 |
Summary of Security Items from June 22 through June 28, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name/
CVE Reference |
Risk |
Source |
Active Web Softwares
ActiveBuy
andSell V6.X |
A vulnerability has been reported in ActiveBuyandsell that could let a malicious remote user perform SQL injection or Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
ActiveBuy
andSell SQL Injection & Cross-Site Scripting
CAN-2005-2062
CAN-2005-2063 |
High |
Secunia Advisory, SA15837, June 27, 2005 |
Advanced Browser
Advanced Browser V8.0.2 |
A javascript spoofing vulnerability has been reported in Advanced Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Advanced Browser Javascript Spoofing |
Medium |
Security Tracker Alert ID: 1014270, June 23, 2005 |
ASP Nuke
ASP Nuke V0.8 |
Multiple vulnerabilities have been reported in ASP Nuke that could allow a remote malicious user to perform SQL injection or Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ASP Nuke SQL Injection & Cross Site Scripting
CAN-2005-2064
CAN-2005-2065
CAN-2005-2066
|
High |
Security Focus, Bugtraq ID: 14062, 13318, 14063,14064, June 27, 2005 |
ASP
Playground
ASP
Playground
.NET V3.2SP1 |
A vulnerability has been reported in ASPPlayground.NET that could allow a remote malicious user to upload arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
ASPPlayground .NET Arbitrary Upload
|
High |
Security Tracker Alert ID: 1014309, June 27, 2005 |
Fast Browser
Fast Browser Pro V8.1 |
A javascript spoofing vulnerability has been reported in Fast Browser Pro that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Fast Browser Pro Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014296, June 27, 2005 |
Flashpeak
Slim Browser V4.05.007 |
A javascript spoofing vulnerability has been reported in Slim Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Slim Browser Javascript Spoofing |
Medium |
Security Tracker Alert ID: 1014266, June 22, 2005 |
Hewlett Packard
HP Version Control Repository Manager V2.x
|
A password disclosure vulnerability has been reported in HP Version Control Repository Manager that could disclose the proxy password to local users.
An update is available: http://h18023.www1.hp.com/
support/files/server/us/
download/22563.html
There is no exploit code required. |
HP VCRM Password Disclosure
CAN-2005-2076 |
Medium |
Secunia, Advisory: SA15790, June 23, 2005 |
Hosting Controller
Hosting Controller Error.ASP |
A vulnerability has been reported in Error.ASP that could allow a remote malicious user to perform Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Hosting Controller Error.ASP
Cross-Site Scripting
CAN-2005-2077
|
High |
Security Focus, Bugtraq ID: 14080, June 28, 2005 |
IPSwitch
WhatsUp Professional V2005SP1 |
An input validation vulnerability has been reported in Ipswitch WhatsUp Professional that could let malicious users perform SQL injection.
Update to Service Pack 1a: http://www.ipswitch.com/Support/
whatsup_professional/releases/
wup2005sp1a.html
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
Ipswitch WhatsUp Professional SQL Injection Vulnerability
CAN-2005-1250
|
High |
iDEFENSE, Security Advisory 06.22.05, June 22, 2005 |
Microsoft
Microsoft Internet Explorer 6.0, SP1&SP2 |
A vulnerability has been reported in Microsoft Internet Explorer, which could let malicious websites to spoof dialog boxes.
Advisory available at:
http://www.microsoft.com/
technet/security/advisory/
902333.mspx
Currently we are not aware of any exploit for this vulnerability. |
Microsoft Internet Explorer Dialog Origin Spoofing |
Medium |
Secunia, Advisory, SA15491, June 21, 2005
Microsoft Security Advisory (902333), June 21, 2005 |
Microsoft
Visio 2002, SP1, SharePoint Portal Server 2001, SP1, Office XP, SP1-SP3,
|
A vulnerability has been reported in Microsoft Log Sink Class ActiveX Control that could allow a remote malicious user to create arbitrary files.
Update available at:
http://www.microsoft.com/
downloads/details.aspx?
familyid=0dd4c99a-9196
-421b-83f0-3d2f93189028&
displaylang=en
An exploit has been published. |
Microsoft Log Sink Class ActiveX Control
CAN-2005-0360 |
High |
US-CERT VU#165022 |
Microsoft
Outlook Express 5.5, 6 |
A remote code execution vulnerability has been reported in Outlook Express when it is used as a newsgroup reader. A malicious user could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news.
Updates available: http://www.microsoft.com
/technet/security/Bulletin/
MS05-030.mspx
An exploit has been published. |
Microsoft Outlook Express Could Allow Remote Code Execution
CAN-2005-1213
|
High |
Microsoft, MS05-030, June 14, 2004
US-CERT VU#130614
Security Focus, Bugtraq ID: 13951, June 24, 2005 |
Microsoft
Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems |
A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.microsoft.com/
technet/security/bulletin/
MS05-011.mspx
Microsoft Windows NT 4.0 has also been found vulnerable to the issue; however, this platform is no longer publicly supported by Microsoft. A patch is available for customers that have an active end-of-life support agreement including extended Windows NT 4.0 support. Information regarding the end-of-life support agreement can be found at the following location:
http://www.microsoft.com/
presspass/features/2004/
dec04/12-03NTSupport.asp
An exploit has been published. |
|
High |
Microsoft Security Bulletin, MS05-011, February 8, 2005
US-CERT Technical Cyber Security Alert TA05-039A
US-CERT Cyber Security Alert SA05-039A
US-CERT Vulnerability Note VU#652537
Security Focus, 12484, March 9, 2005
Security Focus, Bugtraq ID: 12484, June 23, 2005 |
MyInternet
MyInternet Browser V10.0.0.0 |
A javascript spoofing vulnerability has been reported in MyInternet Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
MyInternet Browser Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014295, June 27, 2005 |
NetCaptor
NetCaptor Browse V7.5.4 |
A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
NetCaptor Browser Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014265, June 22, 2005 |
Omni
Omni Browser 2.0 |
A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Omni Browser Javascript Spoofing |
Medium |
Security Tracker Alert ID: 1014286, June 23, 2005 |
Optimal Access
Optimal Desktop V4.00 |
A javascript spoofing vulnerability has been reported in Optimal Desktop that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Optimal Desktop Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014298, June 27, 2005 |
Sofotex
BisonFTP Server V4R1 |
A vulnerability has been reported in BisonFTP Server that could allow remote malicious users to perform a Denial of Service.
No workaround or patch available at time of publishing.
An exploit has been published. |
BisonFTP Server Denial of Service
CAN-2005-2078 |
Low |
Security Focus, Bugtraq ID: 14079, June 28, 2005 |
Sukru Alatas
Sukru Alatas Guestbook V3.1 |
A vulnerability has been reported in Sukru Alatas Guestbook that could allow database disclosure to remote malicious users.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Sukru Alatas Guestbook Database Disclosure
|
Medium |
Secunia Advisory: SA15832, June 28, 2005 |
| TCP-IP Datalook 1.3 |
A vulnerability has been reported in TCP-IP Datalook that could let a local malicious user perform a Denial of Service.
No workaround or patch available at time of publishing.
An exploit has been published. |
TCP-IP Datalook Denial of Service
|
Low |
Security Tracker Alert ID: 1014291, June 26, 2005 |
Telligent Systems
Community Server Forums |
A vulnerability has been reported in Community Server Forums that could let a remote malicious user perform Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Community Server Forums Cross-Site Scripting |
High |
Security Focus, Bugtraq ID: 14078, June 28, 2005 |
True North Software Inc.
IA eMailServer V5.2.2 |
An IMAP list command validation vulnerability has been reported in IA eMailServer that could let remote malicious users perform a Denial of Service.
Upgrade to version 5.3.4 Build 2019.
An exploit script has been published. |
IA eMailServer Denial of Service
|
Low |
Secunia Advisory: SA15838, June 28, 2005 |
Veritas
Veritas Backup Exec 10.0 |
Multiple vulnerabilities have been reported in Veritas Backup Exec that could let remote malicious users perform arbitrary code execution, elevate privileges, perform a DoS, or even crash systems.
A patch is available from the vendor: http://seer.support.veritas.com/
docs/277429.htm
Currently we are not aware of any exploits for this vulnerability. |
Veritas Backup Exec Multiple Vulnerabilities
CAN-2005-0771
CAN-2005-0772
CAN-2005-0773
|
High |
Secunia, Advisory: SA15789, June 23, 2005
VERITAS Security Advisory VX05-006, VX05-007, VX05-008, June 23, 3005
US-CERT VU#584505, VU#352625, VU#492105 |
Wichio
Wichio 27Tools-in-1 Browser V4.2 |
A javascript spoofing vulnerability has been reported in Wichio 27Tools-in-1 Browser that could let remote malicious users spoof Javascript dialog boxes.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Wichio 27Tools-in-1 Browser Javascript Spoofing
|
Medium |
Security Tracker Alert ID: 1014297, June 27, 2005 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat Reader 7.0.1, 7.0, Acrobat 7.0.1, 7.0
|
Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a remote malicious user execute arbitrary programs via a specially crafted PDF document that contains JavaScript; and a vulnerability was reported in the updater because Safari Frameworks folder permissions can be elevated for all users when downloading updates. Only UNIX running on Mac OS is affected.
Upgrades available at:
http://www.adobe.com
/support/downloads/
There is no exploit code required. |
|
Medium |
Secunia
Advisory, SA15827,
June 28, 2005 |
Apache
Spam
Assassin 3.0.1, 3.0.2, 3.0.3 |
A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.
A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-498.html
Mandriva:
http://www.mandriva.com/
security/advisories
There is no exploit code required. |
|
Low |
Security Tracker Alert ID: 1014219,
June 16, 2005
Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005
Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200
SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005
RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005 |
Freedesk
top.org
D-BUS 0.23 & prior |
A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.
Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-102.html
Mandriva:
http://www.mandriva.com/
security/advisories
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/d
/dbus/dbus
There is no exploit code required. |
|
Medium |
Security Tracker Alert ID,1013075, February 3, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:105,
June 24, 2005
Ubuntu Security Notice,
USN-144-1,
June 27, 2005
|
FreeRADIUS Server
Project
FreeRADIUS 1.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml
SuSE:
ftp://ftp.suse.com/pub/suse/
FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html
There is no exploit code required. |
|
High |
Security Tracker Alert ID: 1013909, May 6, 2005
Gentoo Linux Security
Advisory, GLSA 200505-13,
May 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Security Focus, 13541, June 10, 2005
RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005
|
GD Graphics Library
gdlib 2.0.23, 2.0.26-2.0.28; Avaya Converged Communi-cations Server 2.0, Intuity LX
Avaya MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing
Avaya S8300 R2.0.1,R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0 |
A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
OpenPKG:
ftp://ftp.openpkg.org/release/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
libg/libgd2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-08.xml
Debian:
http://security.debian.org/
pool/updates/main/libg
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Debian:
http://security.debian.org/pool
/updates/main/libg/libgd/
Red Hat:
http://rhn.redhat.com/
errata/RHSA-2004-638.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-017_
RHSA-2004-638.pdf
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/
updates/
An exploit script has been published. |
|
High |
Secunia Advisory,
SA12996, October 28, 2004
Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004
Ubuntu Security Notice, USN-21-1, November 9, 2004
Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004
Fedora Update Notifications,
FEDORA-2004-411 & 412, November 11, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
Ubuntu Security Notice, USN-25-1, November 16, 2004
SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004
Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004
Red Hat Advisory, RHSA-2004:638-09, December 17, 2004
Avaya Security Advisory, ASA-2005-017, January 18, 2005
SGI Security Advisory, 20050602-
01-U, June 23, 2005 |
gFTP
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 |
A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://www.gftp.org/
gftp-2.0.18.tar.gz
Debian:
http://security.debian.org/
pool/updates/main/g/gftp/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-410.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
There is no exploit code required. |
|
Medium |
Security Focus, February 14, 2005
Debian Security Advisory, DSA 686-1, February 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005
Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005
RedHat Security Advisory, RHSA-2005:410-07, June 13, 2005
Conectiva Security Advisory, CLSA-2005:957, May 31, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNOME
gEdit 2.0.2, 2.2 .0, 2.10.2 |
A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
An exploit has been published. |
|
High |
Securiteam, May 22, 2005
Ubuntu Security Notice, USN-138-1, June 09, 2005
Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005
RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:102, June 16, 2005
Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
There is no exploit code required. |
|
Medium |
Bugtraq, 395703, April 13, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
GNU
cpio 2.6 |
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
A Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396429, April 20, 2005
Gentoo Linux Security Advisory, GLSA 200506-16, June 20, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
GNU
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 |
A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
IPCop:
http://ipcop.org/modules.php?
op=modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=dateD
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch
OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.009-openpkg.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Proof of Concept exploit has been published. |
|
Medium |
Bugtraq, 396397, April 20, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Security Focus,13290, May 11, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNU
shtool 2.0.1 & prior |
A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml
OpenPKG:
ftp://ftp.openpkg.org/
release/2.3
There is no exploit code required. |
|
Medium |
Secunia Advisory, SA15496, May 25, 2005
Gentoo Linux Security Advisory, GLSA 200506-08, June 11, 200
OpenPKG Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005 |
GNU
gzip 1.2.4, 1.3.3 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
There is no exploit code required. |
|
Medium |
Security Focus,
12996,
April 5, 2005
Ubuntu Security Notice,
USN-116-1,
May 4, 2005
Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005
RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
GNU
wget 1.9.1 |
A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
http://http.trustix.org/
pub/trustix/updates/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/w/wget/
A Proof of Concept exploit script has been published. |
|
Medium |
Security Tracker Alert ID: 1012472, December 10, 2004
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005
Ubuntu Security Notice, USN-145-1, June 28, 2005
|
GNU
zgrep 1.2.4 |
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626
Mandriva:
http://www.mandriva.com/
security/advisories
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
There is no exploit code required. |
|
High |
Security Tracker Alert, 1013928, May 10, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005
Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005
RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005
RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005
Fedora Update Notification,
FEDORA-2005-471, June 27, 2005
|
LibTIFF
LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1 |
A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/
SuSE:
ftp://ftp.suse.com/pub/suse/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005
Ubuntu Security Notice, USN-130-1, May 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Turbolinux Security Advisory, TLSA-2005-72, June 28, 2005 |
Linux Support Services, Inc.
Asterisk 1.0.7, Asterisk CVS HEAD |
A buffer overflow vulnerability has been reported in the manager interface due to insufficient bounds checks, which could let a remote malicious user execute arbitrary code. Note: The manager interface is not enabled by default.
Updates available at:
http://www.asterisk.org/
index.php?menu=download
Currently we are not aware of any exploits for this vulnerability. |
Linux Support Services Asterisk Manager Interface Remote Buffer Overflow |
High |
Security Tracker Alert, 1014268, June 22, 2005 |
Multiple Vendors
FreeBSD 5.4 & prior |
A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.
Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-05:09.htt.asc
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101739-1
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure
CAN-2005-0109
|
Medium |
FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005
SCO Security Advisory, SCOSA-2005.24, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
US-CERT VU#911878
RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005
Sun(sm) Alert Notification, 101739, June 1, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005 |
Multiple Vendors
Gentoo Linux;
Samba Samba 3.0-3.0.7
|
A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation.
Patch available at:
http://us4.samba.org/samba/
ftp/patches/security/samba-
3.0.7-CAN-2004-0930.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-21.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
i386/update/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/samba/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2004-632.html
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SGI:
http://www.sgi.com/
support/security/
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux
/TurboLinux/ia32/
Server/10/updates/
OpenPKG:
http://www.openpkg.org/
security.html
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101783-1
There is no exploit code required. |
Multiple Vendors Samba Remote Wild Card Denial of Service
CAN-2004-0930
|
Low |
Security Focus, November 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004
RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004
Conectiva Linux Security Announce-
ment, CLA-2004:899, November 25, 2004
Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004
Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004
SGI Security Advisory, 20041201-01-P, December 13, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004
SCO Security Advisory, SCOSA-2005.17, March 7, 2005
Sun(sm) Alert Notification, 101783, June 23, 2005 |
Multiple Vendors
Linux kernel 2.6.1-2.6.11, 2.6 test1-test11 |
A vulnerability has been reported because commands sent to a SCSI device can change the driver parameters, which could let a malicious user obtain unauthorized access.
Updates available at:
http://kernel.org/pub/linux/|
kernel/v2.6/testing/
ChangeLog-2.6.12-rc1
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel Unauthorized SCSI Command |
Medium |
Security Focus, 14040, June 23, 2005 |
Multiple Vendors
RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6 |
A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.
Update available at:
http://cvs.tcpdump.org/cgi-bin/
cvsweb/tcpdump/print-bgp.c
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/
Mandriva:
http://www.mandriva.com/
security/advisories
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/
TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/
A Proof of Concept exploit script has been published. |
|
Low |
Security Tracker Alert, 1014133, June 8, 2005
Fedora Update Notification,
FEDORA-2005-406, June 9, 2005
Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:101, June 15, 2005
Fedora Update Notification,
FEDORA-2005-407, June 16, 2005
Ubuntu Security Notice, USN-141-1, June 21, 2005
Turbolinux Security Advisory, TLSA-2005-69, June 22, 2005 |
Multiple Vendors
Squid Web
Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7 |
A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.
Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
setcookie.patch
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Conectiva:
ftp://atualizacoes.
conectiva.com.br/
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required.
|
Squid Proxy Set-Cookie Headers Information Disclosure
CAN-2005-0626
|
Medium |
Secunia Advisory, SA14451,
March 3, 2005
Ubuntu Security
Notice,
USN-93-1
March 08, 2005
Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005
Conectiva Linux Security Announce-
ment, CLA-2005:948, April 27, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005
RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005
Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 |
Multiple Vendors
Gentoo Linux;
GNU GDB 6.3 |
Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdb/
http://security.ubuntu.com/
ubuntu/pool/main/b/binutils/
Mandriva:
http://www.mandriva.com/
security/advisories
Trustix:
http://http.trustix.org/pub/
trustix/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005
Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 |
Multiple Vendors
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8 |
Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.
Debian:
http://security.debian.org/pool/
updates/main/g/gdk-pixbuf/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SuSE:
ftp://ftp.suse.com/pub/suse/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-28.xml
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedoralegacy.org/
redhat/
Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101776-1
We are not aware of any exploits for these vulnerabilities. |
|
Low/High
(High if arbitrary code can be executed)
|
Security Tracker Alert ID, 1011285, September 17, 2004
Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004
US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004
Conectiva Linux Security Announce-
ment, CLA-2004:875, October 18, 2004
Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005
Sun(sm) Alert Notification, 101776, June 23, 2005 |
Multiple Vendors
Graphics
Magick Graphics
Magick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2 |
A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Mandriva:
http://www.mandriva.com/
security/advisories
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick & GraphicsMagick XWD Decoder Remote Denial of Service
CAN-2005-1739
|
Low |
Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005
Ubuntu Security Notice, USN-132-1, May 23, 2005
Fedora Update Notification,
FEDORA-2005-395, May 26, 2005
RedHat Security Advisory, RHSA-2005:480-03, June 2, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:107, June 28, 2005
|
Multiple Vendors
Linux kernel 2.2.x, 2.4.x, 2.6.x |
A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.
Update available at:
http://kernel.org/
Trustix:
http://www.trustix.org/
errata/2005/0022/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html
Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/T
urboLinux/
An exploit script has been published. |
|
High |
Secunia Advisory, SA15341, May 12, 2005
Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005
Ubuntu Security Notice, USN-131-1, May 23, 2005
RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005
Avaya Security Advisory, ASA-2005-120, June 3, 2005
Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005 |
Multiple Vendors
Linux kernel 2.6 prior to 2.6.12.1
|
A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.
Updates available at:
http://www.kernel.org/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Tracker Alert ID: 1014275, June 23, 2005 |
Multiple Vendors
Linux kernel 2.6 prior to 2.6.12.1 |
A Denial of Service vulnerability has been reported in the subthread exec signal processing that has a timer pending.
Updates available at:
http://www.kernel.org/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Tracker Alert ID: 1014274, June 23, 2005 |
Multiple Vendors
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 |
A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE7-
fakeauth_auth.patch
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-25.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html
SUSE:
ftp://ftp.suse.com/pub/suse/
Trustix:
http://www.trustix.org/
errata/2005/0003/
Astaro:
http://www.astaro.org/
showflat.php?Cat=&Number=
56136&page=0&view=collapsed
&sb=5&o=&fpart=1#56136
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
Squid NTLM fakeauth_auth Helper Remote Denial of Service
CAN-2005-0096
|
Low |
Secunia Advisory,
SA13789, January 11, 2005
Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005
Ubuntu Security Notice, USN-67-1, January 20, 2005
Conectiva Linux Security Announce-
ment, CLA-2005:923, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:006, February 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005
Security Focus, 12324, March 7, 2005
Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1 |
A vulnerability has been reported when handling upstream HTTP agents, which could let a remote malicious user poison the web proxy cache.
Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required. |
|
Medium |
Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23, 2005
Fedora Update Notification,
FEDORA-2005-373, May 17, 2005
Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 |
OpenSSL Project
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c |
A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssl/
Debian:
http://www.debian.org/
security/2004/dsa-603
Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:147
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
FedoraLegacy:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/
There is no exploit code required. |
OpenSSL
Insecure Temporary File Creation
CAN-2004-0975 |
Medium |
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004
Ubuntu Security Notice, USN-24-1, November 11, 2004
Debian Security Advisory
DSA-603-1, December 1, 2004
Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004
Turbolinux Security Announce-
ment, 20050131, January 31, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005 |
Postgre
SQL
PostgreSQL 7.3 through 8.0.2 |
Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.'
Fix available at:
http://www.postgresql.org/
about/news.315
Trustix:
http://http.trustix.org/
pub/trustix/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-12.xml
Trustix:
http://www.trustix.org/
errata/2005/0023/
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-433.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Security Tracker Alert, 1013868, May 3, 2005
Ubuntu Security Notice, USN-118-1, May 04, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005
Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005
Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005
Turbolinux Security Advisory , TLSA-2005-62, June 1, 2005
RedHat Security Advisory, RHSA-2005:433-17, June 1, 2005
SGI Security Advisory, 20050602-01-U, June 23, 2005 |
Raxnet
Cacti 0.x |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.cacti.net/
download_cacti.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-20.xml
An exploit script has been published. |
|
High |
Secunia Advisory: SA15490, June 23, 2005
Gentoo Linux Security Advisory, GLSA 200506-20, June 22, 2005 |
RedHat
sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64 |
A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.
Updates available at:
http://rhn.redhat.com/
errata/RHSA-2005-502.html
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
There is no exploit code required. |
RedHat Linux SysReport Proxy Information Disclosure
CAN-2005-1760
|
Medium |
RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005
SGI Security Advisory, 20050603-01-U, June 23, 2005 |
Sendmail Consortium
Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11 |
A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Low |
Security Focus, 14047, June 23 |
Sun Micro-systems, Inc.
Solaris 10.0 |
Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Proofs of Concept exploit scripts have been published. |
|
High |
Security Focus, 14049, June 24, 2005 |
Sun Micro-systems, Inc.
Solaris 10.0, 9.0 _x86, 9.0
|
A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges
CAN-2005-2072
|
High |
Security Focus, 14074, June 28, 2005 |
Todd Miller
Sudo 1.6-1.6.8, 1.5.6-1.5.9 |
A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz
OpenBSD:
http://www.openbsd.org/
errata.html
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
Slackware:
ftp://ftp.slackware.com/
pub/slackware/
Mandriva:
http://www.mandriva.com/
security/advisories
OpenPKG:
ftp://ftp.openpkg.org/release/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
There is no exploit code required. |
|
High |
Security Focus, 13993, June 20, 2005
Ubuntu Security Notice, USN-142-1, June 21, 2005
Fedora Update Notifications,
FEDORA-2005-472 & 473, June 21, 2005
Slackware Security Advisory, SSA:2005-172-01, June 22, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:103, June 22, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.012, June 23, 2005
Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:036, June 24, 2005
Turbolinux Security Advisory, TLSA-2005-73, June 28, 2005 |
Vipul
Razor-agents prior to 2.72 |
Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.
Updates available at:
http://prdownloads.sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Security Focus, Bugtraq ID 13984, June 17, 2005
Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
xmlsoft.org
Libxml2 2.6.12-2.6.14 |
Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the 'xmlNanoFTPScanProxy()' function in 'nanoftp.c,' which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://xmlsoft.org/sources/
libxml2-2.6.15.tar.gz
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-05.xml
Mandrake:
http://www.mandrakesoft.com/
security/advisories
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
http://www.trustix.org/
errata/2004/0055/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/libx/
libxml2/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-615.html
Conectiva:
ftp://atualizacoes.
conectiva.com.br/1
RedHat (libxml):
http://rhn.redhat.com/errata
/RHSA-2004-650.html
Apple:
http://www.apple.com
/support/downloads/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/libx/libxml/
SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/
An exploit script has been published. |
|
High |
Security Tracker Alert I, 1011941, October 28, 2004
Fedora Update Notification,
FEDORA-2004-353, November 2, 2004
Gentoo Linux Security Advisory, GLSA 200411-05, November 2,2 004
Mandrakelinux Security Update Advisory, MDKSA-2004:127, November 4, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.050, November 1, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0055, November 1, 2004
Ubuntu Security Notice, USN-10-1, November 1, 2004
Red Hat Security Advisory, RHSA-2004:615-11, November 12, 2004
Conectiva Linux Security Announce-
ment, CLA-2004:890, November 18, 2004
Red Hat Security Advisory, RHSA-2004:650-03, December 16, 2004
Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005
Turbolinux Security Advisory, TLSA-2005-11, January 26, 2005
Ubuntu Security Notice, USN-89-1, February 28, 2005
SGI Security Advisory, 20050602-
01-U,
June 23, 2005 |
Yukihiro Matsumoto
Ruby 1.8.2 |
A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution
CAN-2005-1992
|
High |
Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005
Turbolinux Security Advisory,
TLSA-2005-74, June 28, 2005 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adobe
Acrobat and Reader 7.0 and 7.0.1 for Mac OS and Windows. |
A vulnerability has been reported that could let remote malicious users access system information. This is because there is an error in the Adobe Reader control that makes it possible to determine whether or not a particular file exists
on a user's system via XML scripts embedded in JavaScript.
Update to version 7.0.2 for Windows:
http://www.adobe.com/
support/downloads/
Mac Os available at:
http://www.adobe.com/
support/downloads/
Currently we are not aware of any exploits for this vulnerability. |
Adobe Reader / Adobe Acrobat Local File Detection
CAN-2005-1306 |
Medium |
Adobe
Advisory Document 331710,
June 15, 2005
Adobe
Advisory Document 331710,
Updated
June 27, 2005 |
CarLine
Forum Russian Board 4.2 |
Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of certain input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to insufficient verification of the '[img]' BB code tag , which could let a remote malicious execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
CarLine Forum Russian Board Multiple Input Validation |
High |
RST/GHC Advisory #29, June 21, 2005 |
Clam AntiVirus
ClamaAV 0.x |
A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.
Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Secunia
Advisory, SA15811,
June 24, 2005
Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005 |
Craig Knudsen
WebCalendar 0.9.x
|
A vulnerability has been reported in the 'assistant_edit.php' script due to a failure to perform authentication, which could let a remote malicious user bypass security restrictions.
It is also possible to disclose the full path to 'view_entry.php' by accessing it directly.
Upgrades available at:
http://prdownloads.
sourceforge.net/
webcalendar/
WebCalendar-
1.0.0.tar.g z?download
There is no exploit code required.
|
Craig Knudsen WebCalendar 'Assistant_
Edit.PHP'
Security Restriction Bypass |
Medium |
Secunia
Advisory, SA15788,
June 27, 2005 |
DUware
DUpaypal 3.0 |
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 14034,
June 22, 2005 |
DUware
DUamazon 3.1, 3.0 |
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 14033,
June 22, 2005 |
DUware
DUclassmate 1.2 |
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 14036,
June 22, 2005 |
DUware
DUforum 3.1 |
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 14035,
June 22, 2005 |
DUware
DUportal Pro 3.4.3 |
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Security Focus, 14029,
June 22, 2005 |
Francisco Burzi
PHP-Nuke 7.7, 7.6, 7.0-7.3, |
A Cross-Site Scripting vulnerability has been reported in the 'Link to off-site Avatar' field due to insufficient sanitization, which could let a malicious user execute arbitrary HTML and script code. Note: the 'Enable remote avatars' setting must be enabled (disabled by default).
No workaround or patch available at time of publishing.
There is no exploit code required. |
Francisco Burzi PHP-Nuke
Avatar Cross-Site Scripting |
High |
Secunia Advisory, SA15829,
June 27, 2005 |
IBM
DB2 Universal Database 8.x |
A vulnerability has been reported due to a failure to properly enforce authorization restrictions for database users, which could let a malicious user with 'SELECT' privileges bypass security restrictions.
FixPaks available at:
http://www.ibm.com/
software/data/db2/
udb/support/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
IBM Advisory, IY73104,
June 24, 2005 |
Infopop
UBB.threads 6.5-6.5.1 .1, 6.2.3, 6.0 |
Multiple vulnerabilities have been reported: Cross-Site Scripting vulnerabilities have been reported in the 'Searchpage' parameter in 'dosearch.php,' the 'what' and 'page' parameters in 'newreply.php,' the 'Number,' 'Board.' and 'what' parameters in 'showprofile.php.' the 'fpart' and 'page' parameters in 'showflat.php,' the 'like' parameter in 'showmembers.php,' and the 'Cat' parameter in 'toggleshow.php,' 'togglecats.php,' and 'showprofile.php' due to insufficient sanitization before returned to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'Number,' 'year,' 'month,' 'message,' 'main,' 'posted,' and 'Forum[ ]' parameters due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'language' parameter due to insufficient verification before used to include files, which could let a remote malicious user include arbitrary files; and a vulnerability was reported because it is possible to trick a user into performing certain actions when logged in by following a specially crafted link.
Upgrades available at:
http://www.infopop.com/
members/members.php
There is no exploit code required; however, Proofs of Concept exploits have been published.
|
|
High |
GulfTech
Security
Research Team Advisory,
June 24, 2005 |
Infra dig
Infra mail Advantage Server Edition 6.0 6.37 |
Multiple buffer overflow vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to an error when processing the SMTP 'MAIL FROM' command that contains an argument of approximately 40960 bytes; and a remote Denial of Service vulnerability was reported due to an error when processing the FTP 'NLST' command twice with an argument of approximately 102400 bytes.
No workaround or patch available at time of publishing.
Proof of Concept exploit scripts have been published. |
Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow |
Low |
Secunia Advisory: SA15828,
June 28, 2005 |
J. C. Stierheim
JCDex Lite 2.0, 3.0 |
A vulnerability was reported in the 'index.php' script because a file relative to the user-supplied 'thispath' parameter is included, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploit for this vulnerability.
|
JCDex Lite Arbitrary Code Execution |
High |
Security Tracker Alert ID: 1014306, June 27, 2005 |
K-COLLECT
CSV_DB 1.x,
i_DB 1.x
|
A vulnerability has been reported in the 'csv_db.cgi' script due to insufficient validation of the 'file' parameter, which could let a remote malicious user execute arbitrary commands.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
CSV_DB / i_DB Arbitrary
Command
Execution |
High |
Secunia Advisory, SA15842,
June 28, 2005 |
Legal Case Management
LCM 0.6, 0.4-0.4.5 |
A vulnerability has been reported in the log directory in the default installation due to missing access restrictions, which could let a remote malicious user obtain sensitive information.
Upgrades available at:
http://prdownloads.
sourceforge.net/
legalcase/legalcase-
0.6.1.tar.gz?do
There is no exploit code required. |
Legal Case Management Log File Information Disclosure |
Medium |
Security Focus, 14060,
June 24,2005 |
| Mamboforge
Mambo 4.5.2.2 and prior |
A vulnerability has been reported that could let remote malicious users conduct SQL injection attacks. Input passed to the 'user_rating' parameter when voting isn't properly validated.
Update to version 4.5.2.3: http://mamboforge.net/
frs/?group_id=5
An exploit script has been published. |
|
High |
Secunia SA15710,
June 15, 2005
Security Focus, 13966,
June 22, 2005 |
Mensajeitor
Mensajeitor 1.8.9 |
A Cross-Site Scripting vulnerability has been reported in the 'IP' parameter due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Mensajeitor 'IP' Parameter
Cross-Site
Scripting |
High |
Security Focus, 14071,
June 27, 2005 |
Multiple Vendors
Squid Web Proxy Cache2.5.
STABLE9 & prior |
A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups.
Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
dns_query-4.patch
Trustix:
http://www.trustix.org/
errata/2005/0022/
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus, 13592,
May 11, 2005
Trustix Secure Linux Security Advisory,
2005-0022,
May 13, 2005
Fedora Update Notification,
FEDORA-
2005-373,
May 17, 2005
Ubuntu Security Notice,
USN-129-1
May 18, 2005
RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005
Turbolinux Security Advisory,
TLSA-2005-71, June 28, 2005 |
Multiple Vendors
Windows XP, Server 2003
Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000
Berbers V5 Release 1.3.6
AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers |
An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server.
Updates available: http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx
RedHat:
ftp://updates.redhat.com/
enterprise
Microsoft:
http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
AAA:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-145_
RHSA-2005-504.pdf
Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/
Currently we are not aware of any exploits for this vulnerability. |
Multiple Vendor Telnet Client Information Disclosure
CAN-2005-1205
CAN-2005-0488 |
Medium |
Microsoft,
MS05-033,
June 14, 2004
US-CERT VU#800829
iD EFENSE Security Advisory, June 14, 2005
Red Hat Security Advisory,
RHSA-2005:
504-00,
June 14, 2005
Microsoft Security Bulletin,
MS05-033 & V1.1,
June 14 & 15, 2005
SUSE Security Summary
Report,
SUSE-SR:2005:016, June 17, 2005
AAA Security Advisory, ASA-2005-145,
June 17, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0030,
June 24, 2005 |
Multiple Vendors
Tor Tor 0.0.10-0.0.9;
Gentoo Linux |
A vulnerability has been reported due to an unspecified error, which could let la remote malicious user obtain sensitive information.
Tor:
http://tor.eff.org/download.html
Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200506-18.xml
Currently we are not aware of any exploits for this vulnerability. |
Tor Information Disclosure
|
Medium |
Gentoo Linux Security Advisory, GLSA 200506-18,
June 21, 2005
Secunia Advisory, SA15764,
June 22, 2005 |
Opera Software
Opera 8.0 |
A vulnerability has been reported that could let remote malicious users conduct Cross-Site Scripting attacks and read local files. This is due to Opera not properly restricting the privileges of 'javascript:' URLs when opened in e.g. new windows or frames.
Update to version 8.01: http://www.opera.com
/download/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
There is no exploit code required. |
|
High |
Secunia, SA15411,
June 16, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:034, June 22, 2005 |
Opera Software
Opera 8.0 |
A vulnerability has been reported that could let remote malicious users steal content or perform actions on other web sites with the privileges of the user. This is due to insufficient validation of server side redirects.
Update to version 8.01: http://www.opera.com/
download/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Secunia SA15008, June 16, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:034, June 22, 2005
US-CERT VU#612949 |
PHP-Fusion
PHP-Fusion 6.0.105 |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'submit.php' script, which could let a remote malicious user execute arbitrary HTML and script code; and stores the database file with a vulnerability was reported because a predictable
filename that has insufficient access controls is stored under the web document root, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
High |
Security Focus, 14066,
June 27, 2005 |
Real Networks
RealPlayer G2, 6.0 Win32, 6.0, 7.0 Win32, 7.0 Unix, 7.0 Mac, 8.0 Win32, 8.0 Unix, 8.0 Mac, 10.0 BETA, 10.0 v6.0.12.690, 10.0, 0.5 v6.0.12.1059
10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5, 10 Japanese, German, English, 10 for Linux, 10 for Mac OS Beta, 10 for Mac OS 10.0.0.325, 10 for Mac OS 10.0.0.305, 10 for Mac OS, 10 for Mac OS 10.0 v10.0.0.331, RealPlayer 8, RealPlayer Enterprise 1.1, 1.2, 1.5-1.7, RealPlayer For Unix 10.0.3, 10.0.4, RealPlayer for Windows 7.0, RealPlayer Intranet 7.0, 8.0 |
A vulnerability has been reported when a specially crafted media file is opened, which could let a remote malicious user execute arbitrary code.
RealNetworks:
http://service.real.com/
help/faq/security/
050623_player/EN/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-517.html
http://rhn.redhat.com/
errata/RHSA-2005-523.html
Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
|
High |
eEye Digital Security Advisory,
EEYEB-20050504,
May 5, 2005
RedHat Security Advisories, RHSA-2005:
517-02 &
RHSA-2005:
523-05,
June 23, 2005
Fedora Update Notifications,
FEDORA-2005-483 & 484,
June 25, 2006
SUSE Security Announce-
ment, SUSE-SA:2005:037, June 27, 2005 |
Simple Machines
SMF 1.0.4, 1.0.2, 1.0 -beta5p & beta4p, 1.0 -beta4.1 |
An SQL injection vulnerability has been reported due to insufficient sanitization of the 'msg' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Updates available at:
http://www.simplemachines.org/
download.php
There is no exploit code required. |
Simple Machines 'Msg' Parameter SQL Injection |
High |
Secunia Advisory: SA15784,
June 23, 2005 |
Sun Micro-systems, Inc.
Java Web Start 1.x,
Sun Java JDK 1.5.x, 1.4.x, Sun Java JRE 1.4.x, 1.5.x |
Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error which could let malicious untrusted applications execute arbitrary code; and a vulnerability was reported due to an unspecified error which could let a malicious untrusted applets execute arbitrary code.
Upgrades available at:
http://java.sun.com/
j2se/1.5.0/index.jsp
http://java.sun.com/
j2se/1.4.2/download.html
Slackware:
ftp://ftp.slackware.com/pub/
slackware/slackware-current/
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for these vulnerabilities.
|
|
High |
Sun(sm) Alert Notification, 101748 & 101749,
June 13, 2005
Slackware Security Advisory, SSA:2005-170-01,
June 20, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:032, June 22, 2005 |
Sun Micro-systems, Inc.
Sun Java 2 Runtime Environment 1.3 0_01-1.3 0_05, 1.3 .0, 1.3.1 _08, 1.3.1 _04, 1.3.1 _01a, 1.3.1 _01, 1.3.1, 1.4.1, 1.4.2 _01-1.4.2 _06, 1.4.2,
Java Web Start 1.2 |
A vulnerability has been reported due to insufficient validation of user-supplied input before considered as trusted, which could let a remote malicious user obtain obtain elevated privileges.
Upgrades available at:
http://java.sun.com/j2se/
Apple:
http://www.apple.com/
support/downloads/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-28.xml
SUSE:
ftp://ftp.SUSE.com/
pub/SUSE
Currently we are not aware of any exploits for this vulnerability. |
Sun Java
Web Start System Remote Unauthorized
Access
CAN-2005-0836
|
Medium |
Sun(sm) Alert Notification, 57740,
March 16, 2005
SUSE Security Announce-
ment, SUSE-SA:2005:032, June 22, 2005 |
Veritas Software
NetBackup Business
Server 4.x, NetBackup DataCenter 4.x, NetBackup Enterprise
Server 5.x, NetBackup
Server 5.x
|
A remote Denial of Service vulnerability has been reported due to a boundary error when handling request packets.
Patches available at: http://support.veritas.com/docs/
Currently we are not aware of any exploits for this vulnerability. |
Veritas Backup Exec/NetBackup Request Packet Remote
Denial of Service
CAN-2005-0772
|
Low |
Veritas Security Advisories,
VX05-001 & VX05-008, June 22, 2005 |
Whois.Cart
Whois.Cart
2.2.77, 2.2.76, 2.2.74,
2.2.70 |
Several vulnerabilities have been reported; a Cross-Site Scripting vulnerability was reported in 'Profile.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'index.php' due to insufficient verification of the 'language' parameter, which could let a malicious user include arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Whois.Cart 'Profile.PHP'
Cross-Site
Scripting & File Inclusion
|
High |
Secunia Advisory, SA15783,
June 23, 2005
|
WordPress
WordPress
1.5, 1.5.1 |
An SQL injection vulnerability has been reported due to insufficient sanitization of the 'cat_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Upgrades available at:
http://wordpress.org/latest.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-04.xml
Another exploit script has been published.
|
|
High |
Secunia Advisory, SA15517,
May 30, 2005
Gentoo Linux Security Advisory, GLSA
200506-04, June 6, 2005
Security Focus, 13809, June 22, 2005 |
Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Sand ia Develops Secure Ultramodern Wireless Network: A group led by researchers at Sandia National Laboratories have developed a wireless network based on wavelengths in the Ultramodern spectrum. According to Sand ia, the network is secure enough to be used for national-defense purposes, to help sensors monitor U.S. Air Force bases or
Department of Energy nuclear facilities. It could also be used to control remotely operated weapon systems wirelessly. Source: http://news.yahoo.com/s/NFL/20050623/tycoon/36740;Yalta=Happy%20WFTn_
aT81drbhp20jtBAF;ylem=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl.
- BlackBerry endures another outage: On June 22nd, a number of BlackBerry handheld wireless devices experienced service problems, marking the second time in less than a week that the popular devices lost their data connections. According to a RIM representative, a hardware failure Wednesday triggered a backup system that operated at a lower capacity "than expected." Service has been restored. Source: http://news.com.com/BlackBerry+endures+another+outage/2100-1039_3-5758043.html?tag=ne fd.top.
- kismet-2005-06-R1.tar.gz: An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom). Besides Linux, Kismet also supports Free BSD, Open BSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bs sid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcp dump compatible file logging, Air snort-compatible"interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting.
Wireless Vulnerabilities
- Nothing significant to report.
[back to top]
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability blisters, or Computer Emergency Response Teams (CERT's) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script
(Reverse Chronological Order) |
Script name |
Workaround or Patch Available |
Script Description |
| June 28, 2005 |
dos_bison.py |
No |
Exploit for the Softie Bison FTP Remote Denial of Service vulnerability. |
| June 28, 2005 |
Inframail_SMTPOverflow.pl
Inframail_FTPOverflow.pl
|
No |
Proof of Concept exploits for the Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow vulnerabilities. |
| June 27, 2005 |
IAeMailServer_DOS.pl |
No |
Perl script that exploits the True North Software IA EMailServer
Remote Format String vulnerability. |
| June 27, 2005 |
ipdatalook_dos.c
ipdatalook.txt |
No |
Exploits for the TCP-IP Datalook Denial of Service vulnerability. |
| June 26, 2005 |
fusionDB.pl.txt |
No |
Proof of Concept exploit for the PHP-Fusion Database Backup vulnerability. |
| June 25, 2005 |
traceSolaris.txt
solaris_tracroute_exp.pl |
No |
Proofs of Concept exploits for the Sun Solaris Traceroute Multiple Local Buffer Overflows. |
| June 25, 2005 |
ubb652.txt |
Yes |
Proofs of Concept exploits for the UBB Threads Cross-Site Scripting, SQL injection, HTTP response splitting, and local file inclusion vulnerabilities. |
| June 24, 2005 |
clamav-0.86.1.tar.gz |
N/A |
A flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. |
| June 24, 2005 |
csv_db.c |
No |
Proof of Concept exploit for the CSV_DB / i_DB Arbitrary Command Execution vulnerability. |
| June 24, 2005 |
mssmb_poc.c |
Yes |
Proof of Concept exploit for the Microsoft Windows SMB Buffer Overflow vulnerability. |
| June 24, 2005 |
nessQuick-v0.05.zip |
NA |
Perl scripts designed to assist in managing the output from Nessus
scans and creating an alternate report format. |
| June 23, 2005 |
adv21-theday-2005.txt
adv19-theday-2005.txt |
No |
Proof of Concept exploit for the ActiveBuyAndSEL SQL injection and Cross-Site Scripting vulnerabilities. |
| June 23, 2005 |
cacti.pl.txt |
Yes |
Exploit for the RaXnet Cacti Multiple Input Validation vulnerabilities. |
| June 23, 2005 |
igallery22.txt |
No |
Proof of Concept exploit for the BlueCollar Productions i-Gallery Cross-Site Scripting & Directory Traversal vulnerability. |
| June 23, 2005 |
kismet-2005-06-R1.tar.gz |
N/A |
An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom). |
| June 23, 2005 |
NsT-phpBBDoS.pl.txt
NsT-phpBBDoS.c |
Yes |
Exploit scripts for the phpBB 'bbcode.php' Input Validation vulnerability. |
| June 23, 2005 |
r57frb.pl |
No |
A Proof of Concept exploit for the CarLine Forum Russian Board Multiple Input Validation vulnerability. |
| June 23, 2005 |
r57mambo.pl |
Yes |
Perl script that exploits the Mambo SQL injection vulnerability. |
| June 23, 2005 |
r57wp.pl |
No |
Perl script that exploits the MercuryBoard 'Index.PHP' Remote SQL Injection vulnerability. |
| June 22, 2005 |
mambo_user_rating_sql.pl |
Yes |
Perl script that exploits the Mambo 'user_rating' SQL Injection vulnerability. |
| June 22, 2005 |
wordpress1511newadmin.pl |
Yes |
Perl script that exploits the Wordpress Cat_ID Parameter SQL Injection vulnerability. |
[back to
top]
Trends
-
Scanning Activity on Port 445/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 445/tcp. This port is used by Server Message Block(SMB) to share files, printers, serial ports and communicate between computers in a Microsoft Windows environment. Source: http://www.us-cert.gov/current/current_activity.html#smb.
-
Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT has received reports of increased scanning activity on port 10000/tcp. This increase is believed to be related to the public release of a new exploit for a recently published vulnerability in VERITAS Backup Exec Remote Agent. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Exploit for Vulnerability in Outlook Express: US-CERT has received reports of the existence of a working exploit for a recently published vulnerability in Microsoft Outlook Express. While reports of successful system compromise using this vulnerability have not yet been confirmed. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Users at Continued Risk from Phishing Attempts: US-CERT continues to receive reports of phishing attempts. Because of recent media reports regarding attacks against financial institutions, users may see an increase in targeted phishing emails. Phishing emails may appear as requests from a financial institution asking the user to click on a link that takes them to a fraudulent site that looks like the legitimate one. The user is then asked to provide personal information that can further expose them to future compromises. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Hackers spread Microsoft attack flaw exploit:
The risk of an attack related to a flaw in Microsoft Outlook Express climbed after underground hacking sites began circulating sample code for exploiting it.
The exploit is designed to take complete control of PCs with certain versions of the Outlook Express email program installed on them when users visit newsgroups controlled by the hackers. Source: http://software.silicon.com/malware/0,3800003100,39131415,00.htm.
-
ID theft concerns grow, tools lacking: Consumers are overwhelmed by a flood of bad ID theft news and are concerned that the government is not doing enough to protect them.
In one of the most extensive studies yet on consumer attitudes about identity theft, Gartner Inc. found that about half those polled either were not’t aware they were entitled to a free credit report or considered them “not effective” in fighting ID theft. The survey, also found that one-third of consumers are "very concerned" about being victims of identity theft, and nearly half are altering their online activities as a result. Source: http://msnbc.msn.com/id/8322300/.
-
[back to top]
Viruses/Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank |
Common Name |
Type of Code |
Trend |
Date |
Description |
1 |
Mytob.C |
Win32 Worm |
Stable |
March 2004 |
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
2 |
Netsky-P |
Win32 Worm |
Stable |
March 2004 |
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
3 |
Netsky-Q |
Win32 Worm |
Stable |
March 2004 |
A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
4 |
Zafi-D |
Win32 Worm |
Stable |
December 2004 |
A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
5 |
Netsky-D |
Win32 Worm |
Stable |
March 2004 |
A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
6 |
Lovgate.w |
Win32 Worm |
Stable |
April 2004 |
A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
7 |
Zafi-B |
Win32 Worm |
Stable |
June 2004 |
A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
8 |
Netsky-Z |
Win32 Worm |
Stable |
April 2004 |
A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
9 |
Netsky-B |
Win32 Worm |
Stable |
February 2004 |
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. Also searches drives for certain folder names and then copies itself to those folders. |
10 |
MyDoom-O |
Win32 Worm |
Stable |
July 2004 |
A mass-mailing worm that uses its own SMTP engine to generate email messages. It gathers its target email addresses from files with certain extension names. It also avoids sending email messages to email addresses that contain certain strings. |
Table Updated June 28, 2005
Viruses or Trojans Considered to be a High Level of Threat
- Nothing significant to report.
[back to
top]
|
|
|
|
Last updated
February 13, 2008
|
|
Get Adobe Reader
US-CERT is part of the Department of Homeland Security