Summary of Security Items from December 8 through December 14, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
MDaemon 8.1.3, WorldClient 8.1.3 | A vulnerability has been reported in MDaemon and WorldClient that could let remote malicious users perform a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Alt-N MDaemon and WorldClient Denial of Service | Low | Security Focus, ID: 15815, December 12, 2005 |
ASPBB 0.4 | Multiple vulnerabilities have been reported in ASPBB that could let remote malicious users obtain information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | ASPBB Information Disclosure | Medium | Security Focus, ID: 15859, December 14, 2005 |
XM Forum RC3 | A vulnerability has been reported in XM Forum that could let remote malicious users conduct cross site scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published.
| ASP-DEV XM Forum Cross Site Scripting | Medium | Security Focus, ID: 15858, December 14, 2005 |
| ASPM Forum | Multiple vulnerabilities have been reported in ASPMForum that could let remote malicious users perform SQL Injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | ASPMForum SQL Injection | Medium | Secunia, Advisory: SA17954, December 8, 2005 |
CF_Nuke 4.6 | A directory traversal vulnerability has been reported in CF_Nuke that could let remote malicious users conduct Cross-Site Scripting or disclose information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | CF_Nuke Cross-Site Scripting or Information Disclosure | Medium | Security Focus, ID: 15777, 15778, December 8, 2005 |
LocazoList Classifieds 1.0 3c | A vulnerability has been reported in LocazoList Classifieds that could let remote malicious users conduct Cross-Site Scripting. A vendor solution is available: There is no exploit code required; however, a Proof of Concept exploit has been published. | LocazoList Classifieds Cross-Site Scripting | Medium | Security Focus, ID: 15812, December 12, 2005 |
LogiSphere 0.9.9j | A directory traversal vulnerability has been reported in LogiSphere that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | LogiSphere Denial of Service | Low | Secunia, Advisory: SA17989, December 12, 2005 |
DirectX DirectShow 7.0 to 9.0c | A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code. Vendor fix available: Avaya: V1.3 Updated to note availability of Microsoft Knowledge Base Article 909596 and to clarify an issue affecting Windows 2000 SP4 customers, also updates of file versions. V1.4 Updated to note complications of the DirectX 8.1 update on machines running DirectX 9. V2.0 Updated to advise customers that a Currently we are not aware of any exploits for this vulnerability. | Microsoft DirectX DirectShow Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-050, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 Avaya, ASA-2005-214, October 11, 2005 Microsoft, Security Bulletin MS05-050 V1.3, October 21, 2005 Microsoft, Security Bulletin MS05-050 V1.4, November 9, 2005 Nortel, Security Advisory Bulletin 2005006315, November 11, 2005 Microsoft, Security Bulletin MS05-050 V2.0, December 13, 2005 |
Excel | A stack overflow vulnerability has been reported in Microsoft Excel that could let local or remote malicious users execute arbitrary code. No workaround or patch available at time of publishing. An exploit has been published. | Microsoft Excel Arbitrary Code Execution | High | Security Tracker, Alert ID: 1015333, December 8, 2005 |
Internet Explorer | A vulnerability has been reported in Internet Explorer, by mismatched DOM objects, that could let remote malicious users to obtain unauthorized access. Vendor solutions available: http://www.microsoft.com/ An exploit has been published. | Microsoft Internet Explorer Unauthorized Access href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1790">CVE-2005-1790 | Medium | Microsoft, Security Advisory 911302, November 21, 2005 USCERT, VU#887861, November 21, 2005 Microsoft, Security Bulletin MS05-054, December 13, 2005 |
Internet Explorer 6.0 SP1 and prior | A vulnerability has been reported in Internet Explorer, by dialog manipulation, that could let remote malicious users execute arbitrary code. A vendor solution is available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-054, December 13, 2005 |
Internet Explorer 6.0 SP1 and prior | A vulnerability has been reported in Internet Explorer, COM object Instantiation, that could let remote malicious users execute arbitrary code. A vendor solution is available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-054, December 13, 2005 |
Internet Explorer 6.0 SP1 and prior | A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information. A vendor solution is available: There is no exploit code required. | Microsoft Internet Explorer Information Disclosure | Medium | Microsoft, Security Bulletin MS05-054, December 13, 2005 |
Windows 2000 Server SP4 and prior, Professional SP4 and prior, Datacenter Server SP4 and prior, Advanced Server SP4 and prior | A vulnerability has been reported in Windows, Asynchronous Procedure Calls, that could let local malicious users obtain elevated privileges. A vendor solution is available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Privilege Elevation | Medium | Microsoft, Security Bulletin MS05-055, December 13, 2005 |
Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1 | A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code. Patches available at:
href="http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx"> Microsoft Windows NT 4.0 has also been found vulnerable to the issue; however, this platform is no longer publicly supported by Microsoft. A patch is available for customers that have an active end-of-life support agreement including extended Windows NT 4.0 support. Information regarding the end-of-life support agreement can be found at the following location: V1.1 Revised to advise of Knowledge Base Article 896427, detailing a potential issue encountered after installing this update. An exploit has been published. | High | Microsoft Security Bulletin, MS05-011, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#652537 Security Focus, 12484, March 9, 2005 Security Focus, Bugtraq ID: 12484, June 23, 2005 Microsoft Security Bulletin, MS05-011 V1.1, December 13, 2005 | |
My Album 1.0 | A directory traversal vulnerability has been reported in My Album that could let remote malicious users disclose information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | My Album Information Disclosure | Medium | Secunia, Advisory: SA17951, December 12, 2005 |
Opera Web Browser 8.0 1 | A vulnerability has been reported because a remote malicious user can hide a 'File Download' dialog box underneath a new browser window and entice a user into double clicking a specific area in the window, which could lead to the remote arbitrary code execution. Update to 8.02 or later: http://www.opera.com/ Currently we are not aware of any exploits for this vulnerability. | Opera Web Browser Download Dialog File Manipulation | High | Secunia Advisory: SA15781, December 13, 2005 |
Streaming Media Server 2.0.3.b | A buffer overflow vulnerability has been reported in Streaming Media Server that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Sights 'n Sounds Streaming Media Server Denial of Service | Low | Secunia, Advisory: SA17998, December 12, 2005 |
SunnComm MediaMax 5.0.21.0 | A vulnerability has been reported due to insecure default directory ACLs set on the 'SunnComm Shared' directory, which could let a malicious user obtain elevated privileges. Patch available at: http://www.sonybmg.com/ Entry erroneously listed as Multiple OS. There is no exploit code required. | Sony SunnComm MediaMax Insecure Directory Permissions | Medium | Secunia Advisory: SA17933, December 7, 2005 Security Tracker, Alert ID: 1015327, December 8, 2005 |
ServerProtect 5.58 | Multiple vulnerabilities have been reported in ServerProtect that could let remote malicious users cause a Denial of Service or obtain information. Contact the vendor for workaround and fix. There is no exploit code required. | Trend Micro ServerProtect Multiple Vulnerabilities | Medium | Security Focus, ID: 15867, 15868, December 14, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Mac OS X 10.3.9 | A vulnerability has been reported in Perl due to a failure to correctly drop privileges, which could let a remote malicious user obtain elevated privileges. Note: The impact depends on how a Perl application is written to use the affected Perl functionality. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Apple Mac OS X Perl Privilege Dropping | Medium | Secunia Advisory: SA17922, December 13, 2005 |
CKGOLD | A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | CKGold Cross-Site Scripting | Medium | Secunia Advisory: SA17972, December 14, 2005 |
curl 7.12-7.15, 7.11.2
| A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code. Upgrades available at: Mandriva: Fedora: Debian: Currently we are not aware of any exploits for this vulnerability. | cURL / libcURL URL Parser Buffer Overflow | High | Security Focus, Bugtraq ID: 15756, December 7, 2005 Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 919-1, December 12, 2005 |
DRZES HMS 3.2 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'login.php' due to insufficient sanitization of user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in the ' invoiceID' parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | DRZES HMS Cross-Site Scripting &SQL Injection | Medium | Security Focus, Bugtraq ID: 15766, December 7, 2005 |
Mnemo 2.0.2 | HTML injection vulnerabilities have been reported due to insufficient sanitization of the notepad name and other note data fields, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required. | Horde Mnemo Remote HTML Injection | Medium | Security Focus, Bugtraq ID: 15803, December 12, 2005 |
Turba Contact Manager 2.0.4 | HTML injection vulnerabilities have been reported due to insufficient sanitization of the address book name and certain contact data fields, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required. | Horde Turba Multiple HTML Injection | Medium | Security Focus, Bugtraq ID: 15802, December 12, 2005 |
Horde Application Framework 3.0-3.0.7 | HTML injection vulnerabilities have been reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | Horde Application Framework HTML Injection | Medium | Secunia Advisory: SA17970, December 12, 2005 |
Kronolith 2.0.5, 2.0.4 | HTML injection vulnerabilities have been reported due to insufficient sanitization of the calendar name and certain event data fields, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | Horde Kronolith HTML Injection | Medium | Secunia Advisory: SA17971, December 12, 2005 |
Nag 2.0-2.0.3, 1.1-1.1.3 | HTML injection vulnerabilities have been reported due to insufficient sanitization of certain tasklist names and task data fields, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | Horde Nag Remote HTML Injection | Medium | Security Focus, Bugtraq ID: 15804, December 12, 2005 |
IPsec-Tools0.6-0.6.2, 0.5-0.5.2 | A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode. Upgrades available at: Ubuntu: Gentoo: Vulnerability can be reproduced with the PROTOS IPSec Test Suite. | IPsec-Tools ISAKMP IKE Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15523, November 22, 2005 Ubuntu Security Notice, USN-221-1, December 01, 2005 Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005 |
osh 1.7 | A buffer overflow vulnerability has been reported in 'main.c' due to an error when handling environment variable substitutions, which could let a remote malicious user execute arbitrary with superuser privileges. Debian: There is no exploit code required; however a Proof of Concept exploit script has been published. | Mike Neuman OSH Remote Buffer Overflow | High | Secunia Advisory: SA17527, November 9, 2005 Debian Security Advisory, DSA 918-1, December 9, 2005 |
osh 1.7 | A buffer overflow vulnerability exists in 'main.c' due to insufficient bounds checking in the 'iopen()' function, which could let a remote malicious user execute arbitrary code. Debian: An exploit script has been published. | Mike Neuman OSH Command Line Argument Buffer Overflow | High | Secunia Advisory, Debian Security Advisory, DSA 918-1, December 9, 2005 |
Firefox 0.x, 1.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'Install Trigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for a remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code. Updates available at: Gentoo: Mandriva: Fedora: RedHat: Ubuntu: http://security.ubuntu.com/ http://security.ubuntu.com/ SUSE: Debian: http://security.debian. SGI: Gentoo: Slackware: Debian: Debian: Fedora: HP: HP: Ubuntu: Sun: SUSE: Mandriva: Exploits have been published. | Firefox Multiple Vulnerabilities CVE-2005-2260 | High | Secunia Advisory: SA16043, July 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005 Slackware Security Advisory, SSA:2005-203-01, July 22, 2005 Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005 Debian Security Advisory, DSA 775-1, August 15, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Debian Security Advisory, DSA 777-1, August 17, 2005 Debian Security Advisory, DSA 779-1, August 20, 2005 Debian Security Advisory, DSA 781-1, August 23, 2005 Gentoo Linux Security Advisory, GLSA 200507-24, August 26, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:127-1, August 26, 2005 Slackware Security Advisory, SSA:2005-085-01, August 28, 2005 Debian Security Advisory, DSA 779-2, September 1, 2005 Debian Security Advisory, DSA 810-1, September 13, 2005 Fedora Legacy Update Advisory, FLSA:160202, September 14, 2005 HP Security Bulletin, HPSBOV01229, September 19, 2005 HP Security Bulletin, Ubuntu Security Notice, USN-155-3, October 04, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 Mandriva Linux Security Advisory, MDKSA-2005:226, December 12, 2005 |
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2; | Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read Patches available at: Fedora: RedHat: KDE: SUSE: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Xpdf Buffer Overflows | High | iDefense Security Advisory, December 5, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005 KDE Security Advisory, advisory-20051207-1, December 7, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 Ubuntu Security Notice, USN-227-1, December 12, 2005 |
Linux kernel 2.6- 2.6.14 | A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function. Fedora: Upgrades available at: Ubuntu: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPV6 Denial of Service | Low | Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, Security Focus, Bugtraq ID: 15156, October 31, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.15 | An integer overflow vulnerability has been reported in 'INVALIDATE_INODE_ Fedora: A Proof of Concept exploit script has been published. | Linux Kernel Integer Overflow | High | Fedora Update Notification, FEDORA-2005-1138, December 13, 2005 |
phpMyAdmin 2.7 .0-beta1, 2.6.4 -rc1, pl3, pl1, 2.6.3 -pl1, 2.6.2 -rc1, 2.6.2, 2.6.1 pl3, 2.6.1 pl1, 2.6.1 -rc1, 2.6.1, 2.6.0pl3, 2.6.0pl2, 2.6.0pl1, 2.5.7pl1, 2.5.7, 2.5.6 -rc1, 2.5.5 pl1, 2.5.5 -rc2, 2.5.5 -rc1, 2.5.5, | Cross-Site Scripting vulnerabilities have been reported in the 'HTTP_HOST' variable and certain scripts in the libraries directory due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: There is no exploit code required. | PHPMyAdmin Multiple Cross-Site Scripting | Medium | phpMyAdmin security announcement PMASA-2005-8, December 5, 2005 Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005 |
RedHat Enterprise Linux WS 3, ES 3, AS 3, Desktop 3.0; | A Denial of Service vulnerability has been reported in the 'find_target' function due to a failure to properly handle unexpected conditions when attempting to handle a NULL return value from another function. Upgrades available at: RedHat: Debian: There is no exploit code required. | Linux Kernel Find_Target Local Denial of Service | Low | Security Focus, Bugtraq ID: 14965, September 28, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisory. DSA 921-1, December 14, 2005 |
SuSE Linux Enterprise Server 9, Linux 9.3 x86_64; | A vulnerability has been reported in 'ptrace' 64-bit platforms, which could let a malicious user access kernel memory pages. SUSE: RedHat: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit PTrace Kernel Memory Access | Medium | SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005
|
SuSE Linux Professional | An unspecified Denial of Service vulnerability has been reported when stack fault exceptions are triggered. SUSE: Ubuntu: RedHat: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Stack Fault Exceptions Denial of Service | Low | Security Focus, 14467, August 3, 2005 SUSE Security Announce- Ubuntu Security Notice, USN-187-1, September 25, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005 |
SuSE Linux Professional | A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code. Patches available at: Ubuntu: SUSE: RedHat: Mandriva: RedHat: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel XFRM Array Index Buffer Overflow | High | Security Focus, 14477, August 5, 2005 Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 200 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005 |
SuSE Linux Professional 10.0 OSS, 10.0, Linux Personal 10.0 OSS; | A Denial of Service vulnerability has been reported due to a race condition in 'do_coredump'. SUSE: There is no exploit code required. | Linux Kernel do_coredump Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Trustix Secure Linux 2.2; | A vulnerability has been reported in CP+ (cpplus), which potentially could let a remote malicious user cause a Denial of Service. Upgrades available at: Trustix: Currently we are not aware of any exploits for this vulnerability. | Positive Software Corporation CP+ Unspecified Perl Remote Denial of Service | Low | Secunia Advisory: SA17975, December 12, 2005 Trustix Secure Linux Bugfix Advisory, 2005-0068, December 12, 2005 |
Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0, SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server for S/390 9.0, Linux Enterprise Server 9; 2.6-2.6.12 .4 | A Denial of Service vulnerability has been reported due to a failure to handle malformed compressed files. Upgrades available at: Ubuntu: SUSE: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Mandriva: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ZLib Null Pointer Dereference Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Ubuntu Linux 5.0 4 amd64, 4.1 ia64; | A Denial of Service has been reported in 'ptrace()' due to insufficient validation of memory addresses. Updates available at: Ubuntu: SUSE: RedHat: RedHat:
Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'ptrace()' Denial of Service | Low | Ubuntu Security Notice, USN-137-1, June 08, 2005 SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Debian Security Advisory, DSA 921-1, December 14, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
| A vulnerability has been reported in the network bridging functionality, which could let a remote malicious user poison the bridge forwarding table.
Upgrades available at: Ubuntu: Debian: There is no exploit code required. | Linux Kernel Network Bridge Information Disclosure | Medium | Security Focus, Bugtraq ID: 15536, November 22, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A vulnerability was reported has been reported in the 'mmap()' function because memory maps can be created with a start address after the end address, which could let a malicious user cause a Denial of Service or potentially obtain elevated privileges. Ubuntu: RedHat: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'MMap()' Denial of Service | Medium | Ubuntu Security Notice, USN-137-1, June 08, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha' | A vulnerability has been reported in the Debian: Ubuntu: There is no exploit code required. | Courier Mail Server Unauthorized Access | Medium | Debian Security Advisory, DSA 917-1, December 8, 2005 Ubuntu Security Notice, USN-226-1, December 09, 2005 |
Linux Kernel | A race condition vulnerability has been reported in ia32 emulation, that could let local malicious users obtain root privileges or create a buffer overflow. Patch Available: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> SUSE: RedHat: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Race Condition and Buffer Overflow | High | Security Focus, 14205, July 11, 2005 Trustix Secure Linux Security Advisory, SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisory, DSA 921-1, December 14, 2005 |
Linux kernel
| A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges. Updates available at: SUSE: RedHat: RedHat: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit 'AR-RSC' Register Access | Medium | Security Tracker Alert ID: 1014275, June 23, 2005 SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005
|
Linux kernel | A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.
SuSE: Ubuntu: RedHat: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SYSFS_Write_ | High
| Security Focus, 13091, April 11, 2005 RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 SUSE Security Announce- Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Linux Kernel 2.4.x, 2.6 prior to 2.6.11.11 | A vulnerability has been reported in the Linux kernel in the Radionet Open Source Environment (ROSE) implementation in the 'rose_rt_ioctl()' function due to insufficient validation of a new routes' ndigis argument. The impact was not specified. Updates available at: Ubuntu: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Not Specified | Security Tracker Alert, 1014115, June 7, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005 | |
Linux kernel 2.6.10, 2.6, -test1-test11, 2.6.1-2.6.12; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3 | A Denial of Service vulnerability has been reported on 64-bit platform due to a flaw in offset handling for the extended attribute file system code. RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-294.html"> Debian: Currently we are not aware of any exploits for this vulnerability. | Low | RedHat Security Advisory, RHSA-2005:294-29, May 18, 2005 Debian Security Advisory, DSA 921-1, December 14, 2005 | |
Linux kernel 2.6.10, 2.6, -test9-CVS, -test1-test11, 2.6.1-2.6.9; | A Denial of Service vulnerability has been reported in the 'fib_seq_start' function in 'fib_hash.c.' RedHat; Ubuntu: SUSE: Currently we are not aware of any exploits for this vulnerability.
| Low | RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 | |
Linux kernel 2.6.10-2.6.15
| A Denial of Service vulnerability has been reported due to a memory leak in the kernel file lock lease code. Upgrades available at: SUSE: Trustix: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel File Lock Lease Local Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6.8, 2.6.10 | A vulnerability has been reported in the EXT2/EXT3 file systems, which could let a remote malicious user bypass access controls.
Ubuntu: Mandriva: RedHat: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel EXT2/EXT3 File Access Bypass | Medium | Security Focus, Bugtraq ID: 14792, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005 Debian Security Advisory, DSA 921-1, December 14, 2005 |
Linux kernel 2.6.8, 2.6.10 | A remote Denial of Service vulnerability has been reported in the 'ipt_recent' module when specially crafted packets are sent. Ubuntu: Mandriva: RedHat: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'Ipt_recent' Remote Denial of Service | Low | Security Focus, Bugtraq ID: 14791, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6.8-2.6.10, 2.4.21 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service. Ubuntu: Trustix: Fedora: RedHat: Mandriva: RedHat: Mandriva: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service | High | Secunia Advisory: SA16747, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32 | A Denial of Service vulnerability has been reported in 'IP_VS_CONN_FLUSH' due to a NULL pointer dereference. Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue. Ubuntu: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Denial of Service | Low | Security Focus, Bugtraq ID: 15528, November 22, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Linux kernel 2.6-2.6.12, 2.4-2.4.31
| A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Remote Denial of Service | Low | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.13.1 | A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function. Fixed version (2.6.13.2), available at: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel routing_ioctl() Denial of Service | Low | Security Tracker Alert ID: 1014944, September 21, 2005 Ubuntu Security Notice, USN-187-1, September 25, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_ Patches available at: Fedora: Trustix: RedHat: Ubuntu: Mandriva: SUSE: There is no exploit code required. | Linux Kernel Denial of Service & Information Disclosure | Medium | Secunia Advisory: SA17114, October 12, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
RedHat: Ubuntu: Mandriva: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel USB Subsystem Denials of Service | Low | Secunia Advisory: SA16969, September 27, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux Kernel 2.6-2.6.14 | Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_ Ubuntu: Trustix: RedHat: Mandriva: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Denials of Service CVE-2005-3053 | Low | Ubuntu Security Notice, USN-199-1, October 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39 | A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands. Mandriva: Fedora: There is no exploit code required; however, a Proof of Concept exploit has been published. | Linux Kernel Console Keymap Arbitrary Command Injection | Medium | Security Focus, Bugtraq ID: 15122, October 17, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 Fedora Update Notification, |
Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS; | A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself. Upgrades available at: Fedora: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTrace 'CLONE_ | Low | Secunia Advisory: SA17761, November 29, 2005 Fedora Update Notification, SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Linux kernel 2.6-2.6.15 | A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space. Patches available at: Trustix: An exploit script has been published. | Linux Kernel PrintK Local Denial of Service | Low | Security Focus, Bugtraq ID: 15627, November 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005 |
Linux kernel 2.6-2.6.15; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
| A Denial of Service vulnerability has been reported because processes are improperly auto-reaped when they are being ptraced. Patches available at: Fedora: SUSE: Trustix: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTraced Denial of Service | Low | Security Focus, Bugtraq ID: 15625, November 29, 2005 Fedora Update Notification, SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0; | A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code. WGet: Daniel Stenberg: Mandriva: Ubuntu: Fedora: Trustix: Gentoo: RedHat: http://rhn.redhat. SUSE: Slackware: Debian: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor WGet/Curl NTLM Username Buffer Overflow | High | Security Tracker Alert ID: 1015056, October 13, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200 Ubuntu Security Notice, USN-205-1, October 14, 2005 Fedora Update Notifications Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005 RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-01, November 7, 2005 Debian Security Advisor, DSA 919-1, December 12, 2005 |
SuSE Linux Professional 10.0 OSS, 10.0 OSS; | A Denial of Service vulnerability has been reported due to a race condition error in the handling of POSIX timer cleanup routines. Linux kernel versions subsequent to 2.6.14 are not vulnerable to this issue. SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel POSIX Timer Cleanup Handling Local Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
| A Denial of Service vulnerability has been reported in FlowLable. Upgrades available at: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPv6 FlowLable Denial of Service | Low | Security Focus, Bugtraq ID: 15729, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Ubuntu Linux 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported when handling UDP packets received by SNMPD due to a NULL pointer dereference. Ubuntu: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SNMP Handler Remote Denial of Service | Low | Ubuntu Security Notice, USN-169-1, August 19, 2005 Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Ubuntu Linux 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported due to a resource leak when handling POSIX timers in the 'exec()' function. Upgrades available at: Ubuntu: Mandriva: SUSE: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Resource Leak Denial of Service | Low | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218 & 219, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image. Ubuntu: SUSE: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ISO File System Remote Denial of Service | Low | Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions. Upgrades available at: Ubuntu: SUSE: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Mandriva: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ZLib Invalid Memory Access Denial of Service | Low | SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Ubuntu Linux 5.0 4, i386, amd64, 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported in the '/proc/scsi/sg/devices' file due to a memory leak. Ubuntu: Mandriva: SUSE: A Proof of Concept exploit has been published. | Linux Kernel SCSI ProcFS Denial of Service | Low | Security Focus, Bugtraq ID: 14790, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64; | An information disclosure vulnerability has been reported in 'SYS_GET_THREAD Kernel versions 2.6.12.4 and 2.6.13 are not affected by this issue. Ubuntu: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Information Disclosure | Medium | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 |
Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03 | A format string vulnerability has been reported in 'Perl_sv_ Webmin: Fedora: OpenPKG: Mandriva: Ubuntu: Gentoo: http://security.gentoo. Mandriva: SUSE: Trustix: Ubuntu: Fedora: An exploit has been published. | Perl 'miniserv.pl' script Format String | Low | Security Focus, Bugtraq ID: 15629, November 29, 2005 Fedora Update Notifications, OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005 Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005 Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005 Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005 Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005 Ubuntu Security Notice, USN-222-2, December 12, 2005 Fedora Update Notifications, |
MySQL Auction 3.0 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | MySQL Auction Cross-Site Scripting | Medium | Secunia Advisory: SA18006, December 14, 2005 |
Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1 | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets. Upgrades available at: Fedora: Gentoo: Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite. | Openswan IKE Message Remote Denials of Service | Low | CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005 Astaro Security Linux Update, November 16, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005 |
OpenVPN 2.0-2.0.2 | Several vulnerabilities have been reported: a format string vulnerability was reported in 'options.c' when handling command options in the 'foreign_option()' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error in the OpenVPN server when running in TCP mode. Updates available at: OpenPKG: SUSE: Debian: Gentoo: Mandriva: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | OpenVPN Client Remote Format String & Denial of Service | High | Secunia Advisory: SA17376, November 1, 2005 OpenPKG Security Advisory, OpenPKG- SUSE Security Summary Report, Debian Security Advisory, Gentoo Linux Security Advisory, GLSA Mandriva Linux Security Advisory, MDKSA-2005:206, November 8, 2005 Mandriva Linux Security Advisory, MDKSA-2005:206-1, December 9, 2005 |
phpMyAdmin 2.7 .0-beta1, 2.7 | A vulnerability has been reported in the register_globals emulation layer in 'grab_ Upgrades available at: Gentoo: There is no exploit code required. | PHPMyAdmin 'Import_Blacklist' Variable Overwrite | Medium | Secunia Advisory: SA17925, December 7, 2005 Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005 |
Unixware 7.1.4, 7.1.3 | A buffer overflow vulnerability has been reported in 'UIDAdmin' when processing excessive data, which could let a malicious user obtain superuser privileges. Updates available at: Currently we are not aware of any exploits for this vulnerability. | SCO UnixWare Buffer Overflow | High | SCO Security Advisory, SCOSA-2005.54, December 12, 2005 |
Scout Portal Toolkit 1.3.1 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploit scripts have been published. | Scout Portal Toolkit Cross-Site Scripting & SQL Injection | Medium | Security Focus, Bugtraq ID: 15818, December 12, 2005 |
Solaris 10.0 _x86, 10.0 | A vulnerability has been reported when running Sun Update Connection Services due to an unspecified error which could let a malicious user obtain knowledge of the configured web proxy password. Patches available: There is no exploit code required. | Sun Solaris Sun Update Connection Web Proxy Password Disclosure | Medium | Sun(sm) Alert Notification Sun Alert ID: 102090, December 7, 2005 |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version imap-2004g: Trustix: Debian: Gentoo: SUSE: Mandriva: Slackware: Conectiva: RedHat: http://rhn.redhat. Fedora: Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | High | Secunia, Advisory: SA17062, October 5, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005 Slackware Security Advisory, SSA:2005-310-06, November 7, 2005 Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005 RedHat Security Advisory, RHSA-2005:848-6 & 850-5, December 6, 2005 Fedora Update Notifications, |
Zope 2.6-2.8.1 | A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured Text' functionality via the web. The impact was not specified. Hotfix available at: Gentoo: SUSE: Debian: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Zope 'Restructured | Not Specified | Zope Security Alert, October 12, 2005 Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Debian Security Advisory, DSA 910-1, November 24, 2005 Ubuntu Security Notice, USN-229-1, December 13, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
PerlCal 2.99.30, 2.99.20, 2.99 | A Cross-Site Scripting vulnerability has been reported in 'Cal_make.PL' due to insufficient sanitization of the 'p0' parameter before displaying input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | ACME Perl-Cal Cross-Site Scripting | Medium | Security Tracker Alert ID: 1015332, December 8, 2005 |
James 2.2 | A remote Denial of Service vulnerability has been reported due to an error condition in the spooler. The vendor has addressed this issue in the CVS. Users are advised to contact the vendor for further information. Currently we are not aware of any exploits for this vulnerability. | Apache James Spooler Memory Leak Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15765, December 7, 2005 |
Apache prior to 1.3.35-dev, 2.0.56-dev | A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev. OpenPKG: There is no exploit code required. | Apache mod_imap Cross-Site Scripting | Medium | Security Tracker Alert ID: 1015344, December 13, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005 |
EpiForce Agent 1.9 & prior | A remote Denial of Service vulnerability has been reported due to insufficient validation of Internet Key Exchange (IKE) packets. The vendor has released version 2.0 to address this issue. There is no exploit code required. | Apani Networks EpiForce IPSec IKE Processing Remote Denial of Service | Low | Security Tracker Alert ID: 1015340, December 11, 2005 |
Arab Portal System 2.0 beta 2 | An SQL injection vulnerability has been reported in 'link.php' due to insufficient sanitization of the 'PHPSESSID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Arab Portal SQL Injection | Medium | Secunia Advisory: SA17984, December 13, 2005 |
Blackboard Academic Suite 6.0 | A Cross-Domain vulnerability has been reported in 'frameset.jsp' due to a design error, which could let a remote malicious user obtain sensitive information or hijack sessions. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Blackboard Academic Suite Cross-Domain | Medium | Secunia Advisory: SA17991, December 12, 2005 |
Magic List Professional 2.5, Magic Forum Personal 2.5, Magic Book Professional 2.0 | Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | CFMagic Multiple Products Input Validation | Medium | Security Focus, Bugtraq ID: 15774, December 8, 2005 |
Magic Book Professional 2.0 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'StartRow' parameter before returning the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Magic Book Professional Cross-Site Scripting | Medium | Secunia Advisory: SA17982, December 12, 2005 |
CleverPath Portal 4.7 | A Cross-Site Scripting vulnerability has been reported in the login page due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Patch available at: There is no exploit code required. | CA CleverPath Portal Cross-Site Scripting | Medium | Secunia Advisory: SA17962, December 9,2005 |
Contenido 4.6.1, 4.6 | A vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.
Upgrades available at: There is no exploit code required. | Contenido CMS Remote Command Execution | Medium | Security Focus, Bugtraq ID: 15790, December 9,2005 |
ProjectForum 4.7 | Cross-Site Scripting vulnerabilities have been reported in various pages and error messages due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a remote Denial of Service vulnerability has been reported in the 'pageid' parameter due to a boundary error when sending a POST request. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | CourseForum Technologies ProjectForum Cross-Site Scripting & Denial of Service | Medium | Security Focus, Bugtraq ID: 15850, December 14, 2005 |
TrueMobile 2300 Firmware 5.1.1 .6, 3.0.08 | A vulnerability has been reported in the 'apply.cgi' page of the router's web management interface due to an access control error, which could let a remote malicious user bypass authentication. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Dell TrueMobile 2300 Remote Authentication Bypass | Medium | iDEFENSE Labs Security Advisories, December 7, 2005 |
DoceboLMS 2.0.4 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in the 'connector.php' script due to insufficient validation of the 'Type' parameter, which could let a remote malicious user obtain sensitive information; and an input validation vulnerability was reported in the file upload handling due to insufficient verification of the file extension of valid images, which could let a remote malicious user execute arbitrary PHP code. Upgrades available at: http://www.docebolms. There is no exploit code required; however, a Proof of Concept exploit script has been published. | DoceboLMS Directory Traversal & File Upload | High | Security Tracker Alert ID: 1015308, December 5, 2005 Security Focus, Bugtraq ID: 15744 & 15742, December 13, 2005 |
Dream Poll 3.0 final | An SQL injection vulnerability has been reported in 'view_results.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | DreamLevels Dream Poll SQL Injection | Medium | Security Focus, Bugtraq ID: 15849, December 14, 2005 |
Envolution | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the News module due to insufficient filtering of HTML code, which could let a remote malicious user execute arbitrary scripting code; and an SQL injection vulnerability was reported when a remote malicious user submits specially crafted parameter values, which could lead to the execution of arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | Envolution SQL Injection & Cross-Site Scripting | Medium | Security Tracker Alert ID: 1015351, December 13, 2005 |
Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7 | A buffer overflow vulnerability has been reported in the 'dissect_ospf_ Patch available at: Debian: Gentoo: Currently we are not aware of any exploits for this vulnerability. | High | iDefense Security Advisory, December 9, 2005 Debian Security Advisory DSA 920-1, December 13, 2005 Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005 | |
EveryAuction 1.53 | A Cross-Site Scripting vulnerability has been reported in 'auction.pl' due to insufficient sanitization of the 'searchstring' parameter before returning to the user, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | EveryAuction Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15824, December 13, 2005 |
FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS | A buffer overflow vulnerability has been reported in the 'avcodec_default_ Patches available at: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | FFmpeg Remote Buffer Overflow | High | Secunia Advisory: SA17892, December 6, 2005 Ubuntu Security Notice, USN-230-1, December 14, 2005 |
CodeSupport | A vulnerability has been reported due to a failure to verify that the source of remote content is from a trusted source before downloading, which could let a remote malicious user execute arbitrary code. Microsoft: There is no exploit code required. | First 4 Internet CodeSupport Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID: 15430, November 15, 2005 Microsoft Security Bulletin MS05-054, December 13, 2005 |
FlatNuke 2.5.6 | A vulnerability has been reported in the 'read' module due to insufficient validation of the 'id' parameter, which could let a remote malicious user obtain elevated privileges and execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Flatnuke Elevated Privileges & Remote Command Execution | High | Security Tracker Alert ID: 1015339, December 11, 2005 |
PHP-Nuke 7.6-7.9, 7.0-7.3 | A content filtering bypass vulnerability has been reported which could let a remote malicious user bypass filters and carry out HTML injection and Cross-Site Scripting attacks. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | PHPNuke Content Filtering Bypass | Medium | Security Focus, Bugtraq ID: 15855, December 14, 2005 |
OpenView Network Node Manager 7.50 Solaris, 7.50, 6.41 Solaris, 6.41 | A vulnerability has been reported in the 'node' URI parameter of the 'OvCgi/connectedNodes.ovpl' script, which could let a remote malicious user execute arbitrary code. Revision 3: Revision 4: Revision 5: Added PHSS_33842, PSOV_03430, and NNM_01110. Workaround available at: Another exploit script has been published. | HP OpenView Network Node Manager Remote Arbitrary Code Execution | High | Portcullis Security Advisory, 05-014, August 25, 2005 HP Security Advisory, HPSBMA01224, August 26, 2005 HP Security Advisory, HPSBMA01224 REVISION: 3, September 13, 2005 HP Security Advisory, HPSBMA01224 REVISION: 4, September 19, 2005 HP Security Advisory, HPSBMA01224 REVISION: 5, October 4, 2005 Security Focus, Bugtraq ID: 14662, December 8, 2005 |
Job Board 2.4.1 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'cat' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Jamit Job Board SQL Injection | Medium | Secunia Advisory: SA18007, December 14, 2005 |
Guestserver 5.0 | A HTML injection vulnerability has been reported in 'GuestServer.cgi' due to insufficient sanitization before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Guestserver HTML Injection | Medium | Security Focus, Bugtraq ID: 15821, December 12, 2005 |
WRT54GS 4.70.6 (Firmware), 4.50.6 (Firmware), BEFW11S4 v4, BEFW11S4 v3, BEFW11S4 1.44, 1.43.3, 1.4.3, 1.4.2 .7 | A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit scrip has been published. | Multiple Linksys Routers Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15861, December 14, 2005 |
List Manager 8.8 a, 8.0, 7.0, 6.0, 5.0 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'pw' parameter in the web interface when subscribing a new user to the mailing list due to insufficient sanitization before inserting in the processing queue as a command message, which could let a remote malicious user execute arbitrary list administration commands; an SQL query vulnerability was reported in '/read/attachment' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL vulnerability was reported in certain parameters due to insufficient sanitization before used as a column name to the ORDER BY command in a SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the MSDE version of ListManager because a weak default password is used for the database after installation, which could let a remote malicious user obtain sensitive information; a vulnerability was reported because certain versions allow access to the 'status' module of the 'TCLHTTPd' service, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'TCLHTTPd' service because the source of arbitrary TML scripts on the server can be viewed; and a vulnerability was reported because the entire CGI environment is included into a HTML hidden variable of the error page when a non-existent page is requested. Some of these vulnerabilities have reportedly been fixed in version 8.9b. There is no exploit code required. | Lyris ListManager Multiple Vulnerabilities CVE-2005-4142 | Medium | Secunia Advisory: SA17943, December 9, 2005 |
Flash Media Server Professional Edition 2.0, | A Denial of Service vulnerability has been reported due to an error in the Administration Service (FMSAdmin.exe) when handling received data. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Macromedia Flash Media Server Administration Service Denial of Service | Low | Security Focus, Bugtraq ID: 15822, December 13, 2005 |
Mambo Site Server 4.0.14, 4.0.12 RC1-RC3, BETA & BETA 2, 4.0.10-4.0.12, 4.0 | A remote file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.
The vendor has released a patch addressing this issue. Users are advised to contact the vendor for more information on obtaining the appropriate patch. Joomla: An exploit script has been published. Reports indicate that a bot is propagating in the wild by exploiting this vulnerability. | Mambo Open Source Remote File Include | High | Security Focus, Bugtraq ID: 15461, November 16, 2005 Security Focus, Bugtraq ID: 15461, November 21, 2005 Security Focus, Bugtraq ID: 15461, November 24, 2005 Security Focus, Bugtraq ID: 15461, December 5, 2005 Security Focus, Bugtraq ID: 15461, December 9, 2005 |
Mantis 1.x | A Cross-Site Scripting vulnerability has been reported in 'view_filters_page.php' due to insufficient sanitization of the 'target_field' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Mantis Cross-Site Scripting | Medium | Secunia Advisory: SA18018, December 14, 2005 |
McGallery 2.2, 1.1, 1.0 | Several vulnerabilities have been reported: a vulnerability was reported in 'index.php' due to insufficient verification of the 'language' parameter before used to include files, which could let a remote malicious users include arbitrary files; a vulnerability was reported in 'show.php' due to insufficient sanitization of the 'id,' 'rand,' and 'start' parameters and in 'index.php' due to insufficient sanitization of the 'album' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | mcGalleryPRO Multiple Vulnerabilities | Medium | Security Focus, Bugtraq ID: 15845, December 14, 2005 |
MediaWiki 1.5 alpha1&2, bet1-beta3, 1.4-1.4.10, 1.3.13, 1.3-1.3.11 | A Cross-Site Scripting vulnerability has been reported in inline style attributes due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: SUSE: There is no exploit code required. | Medium | Security Focus, Bugtraq ID: 15024, October 6, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 | |
MilliScripts 1.4 | A Cross-Site Scripting vulnerability has been reported in 'register.php' due to insufficient sanitization of the 'domainname' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Milliscripts Cross-Site Scripting | Medium | Secunia Advisory: SA17997, December 12, 2005 |
Motorola Cable Modem SB5100E | A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets. No workaround or patch available at time of publishing. There is no exploit code required. | Motorola SB5100E Cable Modem Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15795, December 9, 2005 |
Firefox 1.5, Netscape Browser 8.0.4; Netscape Browser 8.0.4 | A remote Denial of Service vulnerability has been reported when handling large history information. Note: The vendor disputes this claim. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Mozilla History File Remote Denial of Service | Low | Secunia Advisory: SA17934, December 8, 2005 |
RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9 | A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files. Fedora: RedHat: Mandriva: FedoraLegacy: SGI: OpenPKG: SUSE: Currently we are not aware of any exploits for this vulnerability. | PHP Group Exif Module Remote Denial of Service | Low | Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:831-15, November 10, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 Fedora Legacy Update Advisory, FLSA:166943, November 28, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005 SuSE Security |
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3; | A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code. Drupal: Mandriva: Pear: PhpMyFaq: S9Y Serendipity: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> WordPress: XML-RPC: Xoops: Gentoo: http://security.gentoo. http://security.gentoo. http://security.gentoo. Fedora: Ubuntu: Debian: http://security.debian. http://security.debian. SGI: SuSE: Trustix: Debian: SUSE: MAXdev MD-Pro Content Management: b2evolution: FreeMed Software: HP: Exploit scripts have been published. | Multiple Vendors XML-RPC for PHP Remote Code Injection | High | Security Focus, 14088, June 29, 2005 Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005 Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005 Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005 SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005 Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005 SGI Security Advisory, 20050703-01-U, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005 Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Security Focus, Bugtraq ID: 14088, November 7, 2005 Security Focus, Bugtraq ID: 14088, November 23, 2005 HP Security Bulletin, HPSBTU02083, December 9, 2005 |
MyBulletinBoard 1.0 PR2, RC1-RC4 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and unspecified vulnerabilities were reported which could compromise a vulnerable MyBB installation. Upgrades available at: Currently we are not aware of any exploits for these vulnerabilities. | MyBB SQL Injection & Unspecified Vulnerabilities | Medium | TKPN2005-12-001, December 9, 2005 |
RP114 3.26 | A remote Denial of Service vulnerability has been reported when a malicious user initiates a TCP SYN flood to the external interface of the device. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | NetGear RP114 SYN Flood Denial of Service | Low | Securiteam Advisory, December 13, 2005 |
Netref 3.0 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'cat' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Netref SQL Injection Scripting | Medium | Security Focus, Bugtraq ID: 15801, December 12, 2005 |
SSL VPN 4.2.1.6 | A vulnerability has been reported in 'tunnelform.yaws' due to insufficient sanitization of the 'a' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Nortel SSL VPN Web Interface Input Validation | Medium | SEC-CONSULT Security Advisory 20051212-0, December 10, 2005 |
OpenSSH 4.1, 4.0, p1 | Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials. Upgrades available at: Fedora: Trustix: Slackware: Fedora: RedHat: Mandriva: Ubuntu: Conectiva: SCO: There is no exploit code required. | OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials | Medium | Secunia Advisory: SA16686, September 2, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Slackware Security Advisory, SSA:2005-251-03, September 9, 2005 Fedora Update Notification, RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005 Ubuntu Security Notice, USN-209-1, October 17, 2005 Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005 SCO Security Advisory, SCOSA-2005.53, December 12, 2005 |
Opera Web Browser 8.50, 8.0-8.0 2 | A remote Denial of Service vulnerability has been reported when handling large page titles due to an error. Upgrades available at: There is no exploit code required. | Opera Web Browser Long Page Title Remote Denial of Service | Low | Opera Software Advisory, December 12, 2005 |
PGP Desktop Professional 9.0.3 Build 2932, 9.0 | A vulnerability has been reported when using the Wipe Free Space tool because data contained in the slack space of files on a NTFS drive is not correctly wiped, which could lead to the disclosure of sensitive information.
No workaround or patch available at time of publishing. There is no exploit code required; however, the Slacker tool may be used to exploit this vulnerability. | PGP Desktop Wipe Free Space Assistant Improper Disk Wipe | Medium | Metasploit Project Advisory, December 8,2005 |
PHP JackKnife 2.21 | A Cross-Site Scripting vulnerability has been reported in 'DisplayResults.php' due to insufficient sanitization of the 'sKeywords parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | PHP JackKnife Gallery System Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15841, December 13, 2005 |
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_ Upgrades available at: SUSE: TurboLinux: Fedora: RedHat: http://rhn.redhat. Gentoo: Mandriva: SUSE: Trustix: SGI: OpenPKG: There is no exploit code required. | PHP Multiple Vulnerabilities CVE-2005-3388 | Medium | Secunia Advisory: SA17371, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Turbolinux Security Advisory TLSA-2005-97, November 5, 2005 Fedora Update Notifications, RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005 Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005 |
Ad Manager Pro 2.0 | An SQL injection vulnerability has been reported in 'Advertiser_statistic.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHP Web Scripts Ad Manager Pro SQL Injection | Medium | Security Focus, Bugtraq ID: 15847, December 14, 2005 |
Link Up Gold 2.5 | Cross-Site Scripting vulnerabilities have been reported in 'tell_friend.php' due to insufficient sanitization of the 'link' parameter and in 'search.php' due to insufficient sanitization of the 'phrase[0]' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Link Up Gold Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15843, December 13, 2005 |
phpCOIN 1.2.2 | A Cross-Site Scripting vulnerability has been reported in 'Coin_CFG.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPCoin SQL Injection | Medium | Security Focus, Bugtraq ID: 15830, December 13, 2005 |
| phpCOIN
phpCOIN 1.2.2 | A file include vulnerability has been reported in 'config.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | High | Security Focus, Bugtraq ID: 15831, December 13, 2005 | |
PHP 5.0 .0- 5.0.5, 4.4.1, 4.4 .0, 4.3-4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0.6, 4.0.7, RC1-RC3 | A vulnerability has been reported in the 'mb_send_mail()' function due to an input validation error, which could let a remote malicious user inject arbitrary headers to generated email messages.
Upgrades available at: SUSE: There is no exploit code required. | PHP MB_Send_Mail Arbitrary Header Injection | Medium | Security Focus, Bugtraq ID: 15571, November 25, 2005 SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005 |
PhpWebGallery 1.5.1 | SQL injection vulnerabilities have been reported in 'comments.php' due to insufficient sanitization of the 'sort_by' and 'items_number' parameters and in 'picture.php' due to insufficient sanitization of the 'image_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPWebGallery SQL Injection | Medium | Security Focus, Bugtraq ID: 15837, December 13, 2005 |
Plogger Beta 2 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient of the 'page' and 'id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'level' and 'searchterms' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Plogger SQL Injection & Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15839, December 13, 2005 |
EncapsGallery 1.0 | An SQL injection vulnerability has been reported in 'gallery.php' due to insufficient sanitization of the 'id' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | EncapsGallery SQL Injection | Medium | Security Focus, Bugtraq ID: 15836, December 13, 2005 |
RTOS 4.25 | A vulnerability has been reported in the 'dhcp.client' program because it has suid root permissions, which could let a remote malicious user change the assigned IP addresses of network interfaces and potentially cause a Denial of Service. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | QNX RTOS 'dhcp.client' File Permission | Low | Security Focus, Bugtraq ID: 15785, December 9, 2005 |
SMF 1.1 rc1 | An SQL injection vulnerability has been reported in 'memberlist.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Simple Machines Forum SQL Injection | Medium | KAPDA Advisory #16, December 9, 2005 |
SimpleBBS 1.1, 1.0.7, 1.0.6 | A vulnerability has been reported in the 'name' parameter when adding a new topic due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | SimpleBBS Input Validation | High | Security Tracker Alert ID: 1015323, December 7, 2005 |
Snipe Gallery 3.1.4 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in 'image.php' due to insufficient sanitization of the 'image_id' parameter and in 'view.php' due to insufficient sanitization of the 'gallery_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization 'keyword' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | Snipe Gallery Cross-Site Scripting & SQL Injection | Medium | Secunia Advisory: SA18022, December 14, 2005 |
Thwboard Beta 2.8 | Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user inject arbitrary HTML, script code, or SQL code. Upgrade available at: There is no exploit code required; however, Proof of Concept exploits have been published. | ThWboard Multiple Input Validation | Medium | KAPDA Advisory #15, December 7, 2005 |
PHP Support Tickets 2.0 | SQL injection vulnerabilities have been reported in the login page due to insufficient validation of the 'username' and password' fields and in 'index.php' due to insufficient verification of the 'id' parameter, which could let a remote malicious user execute arbitrary SQL code. Update available at: There is no exploit code required. | PHP Support Tickets Multiple SQL Injection | Medium | Security Tracker Alert ID: 1015352, December 13, 2005 |
UseBB 0.6 a, 0.6, 0.5.1 a, 0.5.1 | A Cross-Site Scripting vulnerability has been reported in '$_SERVER['PHP_SELF']' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | UseBB Cross-Site Scripting | Medium | Secunia Advisory: SA17958, December 12, 2005 |
VCD-db 0.971-0.973, 0.961, 0.98, 0.97 | Several vulnerabilities have been reported: a Cross-Site vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'batch' parameter and when performing a detailed search due to insufficient sanitization of the 'title' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because it is possible to obtain the full path to 'search.php' when accessed by an invalid 'by' parameter. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts have been published. | VCD-db Cross-Site Scripting & Path Disclosure | Medium | Secunia Advisory: SA18034, December 14, 2005 |
Website Baker 2.6, 2.5.2 | An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | Medium | Security Focus, Bugtraq ID: 15776, December 12, 2005 | |
WHMComplete | A Cross-Site Scripting vulnerability has been reported in 'knowledgebase.php' due to insufficient sanitization of the 'search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | WHMComplete | Medium | Security Focus, Bugtraq ID: 15856, December 14, 2005 |
WikkaWiki 1.1.6.0 | A Cross-Site Scripting vulnerability has been reported in 'TextSearch.PHP' due to insufficient sanitization of the 'phrase' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit scrip has been published. | WikkaWiki Cross-Site Scripting | Medium | Secunia Advisory: SA18015, December 14, 2005 |
XMail 1.21 | A buffer overflow vulnerability has been reported in the 'AddressFromAtPtr()' function due to a boundary error when copying the hostname portion of an e-mail address to a 256-byte buffer, which could let a malicious user execute arbitrary code. Upgrade available at: Debian: Gentoo: An exploit script has been published. | XMail Command Line Buffer Overflow | High | Security Tracker Alert ID: 1015055, October 13, 2005 Security Focus, Bugtraq ID: 15103, October 22, 2005 Debian Security Advisory, DSA 902-1, November 21, 2005 Gentoo Linux Security Advisory, GLSA 200512-05, December 14, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Bluetooth to unify wireless functionalities: The Bluetooth Special Interest Group is planning to co-operate more closely with the Wi-Fi, Ultra-wideband (UWB) and Near Field Communications (NFC) wireless standards.
The initiative seeks to combine technologies, functionalities and user interfaces to make them more straightforward for end users. Source: http://www.vnunet.com/vnunet/news/2147476/bluetooth-seeks-unify-wireless - Enterprise Mobility Spending To Triple By 2008: Study: According to a report released by the market research firm, Visiongain, spending by enterprises to support wireless and mobile initiatives will almost triple between now and 2008. The study indicated that mobile and wireless spending by enterprises totaled about $50 billion in 2005. That figure will increase to more than $130 billion by the end of 2008. The spending covers hardware, software and services. Source: http://www.mobilepipeline.com/showArticle.jhtml?articleID=175000717.
- Next-Gen Wi-Fi Could Appear By Late 2006: Study: According to a study by ABI Research, the pieces are falling into place for the next-generation 802.11n Wi-Fi standard to be ratified and chipsets could appear by the end of 2006.
The new standard will provide speeds in excess of Ethernet networking speeds. Source: http://www.mobilepipeline.com/showArticle.jhtml?articleID=
175002343.
Wireless Vulnerabilities
- Dell TrueMobile 2300 Remote Authentication Bypass: A vulnerability has been reported which could let a remote malicious user bypass authentication.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| December 14, 2005 | appfluent.txt | No | Exploit for the Appfluent Technology Database Buffer Overflow vulnerability. |
| December 14, 2005 | Bios.Information.Leakage.txt | N/A | Whitepaper that discusses information leakage and password extraction from a BIOS. |
| December 14, 2005 | fireburn.txt | Yes | Proof of Concept exploit for Firefox 1.0.4 for the InstallVersion.compareTo() vulnerability. |
| December 14, 2005 | lyris_attachment_mssql.pm.txt | Yes | Exploit for the ListManager SQL Injection vulnerability. |
| December 14, 2005 | sugar_suite_40beta.txt | No | Exploit for the SugarCRM Sugar Suite Remote & Local File Include vulnerabilities. |
| December 13, 2005 | mmap_deadlock.c | Yes | Proof of Concept Denial of Service exploit for the Linux Kernel Integer Overflow vulnerability. |
| December 13, 2005 | phpcoin_122_incl_xpl.html phpcoin_122_sql_xpl.html | No | Proof of Concept exploit for the PHPCoin File Include vulnerability. |
| December 13, 2005 | phpcoin_122_sql_xpl.html | No | Proof of Concept exploit for the PHPCoin SQL Injection Vulnerability. |
| December 10, 2005 | flatnuke_256_xpl.php flatnuke256_xpl.txt | No | Proof of Concept exploit for the Flatnuke Index.PHP Directory Traversal vulnerability. |
| December 10, 2005 | wiretap.pdf | N/A | A white paper that discusses vulnerabilities and countermeasures that exist within commonly used wiretapping systems by the government. |
| December 9, 2005 | firefox-1.5-buffer-overflow.txt | No | Proof of Concept exploit for the Mozilla History File Remote Denial of Service vulnerability. |
| December 9, 2005 | mambo452_xpl.html | Yes | Exploit for the Mambo Open Source Remote File Include vulnerability. |
| December 9, 2005 | nmap-3.95.tgz | N/A | A utility for port scanning large networks. |
| December 9, 2005 | ttyrpld-2.10.tbz2 | N/A | A kernel-based TTY shell, screen, and key logger for Linux, FreeBSD/PCBSD, and OpenBSD that has a real-time log analyzer. |
| December 8, 2005 | openview_connected | Yes | Exploit for the HP OpenView Network Node Manager Remote Arbitrary Code Execution vulnerability. |
| December 8, 2005 | wbaker_260_xpl.php wbaker_260_xpl.txt | No | Proof of Concept exploit for the Website Baker SQL Injection vulnerability. |
| December 7, 2005 | SimpleBBS-cmd-exec.c simplebbs_11_xpl.html bbs.c | No | Proof of Concept exploits for the SimpleBBS Input Validation vulnerability. |
[back to
top]
name=trends>Trends
- Trojan circulates as fake McAfee patch: A new Trojan is circulating that masquerades as a patch for McAfee's antivirus software.
Emails have been spammed out pretending to be a security update for a virus called 'Kongos 31' which does not exist. The email contains a link to a web page hosted in the US that looks very similar to the McAfee download page. Source: http://www.vnunet.com/vnunet/news/2147531/trojan-circulates-fake-mcafee. - Cyber Security Tip ST05-019,
Preventing and Responding to Identity Theft: Identity theft, or identity fraud, is a crime that can have
substantial financial and emotional consequences. Take precautions
with personal information; and if you become a victim, act immediately
to minimize the damage. Identity theft, or identity fraud, is a crime that can have
substantial financial and emotional consequences. Take precautions with personal information; and if you become a victim, act immediately to minimize the damage. Source: http://www.us-cert.gov/cas/tips/ST05-019.html - Cross Domain Vulnerability in Internet Explorer: US-CERT is aware of a cross domain violation in Internet Explorer. This may allow a script in one domain to access web content in a different domain. Source: http://www.us-cert.gov/current/.
- New SSL certificates coming: In an effort to reduce phishing and to help build online trust, security companies and browser makers are working together to design "high assurance" SSL certificates. Source: http://www.securityfocus.com/brief/77.
- E-Mail Spills Corporate Secrets: According to a study released by Radicati Group, six percent of workers admitted that they've E-mailed confidential company information to someone they shouldn't have and 62% said they've used their personal accounts for business purposes to circumvent controls placed on their business accounts. Source: http://www.informationweek.com/security/showArticle.jhtml?articleID=174918812.
- Sober code cracked: Antivirus companies they have cracked an algorithm that was being used by the Sober worm to "communicate" with its author. The latest variant of the Sober worm caused havoc in November by duping users into executing it by masking itself as e-mails from the FBI and CIA. Source: http://news.com.com/Sober+code+cracked/2100-7349_3-5989094.html?tag=nl.
- Rootkits Making More Spyware, Adware Stick: According to F-Secure, the sharp rise in rootkits is due to spyware and adware vendors trying to prevent their wares from being easily uninstalled. Since October the most common rootkit in the wild is the one used by the Apropos spyware program.
Source: http://www.techweb.com/wire/security/174907374;jsessionid=WRE35TOIAV2
AUQSNDBECKH0CJUMEKJVN. - Study: Unchecked Software Piracy Could Cost Nations Hundreds of Billions Of Dollars: According to a study conducted by International Data Corp, without a crackdown on global software piracy, countries stand to lose hundreds of billions of dollars in economic growth and tax revenues and millions of new jobs.
Cutting piracy by 10 percent over four years would generate 2.4 million new jobs in information technology, boost economic growth by $400 billion and increase tax revenues worldwide by $67 billion. Source: http://internetweek.cmp.com/security/174907328.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
| 2 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 3 | Sober-Z | Win32 Worm | Stable | December 2005 | A mass-mailing worm that harvests addresses from infected machines, forges the senders email, and utilizes its own mail engine. |
| 4 | Mytob-GH | Win32 Worm | Stable | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
| 5 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 6 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 7 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 8 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 9 | Mytob-GH | Win32 Worm | Stable | December 2005 | This email worm turns off anti-virus and opens infected systems to remote connections. It further harvests email addresses from infected machines, and forges the senders address. |
| 10 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
Table updated December 12, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.