Summary of Security Items from December 8 through December 14, 2004
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Orbz 2.10 and prior | A vulnerability exists due to a boundary error when handling No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | 21-6 Productions Orbz Password Field Buffer Overflow | High | Secunia Advisory ID, SA13327, November 30, 2004 PacketStorm, December 12, 2004 |
AMAX Information Technologies Inc. Winmail Server 4.0 (Build 1112) | A vulnerability exists when the 'admin/chgpwd.php,' 'admin/domain.php,' or 'admin/user.php' No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Winmail Server 'chgpwd.php', 'domain.php', and 'user.php' Information Disclosure | Medium | GSSIT - Global Security Solution IT Advisory, December 13, 2004 |
MIMEsweeper for SMTP 5.0, 5.0.5 | A remote Denial of Service vulnerability exists in the Security Service when processing PDF files. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Clearswift MIMEsweeper For SMTP Remote Denial of Service | Low | Secunia Advisory, SA13411, December 10, 2004 |
Ability Server 2.25-2.34 | A buffer overflow vulnerability exists in the processing of the APPE FTP command, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Ability Server 'APPE FTP' Command Buffer Overflow | High | SecurityTracker Alert ID, 1012464, December 8, 2004 |
CoffeeCup Direct FTP 6.0, 6.2, CoffeeCup Free FTP 6.0, 6.2 | A buffer overflow vulnerability exists due to the way long buffer file names are handled, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Another exploit script has been published. | CoffeeCup Direct/Free FTP ActiveX Component Remote Buffer Overflow | High | Secunia Advisory, PacketStorm December 11, 2004 |
Mercury (win32 version) 4.0 1a | Multiple stack-based buffer overflow vulnerabilities exist in the IMAP server implementation due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code. Update available at: An exploit script has been published. | Mercury Mail Multiple Remote IMAP Stack Buffer Overflows | High | Bugtraq, December 1, 2004 PacketStorm, December 12, 2004 |
Codename Eagle 1.42 & prior | A remote Denial of Service vulnerability exists when a malicious user submits an empty UDP datagram. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Codename Eagle UDP Packet Processing Remote Denial of Service | Low | Secunia Advisory, SA13423, December 13, 2004 |
GetRight 5.2a & prior | A buffer overflow vulnerability exists in the 'DUNZIP32.DLL' component when a specially crafted skin file is created, which could let a remote malicious user execute arbitrary code. Upgrade available at: A Proof of Concept exploit has been published. | GetRight 'DUNZIP32.DLL' Buffer Overflow | High | Secunia Advisory, SecurityFocus, December 7, 2004 |
Remote Execute 2.x | A remote Denial of Service vulnerability exists due to an error in the connection handling.
Update available at: http://www.ibexsoftware.com/downloadRemoteExecute.asp Currently we are not aware of any exploits for this vulnerability. | IBEX Software Remote Execute Denial of Service | Low | SecurityTracker Alert, 1012445, December 7, 2004 US-CERT Vulnerability Note, VU#136424, December 10, 2004 |
WS_FTP Server 5.03, 2004.10.14 | Several vulnerabilities were reported that could permit a remote authenticated malicious user to execute arbitrary code on the target system. A remote authenticated user can trigger a buffer overflow in several FTP commands. The SITE, XMKD, MKD, and RFNR FTP commands are affected. A remote user can cause the FTP service to crash or execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | IpSwitch WS_FTP Buffer Overflow | High | SecurityTracker Alert ID: 1012353, November 29, 2004 PacketStorm, December 11, 2004 |
Personal Firewall 4.0.6-4.0.10, 4.0.16, 4.1-4.1.2, Personal Firewall 2 2.1-2.1.5 | A Denial of Service vulnerability exists due to insufficient sanitization of SPI parameters that are received from hooked APIs. No workaround or patch available at time of publishing. An exploit script has been published. | Kerio Personal Firewall Local Denial of Service | Low | SecurityFocus, December 8, 2004 |
WinRoute Firewall 6.0-6.0.8 | A remote Denial of Service, a DNS cache poisoning, and an information disclosure vulnerability exist, which could let a remote malicious user obtain sensitive information, manipulate the DNS cache, and cause the computer to crash or hang.
The vendor has released WinRoute Firewall version 6.0.9 resolving this issue. Users running the affected firewall are advised to contact the vendor for more information on obtaining the upgrade. Currently we are not aware of any exploits for these vulnerabilities. | Kerio WinRoute Firewall Multiple Unspecified Remote | Low/ Medium (Medium if sensitive information can be obtained) | SecurityFocus, December 10, 2004 |
MailEnable Professional Edition v1.52, MailEnable Enterprise Edition v1.01 | Two vulnerabilities exist in the IMAP service that could permit a remote malicious user to execute arbitrary code. A remote user can trigger a stack-based buffer overflow or an object pointer overwrite to execute arbitrary code on the target system. The vendor has issued a fix, available at: An exploit script has been published. | MailEnable Stack Overflow & Pointer Overwrite | High | Hat-Squad Security Team Advisory, November 25, 2004 PacketStorm, December 11, 2004 |
Internet Explorer 6.0 SP1, Avaya DefinityOne Media Servers R6-12, IP600, Media Servers R6-R12, IP600 Media Servers | A remote buffer overflow vulnerability exists due to insufficient boundary checks performed by the application and results in a Denial of Service condition. Arbitrary code execution may be possible as well.
Patches available at: Microsoft Knowledge Base Article 889293 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. An exploit script has been published. | Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow CVE Name: | Low/High (High if arbitrary code can be executed) | SecurityFocus, Bugtraq ID 11515, October 25, 2004 Packetstorm, November 4, 2004 Microsoft Security Bulletin, MS04-040, December 1, 2004 Technical Cyber Security Alert, TA04-336A, December 3, 2004 Avaya Security Advisory, ASA-2004-085, December 9, 2004 |
Internet Explorer 6.0, SP1 | A vulnerability exists in the 'sysimage://' protocol handler because the existence of a file can be detected, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. An exploit script is not required; however, a Proof of Concept exploit script has been published. | Microsoft Internet Explorer Sysimage Protocol Handler Information Disclosure | Medium | Bugtraq, December 7, 2004 |
SharePoint Portal Server SP3, 2003, 2001 SP3 | A vulnerability exists due to an error when installing SPS components using a user account with a password containing a leading dash, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing. There is no exploit code required. | Microsoft Office SharePoint Portal Server Information Disclosure | Medium | SecurityFocus, December 10, 2004 |
Internet Explorer 5.0.1, SP1-SP4, 5.0.1 for Windows NT 4.0/98/95/2000, 5.5, SP1&SP2, preview, 6.0, SP1&SP2, Internet Explorer Macintosh Edition 5.2.3 | A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. Vulnerability has appeared in the press and other public media. | Microsoft Internet Explorer Remote Window Hijacking CVE Name: | Medium | Secunia Advisory, SA13251, December 10, 2004 |
Internet Explorer 6.0, SP1&SP2
| A vulnerability exists due to a failure to present the URI address of HTML and script code loaded into the search pane, which could let a remote malicious user present web pages to users that seem to originate from a trusted location.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Microsoft Internet Explorer Search Pane URI Obfuscation | Medium | Bugtraq, December 8, 2004 |
Windows (ME), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (2003), Windows (XP) | A vulnerability was reported that could allow a remote user to execute arbitrary code on the target system. A remote user can send a specially crafted WINS packet to the target server on TCP port 42 to modify a memory pointer and write arbitrary contents to arbitrary memory locations. UPDATE: The WINS service is installed and enabled by default on Microsoft Small Business Server 2000/2003. However, the ports used for the service are reportedly not remotely accessible by default on Small Business Server. Updates available at: http://www.microsoft.com/technet/security/ A Proof of Concept exploit has been published. | Microsoft WINS Memory Overwrite CVE Name: | High | US-CERT Vulnerability Note VU#145134, November 29, 2004 SecurityFocus, December 6, 2004 Microsoft Security Bulletin, SB04-045, December 14, 2004 |
Windows NT Server 4.0 SP6a, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition, SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME | Several vulnerabilities exist due to boundary errors in the table Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-041.mspx Currently we are not aware of any exploits for these vulnerabilities. | Microsoft Table & Font Conversion Remote Code Execution CVE Names: | High | Microsoft Security Bulletin, MS04-041, December 14, 2004 |
Windows NT Server 4.0 SP6a , NT Server 4.0 Terminal Server Edition SP6 | Several vulnerabilities exist: A remote Denial of Service vulnerability exists when a malicious user submits a specially crafted DHCP message to the DHCP server; and a vulnerability exists when handling DHCP request traffic due to an unchecked buffer, which could let a remote malicious user execute arbitrary code. Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-042.mspx Currently we are not aware of any exploits for these vulnerabilities. | Microsoft DHCP Remote Code Execution & Denial of Service CVE Names: | Low/High (High if arbitrary code can be executed) | Microsoft Security Bulletin, MS04-042, December 14, 2004 |
Windows NT Server 4.0 SP6a, NT Server 4.0 Terminal Server Edition SP6, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME | A buffer overflow vulnerability exists due to boundary errors in the handling of Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx Currently we are not aware of any exploits for this vulnerability. | Microsoft HyperTerminal Remote Code Execution CVE Name: | High | Microsoft Security Bulletin, MS04-043, December 14, 2004 |
Windows NT Server 4.0 SP6a, NT Server 4.0 Terminal Server Edition SP6, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME
| Several vulnerabilities exist: a vulnerability exists due to an unchecked buffer in the Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx Currently we are not aware of any exploits for these vulnerabilities. | Microsoft Windows Kernel & LSASS Elevated Privileges & Code Execution CVE Names: | Medium/ High (High if arbitrary code can be executed) | Microsoft Security Bulletin, SB04-044, December 14, 2004 |
Windows NT Server 4.0 SP 6a, NT Server 4.0 Terminal Server Edition SP 6, Windows 2000 Server SP 3 & SP4, Windows Server 2003, 2003 64-Bit Edition | A vulnerability exists due to an unchecked buffer in the handling of the 'Name' parameter from certain packets, which could let a remote malicious user execute arbitrary code. Updates available at: http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx Currently we are not aware of any exploits for this vulnerability. | Microsoft WINS Name Validation CVE Name: | High | Microsoft Security Bulletin, SB04-045, December 14, 2004 |
Microsoft .NET Framework 1.x, Digital Image Pro 7.x, 9.x, Digital Image Suite 9.x, Frontpage 2002, Greetings 2002, Internet Explorer 6, Office 2003 Professional Edition, 2003 Small Business Edition, 2003 Standard Edition, 2003 Student and Teacher Edition, Office XP, Outlook 2002, 2003, Picture It! 2002, 7.x, 9.x, PowerPoint 2002, Producer for Microsoft Office PowerPoint 2003, Project 2002, 2003, Publisher 2002, Visio 2002, 2003, Visual Studio .NET 2002, 2003, Word 2002; | A buffer overflow vulnerability exists in the processing of JPEG image formats, which could let a remote malicious user execute arbitrary code. Frequently asked questions regarding this vulnerability and the patch can be found at: href="http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx">http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx Bulletin updated to advise on the availability of additional security updates. Standalone security updates for The Microsoft .NET Framework version 1.0 Service Pack 2 and The Microsoft .NET Framework version 1.1 are now available. Security updates for Microsoft Visual FoxPro 8.0 and the Microsoft Visual FoxPro 8.0 runtime are also now available. Bulletin updated to reflect the release of Windows Messenger 5.1 that contains an updated version of the affected file. The MS04-028 Enterprise Update Scanning Tool has been updated to detect and deploy the additional security updates. Another exploit script has been published. | High | Microsoft Security Bulletin, MS04-028, September 14, 2004 US-CERT Vulnerability Note VU#297462, September 14, 2004 Technical Cyber Security Alert TA04-260A, September 16, 2004 SecurityFocus, September 17, 2004 SecurityFocus, September 28, 2004 Packet Storm, October 7, 2004. Microsoft Security Bulletin, MS04-028, V3.0 December 14, 2004 | |
Archive::Zip 1.13, | Remote exploitation of an exceptional condition error in multiple vendors' anti-virus software allows malicious users to bypass security protections by evading virus detection. The problem specifically exists in the parsing of .zip archive headers. This vulnerability affects multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV. Instructions for Computer Associates, Eset, Kaspersky, McAfee, Sophos, and RAV are available at: http://www.idefense.com/application/poi/display?id Gentoo: Mandrakelinux 10.1 and Mandrakelinux 10.1/X86_64: A fix for F-Secure is available at:: SUSE: A Proof of Concept exploit script has been published. | Multiple Vendor Anti-Virus Software Detection Evasion CVE Names:
| High | iDEFENSE Security Advisory, October 18, 2004 Secunia Advisory ID: SA13038, November 1, 2004 SecurityFocus, Bugtraq ID: 11448, November 2, 2004 SecurityTracker Alert ID: 1012057, November 3, 2004 SecurityFocus, November 15, 2004 SecurityFocus, November 29, 2004 US-CERT Vulnerability Note, VU#968818, December 13, 2004 |
Navigator 7.0, 7.0.2, 7.1-7.2 | A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. Vulnerability has appeared in the press and other public media. | Netscape Remote Window Hijacking CVE Name: | Medium | Secunia Advisory, SA13402, December 8, 2004 |
Winamp 5.05 | A vulnerability exists which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the 'IN_CDDA.dll' file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted '.m3u' playlist. Successful exploitation allows execution of arbitrary code. Update to version 5.0.6: An exploit script has been published. | Nullsoft Winamp 'IN_CDDA.dll' Buffer Overflow | High | Security-Assessment Vulnerability Advisory, November 23, 2004 PacketStorm, December 11, 2004 |
FirstClass 8.0 | A remote Denial of Service vulnerability exists in the HTTP Daemon Search function. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | OpenText FirstClass HTTP Daemon Search Function Remote Denial of Service | Low | SecurityTracker Alert ID, 1012478, December 11, 2004 |
Windows LiveUpdate prior to v2.5, Norton SystemWorks 2001-2004, Norton AntiVirus and Pro 2001-2004, Norton Internet Security and Pro 2001-2004, | A vulnerability exists in the LiveUpdate GUI during an interactive LiveUpdate session when running the scheduled 'NetDetect' task, which could let a remote malicious user execute arbitrary commands. The vendor has issued a fixed version of LiveUpdate (2.5), available via LiveUpdate. Currently we are not aware of any exploits for this vulnerability. | Symantec LiveUpdate NetDetect Scheduled Task | High | SecurityTracker Alert ID, 1012492, December 13, 2004 |
wodFtpDLX ActiveX component, wodFtpDLX ActiveX component 2.1.1 8 | A buffer overflow vulnerability exists due to the way long buffer file names are handled, which could let a remote malicious user execute arbitrary code. Update available at:
href="http://www.weonlydo.com/index.asp?showform=FtpDLX"> Exploit scripts have been published. | WeOnlyDo! wodFtpDLX ActiveX Component Remote Buffer Overflow | High | Securiteam, November 23, 2004 PacketStorm December 11, 2004 |
| name=unix>UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Adobe Version Cue on Mac OS X | A vulnerability exists that could permit a local malicious user to obtain root privileges on the target system. The scripts used to start and stop Adobe Version Cue are configured with set user id (setuid) root user privileges and do not validate the path names. A local user can create specially crafted scripts and modify the current path to point to the directory containing those scripts. When Adobe Version Cue is started or stopped, the scripts will run with root user privileges. No workaround or patch available at time of publishing. An exploit script has been published. | Adobe Version Cue Start/Stop Scripts Arbitrary Script Execution | High | SecurityTracker Alert ID: 1012446, December 7, 2004 |
Apache 2.0.35-2.0.52 | A vulnerability exists when the 'SSLCipherSuite' directive is used in a directory or location context to require a restricted set of cipher suites, which could let a remote malicious user bypass security policies and obtain sensitive information. OpenPKG:
href="ftp://ftp.openpkg.org/release/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200410-21.xml"> Slackware:
href="ftp://ftp.slackware.com/pub/slackware/"> Conectiva: Mandrake: Fedora: RedHat: SuSE: In the process of releasing packages. RedHat: There is no exploit code required. | Medium | OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004 Gentoo Linux Security Advisory, GLSA 200410-21, October 22, 2004 Slackware Security Advisory, SSA:2004-299-01, October 26, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:122, November 2, 2004 Conectiva Linux Security Announcement, CLA-2004:885, November 4, 2004 Fedora Update Notification, RedHat Security Advisory, RHSA-2004:562-11, November 12, 2004 SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004 RedHat Security Advisory, RHSA-2004:600-12, December 13, 2004 | |
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31 | A buffer overflow vulnerability exists in the 'get_tag()' function, which could let a malicious user execute arbitrary code. Gentoo: Slackware: Trustix: TurboLinux: Red Hat: Exploit scripts have been published. | High | SecurityFocus, October 20, 2004 Slackware Security Advisory, SA:2004-305-01, November 1, 2004 Gentoo Linux Security Advisory, GLSA 200411-03, November 2, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:134, November 17,2004 Turbolinux Security Announcement, November 18, 2004 Red Hat Advisory: RHSA-2004:600-12, December 13, 2004 | |
Darwin | A vulnerability exists due to an input validation error in the handling of 'DESCRIBE' requests. This can be exploited to cause a vulnerable server to crash by sending a specially crafted request for a location containing a null byte. Apple has issued a fix as part of Security Update 2004-12-02, available at: http://www.apple.com/swupdates/ Currently we are not aware of any exploits for this vulnerability. | Apple Darwin Streaming Server DESCRIBE Null Byte Denial of Service CVE Name: | Low | iDEFENSE Advisory 12.03.04 |
Safari 1.2.4 | A vulnerability exists which could allow a remote malicious user to inject content into an open window in certain cases to spoof web site contents. If the target name of an open window is known, a remote user can create Javascript that, when loaded by the target user, will display arbitrary content in the opened window. A remote user can exploit this to spoof the content of potentially trusted web sites. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Apple Safari Open Windows Injection | Medium | SecurityTracker Alert ID: 1012459, December 8, 2004 |
UNARJ 2.62-2.65
| A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings prior to processing, which could let a remote malicious user execute arbitrary code.
Fedora: Gentoo: SUSE: Fedora: Currently we are not aware of any exploits for this vulnerability. | ARJ Software UNARJ Remote Buffer Overflow CVE Name: | High | SecurityTracker Alert I,: 1012194, November 11, 2004 Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004 SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004 Fedora Update Notification |
Atari800 1.3.1 & prior | Several buffer overflow vulnerabilities exist in the 'log.c' and 'rt-config.c' files due to insufficient boundary checks, which could let a malicious user execute arbitrary code with root privileges. The vendor reports that the vulnerability described in 'log.c' is fixed in versions after 2003-11-13, and that they are currently looking into the issue in 'rt-config.c'. An exploit script has been published. | Atari800 Emulator Multiple Buffer Overflows | High | Securiteam, November 25, 2004 PacketStorm, December 11, 2004 |
mtr 0.55 through 0.65 | A vulnerability exists which can be exploited by malicious, local users to perform certain actions with escalated privileges.The vulnerability is caused due to an off-by-one error in the keybinding routine in "mtr_curses_keyaction()". This may be exploited by supplying specially crafted, overly long input. Exploitation requires that mtr is setuid "root" and not compiled with gcc 3.x. Update to version 0.67: Currently we are not aware of any exploits for this vulnerability. | BitWizard mtr 'mtr_curses_keyaction()' Function Buffer Overflow | Medium | Secunia Advisory ID: SA13430, December 14, 2004 |
Cyrus IMAP Server 2.2.9 and prior versions | A vulnerability exists in the mysasl_canon_user() function that could allow a remote user to execute arbitrary code on the target system. An off-by-one error exists in the mysasl_canon_user() function that may result in an unterminated user name string. A remote user may be able to trigger the buffer overflow to execute arbitrary code on the target system with the privileges of the target IMAP process. The vendor has issued a fixed version (2.2.10), available at: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ Currently we are not aware of any exploits for this vulnerability. | Carnegie Mellon Cyrus IMAP Server Off-by-one Overflow CVE Name: | High | SecurityTracker Alert ID: 1012474, December 10, 2004 |
imlib 1.x | Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library. Gentoo: Red Hat: Currently we are not aware of any exploits for these vulnerabilities. | Carsten Haitzler imlib Image Decoding Integer Overflow CVE Name: | High | Secunia Advisory ID: Red Hat Advisory, RHSA-2004:651-03, December 10, 2004 |
Citadel/UX 6.27 and prior versions | A format string vulnerability exists that could allow a remote user to execute arbitrary code on the target system. The lprintf() function in 'sysdep.c' makes an unsafe syslog() call based on user-supplied input but without providing the format string specifier or filtering the user-supplied input. A remote user can connect to the target service and supply a specially crafted string to trigger the error and cause the target service to crash or to execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Citadel/UX Format String | High | No System Group, Advisory #09, December 12, 2004 |
rootsh prior to version 1.4.1 | A vulnerably exists in rootsh, which can be exploited by malicious, local users to bypass the logging functionality. The problem is caused due to an input validation error when handling certain xterm escape sequences. This can be exploited to generate empty syslog messages, allowing users to hide their actions in a syslog-only environment. Update to version 1.4.1: Currently we are not aware of any exploits for this vulnerability. | Free Software Foundation rootsh Security Bypass | Medium | Secunia Advisory ID: SA13405, December 9, 2004 |
a2ps 4.13 | A vulnerability exists that could allow a malicious user to execute arbitrary shell commands on the target system. a2ps will execute shell commands contained within filenames. A user can create a specially crafted filename that, when processed by a2ps, will execute shell commands with the privileges of the a2ps process. A patch for FreeBSD is available at: A Proof of Concept exploit has been published. | GNU a2ps Filenames Shell Commands Execution | High | SecurityTracker Alert ID: 1012475, December 10, 2004 |
mysql_auth prior to 0.8 | A vulnerability exists due to a memory leak in mysql_auth. The impact was not specified. The vendor has issued a fixed version (0.8), available at: http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz Currently we are not aware of any exploits for this vulnerability. | GNU mysql_auth Memory Leak | Not Specified | SecurityTracker Alert ID: 1012500, December 14, 2004 |
Squid-2.5 | A vulnerability exists which can be exploited by malicious people to gain knowledge of potentially sensitive information. Squid returns random error messages due to reference to freed memory in certain conditions involving a sequence of failed DNS lookups, resulting in random messages being shown as error message in response to such host names. Apply patch: http://www.squid-cache.org/ A Proof of Concept exploit has been published. | GNU Squid Malformed Host Name | Medium | Squid Project Bugzilla Bug 1143, November 23, 2004 |
wget 1.9.1 | A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | GNU wget File Creation & Overwrite | Medium | SecurityTracker Alert ID: 1012472, December 10, 2004 |
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, | A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code. Upgrades available at: Ubuntu: Gentoo: Debian: SUSE: Mandrakesoft: (Red Hat has re-issued it's update.) Currently we are not aware of any exploits for this vulnerability. | ImageMagick Remote EXIF Parsing Buffer Overflow CVE Names: | High | SecurityTracker Alert ID, 1011946, October 26, 2004 Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004 Debian Security Advisory DSA 593-1, November 16, 2004 SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004 SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004 Mandrakesoft Security Advisory, MDKSA-2004:143, December 6, 2004 Red Hat Security Advisory, RHSA-2004:636-03, December 8, 2004 |
Zip 2.3 | A buffer overflow vulnerability exists due to a boundary error when doing recursive compression of directories with 'zip,' which could let a remote malicious user execute arbitrary code.
Ubuntu: Fedora: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" SUSE: Currently we are not aware of any exploits for this vulnerability. | Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow CVE Name: | High | Bugtraq, November 3, 2004 Ubuntu Security Notice, USN-18-1, November 5, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004 SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 |
KDE prior to 3.3.2 | When a user creates a link to a remote file using various KDE applications, the resulting link may include authentication credentials for the remote system. This may include Samba passwords for files located on SMB servers. Patches are available: Currently we are not aware of any exploits for this vulnerability. | KDE Privacy | Medium | KDE Security Advisory, December 9, 2004 |
Konqueror 3.2.2-6
| A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | KDE Konqueror Window Injection | Medium | Secunia Advisory ID: SA13254, December 8, 2004 |
Perl 5.8.3 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Ubuntu: Gentoo: There is no exploit code required. | Perl CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Ubuntu Security Notice, USN-16-1, November 3, 2004 Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004 |
LibTIFF 3.6.1 | Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code. Debian: Gentoo: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"> OpenPKG: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Mandrake: SuSE:
href="ftp://ftp.suse.com/pub/suse/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-577.html"> Slackware: Conectiva: KDE: Update to version 3.3.2: Apple Mac OS X: Proofs of Concept exploits have been published. | LibTIFF Buffer Overflows CVE Name: | Low/High (High if arbitrary code can be execute) | Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004 Fedora Update Notification, OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004 Debian Security Advisory, DSA 567-1, October 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004 SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004 RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004 Slackware Security Advisory, SSA:2004-305-02, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:888, November 8, 2004 US-CERT Vulnerability Notes VU#687568 & VU#948752, December 1, 2004 Gentoo Linux Security Advisory, GLSA 200412-02, December 6, 2004 KDE Security Advisory, December 9, 2004 Apple Security Update SA-2004-12-02 |
MediaWiki 1.3.8 | A vulnerability exists which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient validation of files uploaded to the "images" directory located inside the web root. This can be exploited to upload and execute arbitrary malicious scripts. Update to version 1.3.9: A Proof of Concept exploit has been published. | MediaWiki 'images' Arbitrary Script Upload and Execution | High | Secunia Advisory ID: SA13419, December 13, 2004 |
file 4.11 and prior (Trustix) | A vulnerability exists in the ELF header parsing code in 'file'. A malicious user may be able to create a specially crafted ELF file that, when processed using 'file', may be able to modify the stack and potentially execute arbitrary code. Update to version 4.12: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors 'File' Processing ELF Headers Stack Overflow | High | Trustix Secure Linux Advisory #2004-0063, November 26, 2004 Gentoo Linux Security Advisory, GLSA 200412-07/ file, December 13, 2004 |
Gentoo Linux;
| A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation. Patch available at: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SuSE: Ubuntu: RedHat: Trustix: Conectiva: Fedora: SGI: TurboLinux: There is no exploit code required. | Samba Remote Wild Card Denial of Service CVE Name: | Low | SecurityFocus, November 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004 RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004 Conectiva Linux Security Announcement, CLA-2004:899, November 25, 2004 Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004 SGI Security Advisory, 20041201-01-P, December 13, 2004 |
gzip | A vulnerability exists in the gzip(1) command, which could let a malicious user access the files of other users that were processed using gzip. Sun Solaris:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1"> Mandrakesoft: Trustix: Debian: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors CVE Name: | Medium | Sun(sm) Alert Notification, 57600, October 1, 2004 US-CERT Vulnerability Note VU#635998, October 18, 2004 Mandrakesoft Security Advisory, MDKSA-2004:142, December 6, 2004 Trustix Advisory TSL-2004-0050, September 30, 2004 Debian Security Advisory DSA 588-1, November 8, 2004 |
Linux Kernel 2.6.x | Some potential vulnerabilities exist with an unknown impact in the Linux Kernel. The vulnerabilities are caused due to boundary errors within the Patches are available at: http://linux.bkbits.net:8080/linux-2.6/ Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel 'sys32_ni_syscall' and 'sys32_vm86_warning' Buffer Overflows | Not Specified | Secunia Advisory ID: SA13410, December 9, 2004 |
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20; | A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access.
Upgrades available at: OpenPKG: RedHat: SuSE: Trustix: Ubuntu: Fedora: There is no exploit code required.
| MySQL Database Unauthorized GRANT Privilege CVE Name: | Medium | Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004 Fedora Update Notification, |
nfs-utils 1.0.6 | A vulnerability exists due to an error in the NFS statd server in "statd.c" where the "SIGPIPE" signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely. Upgrade to 1.0.7-pre1: Mandrakesoft: Debian: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors nfs-utils "SIGPIPE" TCP Connection Termination Denial of Service
| Low | Secunia Advisory ID: SA13384, December 7, 2004 Debian Security Advisory |
perl | Multiple vulnerabilities exist which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the file system. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Gentoo: update to "perl-5.8.5-r2" or later: Trustix: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Perl Insecure Temporary File Creation | Medium | Gentoo Security Advisory, GLSA 200412-04 / perl, December 7, 2004 Trustix Secure Linux Bugfix Advisory #2004-0050, November 30, 2004 Ubuntu Security Notice USN-16-1 November 02, 2004 |
Samba 3.0 - 3.0.7; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, 2.1, ES 3, 2.1 IA64, 2.1, AS 3, 2.1 IA64, 2.1; Ubuntu Linux 4.1 ppc, ia64, ia32 | A buffer overflow vulnerability exists in the 'QFILEPATHINFO' request handler when constructing 'TRANSACT2_QFILEPATHINFO' responses, which could let a remote malicious user execute arbitrary code.
Update available at: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SuSE: Trustix: Ubuntu: Conectiva: Fedora: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Samba 'QFILEPATHINFO' Buffer Overflow CVE Name: | High | e-matters GmbH Security Advisory, November 14, 2004 SuSE Security Announcement, SUSE-SA:2004:040, November 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004 Ubuntu Security Notice, USN-29-1, November 18, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:136, November 19, 2004 US-CERT Vulnerability Note VU#457622, November 19, 2004 Conectiva Linux Security Announcement, CLA-2004:899, November 25, 2004 Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004 |
Unix OpenBSD 3.3, 3.4; | A buffer overflow vulnerability exists in the 'font.alias' file due to insufficient validation of user supplied data, which could let a malicious user obtain ROOT privileges. Fedora: Immunix: Mandrake: OpenBSD: RedHat: Slackware: TurboLinux: Xfree86: A Proof of Concept exploit has been published. | Multiple Vendors XFree86 Font Information File Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, February 10, 2004. Slackware Security Advisory, SSA:2004-043-02, February 12, 2004. Fedora Update Notification, FEDORA-2004-069, February 13, 2004. Immunix Secured OS Security Advisory, IMNX-2004-73-002-01, February 13, 2004. Mandrake Linux Security Update Advisory, MDKSA-2004:012, February 13, 2004. Red Hat Security Advisories, RHSA-2004:059-01& RHSA-2004:060-16, February 13, 2004. TurboLinux Security Advisory, TLSA-2004-5, February 17, 2004. US-CERT Vulnerability Note VU#820006, December 7, 2004 |
Easy Software Products CUPS 1.1.14-1.1.20; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
| A Denial of Service vulnerability exists in 'scheduler/dirsvc.c' due to insufficient validation of UDP datagrams. Update available at:
href=" http://www.cups.org/software.php"> Debian:
href=" http://security.debian.org/pool/updates/main/c/cupsys/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> RedHat: SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> ALTLinux: Gentoo: Slackware: Apple: Fedora: Sun: Conectiva: Fedora Legacy: SCO: TurboLinux: ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/ A Proof of Concept exploit has been published. | Low | SecurityTracker Alert ID, 1011283, September 15, 2004 ALTLinux Advisory, September 17, 2004 Gentoo Linux Security Advisory GLSA 200409-25, September 20, 2004 Slackware Security Advisory, SSA:2004-266-01, September 23, 2004 Fedora Update Notification, Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004 Sun(sm) Alert Notification, 57646, October 7, 2004 SCO Security Advisory, COSA-2004.15, October 12, 2004 Conectiva Linux Security Announcement, CLA-2004:872, October 14, 2004 Fedora Legacy Update Advisory, FLSA:2072, October 16, 2004 Turbolinux Security Advisory, TLSA-2004-33, December 8, 2004 | |
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1; | Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. lmlib:
href="http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/"> ImageMagick:
href="http://www.imagemagick.org/www/download.html "> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-12.xml"> Mandrake: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Debian: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-465.html"> SUSE: TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/"> Conectiva: Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1&searchclause=">
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1&searchclause=">http://sunsolve.sun.com/search/document.do? TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-480.html"> Ubuntu: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | IMLib/IMLib2 Multiple BMP Image
CVE Names: | Low/High (High if arbitrary code can be executed) | SecurityFocus, September 1, 2004 Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, 2004 Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004 RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004 Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004 Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004 Turbolinux Security Announcement, October 5, 2004 RedHat Security Update, RHSA-2004:480-05, October 20, 2004 Ubuntu Security Notice USN-35-1, November 30, 2004 RedHat Security Advisory, RHSA-2004:636-03, December 8, 2004 |
Gentoo Linux; | Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service. Fedora: Gentoo: SUSE: X.org: Fedora: RedHat: Mandrakesoft: http://www.mandrakesoft.com/security/ Debian: Currently we are not aware of any exploits for these vulnerabilities | Multiple Vendors LibXPM Multiple Vulnerabilities CVE Name: | Low/ Medium/ High (Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed) | X.Org Foundation Security Advisory, November 17, 2004 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004 Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004 Fedora Security Update Notifications RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004 Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004 Debian Security Advisory |
iproute2 | A vulnerability exists because iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. Updates available: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors iproute Denial of Service | Low | Mandrakesoft Security Advisory, MDKSA-2004:148, December 13, 2004 |
Linux Kernel | A vulnerability exists in the Linux kernel io_edgeport driver. A local user with a USB dongle can cause the kernel to crash or may be able to gain elevated privileges on the target system. The flaw resides in the edge_startup() function in 'drivers/usb/serial/io_edgeport.c'.
Red Hat: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel USB io_edgeport Driver Integer Overflow | Low/ Medium (Medium if elevated privileges can be obtained) | SecurityTracker Alert ID: 1012477, December 10, 2004 |
Linux Kernel 2.6 -test1-test11, 2.6, l 2.6.1 -rc1&rc2, 2.6.1- 2.6.9; | A Denial of Service vulnerability exists due to a failure by 'aio_free_ring' to handle exceptional conditions.
No workaround or patch available at time of publishing. An exploit script has been published. | Linux Kernel AIO_Free_Ring Denial of Service | Low | SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 |
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27 | A vulnerability exists in the 'AF_UNIX' address family due to a serialization error, which could let a malicious user obtain elevated privileges or possibly execute arbitrary code.
Upgrades available at: SUSE: Currently we are not aware of any exploits for this vulnerability.
| Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification CVE Name: | Medium/ High (High if arbitrary code can be executed) | Bugtraq, November 19, 2004 SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 |
Linux Kernel 2.6 - 2.6.10 r2 | An unspecified buffer overflow vulnerability reportedly affects the 'sys_ia32.c' file of the Linux kernel. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite kernel buffers. A malicious user might leverage this issue to overflow the affected buffer. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel SYS_IA32.C Buffer Overflow | High | SecurityFocus, December 9, 2004 |
Linux Kernel 2.6 - 2.6.9 | A local Denial of Service vulnerability affects the ELF header processing functionality on 64 bit systems of the Linux kernel. This issue is due to a failure of the affected kernel to properly handle malformed ELF headers. A local attacker may leverage this issue to cause a computer running the affected kernel to crash, denying service to legitimate users. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability.
| Multiple Vendors Linux Kernel 64 Bit ELF Header Local Denial of Service | Low | SecurityFocus, Bugtraq ID 11846, December 7, 2004 |
nfs-utils | A vulnerability exists which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the function "getquotainfo()" in "rquota_server.c" and can be exploited to cause a buffer overflow. Successful exploitation may lead to execution of arbitrary code on 64-bit architectures. Gentoo: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors nfs-utils 'getquotainfo()' Buffer Overflow | High | Secunia Advisory ID: SA13440, December 14, 2004 |
Unix OpenBSD 3.3, 3.4; | A buffer overflow vulnerability exists due to insufficient bounds checking when parsing the ‘font.alias’ file, which could let a remote malicious user execute arbitrary code with ROOT privileges. Fedora: Immunix: Mandrake: OpenBSD: RedHat: Slackware: TurboLinux: Xfree86: A Proof of Concept exploit has been published. | Multiple Vendors Xfree86 Font_Name Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, February 12, 2004 Slackware Security Advisory, SSA:2004-043-02, February 12, 2004 Fedora Update Notification, FEDORA-2004-069, February 13, 2004 Immunix Secured OS Security Advisory, IMNX-2004-73-002-01, February 13, 2004. Mandrake Linux Security Update Advisory, MDKSA-2004:012, February 13, 2004. Red Hat Security Advisories, RHSA-2004:059-01& RHSA-2004:060-16, February 13, 2004. TurboLinux Security Advisory, TLSA-2004-5, February 17, 2004. US-CERT Vulnerability Note VU#667502, December 7, 2004 |
MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0 | A buffer overflow vulnerability exists in the 'mysql_real_connect' function due to insufficient boundary checking, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Note: Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue. Debian: Trustix: OpenPKG: Mandrake: Conectiva: SUSE: Ubuntu: Fedora: We are not aware of any exploits for this vulnerability. | MySQL Mysql_real_connect Function Remote Buffer Overflow CVE Name: | Low/High (Low if a DoS) | Secunia Advisory, Debian Security Advisory, DSA 562-1, October 11, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004 Fedora Update Notification, |
MySQL 3.23.49, 4.0.20 | A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges. Debian:
href="http://security.debian.org/pool/updates/main/m/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-02.xml"> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-569.html"> OpenPKG: Mandrake: Fedora: There is no exploit code required. | Medium | Debian Security Advisory, DSA 540-1, August 18, 2004 Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004 SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004 RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004 SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004 Fedora Update Notification, | |
MySQL 3.x, 4.x
| Two vulnerabilities exist: a vulnerability exists due to an error in 'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue 'alter' commands against 'merge' tables to modify the 'union.' Updates available at: Debian: Trustix: Mandrake: Conectiva: Ubuntu: SuSE: Fedora: We are not aware of any exploits for these vulnerabilities. | MySQL Security Restriction Bypass & Remote Denial of Service CVE Names: | Low/ Medium (Low if a DoS; and Medium if security restrictions can be bypassed) | Secunia Advisory, SA12783, October 11, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004 Ubuntu Security Notice, USN-32-1, November 25, 2004 SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004 Fedora Update Notification, |
Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Gentoo: Mandrake: Fedora: There is no exploit code required. | NetaTalk Insecure Temporary File Creation CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory GLSA 200410-25, October 25, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:121, November 2, 2004 Fedora Update Notifications, |
OmniWeb 5.0.1 | A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. Vulnerability has appeared in the press and other public media. | Omni Group OmniWeb Browser Remote Window Hijacking | Medium | Secunia Advisory, SA13418, December 10, 2004 |
Opera 7.54 on Linux with KDE 3.2.3 | A vulnerability exists that could permit a remote user to cause the target user to execute arbitrary commands. KDE uses 'kfmclient exec' as the default application for processing saved files. A remote user can cause arbitrary shell commands to be executed on the target system. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Opera Default 'kfmclient exec' Configuration | High | Zone-H Advisory, ZH2004-19SA, December 12, 2004 |
PHP Group pp 4.3.7 and prior | Updates to fix multiple vulnerabilities with php4 which could allow remote code execution. Debian: Fedora: TurboLinux: href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/">ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/ An exploit script has been published. | High | Secunia, SA12113 and SA12116, July 21, 2004 Debian, Slackware, and Fedora Security Advisories Turbolinux Security Advisory TLSA-2004-23, September 15, 2004 PacketStorm, December 11, 2004 | |
PHPNews 1.2.3 | A vulnerability exists in 'sendtofriend.php' due to insufficient sanitization of the 'mid' parameter, which could let a remote malicious user manipulate data. Upgrade available at: An exploit script has been published. | PHPNews SQL Injection | Medium | Secunia Advisory, PacketStorm, December 11, 2004 |
PostgreSQL 7.4.5 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files. Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200410-16.xml"> Debian:
href="http://security.debian.org/pool/updates/main/p/postgresql/"> OpenPKG:
href="ftp://ftp.openpkg.org/release/"> Mandrakesoft: There is no exploit code required. | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200410-16, October 18, 2004 Debian Security Advisory, DSA 577-1, October 29, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.046, October 29, 2004 Mandrakesoft Security Advisory, MDKSA-2004:149, December 13, 2004
| |
ProFTPD 1.2.9 | A vulnerability exists that could permit a remote authenticated user to change the group ownership of FTP-accessible files and directories. A remote authenticated user can issue the SITE CHGRP command to change the group permissions on files and directories. The server does not check the user's privileges when executing the command. No vendor solution available at this time. A Proof of Concept exploit has been published. | ProFTPD SITE CHGRP CommandFile/Directory Group Ownership Modification | Medium | SecurityTracker Alert ID: 1012488, December 13, 2004 |
Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), Advanced Workstation 2.1 for the Itanium Processor | A vulnerability exists in the way ncompress handles long filenames has been discovered. It is possible that an attacker could execute arbitrary code on a victims machine by tricking the user into decompressing a carefully crafted filename. Updates available at: http://rhn.redhat.com/errata/RHSA-2004-536.html Currently we are not aware of any exploits for this vulnerability.
| Red Hat ncompress Buffer Overflow CVE Name: | High | Red Hat Advisory: RHSA-2004:536-05, December 13, 2004 |
GNOME VFS Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64; | Multiple vulnerabilities exist in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. A malicious user who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts. Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: href="http://www.redhat.com/docs/manuals/enterprise/ ">http://www.redhat.com/docs/manuals/enterprise/ Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ SUSE: http://www.suse.com/en/private/download/updates/92_i386.html SGI: ftp://patches.sgi.com/support/free/security/patches/ProPack/3/ We are not aware of any exploits for these vulnerabilities. | Red Hat GNOME VFS updates address extfs vulnerability CVE Name: | High | Red Hat Security Advisory ID: RHSA-2004:373-01, August 4, 2004 Fedora Update Notification SecurityFocus, Bugtraq ID: 10864, December 7, 2004 |
Roaring Penguin 3.5 & prior | A vulnerability exists in the pppoe driver, which could let a malicious user obtain elevated privileges. Debian: Mandrakesoft: We are not aware of any exploits for this vulnerability. | Roaring Penguin pppoe Elevated Privileges CVE Name: | Medium | Debian Security Advisory, DSA 557-1 , October 4, 2004 Mandrakesoft, MDKSA-2004:145, December 6th, 2004 |
xzgv .8 | An integer overflow vulnerability exists in the processing of PRF files. A remote malicious user may be able to cause arbitrary code to be executed on the target user's computer. A remote user can create a specially crafted image file that, when processed by the target user, will trigger an overflow in the read_prf_file() function. The flaw resides in 'src/readprf.c', where image height and width parameters are not properly limited. A patch is available at: Currently we are not aware of any exploits for this vulnerability.
| Russell Marks xzgv Integer Overflow CVE Name: | High | iDEFENSE Security Advisory, December 13, 2004 |
Samba on SGI IRIX 6.5.x | Multiple vulnerabilities exist which can be exploited to cause a DoS or compromise a vulnerable system. Apply patch 5798 for Samba 3.0.7: Currently we are not aware of any exploits for these vulnerabilities. | SGI Multiple Samba Vulnerabilities CVE Names: | Low/High (High if arbitrary code can be executed) | Samba Security Vulnerability Number : 20041201-01-P, December 7, 2004 |
A privilege escalation problem was found in the Sun Java Plugin which could have a remote attacker reading and writing files of a local user browsing websites. This bug affects all SUSE versions on the Intel x86 and AMD64 / Intel Extended Memory Architecture (EM64T) platforms. SUSE is in the process of releasing updated Java packages. Currently we are not aware of any exploits for this vulnerability. | Sun Java Plugin Privilege Escalation | Medium | SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004 | |
sendmail on Sun Solaris 9 | A vulnerability exists in sendmail included in Solaris 9, which can be exploited by malicious people to cause a Denial of Service and potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing DNS responses. This can be exploited to cause a buffer overflow by returning a specially crafted DNS response. Apply patch: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris Sendmail DNS TXT Records Buffer Overflow
| Low/High (High if arbitrary code can be executed) | Sun Alert ID: 57696, December 12, 2004 US-CERT VU#814627, March 10, 2003 |
Solaris 7, 8, 9 | A security vulnerability in the in.rwhod(1M) daemon may allow a remote malicious privileged user to execute arbitrary code with "root" privileges when the in.rwhod(1M) daemon is enabled on the system. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris IN.RWHOD(1M) Daemon | High | Sun Alert ID: 57659, December 6, 2004 |
Ruby 1.8.x | A remote Denial of Service vulnerability exists due to an input validation error in 'cgi.rb.' Debian: Mandrake: Ubuntu: Fedora: Gentoo: Red Hat: Currently we are not aware of any exploits for this vulnerability. | Yukihiro Matsumoto Ruby Infinite Loop Remote Denial of Service CVE Name: | Low | Secunia Advisory, Ubuntu Security Notice, USN-20-1, November 9, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200411-23, November 16, 2004 Red Hat Advisory, RHSA-2004:635-03, December 13, 2004 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
PHProjekt 2.0, 2.0.1, 2.1 a, 2.1-2.4, 3.0-3.2, 4.2 | A vulnerability exists in 'setup.php' because arbitrary PHP scripts can be uploaded, including operating system commands, which could let a remote malicious user modify the configuration and execute arbitrary scripts. Patch available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | PHProjekt 'setup.php' File Upload | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200412-06, December 10, 2004 |
Codestriker 1.7-1.7.8, 1.8-1.8.4 | A vulnerability exists in the Codestriker repository because the repository is not correctly checked against the configuration list, which could let a remote malicious user bypass certain security restrictions. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Codestriker Repository Access Control Bypass | Medium | Secunia Advisory, SA13393, December 8, 2004 |
WebLibs 1.0 | A Directory Traversal vulnerability exists in 'weblibs.pl' due to insufficient validation, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is not exploit required; however, a Proof of Concept exploit script has been published. | Darryl Burgdorf WebLibs Directory Traversal | Medium | SecurityTracker Alert ID, 1012451, December 7, 2004 |
Battlefield 1942 1.6.19, Battlefield Vietnam 1.2 | A remote Denial of Service vulnerability exists due to insufficient validation of the server-supplied 'numplayers' field.
This issue has been addresses in Battlefield 1942 1.61b and Battlefield Vietnam 1.21. A Proof of Concept exploit script has been published. | Digital Illusions Multiple Games Remote Denial of Service | Low | Secunia Advisory, SA13368, December 7, 2004 |
Policy Manager 5.11 | A vulnerability exists in the 'fsmsh.dll' CGI application, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | F-Secure Policy Manager FSMSH.DLL CGI Path Disclosure | Medium | Securiteam, December 12, 2004 |
GameSpy Software Development Kit | A buffer overflow vulnerability exists in the CD-key validation functionality due to insufficient validation, which could let a remote malicious user execute arbitrary code. The vendor issued a fix on November 19, 2004. An exploit script has been published. | Gamespy Software Development Kit CD-Key Validation Buffer Overflow | High | Securiteam, December 13, 2004 |
iCab 2.9.8 | A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. Vulnerability has appeared in the press and other public media. | ICab Web Browser Remote Window Hijacking | Medium | Secunia Advisory, SA13412, December 10, 2004 |
UBBThreads 6.2.3, 6.5 | A Cross-Site Scripting vulnerability exists in several scripts due to insufficient validation of the 'Cat' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Infopop UBBThreads Cross-Site Scripting | High | SecurityTracker Alert ID, 1012503, December 14, 2004 |
Last 10 Posts 2.0.1 | A vulnerability exists in the 'Last 10 Posts' script for vBulletin due to insufficient sanitization of user-supplied input prior to using in an SQL query, which could let a remote malicious user manipulate and inject SQL queries into the database. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Last 10 Posts Add-On Script For VBulletin SQL Injection | Medium | SecurityFocus, December 6, 2004 |
Firefox 1.x, 0.x, | A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. Vulnerability has appeared in the press and other public media. | Mozilla Browser and Mozilla Firefox Remote Window Hijacking CVE Name: | Medium | SECUNIA ADVISORY ID: SA13129, December 8, 2004 |
Mozilla Browser M16, M15, 0.8, 0.9.2 .1, 0.9.2-0.9.9, 0.9.35, 0.9.48, 1.0 RC1&RC2, 1.0-1.0.2, 1.1 Beta, Alpha, 1.1, 1.2 Beta, Alpha, 1.2, 1.2.1, 1.3, 1.3.1, 1.4 b, 1.4 a, 1.4-1.4.2, 1.5, 1.5.1, 1.6, 1.7 rc1-rc3, beta, alpha, 1.7-1.7.3, 1.8 Alpha 1-Alpha 4, Firebird 0.5, 0.6.1, 0.7, Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1, 1.0; | A remote Denial of Service vulnerability exists due to a NULL pointer dereference when a JavaScript functions attempts to print an IFRAME that is embedded on the page. Patch available at: https://bugzilla.mozilla.org/show_bug.cgi?id=272381 A Proof of Concept exploit has been published. | Mozilla/Netscape/ Firefox Browsers JavaScript IFRAME Rendering Denial of Service | Low | SecurityFocus, December 6, 2004 |
MaxDB 7.5 .00.18, 7.5 .00.11-7.5.00.16, 7.5.00.08 | Two vulnerabilities exist: a vulnerability exists due to a boundary error in the WebDAV handler when an overly long 'Overwrite' header is submitted, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability exist due to a NULL pointer dereference error in 'WAHTTP.' Updates available at: http://dev.mysql.com/downloads/maxdb/7.5.00.html There is no exploit required for the Denial of Service vulnerability; however, a Proof of Concept exploit has been published. | MaxDB WebTools Buffer Overflow & Denial of Service CVE Names: | LowHigh (High if arbitrary code can be executed) | Secunia Advisory, SA13397, December 8, 2004 |
Netware 5, 5.1, 6.0, 6.5 | A vulnerability exists because some hotkeys are still enabled when the password The vendor has included a fix in the BorderManager ICSA Compliance Kit v5.0d, described at: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2969741.htm A Proof of Concept exploit has been published. | Novell NetWare Console Screen Saver Authentication | Medium | Secunia Advisory, SA13434, December 14, 2004 |
Open DC Hub Direct Connect Peer-to-peer Client 0.7.14 | A buffer overflow vulnerability exists in the 'RedirectAll' command due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo: An exploit script has been published. | Open DC Hub Remote Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200411-37, November 29, 2004 PacketStorm, December 11, 2004 |
Opera Web Browser 7.0 win32, Beta 1 & Beta2, | A vulnerability exists due to a design error that facilitates the spoofing of file names, which could let a remote malicious user spoof the download dialog box.
Upgrades available at: http://www.opera.com/download/ Currently we are not aware of any exploits for this vulnerability. | Opera Web Browser Name Spoofing | Medium | Opera Security Advisory, December 10, 2004 |
Opera Web Browser 7.54 | A vulnerability exists because a website can inject content into another site's window if the target name of the window is known, which could let a remote malicious user spoof the content of websites
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. Vulnerability has appeared in the press and other public media. | Opera Web Browser Remote Window Hijacking CVE Name: | Medium | Secunia Advisory, SA13253, December 13, 2004 |
PHP Live! 2.8.1 | A directory and configuration file include file vulnerability exists. The impact was not specified, except to indicate that it is a "major security problem."
Update available at: http://www.phplivesupport.com/index_source.php Currently we are not aware of any exploits for this vulnerability. | PHP Live! Unspecified Remote Configuration File Include | Not Specified | Secunia Advisory, SA13420, December 13, 2004 |
PhpGedView 2.52.3, 2.60, 2.61, 2.61.1, 2.65 beta5 | A Cross-Site Scripting vulnerability exists in 'Descendancy.php,' 'Index.PHP,' and 'Individual.PHP' due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is not exploit required; however, Proofs of Concept exploits have been published. | PhpGedView Cross-Site Scripting CVE Name: | High | SecurityFocus, December 9, 2004 |
PHP Gift Registry 1.3.5 | Multiple Cross-Site Scripting vulnerabilities exist in 'event..php' and 'index.php' due to insufficient sanitization of the 'message' parameter, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is not exploit required. | PHP Gift Registry Multiple Cross-Site Scripting | High | Secunia Advisory, SA13414, December 10, 2004 |
Sugar Sales 2.0.1c & prior | Multiple vulnerabilities exist: a vulnerability exists when a remote malicious user submits specially crafted parameters to view the contents of files with the privileges of the target web service; a vulnerability exists due to a failure to remove or restrict access to the install script files after installation, which could let a remote malicious user cause a Denial of Service or obtain sensitive information; a vulnerability exists because a remote malicious user can inject SQL commands that will be executed by the underlying database; and a vulnerability exists because a remote malicious user can invoke certain scripts that will display the full installation path.
No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | SugarSales Input Validation | Low/ Medium (Medium if sensitive information can be obtained) | SecurityTracker Alert ID, 1012490, December 13, 2004 |
Java System Web Server (Sun ONE/iPlanet) 6.x, Java System Application Server (Sun ONE) 7.x | A vulnerability was reported in the Sun Java System Web Server. A remote user may be able to access active sessions.
Sun reported that a remote user may be able to access active sessions by obtaining the session ID of a target user. Update available at: http://wwws.sun.com/software/download/products/415a094d.html Currently we are not aware of any exploits for this vulnerability. | Sun Java System Web Server / Application Server Active Sessions Access | Medium | Sun Security Alert, Sun Alert ID: 57699, December 13, 2004 |
UseModWiki 1.0 | A Cross-Site Scripting vulnerability exists in the 'wiki.pl' script due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | UseModWiki Cross-Site Scripting | High | STG Security Advisory, SSA-20041209-13, December 14, 2004 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| December 12, 2004 | AdobeMac.txt | No | Exploit for the Adobe Version Cue Start/Stop Scripts Arbitrary Script Execution vulnerability. |
| December 12, 2004 | Absinthe-1.1.tar.gz | N/A | A gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. |
| December 12, 2004 | citadel_fsexp.c | No | Remote root exploit for Citadel/UX format string vulnerability. |
| December 12, 2004 | mercury.c | Yes | Exploit for the Mercury Mail Multiple Remote IMAP Stack Buffer Overflow vulnerabilities. |
| December 12, 2004 | orbzbof.zip | No | Remote Proof of Concept exploit for the 21-6 Productions Orbz Password Field Buffer Overflow vulnerability. |
| December 12, 2004 | WebLibs10.txt | No | Exploit for the Darryl Burgdorf WebLibs Directory Traversal vulnerability. |
| December 11, 2004 | phpkitSQLXSS.txt | No | Proof of Concept exploit for the PHP KIT SQL injection and Cross-Site Scripting vulnerabilities. |
| December 11, 2004 | ipbSQL.txt | No | Exploit for the IPB Pro Arcade SQL injection vulnerability. |
| December 11, 2004 | ezshopper.txt | No | Exploit for the EZshopper Directory Traversal vulnerability. |
| December 11, 2004 | ssfakep.zip | No | Remote Denial of Service exploit for games using the Serious engine. Generates UDP packets that have fake players enter a room |
| December 11, 2004 | mimedefang-2.49.tar.gz | N/A | A flexible MIME email scanner designed to protect Windows clients from viruses. |
| December 11, 2004 | winfingerprint-0.5.13.zip | N/A | A Win32 Host/Network Enumeration Scanner. Winfingerprint is capable of performing SMB, TCP, UDP, ICMP, RPC, and SNMP scans. |
| December 11, 2004 | bilbo-0.11.tar.gz | N/A | A wrapper for nmap that makes it easier to scan lots of machines or networks. |
| December 11, 2004 | IPSWSFTP-exploit.c | No | Exploit for the IpSwitch WS_FTP Buffer Overflow vulnerability. |
| December 11, 2004 | coffeecupbof.txt | No | Script that exploits the CoffeeCup Direct/Free FTP ActiveX Component Remote Buffer Overflow vulnerability. |
| December 11, 2004 | OpenDcHub-poc.zip | Yes | Exploit for the Open DC Hub Remote Buffer Overflow vulnerability. |
| December 11, 2004 | winampm3u.c | Yes | Script that exploits the Nullsoft Winamp 'IN_CDDA.dll' Buffer Overflow vulnerability. |
| December 11, 2004 | atari800.txt | Yes | Exploit for the Atari800 Emulator Multiple Buffer Overflows vulnerabilities. |
| December 11, 2004 | 000102advisory.txt | Yes | Exploit for the MailEnable Stack Overflow & Pointer Overwrite vulnerability. |
| December 11, 2004 | phpnolimit.c | Yes | Exploit for the PHP 'memory_limit' and strip_tags() Remote Vulnerabilities |
| December 11, 2004 | phpnews.txt | Yes | Exploit for the PHPNews SQL Injection vulnerability. |
| December 11, 2004 | wodftpcrash.txt | Yes | Denial of Service exploit for the WodFtpDLX buffer overflow vulnerability. |
| December 10, 2004 | wgetTrapPOC.pl | No | Perl script that exploits the GNU WGet Multiple Remote Vulnerabilities. |
| December 10, 2004 | goregsbof.zip | Yes | Exploit for the Gamespy Software Development Kit CD-Key Validation Buffer Overflow vulnerability. |
| December 9, 2004 | ie6-file-detection.txt | No | Exploit for the Microsoft Internet Explorer Sysimage Protocol Handler Information Disclosure vulnerability, |
| December 8, 2004 | keriodos.txt | No | Exploit for the Kerio Personal Firewall Local Denial of Service vulnerability. |
| December 7, 2004 | md5_someday.pdf | N/A | Collision vulnerabilities in MD5 Checksums - It is possible to create different executables which have the same md5 hash. The attacks remain limited, for now. The attack allows blocks in the checksumm'd file to be swapped out for other blocks without changing the final hash. A tool to demonstrate these vulnerabilities is available here. |
| December 7, 2004 | iosetup_crash.c | No | Script that exploits the Linux Kernel AIO_Free_Ring Local Denial of Service vulnerability. |
| December 7, 2004 | bfcboom.tar bfcboom.zip | Yes | Proof of Concept exploits for the Digital Illusions Multiple Games Remote Denial of Service vulnerability. |
name=trends>Trends
- Internet companies and law-enforcement agencies will work together to track down online scam artists who pose as banks and other legitimate businesses, a practice known as "phishing." Businesses will be able to notify the FBI and other authorities instantly when they see a new phishing attack. For more information, see: http://www.boston.com/business/technology/articles/2004/12/08/tech_firms_fbi_to_fight_phishing_scams_together/.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Netsky-D | Win32 Worm | Stable | March 2004 |
3 | Zafi-B | Win32 Worm | Stable | June 2004 |
4 | Sober-I | Win32 Worm | Slight Increase | November 2004 |
5 | Netsky-Z | Win32 Worm | Slight Increase | April 2004 |
6 | Netsky-Q | Win32 Worm | Slight Increase | March 2004 |
7 | Bagle-AA | Win32 Worm | Slight Increase | April 2004 |
8 | Bagle-AT | Win32 Worm | Decrease | October 2004 |
9 | Bagle-AU | Win32 Worm | Stable | October 2004 |
10 | Netsky-B | Win32 Worm | Stable | February 2004 |
Table Updated December 14, 2004
Viruses or Trojans Considered to be a High Level of Threat
- Sophos, a leader in protecting businesses against viruses and spam, released a report revealing the hardest hitting viruses of 2004. In a year which saw a 51.8 percent increase in the number of new viruses, the Netsky-P worm has accounted for almost a quarter of all virus incidents reported, making it the hardest hitting virus of 2004. For more information, see: http://www.govtech.net/?pg=news/news&id=92407.
- US-CERT has received reports of a new variant of the Zafi virus referred to as "W32/Zafi.D" or "W32.Erkez.D@mm". It arrives as an attachment to an email containing a holiday greeting message. For more information, see: http://www.us-cert.gov/current/current_activity.html.
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Name |
face="Arial, Helvetica, sans-serif">Aliases |
face="Arial, Helvetica, sans-serif">Type |
| Backdoor.Ranky.N | Trojan | |
| BackDoor-BAC.dll | Trojan | |
| Cabir.C | SymbOS/Cabir.c EPOC/Cabir.c Worm.Symbian.Cabir.c, MYTITI virus | Worm |
| Cabir.D | SymbOS/Cabir.D EPOC/Cabir.D Worm.Symbian.Cabir.D, [YUAN] virus | Worm |
| Cabir.Dropper | SymbOS/Cabir.Dropper Norton AntiVirus 2004 Professional.sis | Worm |
| Downloader-TA.dll | BackDoor-BAC.dll | Trojan |
| HotWorld | Trojan | |
| Janx.A | Internet Worm | |
| JS.Speth.Worm | JavaScript Worm | |
| Troj/Brabot-A | W32/Generic.worm!p2p Backdoor.Win32.Brabot.a | Trojan |
| Trojan.Conycspa | Trojan | |
| TrojanDropper.FakeSpamFighter | Fake Lycos Screensave FakeSpamFighter Fake Spam Fighter | Trojan |
| VBS.Junkmail@mm | Visual Basic Script Worm | |
| W32.Gaobot.BUU | Win32 Worm | |
| W32.Janx | Win32 Worm | |
| W32.Maslan.C@mm | W32/Maslan.c@MM Backdoor.Win32.SdBot.ts Net-Worm.Win32.Maslan.b PE_MASLAN.C W32/Maslan-C W32/Sdbot-RW Win32.HLLM.Alaxala | Win32 Worm |
| W32.Qeds@mm | Win32 Worm | |
| W32/Agobot-DAA | Win32 Worm | |
| W32/Agobot-NX | Win32 Worm | |
| W32/Anig-C | W32/Anig.worm.gen W32.HLLW.Anig | Win32 Worm |
| W32/Atak-F | Win32 Worm | |
| W32/Atak-G | Win32 Worm | |
| W32/Bagle.bf@MM | Win32 Virus | |
| W32/Bagle.bg@MM | I-Worm.Bagle.g W32.Beagle.H@mm Win32/Bagle.H.Worm | Win32 Virus |
| W32/Maslan-C | Net-Worm.Win32.Maslan.b | Win32 Worm |
| W32/Rbot-RJ | Win32 Worm | |
| W32/Rbot-RN | Win32 Worm | |
| W32/Sdbot-SB | Win32 Worm | |
| W32/Sdbot-SG | Win32 Worm | |
| W32/Zafi-D | WORM_ZAFI.D | Win32 Worm |
| Win32.Lemoor.B | 32.Lemoor.A Win32/Lemoor.B.Worm W32/Lemoor.gen Worm.Win32.Lemoor.c | Win32 Worm |
| Win32.Lioten.GJ | Win32/Randex.45568.Worm | Win32 Worm |
| Win32.Prutec.A | Win32/Prutec.A.Trojan | Trojan |
| Win32.Yanz.B | W32/Favsin-A Email-Worm.Win32.Yanz.b Win32/Yaha.Variant.Worm WORM_YANZ.B W32/Yanz.b@MM W32.Yanz.B@mm W32/Yanzi.B@mm | Win32 Worm |
| WORM_BAGZ.I | W32.Bagz@mm W32/Bagz.b@MM Win32/Bagz.B@mm I-Worm.Bagz.b W32/Bagz.A@mm W32/Bagz-B Worm/Bagz.B.1 I-Worm/Bagz.B I-Worm.Win32.Bagz.163846 | Win32 Worm |
| WORM_MASLAN.A | Email-Worm.Win32.Maslan.a W32.Maslan.A@mm Maslan.A Net-Worm.Win32.Maslan.a W32/Maslan-A Maslan.A | Win32 Worm |
| WORM_RBOT.AEF | Win32 Worm |
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.