, 57761, April 29, 2005 SCO Security Advisory, SCOSA-2005.23, May 17, 2005 SGI Security Advisory, 20050405-01-P, May 26, 2005 Debian Security Advisory, DSA 731-1, June 2, 2005 Conectiva Security Advisory, CLSA-2005:962, June 6, 2005 Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Avaya Security Advisory, ASA-2005-132, June 14, 2005 Fedora Legacy Update Advisory, FLSA:152583, July 11, 2005 Slackware Security Advisory, SSA:2005-210-01, August 1, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0 | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code. Update available at: Gentoo: SuSE: Fedora:
href=" http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> FreeBSD: Peachtree:
href="http://peachtree.burdell.org/updates/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-387.html"> OpenBSD:
href="http://www.openbsd.org/errata.html#cvs"> TurboLinux: OpenBSD:
href="http://www.openbsd.org/errata35.html#"> Ubuntu: SGI: OpenBSD: Conectiva: Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet/"> Currently we are not aware of any exploits for these vulnerabilities. | High
| Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005 SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005 Secunia Advisory, SA14976, April 19, 2005 Fedora Update Notification, Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005 Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005 Peachtree Linux Security Notice, PLSN-0005, April 22, 2005 RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005 Turbolinux Security Advisory, TLSA-2005-51, April 28, 2005 Ubuntu Security Notice, USN-117-1 May 04, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Conectiva Security Advisory, CLSA-2005:966, June 13, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 | |
IETF RFC 2406: IPSEC; Hitachi GR2000-1B, GR2000-2B, GR2000-2B+, GR2000-BH | A vulnerability has been reported that affects certain configurations of IPSec when configured to employ Encapsulating Security Payload (ESP) in tunnel mode with only confidentiality and systems that use Authentication Header (AH) for integrity protection, which could let a remote malicious user obtain plaintext IP datagrams and potentially sensitive information. Hitachi advises affected users to use the AH protocol workaround to mitigate this issue. Currently we are not aware of any exploits for this vulnerability. | Medium | NISCC Vulnerability Advisory, IPSEC - 004033, Security Focus, 13562, May 11, 2005
| |
PHPXMLRPC 1.1.1; | A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC : Pear: Drupal: There is no exploit code required. | PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution | High | Security Focus, 14560, August 15, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64; AWStats 6.4 & prior | A vulnerability has been reported due to insufficient sanitization of the 'url' parameter before using in an 'eval()' function when Referer field statistics are generated, which could let a remote malicious user execute arbitrary code. Note: The system is only vulnerable if at least one URLPlugin is enabled. Updates available at: Gentoo: There is no exploit code required. | AWStats Arbitrary Command Execution | High | iDEFENSE Security Advisory, August 9, 2005 Ubuntu Security Notice, USN-167-1, August 11, 2005 Gentoo Linux Security Advisory, GLSA 200508-07, August 16, 2005 |
My Image Gallery 1.4.1 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in the 'currDIR' and 'image' parameters due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and it is also possible to obtain path information.
Upgrade available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | My Image Gallery Multiple Cross Site Scripting & Path Disclosure | Medium | Secunia Advisory: SA16405, August 16, 2005 |
MyBulletinBoard RC4 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Reports indicate that administrative access can be obtained through at least one of these vulnerabilities. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | MyBulletinBoard Multiple SQL Injection | High | Security Focus, 14553, August 12, 2005 |
Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2 | A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code. Vendor patch available: Debian: An exploit has been published. | Nokia Affix BTFTP Arbitrary Code Execution | High | Security Focus, 14230, July 12, 2005 Debian Security Advisory, DSA 762-1, July 19, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Affix 3.0-3.2, 2.1-2.1.2, 2.0-2.0.2 | A vulnerability has been reported in btsrv/btobex due to insufficient sanitization of input before using in a 'system()' call, which could let a remote malicious user execute arbitrary code.
Patches available at: Debian: There is no exploit code required; however, a Proof of Concept exploit has been published. | Nokia Affix BTSRV/BTOBEX Remote Command Execution | High | Security Focus, 14232, July 12, 2005 Debian Security Advisory, DSA 762-1, July 19, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 |
Lasso Professional Server 8.0.5, 8.0.4 | A vulnerability has been reported due to a failure to enforce security constraints, which could let a remote malicious user bypass authentication. Patches available at: There is no exploit code required. | Lasso Professional Server Remote Authentication Bypass | Medium | Security Focus, 14543, August 10, 2005 |
PHlyMail Lite 3.x, MessageCenter 3.x, Personal Edition 3.x | A vulnerability has been reported when authenticating users due to an unspecified error, which could let a remote malicious user bypass security restrictions. Upgrades available at: There is no exploit code required. | PHlyMail Unspecified Authentication Bypass | Medium | Secunia Advisory: SA16388, August 10, 2005 |
PHP 4.3.6-4.3.9, 5.0 candidate 1-canidate 3, 5.0 .0-5.0.2 | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'pack()' function, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability exists in the 'unpack()' function, which could let a remote malicious user obtain sensitive information; a vulnerability exists in 'safe_mode' when executing commands, which could let a remote malicious user bypass the security restrictions; a vulnerability exists in 'safe_mode' combined with certain implementations of 'realpath(),' which could let a remote malicious user bypass security restrictions; a vulnerability exists in 'realpath()' because filenames are truncated; a vulnerability exists in the 'unserialize()' function, which could let a remote malicious user obtain sensitive information or execute arbitrary code; a vulnerability exists in the 'shmop_write()' function, which may result in an attempt to write to an out-of-bounds memory location; a vulnerability exists in the 'addslashes()' function because '\0' is not escaped correctly; a vulnerability exists in the 'exif_read_data()' function when a long sectionname is used, which could let a remote malicious user obtain sensitive information; and a vulnerability exists in 'magic_quotes_gpc,' which could let a remote malicious user obtain sensitive information. Upgrades available at: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Conectiva: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-031.html"> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/p/php4/"> Apple:
href="http://www.apple.com/support/downloads/"> FedoraLegacy: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/p/php4/"> There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHP Multiple Remote Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-1018">CAN-2004-1018 | High
| Bugtraq, December 16, 2004 Conectiva Linux Security Announcement, CLA-2005:915, January 13, 2005 Red Hat, Advisory: RHSA-2005:031-08, January 19, 2005 SUSE Security Announcement, SUSE-SA:2005:002, January 17, 2005 Ubuntu Security Notice, USN-66-1, January 20, 2005 Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2344, March 7, 2005 Ubuntu Security Notice, USN-99-1 March 18, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005 HP Security Advisory, HPSBMA01212. August 9, 2005
|
Simplicity oF Upload 1.3 | A vulnerability has been reported in Simplicity oF Upload that could let remote malicious users execute arbitrary code. Update available at: There is no exploit code required; however, Proof of Concept exploits have been published. | Simplicity oF Upload Arbitrary Code Execution | High | Security Tracker, Alert ID: 1014591, July 29, 2005 Security Focus, 14424, August 10, 2005 |
PowerDNS 2.x | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the LDAP backend due to insufficient validation of user-supplied queries; and a remote Denial of Service vulnerability was reported due to an error when handling requests that are denied recursion. Update available at: Debian: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Low | Secunia Advisory: SA16111, July 18, 2005 Debian Security Advisory, DSA 771-1, August 1, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 | |
SafeHTML 1.3.2 | A Cross-Site Scripting vulnerability has been reported when handling script encoded in UTF-7 and in CSS comments, which could let a remote malicious user execute arbitrary HTML and script code. Update available at: There is no exploit code required. | SafeHTML UTF-7 And CSS Comment Tag Cross Site Scripting | Medium | Security Focus, 14574, August 16, 2005 |
PHPTB Topic Board 2.0 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPTB Topic Board Multiple SQL Injection | Medium | Security Focus, 14535, August 10, 2005 |
VegaDNS 0.9.9, 0.9.8, 0.8.1 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'index.php' script due to insufficient sanitization of the 'message' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'VDNS_Sessid' parameter because it is possible to obtain path information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | VegaDNS Index.PHP Cross-Site Scripting & Path Disclosure | Medium | Secunia Advisory: SA16370, August 10, 2005 |
NetBackup for NetWare Media Servers 5.1, MP1-MP3, 5.0, MP1-MP5, 4.5, MP1-MP8, FP1- FP8, Backup Exec Remote Agent for Windows Server, Backup Exec Remote Agent for Unix/Linux Server, Backup Exec Remote Agent for NetWare Server, Backup Exec for NetWare Servers 9.1.1156, 9.1.1154, 9.1.1152 .4, 9.1.1152, 9.1.1151 .1, 9.1.1127 .1, 9.1.1067 .3, 9.1.1067 .2, 9.1.307, 9.1.306, Backup Exec 10.0 rev. 5520, rev. 5484, SP1, 9.1, rev 4691, SP2, 9.0, rev. 4454, SP1, rev. 4367, SP1, 4367 | A vulnerability has been reported because a static password is used when authenticating to the remote agent, which could let a remote malicious user bypass certain security restrictions and download arbitrary files. Update information available at: An exploit script has been published. | Veritas Backup Exec Remote Agent Arbitrary File DIsclosure | Medium | Symantec Security Advisory, SYM05-011, August 12, 2005 |
WordPress 1.5.3 & prior | A vulnerability has been reported in the 'cache_lastpostdata' parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP script code. No workaround or patch available at time of publishing. There is no exploit code required. | WordPress PHP Code Execution | High | Secunia Advisory: SA16386, August 10, 2005 |
Winterm 1125SE 4.4.061f, | A remote Denial of Service vulnerability has been reported when a malicious user submits a specially crafted packet with the IP option length field set to zero. No workaround or patch available at time of publishing. An exploit script has been published. | Wyse Winterm 1125SE Remote Denial of Service | Low | Security Tracker Alert ID: 1014659, August 11, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- VeriSign to pilot Wi-Fi, wide-area roaming service: VeriSign announced trials at three major universities aimed at integrating on-campus Wi-Fi with any wide-area wireless carrier network, enabling data and voice roaming between networks.
They expect that the Wireless IP Connect Service, which is what it will be called, will be used mainly to link mobile and Wi-Fi networks. However, the technology can also connect any device with an IP connection, such as wired Ethernet, to a wireless carrier. Source: http://news.yahoo.com/s/mc/20050816/tc_mc/verisigntopilotwifiwidearearoamingservice;
_ylt=Ao3IghH.0LRMAIJSvhvhw_0jtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
.
Wireless Vulnerabilities
- TheftOfLinkKey.txt: A paper has been published entitled "Theft of Bluetooth Link Keys for Fun and Profit?"
- BlueZ Arbitrary Command Execution: A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code.
- Nokia Affix BTFTP Arbitrary Code Execution: Entry updated to include Debian patch.
- Nokia Affix BTSRV/BTOBEX Remote Command Execution: Entry updated to include Debian patch.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
[back to
top]
name=trends>Trends
- NIST creates online treasure trove of security woes: The National Institute of Standards and Technology has launched a comprehensive cybersecurity database that is updated daily with the latest information on vulnerabilities in popular products. Source: http://www.fcw.com/article89911-08-15-05-Print.
- Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT is aware of a public exploit for a vulnerability in VERITAS Backup Exec Remote Agent for Windows Servers. This exploit may allow a remote attacker to retrieve arbitrary files on a system. The VERITAS Backup Exec Remote Agent listens on network port 10000/tcp. Source: http://www.us-cert.gov/current/.
- Tools drive point-and-click crime: According to the security firm, Websense, new software tools make stealing data from users as easy as browsing the web. These easy-to-use tools are being created by malicious and criminal hackers to run the networks of compromised home computers they control. Source: http://news.bbc.co.uk/2/hi/technology/4152626.stm.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files. |
| 2 | Mytob.C | Win32 Worm | Slight Increase | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 3 | Zafi-D | Win32 Worm | Slight Decrease | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 4 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 5 | Mytob-BE | Win32 Worm | Slight Decrease | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 6 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 7 | Zafi-B | Win32 Worm | Increase | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 8 | Netsky-D | Win32 Worm | Slight Increase | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 9 | Netsky-Z | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
| 10 | Lovgate.w | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
Table Updated August 13, 2005
- Worm spreading through Microsoft Plug-and-Play flaw: According to two security groups, a worm is spreading using a flaw in the Windows operating system's Plug-and-Play functionality. Users are advised to update systems using a patch released by Microsoft. The worm, known as Zotob by antivirus firm F-Secure, compromises systems by sending data on port 445. If a computer is infected with the program, the worm starts a file-transfer protocol (FTP) server and attempts to spread further. Source: http://www.securityfocus.com/news/11281.
- Chain attack Trojan nets 3m email addresses: A sophisticated global 'chain' attack has been discovered by security experts at Panda Software that uses the pamNet.A Trojan to infect victim PCs with up to 19 malicious malware programs.
The infection chain begins when a user visits the first infected page. This web page uses the Iframe tag to try to open two new pages. This initiates two parallel processes, each one associated to one of the two pages. Source: http://www.vnunet.com/vnunet/news/2141148/chain-attack-trojan-nets-3m.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.