Summary of Security Items from December 1 through December 7, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Absolute Shopping Package Solutions Shopping Cart Professional 2.9d, Lite 2.1 | Multiple vulnerabilities have been reported in Shopping Cart that could let remote malicious users conduct Cross-Site Scripting or execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Absolute Shopping Package Solutions Shopping Cart Cross-Site Scripting | High | Security Focus, ID: 15694, December 3, 2005 |
A-FAQ 1.0 | Multiple vulnerabilities have been reported in A-FAQ that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | A-FAQ SQL Injection | Medium | Security Focus, ID: 15741, December 6, 2005 |
ASP Resources Forum | An input validation vulnerability has been reported in ASP Resources Forum that could let remote malicious users perform SQL Injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | ASP Resources Forum SQL Injection | Medium | Security Tracker, Alert ID: 1015316, December 6, 2005 |
Cisco Security Agent 4.5.0, 4.5.1 | A vulnerability has been reported in Cisco Security Agent that could let local malicious users obtain elevated privileges. A vendor solution is available: Currently we are not aware of any exploits for this vulnerability. | Cisco Security Agent Elevated Privileges | Medium | Cisco, Security Advisory cisco-sa-20051129-csa, November 29, 2005 |
Citrix MetaFrame Secure Access Manager 2.0 to 2.2, Citrix NFuse Elite 1.0 | An input validation vulnerability has been reported in Citrix MetaFrame Secure Access Manager that could let remote malicious users conduct Cross-Site Scripting. A vendor solution is available: There is no exploit code required. | Citrix MetaFrame Secure Access Manager and NFuse Elite Cross-Site Scripting | Medium | Citrix, CTX108208, November 29, 2005 |
ASPKnowledgeBase | A vulnerability has been reported in ASPKnowledgeBase that could let remote malicious users perform Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | IISWorks ASPKnowledge | Medium | Security Focus, ID: 15734, December 6, 2005 |
MyTemplateSite 1.2 and prior | A vulnerability has been reported in MyTemplateSite ('search.asp'), that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | MyTemplateSite Cross-Site Scripting | Medium | Security Focus, ID: 15693, December 3, 2005 |
IMail Server 8.20, Collaboration Suite 2.0 | Multiple vulnerabilities have been reported in IMail Server and Collaboration Suite that could let remote malicious users cause a Denial of Service or execute arbitrary code. A vendor solution is available: Collaboration Suite There is no exploit code required. | Ipswitch IMail Server IMAP and SMTP Service Two Vulnerabilities | High | Security Focus, ID: 15752, 15753, December 6, 2005 |
| MailEnable Professional 1.6, Enterprise 1.1 | A vulnerability has been reported in MailEnable that could let remote malicious users cause a Denial of Service. A vendor solution is available: Currently we are not aware of any exploits for this vulnerability. | MailEnable Denial of Service | Low | Secunia, Advisory: SA17820, December 2, 2005 |
Internet Explorer 6.0 | A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information. Specifically, importing CSS files may allow for cross domain security restriction bypassing. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Microsoft Internet Explorer Information Disclosure | Medium | Security Focus, ID: 15660, December 01, 2005 |
Windows | A vulnerability has been reported in Windows that could let local malicious users perform a Denial of Service. NOTE: This issue has been disputed by third parties. No workaround or patch available at time of publishing. An exploit has been published. | Microsoft Windows CreateRemote | Low | Security Focus, ID: 15671, December 01, 2005 |
| NetAuctionHelp Auction Software 3.0 and prior | Multiple vulnerabilities have been reported in NetAuctionHelp Auction Software that could let remote malicious users perform Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | NetAuctionHelp Auction Software Cross-Site Scripting | Medium | Security Focus, ID: 15737, December 6, 2005 |
rwAuctionPro 4.0 and prior | A vulnerability has been reported in rwAuctionPro that could let remote malicious users perform Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | rwAuction Pro Cross-Site Scripting | Medium | Secunia Advisory: SA17905, December 6, 2005 |
SiteBeater MP3 Catalog 2.0.3 and prior | A vulnerability has been reported in SiteBeater MP3 Catalog ('search.asp'), that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | SiteBeater MP3 Catalog Cross-Site Scripting | Medium | Secunia, Advisory: SA17856, December 5, 2005 |
SiteBeater News System 4.0 and prior | A vulnerability has been reported in SiteBeater News System (archive.asp'), that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | SiteBeater News System Cross-Site Scripting | Medium | Secunia, Advisory: SA17857, December 5, 2005 |
| Soulpress News 1.0 and prior | A vulnerability has been reported in Soulpress News ('search.asp'), that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Solupress News Cross-Site Scripting | Medium | Secunia, Advisory: SA17854, December 5, 2005 |
pcAnywhere 11.5.1, 11.5 and prior | A vulnerability has been reported in pcAnywhere the could let remote malicious users perform a Denial of Service. A vendor solution is available: Currently we are not aware of any exploits for this vulnerability. | pcAnywhere Authentication Denial of Service Vulnerability | Low | Symantec, SYM05-026, November 29, 2005 |
XcClassified 3.0 and prior | A vulnerability has been reported in XcClassified that could let remote malicious users perform Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | XcClassified Cross-Site Scripting | Medium | Secunia Advisory: SA17903, December 6, 2005 |
XcPhotoAlbum 1.0 | A vulnerability has been reported in XcPhotoAlbum that could let remote malicious users perform Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | XcPhotoAlbum Cross-Site Scripting | Medium | Secunia Advisory: SA17904, December 6, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Database IDS 2.0 | A buffer overflow vulnerability has been reported in the 'APPFLUENT_HOME' environment variable when handling a malformed value, which could let a malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | Appfluent Technology Database IDS Buffer Overflow | High | Security Focus, Bugtraq ID: 15755, December 7, 2005 |
Astaro Security Linux 6.1 01, 6.0 02, 6.0 01 | A remote Denial of Service vulnerability has been reported when handling malformed IKE traffic. Updates available at: Vulnerability can be reproduced using the PROTOS ISAKMP Test Suite. | Astaro Security Linux ISAKMP IKE Traffic Denial of Service | Low | Security Focus, Bugtraq ID: 15666, December 1, 2005 |
curl 7.12-7.15, 7.11.2
| A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | cURL / libcURL URL Parser Buffer Overflow | High | Security Focus, Bugtraq ID: 15756, December 7, 2005 |
Easy Search System 1.1 | A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization of the 'q' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however a Proof of Concept exploit has been published. | Easy Search System Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15705, December 5, 2005 |
Trac 0.9 | An SQL injection vulnerability has been reported in the ticket query module due to insufficient sanitization of the 'group' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | Edgewall Trac SQL Injection | Medium | Security Tracker Alert ID: 1015302, December 1, 2005 |
Trac 0.9.1, 0.9, 0.8.1- 0.8.4, 0.7.1 | An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Edgewall Software Trac Search Module SQL Injection | Medium | Security Focus, Bugtraq ID: 15720, December 5, 2005 |
Mailman 2.1-2.1.5, 2.0-2.0.14 | A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename. Mandriva: There is no exploit code required. | GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service | Low | Secunia Advisory: SA17511, November 14, 2005 Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005 |
HP-UX B.11.23, B.11.11, B.11.00 | An unspecified vulnerability has been reported when IPSEC is running, which could let a remote malicious user obtain unauthorized access. Update information available at: Currently we are not aware of any exploits for this vulnerability. | HP-UX Unspecified IPSec Unauthorized Remote Access | Medium | HP Security Bulletin, HPSBUX02082, December 7, 2005 |
HP-UX B.11.23, B.11.22, B.11.11, B.11.04, B.11.00 | A remote Denial of Service vulnerability has been reported in the Path MTU Discovery (PMTUD) functionality that is supported in the ICMP protocol. Patches available at:
href="http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA"> Revision 2: The binary files of HPSBUX01164 will resolve the issue for the core TCP/IP in B.11.11, B.11.22, and B.11.23. The binary files of HPSBUX01164 will resolve NOT resolve the issue for IPSec. B.11.00 and B.11.04 are NOT vulnerable. The recommended workaround is to modify /etc/rc.config.d/nddconf and reboot. Rev 3: PHNE_33159 is available for B.11.11. Avaya: Rev 4: PHNE_32606 is available for B.11.23. Rev 6: IPSec revisions available. Currently we are not aware of any exploits for this vulnerability. | Low | Hewlett Packard Company Hewlett Packard Company Hewlett Packard Company Avaya Security Bulletin, HP Security Bulletin, HPSBUX0 HP Security Bulletin, HPSBUX0 | |
AIX 5.1-5.3 | A vulnerability has been reported in the 'umountall' command due to an unspecified error with regards to the absolute path. The impact was not specified. Updates available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX UMOUNTALL Unspecified Absolute Path Security | Not Specified | Secunia Advisory: SA17924, December 7, 2005 |
IPsec-Tools0.6-0.6.2, 0.5-0.5.2 | A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode. Upgrades available at: Ubuntu: Vulnerability can be reproduced with the PROTOS IPSec Test Suite. | IPsec-Tools ISAKMP IKE Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15523, November 22, 2005 Ubuntu Security Notice, USN-221-1, December 01, 2005 |
pnmtopng 2.38, 2.37.3-2.37.6 | A buffer overflow vulnerability has been reported in 'Alphas_Of Upgrades available at: Debian: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | PNMToPNG Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15427, November 15, 2005 Debian Security Advisory, DSA 904-1, November 21, 2005 Ubuntu Security Notice, USN-218-1, November 21, 2005 Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005 SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005 |
Firefox 0.x, 1.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'Install Trigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for a remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code. Updates available at: Gentoo: Mandriva: Fedora: RedHat: Ubuntu: http://security.ubuntu.com/ http://security.ubuntu.com/ SUSE: Debian: http://security.debian. SGI: Gentoo: Slackware: Debian: Debian: Fedora: HP: HP: Ubuntu: Sun: SUSE: Exploits have been published. | Firefox Multiple Vulnerabilities CVE-2005-2260 | High | Secunia Advisory: SA16043, July 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005 Slackware Security Advisory, SSA:2005-203-01, July 22, 2005 Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005 Debian Security Advisory, DSA 775-1, August 15, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Debian Security Advisory, DSA 777-1, August 17, 2005 Debian Security Advisory, DSA 779-1, August 20, 2005 Debian Security Advisory, DSA 781-1, August 23, 2005 Gentoo Linux Security Advisory, GLSA 200507-24, August 26, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:127-1, August 26, 2005 Slackware Security Advisory, SSA:2005-085-01, August 28, 2005 Debian Security Advisory, DSA 779-2, September 1, 2005 Debian Security Advisory, DSA 810-1, September 13, 2005 Fedora Legacy Update Advisory, FLSA:160202, September 14, 2005 HP Security Bulletin, HPSBOV01229, September 19, 2005 HP Security Bulletin, Ubuntu Security Notice, USN-155-3, October 04, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2; | Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read Patches available at: Fedora: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Xpdf Buffer Overflows | High | iDefense Security Advisory, December 5, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005 |
gnump3d 2.9-2.9.7; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha | Several vulnerabilities have been reported: a vulnerability was reported in the 'index.lok' lock file when indexing music files due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files; and a Directory Traversal vulnerability was reported when processing certain CGI parameters and cookie values due to an input validation error, which could let a remote malicious user obtain sensitive information. Update available at: Debian: Gentoo: SUSE: There is no exploit code required. | GNU gnump3d Insecure Temporary File Creation & Directory Traversal | Medium | Secunia Advisory: SA17647, November 18, 2005 Debian Security Advisory, DSA 901-1, November 19, 2005 Gentoo Linux Security Advisory, GLSA 200511-16, November 21, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
Linux Kernel Linux kernel 2.6- 2.6.14 | A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function. Fedora: Upgrades available at: Ubuntu: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPV6 Denial of Service | Low | Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, Security Focus, Bugtraq ID: 15156, October 31, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
phpMyAdmin 2.7 .0-beta1, 2.6.4 -rc1, pl3, pl1, 2.6.3 -pl1, 2.6.2 -rc1, 2.6.2, 2.6.1 pl3, 2.6.1 pl1, 2.6.1 -rc1, 2.6.1, 2.6.0pl3, 2.6.0pl2, 2.6.0pl1, 2.5.7pl1, 2.5.7, 2.5.6 -rc1, 2.5.5 pl1, 2.5.5 -rc2, 2.5.5 -rc1, 2.5.5, | Cross-Site Scripting vulnerabilities have been reported in the 'HTTP_HOST' variable and certain scripts in the libraries directory due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | PHPMyAdmin Multiple Cross-Site Scripting | Medium | phpMyAdmin security announcement PMASA-2005-8, December 5, 2005 |
SuSE Linux Enterprise Server 9, Linux 9.3 x86_64; | A vulnerability has been reported in 'ptrace' 64-bit platforms, which could let a malicious user access kernel memory pages. SUSE: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit PTrace Kernel Memory Access | Medium | SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005 |
SuSE Linux Professional | A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code. Patches available at: Ubuntu: SUSE: RedHat: Mandriva: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel XFRM Array Index Buffer Overflow | High | Security Focus, 14477, August 5, 2005 Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 200 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 |
SuSE Linux Professional 10.0 OSS, 10.0, Linux Personal 10.0 OSS; | A Denial of Service vulnerability has been reported due to a race condition in 'do_coredump'. SUSE: There is no exploit code required. | Linux Kernel do_coredump Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0, SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server for S/390 9.0, Linux Enterprise Server 9; 2.6-2.6.12 .4 | A Denial of Service vulnerability has been reported due to a failure to handle malformed compressed files. Upgrades available at: Ubuntu: SUSE: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Mandriva: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ZLib Null Pointer Dereference Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. Updates available at: Fedora: RedHat: Gentoo: SuSE: Ubuntu: Mandriva: Trustix: Avaya: Debian: SGI: Debian: Currently we are not aware of any exploits for these vulnerabilities. | GTK+ GdkPixbuf XPM Image Rendering Library | High | Fedora Update Notifications RedHat Security Advisory, RHSA-2005:810-9, November 15, 2005 Gentoo Linux Security Advisory GLSA 200511-14, November 16, 2005 SUSE Security Announcement, SUSE-SA:2005:065, November 16, 2005 Ubuntu Security Notice, USN-216-1, November 16, 2005 Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005 Avaya Security Advisory, ASA-2005-229, November 21, 2005 Debian Security Advisory, DSA 911-1, November 29, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 Debian Security Advisory DSA 913-1, December 1, 2005
|
GNU gnump3d 2.9-2.9.5; | A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories. Upgrade to version 2.9.6:
href="http://savannah.gnu.org/download/gnump3d/gnump3d-2.9.6.tar.gz"> Debian: SUSE: Gentoo: There is no exploit code required; however, Proof of Concept exploits have been published. | GNUMP3d Cross-Site Scripting or Directory Traversal | Medium | Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005 Debian Security Advisory DSA 877-1, October 28, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Gentoo Linux Security Advisory, GLSA 200511-05, November 6, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
GNU gnump3d 2.9-2.9.5; | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: SUSE: There is no exploit code required. | GNU gnump3d Unspecified Cross-Site Scripting | Medium | Gentoo Linux Security Advisory GLSA 200511-05, November 7, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
Linux kernel | A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak. Ubuntu: SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Fedora: Conectiva: Fedora: RedHat: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Low | Ubuntu Security SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218 & 219, November 30, 2005 | |
Linux Kernel | Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong function is called before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler Update available at:
href="http://kernel.org/"> Ubuntu: Mandriva: RedHat: Conectiva: Mandriva: A Proof of Concept Denial of Service exploit script has been published. | High | Secunia Advisory, SA15392, May 17, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:110, July 1, 2005 RedHat Security Advisory, Conectiva Linux Announcement, CLSA-2005:999, August 17, 2005 Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005 | |
Linux kernel | A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.
SuSE: Ubuntu: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SYSFS_Write_ | High
| Security Focus, 13091, April 11, 2005 RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 SUSE Security Announce- Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 |
Linux Kernel 2.4.x, 2.6 prior to 2.6.11.11 | A vulnerability has been reported in the Linux kernel in the Radionet Open Source Environment (ROSE) implementation in the 'rose_rt_ioctl()' function due to insufficient validation of a new routes' ndigis argument. The impact was not specified. Updates available at: Ubuntu: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Not Specified | Security Tracker Alert, 1014115, June 7, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005 | |
Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3 | An integer overflow vulnerability has been reported in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.
Fedora: SuSE: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel | High | Bugtraq, January 7, 2005 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2005:003, January 21, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 SUSE Security Announcement, SUSE-SA:2005:010, February 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 |
Linux kernel 2.6.10, 2.6 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability was reported in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability was reported in the 'setsid()' function; and a vulnerability was reported in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges. RedHat:
href="https://rhn.redhat.com/errata/RHSA-2005-092.html"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/1"> SUSE: Fedora: Conectiva: Fedora: RedHat: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-284.html">http://rhn.redhat.com/ RedHat: Avaya:
href="http://support.avaya.com/elmodocs2/security/ASA-2005-120_RHSA-2005-283_RHSA-2005-284_RHSA-2005-293_RHSA-2005-472.pdf"> FedoraLegacy: RedHat: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0177">
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0176">CVE-2005-0176 | Medium
| Ubuntu Security RedHat Security Advisory, SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 RedHat Security Advisories, RHSA-2005 RedHat Security Advisory, Avaya Security Advisory, ASA-2005-120, June 3, 2005 FedoraLegacy: FLSA:152532, June 4, 2005 RedHat Security Advisory, Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 |
Linux kernel 2.6.10-2.6.15
| A Denial of Service vulnerability has been reported due to a memory leak in the kernel file lock lease code. Upgrades available at: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel File Lock Lease Local Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Linux kernel 2.6.8, 2.6.10 | A vulnerability has been reported in the EXT2/EXT3 file systems, which could let a remote malicious user bypass access controls.
Ubuntu: Mandriva: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel EXT2/EXT3 File Access Bypass | Medium | Security Focus, Bugtraq ID: 14792, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005 |
Linux kernel 2.6.8, 2.6.10 | A remote Denial of Service vulnerability has been reported in the 'ipt_recent' module when specially crafted packets are sent. Ubuntu: Mandriva: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'Ipt_recent' Remote Denial of Service | Low | Security Focus, Bugtraq ID: 14791, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 |
Linux kernel 2.6.8-2.6.10, 2.4.21 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service. Ubuntu: Trustix: Fedora: RedHat: Mandriva: RedHat: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service | High | Secunia Advisory: SA16747, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 |
Linux kernel 2.6-2.6.12 .1 | A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu: This issue has been addressed in Linux kernel 2.6.13-rc7. SUSE: RedHat: RedHat: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPSec Policies Authorization Bypass | Medium | Ubuntu Security Notice, USN-169-1, August 19, 2005 Security Focus, Bugtraq ID 14609, August 19, 2005 Security Focus, Bugtraq ID 14609, August 25, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 |
Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32 | A Denial of Service vulnerability has been reported in 'IP_VS_CONN_FLUSH' due to a NULL pointer dereference. Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue. Ubuntu: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Denial of Service | Low | Security Focus, Bugtraq ID: 15528, November 22, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 |
Linux kernel 2.6-2.6.12, 2.4-2.4.31
| A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Ubuntu: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Remote Denial of Service | Low | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 |
Linux kernel 2.6-2.6.13.1 | A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function. Fixed version (2.6.13.2), available at: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel routing_ioctl() Denial of Service | Low | Security Tracker Alert ID: 1014944, September 21, 2005 Ubuntu Security Notice, USN-187-1, September 25, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_ Patches available at: Fedora: Trustix: RedHat: Ubuntu: Mandriva: SUSE: There is no exploit code required. | Linux Kernel Denial of Service & Information Disclosure | Medium | Secunia Advisory: SA17114, October 12, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
RedHat: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel USB Subsystem Denials of Service | Low | Secunia Advisory: SA16969, September 27, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Linux Kernel 2.6-2.6.14 | Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_ Ubuntu: Trustix: RedHat: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Denials of Service CVE-2005-3053 | Low | Ubuntu Security Notice, USN-199-1, October 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005 |
Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39 | A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands. Mandriva: There is no exploit code required; however, a Proof of Concept exploit has been published. | Linux Kernel Console Keymap Arbitrary Command Injection | Medium | Security Focus, Bugtraq ID: 15122, October 17, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 |
Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS; | A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself. Upgrades available at: Fedora: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTrace 'CLONE_ | Low | Secunia Advisory: SA17761, November 29, 2005 Fedora Update Notification, SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Linux kernel 2.6-2.6.15; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
| A Denial of Service vulnerability has been reported because processes are improperly auto-reaped when they are being ptraced. Patches available at: Fedora: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTraced Denial of Service | Low | Security Focus, Bugtraq ID: 15625, November 29, 2005 Fedora Update Notification, SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Linux kernel | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION Patches available at: Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> RedHat: Mandriva: There is no exploit code required. | Linux Kernel Management Denials of Service | Low | Secunia Advisory: SA16355, August 9, 2005 Ubuntu Security Notice, USN-169-1, August 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005 |
RedHat Fedora Core3; Linux kernel 2.6.10-2.6.13
| A vulnerability has been reported because a world writable file is created in 'SYSFS' which could let a malicious user obtain sensitive information. Upgrades available at: Fedora: Mandriva: There is no exploit code required. | Linux Kernel World Writable SYSFS Information Disclosure | Medium | Security Focus, Bugtraq ID: 15154, October 20, 2005 Fedora Update Notification Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005 |
SpamAssassin 3.0.4; | A vulnerability has been reported due to a failure to handle exceptional conditions, which could let a remote malicious user bypass spam detection.
SpamAssassin: Fedora: SUSE: Trustix: Mandriva: There is no exploit code required. | SpamAssassin Spam Detection Bypass | Medium | Fedora Update Notification, SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0064, November 22, 2005 Mandriva Linux Security Advisory, MDKSA-2005:221, December 2, 2005 |
SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
| A Denial of Service vulnerability has been reported in FlowLable. Upgrades available at: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPv6 FlowLable Denial of Service | Low | Security Focus, Bugtraq ID: 15729, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
SuSE Linux Professional 10.0 OSS, 10.0 OSS; | A Denial of Service vulnerability has been reported due to a race condition error in the handling of POSIX timer cleanup routines. Linux kernel versions subsequent to 2.6.14 are not vulnerable to this issue. SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel POSIX Timer Cleanup Handling Local Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Turbolinux
| Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code. MIT: Mandriva: Fedora: RedHat: Sun: SuSE: Trustix: TurboLinux: SGI: Debian: Conectiva: Sun: RedHat: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Kerberos V5 Multiple Vulnerabilities | High | MIT krb5 Security Advisory, RedHat Security Advisory, Sun(sm) Alert Notification, 101809, July 12, 2005 Fedora Update Notifications, SUSE Security Summary Turbolinux Mandriva Linux Security Update Advisory, Trustix Secure SGI Security Advisory, 20050703-01-U, July 15, 2005 Debian Security Advisory, Conectiva Linux Advisory, Sun(sm) Alert Notification RedHat Security Advisory, RHSA-2005:562-15, Updated October 5, 2005 Ubuntu Security Notice, USN-224-1, December 06, 2005 |
Ubuntu Linux 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported when handling UDP packets received by SNMPD due to a NULL pointer dereference. Ubuntu: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SNMP Handler Remote Denial of Service | Low | Ubuntu Security Notice, USN-169-1, August 19, 20 Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005 |
Ubuntu Linux 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported due to a resource leak when handling POSIX timers in the 'exec()' function. Upgrades available at: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Resource Leak Denial of Service | Low | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218 & 219, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image. Ubuntu: SUSE: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ISO File System Remote Denial of Service | Low | Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions. Upgrades available at: Ubuntu: SUSE: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Mandriva: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ZLib Invalid Memory Access Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 |
Ubuntu Linux 5.0 4, i386, amd64, 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported in the '/proc/scsi/sg/devices' file due to a memory leak. Ubuntu: Mandriva: A Proof of Concept exploit has been published. | Linux Kernel SCSI ProcFS Denial of Service | Low | Security Focus, Bugtraq ID: 14790, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in 'worker.c' due to a memory leak. Apache: Ubuntu: IBM: There is no exploit code required. | Apache MPM 'Worker.C' Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15762, December 7, 2005 Ubuntu Security Notice, USN-225-1, December 06, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6; | A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code. libpng: Debian: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | NetPBM PNMToPNG Remote Buffer Overflow | High | Debian Security Advisory DSA 904-1, November 21, 2005 Ubuntu Security Notice, USN-218-1 November 21, 2005 Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005 SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64; | An information disclosure vulnerability has been reported in 'SYS_GET_THREAD Kernel versions 2.6.12.4 and 2.6.13 are not affected by this issue. Ubuntu: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Information Disclosure | Medium | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 |
Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03 | A format string vulnerability has been reported in 'Perl_sv_ Fedora: OpenPKG: Mandriva: Ubuntu: Gentoo: http://security.gentoo. An exploit has been published. | Perl 'miniserv.pl' script Format String | Low | Security Focus, Bugtraq ID: 15629, November 29, 2005 Fedora Update Notifications, OpenPKG Security Advisory, OpenPKG-SA-2005.025, Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005 Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005 Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005 |
Opera Web Browser 8.5, 8.0-8.0 2 | A vulnerability has been reported due to insufficient sanitization of user-supplied data passed through a URI, which could let a remote malicious user execute arbitrary code. Upgrades available at: SUSE: There is no exploit code required. | Opera Web Browser Arbitrary Command Execution | High | Secunia Advisory: SA16907, November 22, 2005 SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005 |
phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/ Upgrades available at: Debian: SUSE: There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPMyAdmin Cross-Site Scripting | Medium | Secunia Advisory: SA16605, August 29, 2005 Debian Security Advisory, DSA 880-1, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 SUSE Security Announcement, SUSE-SA:2005:066, November 18, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
phpMyAdmin 2.7 .0-beta1, 2.7 | A vulnerability has been reported in the register_globals emulation layer in 'grab_ Upgrades available at: There is no exploit code required. | PHPMyAdmin 'Import_Blacklist' Variable Overwrite | Medium | Secunia Advisory: SA17925, December 7, 2005 |
phpMyAdmin 2.x | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: Debian: SUSE: There is no exploit code required; however, a Proof of Concept exploit has been published. | phpMyAdmin Local File Inclusion & Cross-Site Scripting | Medium | Secunia Advisory: SA17289, October 24, 2005 Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005 Debian Security Advisory, DSA 880-1, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 SUSE Security Announcement, SUSE-SA:2005:066, November 18, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
LandShop 0.6.3 | SQL injection vulnerabilities have been reported in 'ls.php' due to insufficient sanitization of the 'start,' 'search_order,' 'search_type,' 'search_area,' and 'keyword' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | SAMEDIA Landshop Multiple SQL Injection | Medium | Secunia Advisory: SA17843, December 5, 2005 |
Java System Messaging Server 6 2005Q1 | A vulnerability has been reported in the Communications Services Delegated Administrator due to an unspecified error, which could let a remote malicious user obtain sensitive information. Patch information available at: Currently we are not aware of any exploits for this vulnerability. | Sun Communications Services Delegated Administrator Default Password Disclosure | Medium | Sun(sm) Alert Notification, Sun Alert ID: 102068, December 5, 2005 |
SuSE Linux Professional 9.0, x86_64, Linux Personal 9.0, x86_64 | A remote Denial of Service vulnerability has been reported in the squid proxy when handling specially crafted HTTPs data. SUSE: Currently we are not aware of any exploits for this vulnerability. | SUSE Linux Squid Proxy SSL Handling Remote Denial of Service | Low | SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
Sylpheed 2.0-2.0.3, 1.0.0-1.0.5 | A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_ Upgrades available at: Fedora: Gentoo: Debian: Debian: SUSE: Currently we are not aware of any exploits for this vulnerability. | Sylpheed LDIF Import Buffer Overflow | Medium | Bugtraq ID: 15363, November 9, 2005 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005 Debian Security Advisory, DSA 906-1, November 22, 2005 Debian Security Advisory, DSA 908-1, November 23, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
Open Motif 2.2.3 | Two buffer overflow vulnerabilities have been reported in libUil (User Interface Language): a buffer overflow vulnerability was reported in 'diag_issue_ No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | High | Security Focus, Bugtraq ID: 15678, December 2, 2005 | |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version imap-2004g: Trustix: Debian: Gentoo: SUSE: Mandriva: Slackware: Conectiva: RedHat: http://rhn.redhat. Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | High | Secunia, Advisory: SA17062, October 5, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005 Slackware Security Advisory, SSA:2005-310-06, November 7, 2005 Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005 RedHat Security Advisory, RHSA-2005:848-6 & 850-5, December 6, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
1-Search 1.8 | A Cross-Site Scripting vulnerability has been reported in '1search.cgi' due to insufficient sanitization of the 'q' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | 1-Script 1-Search Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15712, December 5, 2005 |
Event Calendar 2.0 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'm' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | 88Scripts Event Calendar Index.PHP SQL Injection | Medium | Security Focus, Bugtraq ID: 15658, November 30, 2005 |
E-commerce | SQL injection vulnerabilities have been reported in the commerce login due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however a Proof of Concept exploit has been published. | Alisveristr E- Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15699, December 3, 2005 |
FileLister 0.51 | A Cross-Site Scripting vulnerability has been reported in 'definesearch.jsp' due to insufficient sanitization of the 'searchwhat' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | FileLister Cross-SIte Scripting | Medium | Security Focus, Bugtraq ID: 15706, December 5, 2005 |
QuickTime Player 7.0.3, iTunes 6.0.1 | A heap-based overflow vulnerability has been reported which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Apple Quicktime/ | High | Security Focus, Bugtraq ID: 15732, December 6, 2005 |
Atlantis Knowledge Base 3.0 | An SQL injection vulnerability has been reported due to insufficient sanitization of the 'searchStr' parameter when performing a search before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Atlantis Knowledge Base Software SQL Injection | Medium | Security Focus Bugtraq ID: 15654, November 30, 2005 |
Atlassian Confluence 2.0.1 build 321 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'searchQuery' parameter when performing a search before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Atlassian Confluence Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15688, December 2, 2005 |
Avaya TN2602AP IP Media Resource 320 vintage 3-vintage7 | A remote Denial of Service vulnerability has been reported due to an unspecified error. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Avaya TN2602AP IP Media Resource 320 Remote Denial of Service | Low | Avaya Security Advisory, ASA-2005-231, November 30, 2005 |
SecureClient NG with Application Intelligence R56, | A vulnerability has been reported due to a failure to securely implement remote administrator-provided policies, which could let a remote malicious user bypass security policies.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Check Point VPN-1 SecureClient Policy Bypass | Medium | Security Focus, Bugtraq ID: 15757, December 7, 2005 |
Firewall Services Module (FWSM) 1.x, 2.x, IOS 12.x, IOS R12.x, PIX 4.x, 5.x, 6.x, 7.x, | A remote Denial of Service vulnerability has been reported due to errors in the processing of IKEv1 Phase 1 protocol exchange messages. Patch information available at: Rev 1.5: Updated Cisco IOS Products table. Rev 1.6: Updated Additional Details for Cisco IOS section. Updated Cisco IOS section. Vulnerability can be reproduced with the PROTOS IPSec Test Suite. | Cisco IPSec IKE Traffic Remote Denial of Service | Low | Cisco Security Advisory, Document ID: 68158, November 14, 2005 Cisco Security Advisory, Document ID: 68158, Rev 1.5, November 29, 2005 Cisco Security Advisory, Document ID: 68158, Rev 1.6, December 6, 2005 |
IOS 12.0 (2a) | An HTTP injection vulnerability has been reported in the '/level/14/exec/buffers/ assigned/' and '/level/14/exec/ buffers/all' scripts, which could let a remote malicious user execute arbitrary HTML and script code. Workaround information available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Cisco IOS HTTP Service HTML Injection | Medium | Security Focus, Bugtraq ID: 15602, November 28, 2005 Cisco Security Advisory, cisco-sa-20051201-http, December 1, 2005 |
DoceboLMS 2.0.4 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in the 'connector.php' script due to insufficient validation of the 'Type' parameter, which could let a remote malicious user obtain sensitive information; and an input validation vulnerability was reported in the file upload handling due to insufficient verification of the file extension of valid images, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | DoceboLMS Directory Traversal & File Upload | High | Security Tracker Alert ID: 1015308, December 5, 2005 |
Dotclear 1.2.2, 1.2.1 | An SQL injection vulnerability has been reported in 'session.php' due to insufficient sanitization of '/inc/session.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | DotClear SQL Injection | Medium | Zone-H Research Team Security Advisory, ZRCSA-200504, November 30, 2005 |
Drupal 4.6-4.6.3, 4.5-4.5.5 | Multiple vulnerabilities have been reported: an input validation vulnerability was reported when filtering HTML code, which could let a remote malicious user inject arbitrary JavaScript code; an input validation vulnerability was reported due to an error in the attachment handling, which could let a remote malicious user upload a malicious image and inject arbitrary HTTP headers; and a vulnerability was reported in the 'access user profile' permission can a remote malicious user can bypass it. Upgrades available at: There is no exploit code required. | Drupal Multiple Vulnerabilities | Medium | Secunia Advisory: SA17824, December 1, 2005 |
DUportal Pro 3.4.3 | A Cross-Site Scripting vulnerability has been reported in 'password.asp' due to insufficient sanitization of the 'result' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | DuWare DuPortalPro Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15731, December 6, 2005 |
e107 website system 0.617-0.6172, 0.616, 0.603, 0.555 Beta, 0.554, 0.545, 0.6 10-0.6 15a | Several vulnerabilities have been reported: a vulnerability was reported due to the way an unverified user supplied argument is used to redirect a user after the user has submitted a file download rating, which could let a remote malicious user redirected users to an untrusted (fake) site; and a vulnerability was reported due to the way users are prevented from submitting multiple ratings for a file download, which could let a remote malicious user bypass security restrictions and submit multiple votes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | e107 Website System Redirection & Voting Manipulation | Medium | Secunia Advisory: SA17890, December 5, 2005 |
efiction 2.0, 1.1, 1.0 | Multiple vulnerabilities have been reported: a vulnerability was reported in 'titles.php' due to insufficient sanitization of the 'let' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'Manage Images' functionality due to an input validation error, which could let a remote malicious user upload valid images with an arbitrary file extension inside the web root; and a vulnerability was reported in 'phpinfo.php' because a remote malicious user can obtain sensitive information. The vendor has released a fix to resolve these issues. There is no exploit code required; however, Proof of Concept exploits and an exploit script have been published. | eFiction Input Validation | Medium | Secunia Advisory: SA17777, November 28, 2005 Security Focus, Bugtraq ID: 15568, December 6, 2005 |
Extreme Search Corporate Edition 6.0 | A Cross-Site Scripting vulnerability has been reported in 'extremesearch.php' due to insufficient sanitization of the 'search' before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Extreme Corporate Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15675, December 1, 2005 |
FaqRing 3.0 | An SQL injection vulnerability has been reported in 'answer.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | FAQRing SQL Injection | Medium | Secunia Advisory: SA17811, November 30, 2005 |
FastJar 0.93 | A Directory Traversal vulnerability has been reported due to an input validation error when extracting compressed '.jar' archives, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | FastJar Archive Extraction Directory Traversal | Medium | Secunia Advisory: SA17839, December 1, 2005 |
FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS | A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | FFmpeg Remote Buffer Overflow | High | Secunia Advisory: SA17892, December 6, 2005 |
phpYellowTM Pro 5.33, phpYellowTM Lite 5.33 | SQL injection vulnerabilities have been reported in 'search_result.php' due to insufficient sanitization of the 'haystack' parameter and in 'print_me.php' due to insufficient sanitization of the 'ckey' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however a Proof of Concept exploit has been published. | PHPYellowTM Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15700, December 3, 2005 |
HobSR | SQL injection vulnerabilities have been reported in 'view.php' due to insufficient sanitization of the 'arrange' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Hobosworld HobSR Multiple SQL Injection | Medium | Secunia Advisory: SA17884, December 5, 2005 |
IMP 4.0-4.0.4, 3.2-3.2.5, 3.1.2, 3.1, 3.0, 2.3, 2.2-2.2.8, 2.0 | An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Horde IMP Email Attachments HTML Injection | Medium | Security Tracker Alert ID: 1015315, December 6, 2005 |
Horde 2.2-2.2.8 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user in error messages, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: Debian: There is no exploit code required. | Horde Error Message Cross-Site Scripting | Medium | Secunia Advisory: SA17468, November 14, 2005 Gentoo Linux Security Advisory, GLSA 200511-20, November 22, 2005 Debian Security Advisory DSA 914-1, December 1, 2005 |
Inkscape 0.41 | A vulnerability has been reported in 'ps2epsi.sh' due to the insecure creation of a temporary file, which could let a malicious user create/overwrite arbitrary files. Upgrade available at: Ubuntu: Debian: There is no exploit code required. | Inkscape 'ps2epsi.sh' Insecure Temporary File | Medium | Security Focus 14522, August 9, 2005 Ubuntu Security Notice, USN-223-1, December 05, 2005 Debian Security Advisory, DSA 916-1, December 7, 2005 |
Instant Photo Gallery 1.0 | SQL injection vulnerabilities have been reported in 'portfolio.php' due to insufficient sanitization of the 'cat_id' parameter and in 'content.php' due to insufficient sanitization of the 'cid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Instant Photo Gallery SQL Injection | Medium | Secunia Advisory: SA17841, December 1, 2005 |
Java Search Engine 0.9.34 | A Cross-Site Scripting vulnerability has been reported in 'search.jsp' due to insufficient of the 'q' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however a Proof of Concept exploit has been published. | Java Search Engine Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15687, December 2, 2005 |
Mambo Site Server 4.0.14, 4.0.12 RC1-RC3, BETA & BETA 2, 4.0.10-4.0.12, 4.0 | A remote file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.
The vendor has released a patch addressing this issue. Users are advised to contact the vendor for more information on obtaining the appropriate patch. An exploit script has been published. Reports indicate that a bot is propagating in the wild by exploiting this vulnerability. | Mambo Open Source Remote File Include | High | Security Focus, Bugtraq ID: 15461, November 16, 2005 Security Focus, Bugtraq ID: 15461, November 21, 2005 Security Focus, Bugtraq ID: 15461, November 24, 2005 Security Focus, Bugtraq ID: 15461, December 5, 2005 |
MediaWiki 1.5.0-1.5.2, beta1-beta3, alpha1 & alpha2, | A vulnerability has been reported in the user language option due to insufficient verification of user-supplied input before used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code. Upgrades available at: There is no exploit code required. | MediaWiki User Language Remote Code Execution | High | Security Focus, Bugtraq ID: 15703, December 5, 2005 |
Warm Links 1.0, Hot Links SQL 3.1, Hot Links Pro 3.0, Amazon Search Directory 1.0 | A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization of the 'search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Mr CGI Guy Multiple Software Search.CGI Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15708, December 5, 2005 |
Insyde BIOS V190; AWARD BIOS Modular 4.50 pg | A vulnerability has been reported due to a failure to clear the keyboard buffer after reading the BIOS password during the system startup process, which could let a remote malicious user obtain the BIOS password. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor BIOS Password Persistence Weakness | Medium | Security Focus, Bugtraq ID: 15751, December 6, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64; | A buffer overflow vulnerability has been reported in the SVG importer due to a boundary error, which could let a remote malicious user execute arbitrary code. Ubuntu: Gentoo: SUSE: Debian: A Proof of Concept Denial of Service exploit has been published. | Inkscape SVG Image Buffer Overflow | High | Ubuntu Security Notice, USN-217-1, November 21, 2005 Gentoo Linux Security Advisory, GLSA 200511-22, November 28, 2005 SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005 Debian Security Advisory, DSA 916-1, December 7, 2005 |
University of Kansas Lynx 2.8.5 & prior | A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands. Upgrades available at: RedHat: Mandriva: Gentoo: Trustix: SGI: OpenPKG: There is no exploit code required. | Lynx URI Handlers Arbitrary Command Execution | High | Security Tracker Alert ID: 1015195, November 11, 2005 RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005 Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005 Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005 |
ALT Linux | Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability was reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code. ALTLinux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Apple: Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet/"> Fedora: FreeBSD: MIT Kerberos:
href="http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt"> Netkit:
href="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/"> Openwall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-327.html"> Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1"> SUSE: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/"> OpenBSD: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-01.xml">http://security.gentoo. Debian: Gentoo: SGI: SCO: Sun: Openwall: Avaya: Gentoo: TurboLinux: Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1"> OpenWall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml"> SCO: SGI IRIX: Debian: Conectiva: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Avaya: FedoraLegacy: Slackware: Debian:
href="http://security.debian.org/pool/updates/main/k/krb4/"> NetBSD 2.0.3 is not vulnerable to this issue. Please contact the vendor for more information. Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Telnet Client 'slc_add_
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0468">CVE-2005-0468 | High | iDEFENSE Security Advisory, Mandrakelinux Security Update Advisory, MDKSA-2005:061, Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 & Debian Security Advisory, DSA 703-1, April 1, 2005 Gentoo Linux Security Advisory, GLSA 200504-04, SGI Security Advisory, 20050401-01-U, April 6, 2005 Sun(sm) Alert Notification, 57761, SCO Security Advisory, SCOSA-2005.21, Avaya Security Advisory, ASA-2005-088, April 27, 2005 Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005 Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005 Sun(sm) Alert Notification, 57761, April 29, 2005 SCO Security Advisory, SCOSA-2005.23, May 17, 2005 SGI Security Advisory, 20050405-01-P, May 26, 2005 Debian Security Advisory, DSA 731-1, June 2, 2005 Conectiva Security Advisory, CLSA-2005:962, June 6, 2005 Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Avaya Security Advisory, ASA-2005-132, June 14, 2005 Fedora Legacy Update Advisory, FLSA:152583, July 11, 2005 Slackware Security Advisory, SSA:2005-210-01, August 1, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 Security Focus, Bugtraq ID: 12919, November 1, 2005 Ubuntu Security Notice, USN-224-1, December 06, 2005 |
IETF RFC 2406: IPSEC; Hitachi GR2000-1B, GR2000-2B, GR2000-2B+, GR2000-BH | A vulnerability has been reported that affects certain configurations of IPSec when configured to employ Encapsulating Security Payload (ESP) in tunnel mode with only confidentiality and systems that use Authentication Header (AH) for integrity protection, which could let a remote malicious user obtain plaintext IP datagrams and potentially sensitive information. Hitachi advises affected users to use the AH protocol workaround to mitigate this issue. HP: Currently we are not aware of any exploits for this vulnerability. | Medium | NISCC Vulnerability Advisory, IPSEC - 004033, Security Focus, 13562, May 11, 2005
HP Security Bulletin, HPSBUX02079, December 7, 2005 | |
RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9 | A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files. Fedora: RedHat: Mandriva: FedoraLegacy: SGI: OpenPKG: http://www.openpkg. Currently we are not aware of any exploits for this vulnerability. | PHP Group Exif Module Remote Denial of Service | Low | Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:831-15, November 10, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 Fedora Legacy Update Advisory, FLSA:166943, November 28, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005 |
University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7; | A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code. University of Kansas Lynx: Gentoo: Ubuntu: RedHat: Fedora: Mandriva: Conectiva: Trustix: SGI: Mandriva: Debian: http://security.debian. Ubuntu: SUSE: Slackware: SCO: OpenPKG: http://www.openpkg. A Proof of Concept Denial of Service exploit script has been published. | Lynx 'HTrjis()' NNTP Remote Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005 Ubuntu Security Notice, USN-206-1, October 17, 2005 RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005 Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005 Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005 Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005 Ubuntu Security Notice, USN-206-2, October 29, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-03, November 7, 2005 SCO Security Advisory, SCOSA-2005.47, November 8, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005 |
MultiVOIP | A buffer overflow vulnerability has been reported in the SIP packet INVITE field when a string is greater than 60 characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. It has been reported that this issue was addressed in version x.08 of the software. Currently we are not aware of any exploits for this vulnerability. | MultiTech MultiVOIP Remote Buffer Overflow | High | SecurityLab Technologies, Inc. Advisory, December 5, 2005 |
MXChange 0.2 .0-pre3-pre10 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required. | MXChange Unspecified Cross-Site Scripting & SQL Injection | Medium | Secunia Advisory: SA17793, December 1, 2005 |
MySQL 5.0 .0-0-5.0.4, 4.1 .0-0-4.1.5, 4.0.24, 4.0.21, 4.0.20, 4.0.18, 4.0 .0-4.0.15 | A buffer overflow vulnerability has been reported due to insufficient bounds checking of data that is supplied as an argument in a user-defined function, which could let a remote malicious user execute arbitrary code. This issue is reportedly addressed in MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta available at: Mandriva: Ubuntu: Debian: SUSE: Debian: Conectiva: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | MySQL User-Defined Function Buffer Overflow | High | Security Focus 14509, August 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:163, September 12, 2005 Ubuntu Security Notice, USN-180-1, September 12, 2005 Debian Security Advisories, DSA 829-1 & 831-1, September 30, 2005 SUSE Security Summary Report, Debian Security Advisory, DSA 833-1, October 1, 2005 Conectiva Linux Announcement, CLSA-2005:1023, October 6, 2005 Ubuntu Security Notice, USN-180-2, December 05, 2005 |
Blog System 1.2 & prior | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'cat' parameter and in 'blog.php' due to insufficient sanitization of the 'note' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Blog System Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15719, December 5, 2005 |
Cars Portal 1.1 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'page' and 'car' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Cars Portal Multiple SQL Injection | Medium | Secunia Advisory: SA17914, December 6, 2005 |
Nodezilla 0.4 .0-0.4.12 -corno-fulgure | A vulnerability has been reported in the 'evl_data' private directory due to insufficient access controls, which could let a remote malicious user obtain sensitive information. Updates available at: http://www.panardvision.com. There is no exploit code required. | Nodezilla Information Disclosure | Medium | Secunia Advisory: SA17867, December 5, 2005 |
O-Kiraku Nikki 1.3 | An SQL injection vulnerability has been reported in 'nikki.php' due to insufficient sanitization of the 'day_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | O-Kiraku Nikki SQL Injection | Medium | Secunia Advisory: SA17795, November 30, 2005 |
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_ Upgrades available at: SUSE: TurboLinux: Fedora: RedHat: http://rhn.redhat. Gentoo: Mandriva: SUSE: Trustix: SGI: OpenPKG: http://www.openpkg. There is no exploit code required. | PHP Multiple Vulnerabilities CVE-2005-3388 | Medium | Secunia Advisory: SA17371, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Turbolinux Security Advisory TLSA-2005-97, November 5, 2005 Fedora Update Notifications, RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005 Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005 |
PHP-Fusion 6.0.109 | An SQL injection vulnerability has been reported in 'messages.php' due to insufficient sanitization of the 'srch_text' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however a Proof of Concept exploit has been published. | PHP-Fusion SQL Injection | Medium | Secunia Advisory: SA17871, December 5, 2005 |
phpMyAdmin 2.7.0-beta1 | An HTTP response splitting vulnerability has been reported in 'Header_HTTP_Inc.php' due to insufficient sanitization of user-supplied input, which could lead to a false sense of trust.
SUSE: There is no exploit code required. | PHPMyAdmin HTTP Response Splitting | Medium | Fitsec Security Advisory, November 15, 2005 SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 |
phpMyChat 0.14.6 | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPMyChat Multiple Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15679, December 2, 2005 |
PHPX 3.5-3.5.9 | An SQL injection vulnerability has been reported when logging into the administration section due to insufficient sanitization of the 'username' field before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPX SQL Injection | Medium | Security Tracker Alert ID: 1015300, December 1, 2005 |
Lore 1.5.4 | An SQL injection vulnerability has been reported in 'article.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Lore SQL Injection | Medium | Secunia Advisory: SA17842, December 1, 2005 |
Nexus 0.1 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'search.php' due to insufficient sanitization of the 'firstname,' 'lastname,' and 'location' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'firstname,' 'lastname,' and 'location' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Medium | Secunia Advisory: SA17909, December 6, 2005 | |
PluggedOut Blog 1.9.4 | An SQL injection vulnerability was reported was reported in 'index.php' due to insufficient sanitization of the 'categoryid,' 'entryid,' 'year,' 'month,' and 'day' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | PluggedOut Blog SQL Injection | Medium | Secunia Advisory: SA17911, December 6, 2005 |
QualityPPC 1553 | A Cross-Site Scripting vulnerability has been reported in the search feature due to insufficient sanitization of the 'REQ' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | QualityEBiz Quality PPC Cross-Site Scripting | Medium | Secunia Advisory: SA17850, December 2, 2005 |
Quicksilver Forums 1.1.4 | An SQL injection vulnerability has been reported in the 'HTTP_USER_AGENT' header due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required. | Quicksilver Forums SQL Injection | Medium | Security Focus, Bugtraq ID: 15710, December 5, 2005 |
RealPlayer 10.5 v6.0.12.1235, v6.0.12.1069, v6.0.12.1059, v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta, v6.0.12.1016, 10.5, 10.0 BETA, 10.0 v6.0.12.690, 10.0, 8.0 Win32, 7.0 Win32, 6.0 Win32 | An unspecified code execution vulnerability has been reported which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Real Networks RealPlayer Unspecified Remote Code Execution | High | eEye Digital Security, EEYEB-20051130, November 30, 2005 |
Relative Real Estate Systems 1.2 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'mls' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Relative Real Estate Systems SQL Injection | Medium | Security Focus, Bugtraq ID: 15714, December 5, 2005 |
Sapid CMS 1.2.3 RC2, 1.2.3 | A vulnerability has been reported in the 'usr/system/insert_file.php,' 'usr/system/insert_image.php,' 'usr/system/insert_link.php,' 'usr/system/insert_qcfile.php,' and 'usr/system/edit.php' scripts due to insufficient access controls, which could let an unauthenticated remote malicious user upload files or images to a vulnerable system. Upgrades available at: There is no exploit code required. | SAPID CMS Authentication Bypass | Medium | Secunia Advisory: SA17859, December 2, 2005 |
NetClassifieds Standard Edition 1.9.6 .3, Professional Edition 1.5.1, Premium Edition 1.0.1, Free Edition 1.0.1
| An SQL injection vulnerability has been reported in 'ViewCat.php' and 'gallery.php' due to insufficient sanitization of the 'CatID' parameter and in 'ViewItem.php' due to insufficient sanitization of the 'ItemNum' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | NetClassifieds Products Multiple SQL Injection | Medium | Secunia Advisory: SA17853, December 2, 2005 |
sobexsrv 1.0 .0-pre3 | A format string vulnerability has been reported in 'Dosyslog' due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. Upgrade available at: An exploit has been published. | Sobexsrv Dosyslog Remote Format String | High | DMA Security Advisory, DMA2005-1202a, December 2, 2005 |
SunnComm MediaMax 5.0.21.0 | A vulnerability has been reported due to insecure default directory ACLs set on the 'SunnComm Shared' directory, which could let a malicious user obtain elevated privileges. Patch available at: There is no exploit code required. | Sony SunnComm MediaMax Insecure Directory Permissions | Medium | Secunia Advisory: SA17933, December 7, 2005 |
phpWordPress 3.0 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'poll,' 'category,' and 'ctg' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | phpWordPress SQL Injection | Medium | Secunia Advisory: SA17733, November 25, 2005 Security Focus, Bugtraq ID: 15582, December 1, 2005 |
Sugar Suite 4.0 beta, 3.5 | A local and remote file include vulnerability has been reported in 'acceptDecline.php,' which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | SugarCRM Sugar Suite Remote & Local File Include | Medium | Security Focus, Bugtraq ID: 15760, December 7, 2005 |
Java JDK 1.5.x, Java JRE 1.3.x, 1.4.x, 1.5.x / 5.x, Java SDK 1.3.x, 1.4.x | Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a malicious untrusted applet read/ write local files or execute local applications; three unspecified vulnerabilities were reported with the use of 'reflection' APIs error, which could let a malicious untrusted applet read/write local files or execute local applications; and a vulnerability was reported in the Java Management Extensions (JMX) implementation, which could let a malicious untrusted applet read/ write local files or execute local applications. Upgrade information available at: http://sunsolve.sun.com/ http://sunsolve.sun.com/ Currently we are not aware of any exploits for these vulnerabilities. | Sun Java Runtime Environment Security Bypass | Medium | Sun(sm) Alert Notifications US-CERT VU#974188, VU#355284, VU#931684
|
Sun ONE Application Server 7.0 UR2 Upgrade Standard, 7.0 UR2 Standard Edition, 7.0 UR1 Standard Edition, ONE Application Server 7.0 Standard Edition, Java System Application Server Enterprise Edition 8.1 2005Q1RHEL2.1/ | A man-in-the-middle vulnerability has been reported when the reverse SSL proxy plug-in is used with a supported Web server. Update information available at: Currently we are not aware of any exploits for this vulnerability. | Sun Java System Application Server Reverse SSL Proxy Plug-in Man-In- | Medium | Sun(sm) Alert Notification Sun Alert ID: 102012, December 5, 2005 |
Content Management System | SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Tradesoft CMS Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15661, December 1, 2005 |
phpForumPro 2.2 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'parent' and 'day' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | PHPForumPro Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15736, December 6, 2005 |
Libwww 5.4 | Multiple unspecified vulnerabilities have been reported including a buffer overflow and vulnerabilities related to the handling of multipart/byteranges content. The impact was not specified.
Fedora: Mandriva: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | W3C Libwww Multiple Unspecified Vulnerabilities | Not Specified | Fedora Update Notifications, Mandriva Linux Security Advisory, MDKSA-2005:210, November 10, 2005 Ubuntu Security Notice, USN-220-1, December 01, 2005 |
WebCalendar 1.0.1 | An HTTP response splitting vulnerability has been reported in 'Layers_Toggle.php' due to insufficient sanitization, which could let a remote malicious user influence or misrepresent how Web content is served, cached or interpreted. Patches available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | WebCalendar HTTP Response Splitting | Medium | Security Focus, 15673, December 1, 2005 |
Web4Future Affiliate Manager PRO 4.1 | An SQL injection vulnerability has been reported in 'functions.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Web4Future Affiliate Manager PRO SQL Injection | Medium | Security Focus, Bugtraq ID: 15717, December 5, 2005 |
Web4Future eDating Professional 5.0 & prior | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 's,' 'pg,' and 'sortb' parameters; in 'gift.php' due to insufficient sanitization of the 'cid' parameter; and in 'articles.php' due to insufficient sanitization of the 'fq.php,' and 'cat' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Web4Future eDating Professional SQL Injection | Medium | Secunia Advisory: SA17879, December 5, 2005 |
Web4Future Portal Solutions | Several vulnerabilities have been reported:an SQL injection vulnerability was reported in 'comentarii.php' due to insufficient sanitization of the 'idp' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'arhiva.php' due to insufficient verification of the 'dir' parameter before used to list files & directories, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Web4Future Portal Solutions Information Disclosure & SQL Injection | Medium | Secunia Advisory: SA17880, December 5, 2005 |
WebCalendar 1.0.1 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of 'export_handler.php,' 'activity_log.php,' 'admin_handler.php,' and 'edit_template.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'export_handler.php' due to insufficient verification of the 'id' and 'format' parameters before used to save data files, which could let a remote malicious user overwrite saved data files. No workaround or patch available at time of publishing. There is no exploit code required. | WebCalendar SQL Injection & File Overwrite | Medium | Secunia Advisory: SA17784, November 29, 2005 Security Focus, Bugtraq ID: 15606, December 1, 2005 |
Widget Property 1.1.19 | SQL injection vulnerabilities have been reported in 'property.php' due to insufficient sanitization of the 'property_id,' 'zip_code,' 'property_type_id,' 'price,' and 'city_id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however Proof of Concept exploits have been published. | Widget Press Widget Property SQL Injection | Medium | Security Focus, Bugtraq ID: 15701, December 5, 2005 |
WinEgg | Multiple remote buffer overflow vulnerabilities have been reported: a buffer overflow vulnerability was reported that affects the HTTP server when a GET request is provided that contains excessive data, which could let a remote malicious user execute arbitrary code; and two buffer overflow vulnerabilities were reported that affect the FTP server when FTP commands are provided that contain excessively long arguments, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | WinEggDrop | High | Security Focus, Bugtraq ID: 15682, December 2, 2005 |
WSN Knowledge Base 1.2 .0 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'catid,' 'perpage,' 'ascdesc,' and 'orderlinks' parameters and in 'comments.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Medium | Security Focus, Bugtraq ID: 15656, November 30, 2005 | |
Xaraya 1.0 RC1-RC4 | A Directory Traversal vulnerability has been reported in the 'index.php' script 'module' parameter, which could let a remote malicious user obtain sensitive information. Patch available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Xaraya Directory Traversal | Medium | Security Focus, Bugtraq ID: 15623, November 29, 2005 Security Focus, Bugtraq ID: 15623, December 1, 2005 |
Zen Shopping Cart 1.2.6 d | An SQL injection vulnerability has been reported in 'admin/password_forgotten. php' due to insufficient sanitization of the 'admin_email' parameter before using an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required; however a Proof of Concept exploit script has been reported. | Zen Cart SQL Injection | Medium | Security Tracker Alert ID: 1015306, December 2, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Mobile Anti-Virus: Now or Later? Experts point to gathering clouds of viruses and Trojans but the fact is that security architects, particularly those in the United States, have little to fear for now.
Employees are introducing smartphones and PDAs into the corporate network at the same time the number of smartphone Trojans and viruses is rising. Malware writers are experimenting with new propagation methods and more malicious payloads. Source: http://www.mobilepipeline.com/
174403206;jsessionid=5VLIYULCKOEGYQSNDBOCKH0CJUMEKJVN. - Bluetooth roadmap updated but UWB wars could scupper it: The Bluetooth Special Interest Group, which controls the development of the short range wireless standard, will publish an updated roadmap that defines plans up to the third quarter of 2007 shortly. The focus will be on interoperability with UltraWideBand (UWB). Source: http://www.theregister.com/2005/12/06/bluetooth_roadmap/.
- Wireless Hackers 101: Attacks on wireless LANs (WLANs) and wireless-enabled laptops are a quick and easy way for hackers to steal data and enter the corporate network. IT departments must have a pre-emptive plan of action to prevent these malicious and illegal attacks, which compromise an organization’s data privacy and can wreak havoc on network infrastructure. Source: http://www.esecurityplanet.com/prevention/article.php/3568071.
Wireless Vulnerabilities
- Sobexsrv Dosyslog Remote Format String: A format string vulnerability has been reported in 'Dosyslog' due to insufficient sanitization of user-supplied input.
- sobexsrv.pl.txt: Remote exploit for the sobexsrv format string vulnerability.
- BluePIMped.txt: A write up on the exploitation of the Widcomm BTStackServer used for Bluetooth connectivity.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
[back to
top]
name=trends>Trends
- Automatic Update Functionality in Sober.X Worm:US-CERT is aware of functionality that could allow the mass-mailing worm known as "W32/Sober.X" to automatically update itself. W32/Sober.X is a bi-lingual (English and German) mass-mailing worm that utilizes its own SMTP engine to propagate. Source: http://www.us-cert.gov/current/.
- Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities: Programs written in Perl may contain many of the same types of format string vulnerabilities that programs written in C can contain. US-CERT VU#946969
- Exploit for Vulnerability in Microsoft Internet Explorer window() object: US-CERT is aware of a vulnerability in the way Microsoft Internet Explorer handles requests to the window() object. Source: http://www.us-cert.gov/current/
- Reports of IRS Phishing Emails: US-CERT has received reports of a phishing email scam that attempts to convince the user that it is from the Internal Revenue Service (IRS) by using a spoofed "From" address of "tax-refunds@irs.gov". Source: http://www.us-cert.gov/current/.
- Trojans target unpatched IE flaw: Several Trojan horses that exploit an unpatched flaw in Internet Explorer have been discovered. According to Sophos two exploits, Clunky-B and Delf-LT, could allow malicious code to be executed remotely on a user's PC.
These Trojans could "download anything, including a 'banker Trojan' that gives up your bank details."
Source: http://news.zdnet.co.uk/0,39020330,39240189,00.htm - November breaks all malware records: According to the antivirus firm, Sophos, November was the worst month for malware since records began in the mid-1980s. They detected 1,940 new pieces of malware in the past month, and have seen a 48 per cent increase in threats over the year. Source:
http://www.vnunet.com/vnunet/news/2147200/november-biggest-ever-malware. - Holiday spam could reach one billion emails: According to email security vendor, MailFrontier, the number of spam and phishing messages could top 1 billion this Christmas.
Last year 750 million emails were sent over the Christmas period, with both bogus sales offers and phishing attacks. Source:
http://www.vnunet.com/vnunet/news/2147012/holiday-spam-reach-billion. - IT spending overtaken by compliance issues: According to Gartner, money spent on IT to ensure compliance with regulations will outweigh money spent on new technologies. The research, which assessed trends that will impact people, business and the IT industry, found that this pattern will continue through until 2010, with regulatory compliance IT spending growing at twice the rate of general IT spending. Source: http://www.vnunet.com/crn/news/2147155/spending-overtaken-compliance.
- Cyber criminals gather on forgotten Web sites: According to security experts, cyber criminals selling programs to hack into computers and stolen bank account numbers are moving to abandoned Web sites where their activities are harder to track. Dormant Web sites no longer monitored by administrators have in effect created hundreds of online bazaars for criminals. Source: http://www.msnbc.msn.com/id/10284366/from/RSS/.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
| 2 | Netsky-D | Win32 Worm | Slight Increase | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 3 | Sober-Z | Win32 Worm | New | December 2005 | A mass-mailing worm that harvests addresses from infected machines, forges the senders email, and utilizes its own mail engine. |
| 4 | Mytob-GH | Win32 Worm | Stable | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
| 5 | Mytob.C | Win32 Worm | Increase | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 6 | Mytob-BE | Win32 Worm | Decrease | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 7 | Zafi-D | Win32 Worm | Slight Increase | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 8 | Lovgate.w | Win32 Worm | Slight Decrease | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 9 | Mytob-GH | Win32 Worm | New | December 2005 | This email worm turns off anti-virus and opens infected systems to remote connections. It further harvests email addresses from infected machines, and forges the senders address. |
| 10 | Zafi-B | Win32 Worm | Slight Decrease | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
Table updated December 5, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.