Adobe

Adobe Reader 7.0 and earlier

Adobe Acrobat 7.0 and earlier

The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote malicious users to determine the existence of arbitrary files via the LoadFile ActiveX method.

This is a separate issue from CAN-2005-1347.

Updates available: http://www.adobe.com/support/
techdocs/331465.html

Currently we are not aware of any exploits for this vulnerability.

Adobe

Acrobat Reader 6.0 and prior

A vulnerability has been reported that could let a remote malicious user execute arbitrary code. If a specially crafted PDF file is loaded by Acrobat Reader it will trigger an Invalid-ID-Handle-Error in 'AcroRd32.exe'.

No workaround or patch available at time of publishing.

The vendor has been unable to reproduce this vulnerability. The original vulnerability reporter has refused to provide sufficient details to confirm the issue to either Security Tracker or the vendor. This is a separate issue from CAN-2005-0035.

Currently we are not aware of any exploits for this vulnerability.

Security Tracker Alert, 1013774, April 21, 2005, Updated May 2, 2005

Altiris

Altiris Client Service for Windows version 6.1.393

A vulnerability has been reported that could let local malicious users bypass certain security restrictions. This is due to an error in ACLIENT.EXE that lets a user bypass the password restriction and gain access to the "Altiris Client Service Properties" window without supplying a valid password.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

BulletProof Software

BulletProof FTP 2.4.0.31

A vulnerability has been reported that could let local malicious users gain escalated privileges. This is due to the application invoking the help functionality with SYSTEM privileges when configured to run as a service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Cybration

ICUII 7.0

A vulnerability has been reported that could let a local malicious user obtain passwords. This is because the application password and instant messenger application passwords are stored in plain text format. The file may contain MSN, Yahoo, AIM, and ICQ user passwords.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Ecommerce-Carts.com

Ecomm Professional Guestbook 3.x

An input validation vulnerability has been reported that could let a remote malicious user conduct SQL injection attacks.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

enVivo!soft

enVivo!CMS

A vulnerability has been reported that could let a remote malicious user inject SQL commands to gain access to the application. The 'admin_login.asp' script does not properly validate user-supplied input in the 'username' and 'password' parameters.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ExoticSoft

FilePocket 1.2

A vulnerability has been reported that could let a local malicious user view passwords. Proxy passwords are stored in the Windows registry in plain text format.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

GlobalSCAPE

Secure FTP Server 3.0.2

A buffer overflow vulnerability has been reported that could let a remote malicious user execute arbitrary code on the target system. The remote user can overwrite the EIP (and SEH) registers with an arbitrary address.

The vendor has reportedly issued a fix: http://www.cuteftp.com/gsftps/

Proofs of Concept exploit scripts have been published.

Intersoft International

NetTerm 4.x, 5.x

A vulnerability has been reported that could let local malicious users execute arbitrary code. This is due to a boundary error in the NetFtpd program which can cause a buffer overflow by passing an overly long argument to the "USER" FTP command when logging in.

The vendor has removed NetFtpd in NetTerm 5.1.1.1 and later.

Currently we are not aware of any exploits for this vulnerability.

Intersoft NetTerm Remote Code Execution

CAN-2005-1323

Misclassified as Multiple OS in SB05-117.

Kerio

Kerio WinRoute Firewall 6.0.10 and prior

Kerio MailServer 6.0.8 and prior

Kerio Personal Firewall 4.1.2 and prior

Two vulnerabilities have been reported that could let local users cause a Denial of Service and brute force passwords. Local users can exploit an error in the remote administration protocol to brute force passwords if the username is known. Local users can also exploit an error in the remote administration protocol to consume a large amount of CPU resources by continuously sending messages.

The following versions are fixed:
* Kerio WinRoute Firewall version 6.0.11 and later.
* Kerio MailServer version 6.0.9 and later.
* Kerio Personal Firewall version 4.1.3 and later.

Currently we are not aware of any exploits for these vulnerabilities.

Kerio Products Password Brute Force and Denial of Service

CAN-2005-1062
CAN-2005-1063

Secure Computer Group Document IDs ID: #20050429-1 and #20050429-2, April 29, 2005

MaxWebPortal

MaxWebPortal 1.30 - 1.33

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Metalinks

MetaBid

Multiple vulnerabilities have been reported in MetaBid that could let remote malicious users conduct SQL injection attacks. This is due to input validation errors in the "intAuctionID" parameter in "item.asp" and the username and password fields in "logIn.asp."

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

NetLeaf Limited

NotJustBrowsing 1.0.3

A vulnerability has been reported that could let a local malicious user obtain an application password. This is because the three character 'View Lock Password' is stored in in plain text format.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Ocean12 Technologies

Ocean12 Mailing List Manager 1.06

An input validation vulnerability has been reported that could let a remote malicious user inject SQL commands. Input validation errors exist in the 'Admin_id' and 'Admin_password' fields.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Raysoft

Video Cam Server 1.0.0

Several vulnerabilities have been reported that could let a remote malicious user obtain files from the target system, determine the installation path, and cause a Denial of Service. A remote user can obtain files located outside of the web document directory by supplying a special request, access an administration page to shutdown the camera or the web service, and request a non-existent page to determine the installation path.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Skype

Skype for Windows 1.2.0.0 to 1.2.0.46

A vulnerability has been reported that could let local malicious users bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.

Upgrade to Skype for Windows version 1.2.0.47 or higher: http://www.skype.com/download/

Currently we are not aware of any exploits for this vulnerability.

soft3304

04WebServer 1.81

A input validation vulnerability has been reported that could let remote malicious users gain knowledge of sensitive information. The contents of files and folders one folder outside the document root could be exposed.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Software602

602LAN SUITE 2004.0.05.0413

A vulnerability has been reported that could let remote users detect the presence of local files and cause a Denial of Service. No redirection occurs when accessing the "mail" script with the "A" parameter referencing a valid local file via directory traversal attacks.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

StorePortal 2.63

Multiple SQL injection vulnerabilities have been reported in the 'default.asp' script, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

StumbleInside

GoText 1.01

A vulnerability has been reported that could let a local malicious user view user configuration data. The software stores user information, including username, e-mail address, and phone number in the 'Program Files\GoText\GoText.bin' file.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Symantec

Web Security 3.x

Norton SystemWorks 2005

Norton Internet Security 2005

Norton AntiVirus 2005

Mail Security for SMTP 4.x

Mail Security for Exchange 4.x

AntiVirus/Filtering for Domino 3.x

AntiVirus Scan Engine 4.x

A vulnerability has been reported that could let a remote malicious user bypass certain scanning functionality.This is due to an error in the Symantec Antivirus component when processing encoded or archived content. This can be exploited to crash the decomposer component when parsing a specially crafted RAR file.

Updates are available via LiveUpdate and from the vendor: http://www.symantec.com/techsupp/

Currently we are not aware of any exploits for this vulnerability.

Uapplication

Uguestbook
Ublog Reload
Uphotogallery

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

WWWguestbook 1.1

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple

Mac OS X 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.9, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.9

Version 10.4 of Apple Mac OS X reportedly fixes this vulnerability by implementing proper default permissions on the pseudo terminal API.

There is no exploit code required.

Apple

Safari 1.3

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

APSIS

Pound 1.8.2

Upgrade available at:
http://www.apsis.ch/
pound/Pound-1.8.3.tgz

Currently we are not aware of any exploits for this vulnerability.

Carnegie Mellon University

Cyrus IMAP Server 2.x

Update available at:
http://ftp.andrew.cmu.edu/pub/
cyrus/cyrus-imapd-2.2.11.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

OpenPKG:
ftp://ftp.openpkg.org/release/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Currently we are not aware of any exploits for these vulnerabilities.

Secunia Advisory,
SA14383,
February 24, 2005

Gentoo Linux Security Advisory, GLSA 200502-29,
February 23, 2005

SUSE Security Announcement,
SUSE-SA:2005:009, February 24, 2005

Ubuntu Security
Notice USN-87-1,
February 28, 2005

Mandrakelinux
Security Update Advisory,
MDKSA-2005:051, March 4, 2005

Conectiva Linux Security
Announcement,
CLA-2005:937,
March 17, 2005

ALTLinux Security Advisory,
March 29, 2005

OpenPKG Security Advisory,
OpenPKG-SA-2005.005,
April 5, 2005

Fedora Update Notification,
FEDORA-2005-339, April 27, 2005

Cocktail

Cocktail 3.5.4

A vulnerability has been reported because the administrator password is passed insecurely, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Debian

CVS 1.11.1 p1

Debian:
http://security.debian.org/
pool/updates/main/c/cvs/

Currently we are not aware of any exploits for these vulnerabilities.

ESRI

ArcInfo Workstation on UNIX 9.0

Several vulnerabilities have been reported: a format string vulnerability was reported in the 'lockmgr' and 'wservice' applications, which could let a malicious user execute arbitrary code with root privileges; and a buffer overflow vulnerability was reported in the 'asmaster,' 'asrecovery,' 'asuser,' 'asutulity,' and 'se' applications due to command line argument boundary errors, which could let a malicious user execute arbitrary code with root privileges.

Patch available at:
http://support.esri.com/index.cfm?fa=
downloads.patchesServicePacks.
viewPatch&PID=14&MetaID=1015

Proof of Concept exploits have been published. An exploit script has also been published for the format string vulnerability.

GNU

sharutils 4.2, 4.2.1

Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-01.xml

FedoraLegacy:
http://download.fedoralegacy.
org/fedora/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

OpenPKG:
ftp://ftp.openpkg.org/release

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-377.html

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/TurboLinux/ia32/

We are not aware of any exploits for these vulnerabilities.

Gentoo Linux
Security Advisory, GLSA 200410-01, October 1, 2004

Fedora Legacy
Update Advisory, FLSA:2155,
March 24, 2005

Ubuntu Security
Notice, USN-102-1 March 29, 2005

Fedora Update Notifications,
FEDORA-2005-
280 & 281, April 1, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005

RedHat Security Advisory, RHSA-2005:377-07, April 26, 2005

Turbolinux Security Advisory, TLSA-2005-54, April 28, 2005

GNU

sharutils 4.2, 4.2.1

A vulnerability has been reported in the 'unshar' utility due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-06.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-377.html

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/TurboLinux/ia32/

There is no exploit code required.

Ubuntu Security
Notice, USN-104-1, April 4, 2005

Gentoo Linux Security Advisory, GLSA 200504-06, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:067, April 7, 2005

Fedora Update Notification,
FEDORA-2005-319, April 14, 2005

RedHat Security Advisory, RHSA-2005:377-07, April 26, 2005

Turbolinux Security Advisory, TLSA-2005-54, April 28, 2005

GNU

Lysator LSH 1.5-1.5.5, 2.0

A remote Denial of Service vulnerability has been reported due to an unspecified error.

Upgrades available at:
http://www.lysator.liu.se/~nisse/
archive/

Patch available at:
ftp://ftp.lysator.liu.se/pub/security/
lsh/lsh-2.0-2.0.1.diff.gz

Debian:
http://security.debian.org/
pool/updates/main/l/lsh-utils/

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory,
SA14609, March 17, 2005

Debian Security Advisory, DSA 717-1, April 27, 2005

GnuTLS

GnuTLS 1.2 prior to 1.2.3; 1.0 prior to 1.0.25

Updates available at:
http://www.gnu.org/software/
gnutls/download.html

Currently we are not aware of any exploits for this vulnerability.

Hewlett Packard Company

OpenView Event Correlation Services 3.32, 3.33

Patches available at:
http://h20000.www2.hp.com/bizsupport/
TechSupport/Document.jsp?objectID=
PSD_HPSBMA01141

Currently we are not aware of any exploits for these vulnerabilities.

HP Security Bulletin,
HPSBMA01141, May 2, 2005

Hewlett Packard Company

OpenView Network Node Manager 6.2, 6.4, 7.01, 7.50

Several vulnerabilities have been reported due to unspecified errors, which could let a malicious user cause a Denial of Service or execute arbitrary code.

Patches available at:
http://h20000.www2.hp.com/bizsupport/
TechSupport/Document.jsp?objectID=
PSD_HPSBMA01140

Currently we are not aware of any exploits for these vulnerabilities.

Info-ZIP

Zip 2.3; Avaya CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zip/

Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200411-16.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-634.html

Debian:
http://www.debian.org/
security/2005/dsa-624

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Avaya:
http://support.avaya.com/elmodocs2/
security/ASA-2005-019_RHSA-2004-634.pdf

Fedora Legacy:
http://download.fedoralegacy.org/
redhat/

http://download.fedoralegacy.org
/fedora/1/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Currently we are not aware of any exploits for this vulnerability.

Bugtraq, November 3, 2004

Ubuntu Security Notice, USN-18-1, November 5, 2004

Fedora Update Notification,
FEDORA-2004-399 & FEDORA-2004-400, November 8 & 9, 2004

Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004

SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004

Red Hat Advisory, RHSA-2004:634-08, December 16, 2004

Debian DSA-624-1, January 5, 2005

Turbolinux Security Announcement, 20050131, January 31, 2005

Avaya Security Advisory, ASA-2005-019, January 25, 200

Fedora Legacy Update Advisory, FLSA:2255, February 1, 2005

Slackware Security Advisory, SSA:2005-121-01, May 2, 2005

Joshua Chamas

Crypt::SSLeay 0.51

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libn/libnet-ssleay-perl/

There is no exploit code required.

Kalum Somaratna

ProZilla Download Accelerator 1.0 x, 1.3.0-1.3.4, 1.3.5 .2, 1.3.5 .1, 1.3.5-1.3.5.2 1.3.6

Debian:
http://security.debian.org/pool/
updates/main/p/prozilla/p

An exploit script has been published.

Security Focus, 12635, February 23, 2005

Debian Security Advisory, DSA 719-1, April 28, 2005

KDE

KDE 3.2-3.2.3, 3.3-3.3.2, 3.4,
KDE Quanta 3.1

A vulnerability has been reported due to a design error in Kommander, which could let a remote malicious user execute arbitrary code.

Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/f

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-23.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Currently we are not aware of any exploits for this vulnerability.

KDE Security Advisory, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 200

Fedora Update Notification
FEDORA-2005-345, April 28, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Exploit scripts have been published.

Bugtraq, 396932, April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3, 2005

A Denial of Service vulnerability has been reported due to the creation of an insecure file by the kernel it87 and via686a drivers.

Patch available at:
http://kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.8.bz2

There is no exploit code required.

MandrakeSoft

lam-runtime-7.0.6-2mdk

A vulnerability has been reported in the LAM/MPI Runtime environment due to the creation of an insecure account, which could let a local/remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Marc Lehmann

Convert-UUlib 1.50

Update available at:
http://search.cpan.org/
dist/Convert-UUlib/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-26.xml

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005

Secunia Advisory, SA15130, April 27,2 005

mtp-target.org

Mtp-Target for Windows 1.2.2 & prior, Mtp-Target for Linux 1.2.2 & prior

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

Upgrades available at:
http://www.imagemagick.org/
script/binary-releases.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

A Proof of Concept exploit has been published.

Security Focus, 13351, April 25, 2005

Fedora Update Notification
FEDORA-2005-344, April 28, 2005

Multiple Vendors

KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE E. Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9

Patches available at:
http://bugs.kde.org/attachment.cgi
?id=10325&action=view

http://bugs.kde.org/attachment.cgi
?id=10326&action=view

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-22.xml

Debian:
http://security.debian.org/
pool/updates/main/k/kdelibs/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Denial of Service Proofs of Concept exploits have been published.

SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005

Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005

Debian Security Advisory, DSA 714-1, April 26, 2005

Fedora Update Notification,
FEDORA-2005-350, May 2, 2005

Multiple Vendors

Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/

Gentoo:
http://security.gentoo.org/glsa/
glsa-200501-38.xml

Debian:
http://security.debian.org/pool
/updates/main/p/perl/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

Ubuntu Security Notice, USN-94-1 March 09, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005

Debian Security Advisory, DSA 696-1 , March 22, 2005

Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005

Multiple Vendors

Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11

Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code.

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-source-2.6.8.1/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/l
inux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Currently we are not aware of any exploits for these vulnerabilities.

Security Focus,
12837,
March 18, 2005

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Ubuntu Security Notice, USN-103-1, April 1, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Multiple Vendors

Perl

A race condition vulnerability was reported in the 'File::Path::rmtree()' function. A remote user may be able to obtain potentially sensitive information. A remote user may be able to obtain potentially sensitive information or modify files.

The vendor has released Perl version 5.8.4-5 to address this vulnerability. Customers are advised to contact the vendor for information regarding update availability.

Debian:
http://security.debian.org/pool/
updates/main/p/perl/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/perl/

OpenPKG:
ftp://ftp.openpkg.org/release/
2.1/UPD/perl-5.8.4-2.1.1.src.rpm

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-38.xml

Mandrake:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2005:031

SUSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org
/glsa/glsa-200501-38.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors Perl File::Path::rmtree() Permission
Modification
Vulnerability

CAN-2004-0452

Ubuntu Security Notice, USN-44-1, December 21, 2004

Debian Security Advisory, DSA 620-1, December 30, 2004

OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005

Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005

Fedora Update Notification,
FEDORA-2005-353, May 2, 2005

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7

A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.squid-cache.org/Versions
/v2/2.5/bugs/squid-2.5.STABLE9-setcookie.patch

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

There is no exploit code required.

Secunia Advisory, SA14451,
March 3, 2005

Ubuntu Security
Notice,
USN-93-1
March 08, 2005

Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005

Conectiva Linux Security Announcement, CLA-2005:948, April 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005

Multiple Vendors

Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code.

Update available at:
https://ccvs.cvshome.org/
servlets/ProjectDocumentList

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-16.xml

SuSE:
ftp://ftp.suse.com/pub/suse/i

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Trustix:
http://http.trustix.org/pub/
trustix/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/

Peachtree:
http://peachtree.burdell.org/
updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-387.html

OpenBSD:
http://www.openbsd.org/
errata.html#cvs

TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for these vulnerabilities.

Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005

SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005

Secunia Advisory, SA14976, April 19, 2005

Fedora Update Notification,
FEDORA-2005-330, April 20, 2006

Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005

Peachtree Linux Security Notice, PLSN-0005, April 22, 2005

RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005

Turbolinux Security Advisory, TLSA-2005-51, April 28, 2005

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/universe/p/perl/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-13.xml

Mandrake:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2005:031

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-105.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/

SUSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/errata/2005/0003/

IBM:
ftp://aix.software.ibm.com/
aix/efixes/security/perl58x.tar.Z

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Proofs of Concept exploits have been published.

Ubuntu Security Notice, USN-72-1, February 2, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005

RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005

IBM SECURITY ADVISORY, February 28, 2005

Fedora Update Notification,
FEDORA-2005-353, May 2, 2005

Multiple Vendors

Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11

A vulnerability has been reported in the 'bluez_sock_create()' function when a negative integer value is submitted, which could let a malicious user execute arbitrary code with root privileges.

Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-
2.4.30-rc3.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

A Proof of Concept exploit script has been published.

Security Tracker
Alert, 1013567,
March 27, 2005

SUSE Security Announcement, SUSE-SA:2005
:021, April 4, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005

US-CERT
VU#685461

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11, April 28, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Multiple Vendors

Linux kernel 2.4-2.4.30

A Denial of Service vulnerability has been reported due to a failure to handle system calls that contain missing arguments.

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-293.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11

A Denial of Service vulnerability has been reported in the 'load_elf_library' function.

Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Currently we are not aware of any exploits for this vulnerability.

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1 rc1&rc2, 2.6.1-2.6.8

A remote Denial of Service vulnerability has been reported in the Point-to-Point Protocol (PPP) Driver.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

Trustix:
http://http.trustix.org/pub/
trustix/updates

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Currently we are not aware of any exploits for this vulnerability.

Ubuntu Security Notice, USN-95-1 March 15, 2005

Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005

SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11, April 28, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

Currently we are not aware of any exploits for these vulnerabilities.

Ubuntu Security
Notice, USN-82-1, February 15, 2005

RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005

SUSE Security Announcement,
SUSE-SA:2005:018, March 24, 2005

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Conectiva Linux Security Announcement,
CLA-2005:945,
March 31, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11, April 28, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11;
RedHat Fedora Core2

Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.6.bz2

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Currently we are not aware of any exploits for this vulnerability.

Security Focus,
12932,
March 29, 2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test9-CVS, -test1-test11, 2.6.1-2.6.9;
RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

A Denial of Service vulnerability has been reported in the 'Unw_Unwind_To_User' function.

RedHat;
http://rhn.redhat.com/
errata/RHSA-2005-366.html

http://rhn.redhat.com/
errata/RHSA-2005-293.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-284.html

Currently we are not aware of any exploits for this vulnerability.

RedHat Security Advisory, RHSA-2005:366-19 & RHSA-2005-2935 , April 19 & 22, 2005

RedHat Security Advisory, RHSA-2005:284-11, April 28, 2005

Multiple Vendors

Linux kernel 2.6-2.6.11

A vulnerability has been reported in 'SYS_EPoll_Wait' due to a failure to properly handle user-supplied size values, which could let a malicious user obtain elevated privileges.

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

An exploit script has been published.

Security Focus, 12763, March 8, 2005

Ubuntu Security Notice, USN-95-1 March 15, 2005

Security Focus, 12763, March 22, 2005

Fedora Security Update Notification,
FEDORA-2005-262, March 28, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005

Multiple Vendors

RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Peachtree Linux release 1

Upgrade available at:
http://gaim.sourceforge.net/
downloads.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/
security/

Peachtree:
http://peachtree.burdell.org/
updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

There is no exploit code required.

Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005

Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005

RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005

SGI Security Advisory, 20050404-01-U, April 20, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Conectiva Linux Security Announcement, CLA-2005:949, April 27, 2005

Multiple Vendors

RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32; Peachtree Linux release 1

Update available at:
http://gaim.sourceforge.net
/downloads.php

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-05.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-365.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SGI:
http://www.sgi.com/support/
security/

Peachtree:
http://peachtree.burdell.org/
updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Currently we are not aware of any exploits for these vulnerabilities.

Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005

Ubuntu Security
Notice,
USN-106-1
April 05, 2005

Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005

RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005

SGI Security Advisory, 20050404-01-U, April 20, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Conectiva Linux Security Announcement, CLA-2005:949, April 27, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

There is no exploit code required.

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

There is no exploit code required.

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909

Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-331.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/updates/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-044.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Currently we are not aware of any exploits for this vulnerability.

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Multiple Vendors

xli 1.14-1.17

A vulnerability exists due to a failure to manage internal buffers securely, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml

Debian:
http://security.debian.org/
pool/updates/main/x/xli/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005

Debian Security Advisory, DSA 695-1, March 21, 2005

ALTLinux Security Advisory, March 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:076, April 21, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Multiple Vendors

xli 1.14-1.17; xloadimage 3.0, 4.0, 4.1

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-05.xml

Debian:
http://security.debian.org/
pool/updates/main/x/xli/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-332.html

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005

Fedora Update Notifications,
FEDORA-2005-236 & 237, March 18, 2005

Debian Security Advisory, DSA 695-1, March 21, 2005

Turbolinux Security Advisory, TLSA-2005-43, April 19, 2005

RedHat Security Advisory, RHSA-2005:332-10, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:076, April 21, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Nokia

Affix Bluetooth Protocol Stack 3.1.1, 3.2

A vulnerability has been reported in the 'affix_sock_register' due to a failure to properly handle user-supplied buffer size parameters, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Novell

Evolution 2.0.2, 2.0.3

A remote Denial of Service vulnerability has been reported due to the way messages are processed that contained malformed unicode specifications.

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Currently we are not aware of any exploits for this vulnerability.

Mandrakelinux
Security Update Advisory, MDKSA-2005:059, March 17, 2005

Conectiva Linux Security Announcement, CLA-2005:950, April 27, 2005

Open WebMail

Open WebMail prior to 2.51 20050430

A vulnerability has been reported due to insufficient sanitization of input before using in an 'open()' call, which could let an authenticated remote malicious user execute arbitrary code.

Patches available at:
http://openwebmail.org/openwebmail/
download/cert/patches/SA-05:02/

Currently we are not aware of any exploits for this vulnerability.

osTicket.com

osTicket 1.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported when adding a ticket due to insufficient sanitization of the name and subject fields, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of the 'id' and 'cat' parameters before using in a SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'main.php' due to insufficient verification of the 'include_dir' parameter, which could let a local/remote malicious user include arbitrary files; and a vulnerability was reported in 'attachments.php' due to an input validation error when handling the 'file' parameter, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

PHP Group

PHP 4.3-4.3.10; Peachtree Linux release 1

Upgrades available at:
http://ca.php.net/get/php
4.3.11.tar.gz/from/a/mirror

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Peachtree:
http://peachtree.burdell.org/
updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/p
ub/TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-405.html

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently, we are not aware of any exploits for this vulnerability.

Security Focus, 13163, April 14, 2005

Ubuntu Security Notice, USN-112-1, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Fedora Update Notification,
FEDORA-2005-315, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Turbolinux Security Advisory, TLSA-2005-50, April 28, 2005

RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

phpmyAdmin

phpMyAdmin 2.6.2

A vulnerability has been reported due to insecure default permissions on the SQL install script, which could let a malicious user obtain unauthorized access.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-30.xml

There is no exploit code required.

PostgreSQL

PostgreSQL 7.3 through 8.0.2

Fix available at:
http://www.postgresql.org/
about/news.315

Currently we are not aware of any exploits for these vulnerabilities.

Postgrey

Postgrey 1.16-1.18, 0.84-9.87

A format string vulnerability has been reported in the 'server.pm' module in the 'log' subroutine, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Upgrades available at:
http://isg.ee.ethz.ch/tools/
postgrey/pub/postgrey-1.21.tar.gz

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Currently, we are not aware of any exploits for this vulnerability.

Secunia Advisory,
SA14958, April 15, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Linux kernel-2.4.20-8.athlon.rpm, 2.4.20-8.i386.rpm, 2.4.20-8.i586.rpm, 2.4.20-8.i686.rpm, kernel-smp-2.4.20-8.athlon.rpm, kernel-smp-2.4.20-8.i586.rpm , kernel-smp-2.4.20-8.i686.rpm , kernel-source-2.4.20-8.i386.rpm, Linux 8.0, i686, i386

A buffer overflow vulnerability exists in the ‘ubsec_keysetup()’ function in '/drivers/crypto/bcm/pkey.c,' which could let a malicious user cause a Denial of Service or possibly execute arbitrary code.

Red Hat:
http://rhn.redhat.com/
errata/RHSA-2004-549.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

Currently we are not aware of any exploits for this vulnerability.

(High if arbitrary code can be executed; and Low if a DoS)

Red Hat Advisory: RHSA-2004:549-10, December 2, 2004

RedHat Security Advisory, RHSA-2005:283-15, April 28, 2005

RedHat

Enterprise Linux WS 3, ES 3, AS 3

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-293.html

Currently we are not aware of any exploits for this vulnerability.

Rob Flynn

Gaim 1.0-1.0.2, 1.1.1, 1.1.2

Upgrades available at:
http://gaim.sourceforge.net/
downloads.php

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-03.xml

Mandrake:
Http://www.mandrakesecure.net/
en/advisories/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-215.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Peachtree:
http://peachtree.burdell.org/
updates/

Debian:
http://security.debian.org/
pool/updates/main/g/gaim/

There is no exploit code required.

Gaim Advisory, February 17, 2005

Fedora Update Notifications,
FEDORA-2005-159 & 160, February 21, 2005

US-CERT VU#839280

US-CERT VU#523888

Ubuntu Security Notice, USN-85-1 February 25, 2005

Gentoo Linux Security Advisory, GLSA 200503-03, March 1, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:049, March 4, 2005

RedHat Security Advisory, RHSA-2005:215-11, March 10, 2005

Conectiva Linux Security Announcement, CLA-2005:933, March 14, 2005

Peachtree Linux Security Notice, PLSN-0002, April 21, 2005

Debian Security Advisory, DSA 716-1, April 27, 2005

Robert Styma Consulting

Ce/Ceterm (ARPUS/Ce) 2.x

No workaround or patch available at time of publishing.

Exploit scripts have been published.

Rootkit.nl

Rootkit Hunter 1.2-1.2.3

Several vulnerabilities have been reported because temporary files are insecurely opened or created due to a design error, which could let a malicious user corrupt arbitrary files with elevated privileges.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-25.xml

There is no exploit code required.

Secunia Advisory, SA15127, April 27, 2005

Gentoo Linux Security Advisory GLSA 200504-25, April 26, 2005

Survivor

Survivor 0.9.5 a

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://www.columbia.edu/acis/dev/
projects/survivor/dl/survivor-0.9.6.tar.gz

There is no exploit code required.

Vladislav Bogdanov

SNMP Proxy Daemon 0.4-0.4.5

A format string vulnerability has been reported in SNMPPD due to insufficient sanitization of user-supplied input before using in a formatted printing function, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script has been published.

INetCop Security Advisory #2005-0x82-027, April 24, 2005

Security Focus, 13348, April 29,2005

BakBone

NetVault 7.1

A vulnerability has been reported because 'vstatsmngr.exe' can be manipulated to obtain elevated privileges.

No workaround or patch available at time of publishing.

An exploit script has been published.

BEA Systems, Inc,

WebLogic Express 8.x, WebLogic Server 8.x

No workaround or patch available at time of publishing.

There is no exploit code required; hover, a Proof of Concept exploit has been published.

Claroline

Claroline 1.5.3, 1.6 rc1, 1.6 beta

Upgrades available at:
http://www.claroline.net/dlarea/

There is no exploit code required; however, Proofs of Concept exploits have been published.

codetosell.com

ViArt Shop Enterprise 2.x

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'basket.php,' 'forum.php,' 'page.php,' 'reviews.php,' 'products.php,' and 'news_view.php' scripts due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-SIte Scripting vulnerability was reported in the 'forum_new_thread.php' script due to insufficient sanitization of input passed to the nickname, email, topic and message fields and the nickname and message fields in 'forum_threads.php,' which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concepts have been published.

Secunia Advisory, SA15181, May 2, 2005

dream4

Koobi CMS 4.2.3

An SQL injection vulnerability was reported in the 'index.php' due to insufficient sanitization of the 'p' and 'q' parameters, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Dream4 Koobi CMS Index.PHP P Parameter SQL Injection

CAN-2005-1373

Ethereal Group

Ethereal 0.9-0.9.16, 0.10-0.10.9

Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported in the Etheric dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability has been reported in the GPRS-LLC dissector if the 'ignore cipher bit' option is enabled; a buffer overflow vulnerability has been reported in the 3GPP2 A11 dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and remote Denial of Service vulnerabilities have been reported in the JXTA and sFLow dissectors.

Upgrades available at:
http://www.ethereal.com/
download.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-16.xml

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-306.html

ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.org/
pool/updates/main/e/ethereal/

A Denial of Service Proof of Concept exploit script has been published.

Ethereal Advisory, enpa-sa-00018, March 12, 2005

Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005

Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005

RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005

Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005

ALTLinux Security Advisory, March 29, 2005

Debian Security Advisory, DSA 718-1, April 28, 2005

GrayCMS

GrayCMS 1.1

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Secunia Advisory, SA15133, April 27, 2005

Hewlett Packard Company

Radia Management Portal 1.0, 2.0

A vulnerability has been reported in the Radia Management Agent due to an unspecified flaw, which could let a remote malicious user cause a Denial of Service or execute arbitrary code with SYSTEM privileges on a Windows platform and elevated privileges on UNIX-based platforms.

Updates available at: http://support.openview.hp.com

Currently we are not aware of any exploits for this vulnerability.

Horde Project

Horde Kronolith Module

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/kronolith/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15080, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde Passwd Module 2.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/passwd/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15075, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

HordeTurba Module 1.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/turba/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15074, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde Accounts Module 2.1, 2.1.1

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/accounts/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15081, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde Chora 1.1-1.2.2

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/chora/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15083, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde Forwards Module 2.1-2.2.1

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/forwards/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15082, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde IMP Webmail Client 3.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
ftp://ftp.horde.org/pub/imp/
imp-3.2.8.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15080, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde Mnemo 1.1-1.1.3

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/mnemo/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory,
SA15078, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

Horde Vacation 2.0-2.2.1

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/vacation/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15073, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

Horde Project

HordeNag 1.1-1.1.2

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to a parent's frame page title, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.horde.org/nag/
download/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-01.xml

There is no exploit code required.

Secunia Advisory, SA15079, April 25, 2005

Gentoo Linux Security Advisory, GLSA 200505-01, May 2, 2005

IBM

Lotus Domino 6.0.x, 6.5.x; prior to 6.0.5, prior to 6.5.4

An input validation vulnerability has been reported in the '@SetHTTPHeader' function when invoked by specially crafted code, which could let a malicious user conduct HTTP response splitting attacks.

Update information available at:
http://www-1.ibm.com/support/
docview.wss?rs=463&uid=
swg21202437

Currently we are not aware of any exploits for this vulnerability.

IBM

Lotus Domino 6.0.x, 6.5.x; prior to 6.0.5, prior to 6.5.4

Update information available at:
http://www-1.ibm.com/
support/docview.wss?rs
=463&uid=swg21202525

Currently we are not aware of any exploits for this vulnerability

IBM

Lotus Notes 6.0.x, 6.5.x; prior to 6.0.5, prior to 6.5.4

A Denial of Service vulnerability has been reported because a malicious user can modify the 'NOTES.INI' file.

Update information available at:
http://www-1.ibm.com/
support/docview.wss?rs
=463&uid=swg21202526

Currently we are not aware of any exploits for this vulnerability.

Invision Power Services

Invision Power Board 2.0.3, 2.1 Alpha 2

A Cross-Site Scripting vulnerability has been reported due to insufficient validation of user-supplied input in certain URL parameters, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Just William's

Amazon Webstore 04050100

Cross-Site Scripting vulnerabilities have been reported in the 'index.php' and 'closeup.php' scripts due to insufficient validation of the 'CurrentIsExpanded,' 'image,' ''searchFor,' and 'currentNumber' parameters, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Morgan Harvey

SitePanel 2.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability as reported in '5.php' due to insufficient verification of the 'id' parameter, which could let a remote malicious user delete arbitrary files; a vulnerability was reported in 'index.php' due to insufficient verification of the 'lang' parameter, which could let a remote malicious user include arbitrary files; an input validation vulnerability was reported when handling attachments in trouble tickets, which could let a remote malicious user upload arbitrary files; and a vulnerability was reported in 'main.php' due to insufficient verification of the 'p' parameter, which could let a remote malicious user include arbitrary files.

Update available at:
http://www.sitepanel2.com/

Proofs of Concept exploits have been published.

Mozilla.org

Firefox 1.x, 0.x,
Mozilla 1.7.x, 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, 1.0, 0.x

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-10.xml

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

Slackware:
http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-security
.000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

A Proof of Concept exploit has been published.

Vulnerability has appeared in the press and other public media.

Secunia SA13129, December 8, 2004

Gentoo Linux Security Advisory GLSA 200503-10, March 4, 2005

Fedora Update Notifications,
FEDORA-2005-248 & 249,
2005-03-23

Fedora Update Notifications,
FEDORA-2005-251 & 253, March 25, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

Slackware Security Advisory, March 28, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Mozilla.org

Mozilla Browser 1.0-1.0.2, 1.1-1.7.6, Firefox 0.8-0.10.1, 1.0.1, 1.0.2

Upgrades available at:
http://www.mozilla.org/
products/firefox/

http://www.mozilla.org/
products/mozilla1.x/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

There is no exploit code required.

Mozilla Foundation Security Advisories, 2005-35 - 2005-41, April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005

Turbolinux Security Advisory, TLSA-2005-49, April 21, 2005

US-CERT VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Mozilla.org

Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2

Mozilla Browser:
http://www.mozilla.org/products
/mozilla1.x/

Firefox:
http://www.mozilla.org/products
/firefox/

Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.org/glsa
/glsa-200503-30.xml

http://security.gentoo.org
/glsa/glsa-200503-31.xml

Slackware:
http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-security.
000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

A Proof of Concept exploit has been published.

Mozilla Foundation Security Advisory 2005-32, March 23, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Mozilla

Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x

Mozilla Firefox 0.x

Mozilla Thunderbird 0.x

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that can permit users to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.

Mozilla: Update to version 1.7.5:
http://www.mozilla.org/products/
mozilla1.x/

Firefox: Update to version 1.0:
http://www.mozilla.org/products/
firefox/

Thunderbird: Update to version 1.0:
http://www.mozilla.org/products/
thunderbird/

Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Slackware:
http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-security.
000123

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

Currently we are not aware of any exploits for these vulnerabilities.

Mozilla Foundation Security Advisory 2005-01, 03, 04, 07, 08, 09, 10, 11, 12

Fedora Update Notification,
FEDORA-2005-248, 249, 251, 253, March 23 & 25, 2005

Slackware Security Advisory, SSA:2005-085-01, March 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Mozilla

Mozilla Firefox 1.0 and 1.0.1

A vulnerability exists that could let remote malicious users conduct Cross-Site Scripting attacks. This is due to missing URI handler validation when dragging an image with a "javascript:" URL to the address bar.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

A Proof of Concept exploit has been published.

Secunia SA14406, March 1, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Multiple Vendors

Mozilla Firefox 1.0; Gentoo Linux; Thunderbird 0.6, 0.7- 0.7.3, 0.8, 0.9, 1.0, 1.0.1;
Netscape Netscape 7.2

There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows.

A fix is available via the CVS repository

Fedora:
ftp://aix.software.ibm.com/aix/
efixes/security/perl58x.tar.Z

Red Hat:
http://rhn.redhat.com/errata/
RHSA-2005-176.html

Gentoo:
http://www.gentoo.org/security/en/
glsa/glsa-200503-10.xml

Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2
&os=win<=en-US

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

A Proof of Concept exploit has been published.

Mozilla Firefox Multiple Vulnerabilities

CAN-2005-0230
CAN-2005-0231
CAN-2005-0232

Security Tracker Alert ID: 1013108, February 8, 2005

Fedora Update Notification,
FEDORA-2005-182, February 26, 2005

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

Security Focus, 12468, March 22, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Multiple Vendors

Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon K-Meleon 0.9; Netscape 7.2; K-Meleon 0.9

A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information.

The vendor has issued a fix, available via CVS.

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-383.html

http://rhn.redhat.com/errata/
RHSA-2005-386.html

Slackware:
http://www.mozilla.org
/projects/security/known-vulnerabilities.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-384.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Security Tracker Alert, 1013635, April 4, 2005

Security Focus, 12988, April 16, 2005

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08, April 21 & 26, 2005

Turbolinux Security Advisory, TLSA-2005-49, April 21, 2005

Slackware Security Advisory, SSA:2005-111-04, April 22, 2005

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

Multiple Vendors

ALT Linux Compact 2.3, Junior 2.3; Apple Mac OS X 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8, Mac OS X Server 10.0, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8; MIT Kerberos 5 1.0, 5 1.0.6, 5 1.0.8, 51.1-5 1.4; Netkit Linux Netkit 0.9-0.12, 0.14-0.17, 0.17.17; Openwall GNU/*/Linux (Owl)-current, 1.0, 1.1; FreeBSD 4.10-PRERELEASE, 2.0, 4.0 .x, -RELENG, alpha, 4.0, 4.1, 4.1.1 -STABLE, -RELEASE, 4.1.1, 4.2, -STABLEpre122300, -STABLEpre050201, 4.2 -STABLE, -RELEASE,
4.2, 4.3 -STABLE, -RELENG, 4.3 -RELEASE-p38, 4.3 -RELEASE, 4.3, 4.4 -STABLE, -RELENG, -RELEASE-p42, 4.4, 4.5 -STABLEpre2002-03-07, 4.5 -STABLE,
-RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, -RELENG, 4.6 -RELEASE-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7 -RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG,
4.8 -RELEASE-p7, 4.8 -PRERELEASE, 4.8, 4.9 -RELENG, 4.9 -PRERELEASE, 4.9, 4.10 -RELENG, 4.10 -RELEASE,
4.10, 4.11 -STABLE, 5.0 -RELENG, 5.0, 5.1 -RELENG, 5.1 -RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2,
5.2.1 -RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3, 5.4 -PRERELEASE; SuSE Linux 7.0, sparc, ppc, i386, alpha, 7.1, x86, sparc, ppc, alpha, 7.2, i386

Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code.

ALTLinux:
http://lists.altlinux.ru/pipermail
/security-announce/2005-
March/000287.html

Apple:
http://wsidecar.apple.com/cgi-bin/
nph-reg3rdpty1.pl/product=05529&
platform=osx&method=sa/SecUpd
2005-003Pan.dmg

Debian:
http://security.debian.org/pool/
updates/main/n/netkit-telnet/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:01/

MIT Kerberos:
http://web.mit.edu/kerberos/|
advisories/2005-001-patch
_1.4.txt

Netkit:
ftp://ftp.uk.linux.org/pub/linux/
Networking/netkit/

Openwall:
http://www.openwall.com/Owl/
CHANGES-current.shtml

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-327.html

Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=
1-26-57755-1

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/n/netkit-telnet/

OpenBSD:
http://www.openbsd.org/
errata.html#telnet

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-36.xml

http://security.gentoo.org/
glsa/glsa-200504-01.xml

Debian:
http://security.debian.org/
pool/updates/main/k/krb5/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-04.xml

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.21

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57761-1

Openwall:
http://www.openwall.com/
Owl/CHANGES-current.shtml

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-088_RHSA-2005-330.pdf

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-28.xml

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57761-1

OpenWall:
http://www.openwall.com/
Owl/CHANGES-current.shtml

Currently we are not aware of any exploits for these vulnerabilities.

iDEFENSE Security Advisory,
March 28, 2005

US-CERT VU#291924

Mandrakelinux Security Update Advisory, MDKSA-2005:061,
March 30, 2005

Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 &
April 1, 2005

Debian Security Advisory, DSA 703-1, April 1, 2005

US-CERT VU#341908

Gentoo Linux Security Advisory, GLSA 200504-04,
April 6, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Sun(sm) Alert Notification, 57761,
April 7, 2005

SCO Security Advisory, SCOSA-2005.21,
April 8, 2005

Avaya Security Advisory, ASA-2005-088, April 27, 2005

Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005

Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005

Sun(sm) Alert Notification, 57761, April 29, 2005

Multiple Vendors

MPlayer 1.0pre6 & prior; Xine 0.9.9-1.0; Peachtree Linux release 1

Several vulnerabilities have been reported: a buffer overflow vulnerability has been reported due to a boundary error when processing lines from RealMedia RTSP streams, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported due to a boundary error when processing stream IDs from Microsoft Media Services MMST streams, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.mplayerhq.hu/
MPlayer/patches/rtsp_
fix_20050415.diff

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-19.xml

Patches available at:
http://cvs.sourceforge.net/viewcvs.py/
xine/xinelib/src/input/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-27.xml

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Currently we are not aware of any exploits for these vulnerabilities.

Security Tracker Alert,1013771, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-19, April 20, 200

Peachtree Linux Security Notice, PLSN-0003, April 21, 2005

Xine Security Announcement, XSA-2004-8, April 21, 2005

Gentoo Linux Security Advisory, GLSA 200504-27, April 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Slackware Security Advisory, SSA:2005-121-02, May 3, 2005

Multiple Vendors

See US-CERT VU#222750 for complete list

Cisco:
http://www.cisco.com/warp/
public/707/cisco-sa-
20050412-icmp.shtml

IBM:
ftp://aix.software.ibm.com/aix/
efixes/security/icmp_efix.tar.Z

RedHat:
http://rhn.redhat.com/errata/

Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57746-1

Currently we are not aware of any exploits for these vulnerabilities.

US-CERT VU#222750

Sun(sm) Alert Notification, 57746, April 29, 2005

US-CERT VU#415294

Multiple Vendors

Squid Web Proxy Cache 2.3, STABLE2, STABLE4-STABLE7, 2.5, STABLE1, STABLE3-STABLE9

A remote Denial of Service vulnerability has been reported when a malicious user prematurely aborts a connection during a PUT or POST request.

Patches available at:
http://www1.uk.squid-
cache.org/Versions/
v2/2.5/bugs/squid-2.5.
STABLE7-post.patch

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

There is no exploit code required.

Security Focus, 13166, April 14, 2005

Turbolinux Security Advisory, TLSA-2005-53, April 28, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

MyPHP Forum

MyPHP Forum 1.0

A vulnerability has been reported in 'post.php' and 'privmsg.php' because the username can be spoofed by modifying the 'nbuser' and 'sender' parameter, which could let a remote malicious user conduct spoofing attacks.

No workaround or patch available at time of publishing.

There is no exploit code required.

Oracle Corporation

Oracle Application Server 10g,
Oracle9i Application Server,
Oracle9iAS Web Cache

Several vulnerabilities have been reported: a vulnerability was reported in 'webcacheadmin' on port 4000 due to insufficient sanitization of the 'cache_dump_file' and 'PartialPageErrorPage' parameters, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in the 'cache_dump_file' parameter, which could let a remote malicious user corrupt arbitrary files; and a vulnerability was reported because restricted URLs on port 7779 can be accessed via the Web Cache on port 7778.

The vendor has reportedly fixed the vulnerabilities silently. Ensure that the latest patches have been installed.

Proofs of Concept exploits have been published.

OXPUS.de

Notes mod

An SQL injection vulnerability has been reported in the 'posting_notes.php' module due to insufficient validation of the 'post_id' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Group

PHP 4.0-4.0.7, 4.0.7 RC1-RC3, 4.1 .0-4.1.2, 4.2 .0-4.2.3, 4.3-4.3.8, 5.0 candidate 1-3, 5.0 .0-5.0.2

A vulnerability exists in the 'open_basedir' directory setting due to a failure of the cURL module to properly enforce restrictions, which could let a malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

FedoraLegacy: http://download.fedoralegacy.org
/redhat/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-405.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Security Tracker Alert ID, 1011984, October 28, 2004

Ubuntu Security Notice, USN-66-1, January 20, 2005

Ubuntu Security Notice, USN-66-2, February 17, 2005

Fedora Legacy Update Advisory, FLSA:2344, March 7, 2005

RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005

PHP Group

PHP prior to 5.0.4; Peachtree Linux release 1

Multiple Denial of Service vulnerabilities have been reported in 'getimagesize().'

Upgrade available at:
http://ca.php.net/get/php-
4.3.11.tar.gz/from/a/mirror

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Debian:
http://security.debian.org/
pool/updates/main/p/php3/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-15.xml

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

Peachtree:
http://peachtree.burdell.org/
updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-405.html

Currently we are not aware of any exploits for these vulnerabilities.

iDEFENSE Security Advisory,
March 31, 2005

Ubuntu Security Notice, USN-105-1, April 05, 2005

Slackware Security Advisory, SSA:2005-
095-01,
April 6, 2005

Debian Security Advisory, DSA 708-1, April 15, 2005

SUSE Security Announcement, SUSE-SA:2005:023, April 15, 2005

Gentoo Linux Security Advisory, GLSA 200504-15, April 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:072, April 19, 2005

Peachtree Linux Security Notice, PLSN-0001, April 21, 2005

Turbolinux Security Advisory, TLSA-2005-50, April 28, 2005

RedHat Security Advisory, RHSA-2005:405-06, April 28, 2005

PHP-Calendar

PHP-Calendar 0.x

An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of an unspecified parameter, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://prdownloads.sourceforge.net/
php-calendar/php-calendar-0.10.3.tar.gz?download

There is no exploit code required.

PHPCart

PHPCart 3.x

A vulnerability has been reported in 'phpcart.php' due to insufficient verification of the 'price' and 'postage' parameters, which could let a remote malicious user manipulate invoice and payment charges.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

phpCOIN

phpCOIN 1.2, 1.2.1 b, 1.2.1

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concepts have been published.

S9Y

Serendipity 0.7, -rc1, beta1-beta4, 0.7.1, Serendipity 0.8 -beta6 Snapshot, 0.8 -beta5 and beta6

Upgrades available at: http://www.s9y.org/12.html

There is no exploit code required.