/audio/quimup/

f='https://phantom.tfcis.org/~lantw44/git/freebsd-ports-gnome' title='freebsd-ports-gnome Git repository'/>
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/vuxml/vuln.xml21955
1 files changed, 8995 insertions, 12960 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 02fec9b55a77..d279797400fe 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,58 +34,83 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c01170bf-4990-11da-a1b8-000854d03344">
+ <topic>lynx -- remote buffer overflow</topic>
+ <affects>
+ <package>
+ <name>lynx</name>
+ <range><lt>2.8.5_1</lt></range>
+ <range><gt>2.8.6*</gt><lt>2.8.6d14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ulf Härnhammar reports:</p>
+ <blockquote cite="http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html">
+ <p>When Lynx connects to an NNTP server to fetch information
+ about the available articles in a newsgroup, it will
+ call a function called HTrjis() with the information
+ from certain article headers. The function adds missing
+ ESC characters to certain data, to support Asian character
+ sets. However, it does not check if it writes outside
+ of the char array buf, and that causes a remote stack-based
+ buffer overflow.
+ </p>
+ </blockquote>
+ </body>
+ </description> <references>
+ <cvename>CVE-2005-3120</cvename>
+ <url>http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html</url>
+ </references> <dates>
+ <discovery>2005-10-17</discovery>
+ <entry>2005-10-30</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1daea60a-4719-11da-b5c6-0004614cc33d">
<topic>ruby -- vulnerability in the safe level settings</topic>
<affects>
<package>
- <name>ruby</name>
- <name>ruby_static</name>
+ <name>ruby</name> <name>ruby_static</name>
<range><gt>1.6.*</gt><lt>1.6.8.2004.07.28_2</lt></range>
<range><gt>1.8.*</gt><lt>1.8.2_5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Ruby home page reports:</p>
- <blockquote cite="http://www.ruby-lang.org/en/20051003.html">
+ <p>Ruby home page reports:</p> <blockquote
+ cite="http://www.ruby-lang.org/en/20051003.html">
<p>The Object Oriented Scripting Language Ruby supports
safely executing an untrusted code with two mechanisms:
safe level and taint flag on objects.</p>
<p>A vulnerability has been found that allows bypassing
these mechanisms.</p>
- <p>By using the vulnerability, arbitrary code can be executed
+ <p>By using the vulnerability, arbitrary code can be
+ executed
beyond the restrictions specified in each safe level.
- Therefore, Ruby has to be updated on all systems that use
- safe level to execute untrusted code.</p>
+ Therefore, Ruby has to be updated on all systems that
+ use safe level to execute untrusted code.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CAN-2005-2337</cvename>
<url>http://www.ruby-lang.org/en/20051003.html</url>
- </references>
- <dates>
- <discovery>2005-10-02</discovery>
- <entry>2005-10-27</entry>
+ </references> <dates>
+ <discovery>2005-10-02</discovery> <entry>2005-10-27</entry>
</dates>
</vuln>
<vuln vid="2f0cb4bb-416d-11da-99fe-000854d03344">
- <topic>xloadimage -- buffer overflows in NIFF image title handling</topic>
- <affects>
+ <topic>xloadimage -- buffer overflows in NIFF image title
+ handling</topic> <affects>
<package>
- <name>xloadimage</name>
- <range><lt>4.1.15</lt></range>
+ <name>xloadimage</name> <range><lt>4.1.15</lt></range>
+ </package> <package>
+ <name>xli</name> <range><lt>1.17.0_4</lt></range>
</package>
- <package>
- <name>xli</name>
- <range><lt>1.17.0_4</lt></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Ariel Berkman reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112862493918840&amp;w=2">
+ <p>Ariel Berkman reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112862493918840&amp;w=2">
<p>Unlike most of the supported image formats in xloadimage,
the NIFF image format can store a title name of arbitrary
length as part of the image file.</p>
@@ -101,15 +126,11 @@ Note: Please add new entries to the beginning of this file.
be overflowed.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>15051</bid>
- <cvename>CVE-2005-3178</cvename>
- <mlist msgid="BOEKKJLADFNHIEFBHCECMEONCFAA.aberkm1@uic.edu">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112862493918840&amp;w=2</mlist>
- </references>
- <dates>
- <discovery>2005-10-05</discovery>
- <entry>2005-10-20</entry>
+ </description> <references>
+ <bid>15051</bid> <cvename>CVE-2005-3178</cvename> <mlist
+ msgid="BOEKKJLADFNHIEFBHCECMEONCFAA.aberkm1@uic.edu">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112862493918840&amp;w=2</mlist>
+ </references> <dates>
+ <discovery>2005-10-05</discovery> <entry>2005-10-20</entry>
<modified>2005-10-23</modified>
</dates>
</vuln>
@@ -119,69 +140,59 @@ Note: Please add new entries to the beginning of this file.
vulnerability</topic>
<affects>
<package>
- <name>snort</name>
- <range><ge>2.4.0</ge><lt>2.4.3</lt></range>
+ <name>snort</name> <range><ge>2.4.0</ge><lt>2.4.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Jennifer Steffens reports:</p>
- <blockquote cite="http://www.snort.org/pub-bin/snortnews.cgi#99">
+ <p>Jennifer Steffens reports:</p> <blockquote
+ cite="http://www.snort.org/pub-bin/snortnews.cgi#99">
<p>The Back Orifice preprocessor contains a stack-based
- buffer overflow. This vulnerability could be leveraged by
- an attacker to execute code remotely on a Snort sensor
- where the Back Orifice preprocessor is enabled. However,
- there are a number of factors that make remote code
- execution difficult to achieve across different builds of
- Snort on different platforms, even on the same platform
- with different compiler versions, and it is more likely
- that an attacker could use the vulnerability as a denial
- of service attack.</p>
+ buffer overflow. This vulnerability could be leveraged
+ by an attacker to execute code remotely on a Snort
+ sensor where the Back Orifice preprocessor is enabled.
+ However, there are a number of factors that make remote
+ code execution difficult to achieve across different
+ builds of Snort on different platforms, even on the
+ same platform with different compiler versions, and it
+ is more likely that an attacker could use the vulnerability
+ as a denial of service attack.</p>
<p>The Back Orifice preprocessor can be disabled by
- commenting out the line "preprocessor bo" in
- snort.conf. This can be done in any text editor using the
- following procedure:</p>
+ commenting out the line "preprocessor bo" in snort.conf.
+ This can be done in any text editor using the following
+ procedure:</p>
<ol>
- <li>Locate the line "preprocessor bo"</li>
- <li>Comment out this line by preceding it with a hash
- (#). The new line will look like "#preprocessor bo"</li>
- <li>Save the file</li>
- <li>Restart snort</li>
+ <li>Locate the line "preprocessor bo"</li> <li>Comment
+ out this line by preceding it with a hash
+ (#). The new line will look like "#preprocessor
+ bo"</li>
+ <li>Save the file</li> <li>Restart snort</li>
</ol>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<certvu>175500</certvu>
<url>http://www.snort.org/pub-bin/snortnews.cgi#99</url>
<url>http://xforce.iss.net/xforce/alerts/id/207</url>
- </references>
- <dates>
- <discovery>2005-10-18</discovery>
- <entry>2005-10-18</entry>
+ </references> <dates>
+ <discovery>2005-10-18</discovery> <entry>2005-10-18</entry>
</dates>
</vuln>
<vuln vid="60f8fe7b-3cfb-11da-baa2-0004614cc33d">
- <topic>webcalendar -- multiple reports of websites getting defaced</topic>
- <affects>
+ <topic>webcalendar -- multiple reports of websites getting
+ defaced</topic> <affects>
<package>
- <name>WebCalendar</name>
- <range><lt>1.0.1</lt></range>
+ <name>WebCalendar</name> <range><lt>1.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>There is a vulnerability in includes/functions.php file.
No details available.</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://sourceforge.net/forum/forum.php?thread_id=1342085&amp;forum_id=11587</url>
- </references>
- <dates>
- <discovery>2005-08-26</discovery>
- <entry>2005-10-15</entry>
+ </references> <dates>
+ <discovery>2005-08-26</discovery> <entry>2005-10-15</entry>
<modified>2005-10-18</modified>
</dates>
</vuln>
@@ -190,97 +201,83 @@ Note: Please add new entries to the beginning of this file.
<topic>gallery2 -- a vulnerability has been discovered</topic>
<affects>
<package>
- <name>gallery2</name>
- <range><lt>2.0.1</lt></range>
+ <name>gallery2</name> <range><lt>2.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Michael Dipper wrote:</p>
- <blockquote cite="http://dipper.info/security/20051012/">
+ <p>Michael Dipper wrote:</p> <blockquote
+ cite="http://dipper.info/security/20051012/">
<p>A vulnerability has been discovered in gallery,
which allows remote users unauthorized access to files
on the webserver.</p>
<p>A remote user accessing gallery over the web may use
specially crafted HTTP parameters to access arbitrary
files located on the webserver. All files readable by
- the webserver process are subject to disclosure.
- The vulnerability is *not* restricted to the webserver's
- document root but extends to the whole server file space.</p>
+ the webserver process are subject to disclosure. The
+ vulnerability is *not* restricted to the webserver's
+ document root but extends to the whole server file
+ space.</p>
<p>The vulnerabilty may be used by any anonymous user,
there is no login to the application required.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://dipper.info/security/20051012/</url>
- </references>
- <dates>
- <discovery>2005-10-12</discovery>
- <entry>2005-10-15</entry>
+ </references> <dates>
+ <discovery>2005-10-12</discovery> <entry>2005-10-15</entry>
</dates>
</vuln>
<vuln vid="60e26a40-3b25-11da-9484-00123ffe8333">
- <topic>openssl -- potential SSL 2.0 rollback</topic>
- <affects>
+ <topic>openssl -- potential SSL 2.0 rollback</topic> <affects>
<package>
- <name>openssl</name>
- <name>openssl-overwrite-base</name>
+ <name>openssl</name> <name>openssl-overwrite-base</name>
<range><le>0.9.7g</le></range>
<range><ge>0.9.8</ge><le>0.9.8_1</le></range>
<range><ge>0.9.*_20050325</ge><le>0.9.*_20051011</le></range>
- </package>
- <package>
- <name>openssl-beta</name>
- <name>openssl-beta-overwrite-base</name>
+ </package> <package>
+ <name>openssl-beta</name> <name>openssl-beta-overwrite-base</name>
<range><le>0.9.8_1</le></range>
<range><ge>0.9.*_20050325</ge><le>0.9.*_20051011</le></range>
- </package>
- <package>
- <name>compat5x-alpha</name>
- <name>compat5x-amd64</name>
- <name>compat5x-i386</name>
- <name>compat5x-sparc64</name>
+ </package> <package>
+ <name>compat5x-alpha</name> <name>compat5x-amd64</name>
+ <name>compat5x-i386</name> <name>compat5x-sparc64</name>
<range><lt>5.4.0.8</lt></range>
- </package>
- <system>
- <name>FreeBSD</name>
- <range><lt>4.10_19</lt></range>
+ </package> <system>
+ <name>FreeBSD</name> <range><lt>4.10_19</lt></range>
<range><ge>4.11</ge><lt>4.11_13</lt></range>
<range><ge>5.3</ge><lt>5.3_23</lt></range>
<range><ge>5.4</ge><lt>5.4_8</lt></range>
</system>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Vulnerability:</p>
- <blockquote cite="http://www.openssl.org/news/secadv_20051011.txt">
+ <p>Vulnerability:</p> <blockquote
+ cite="http://www.openssl.org/news/secadv_20051011.txt">
<p>Such applications are affected if they use the option
- SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of
- SSL_OP_ALL, which is intended to work around various bugs in
- third-party software that might prevent interoperability. The
- SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in
- the SSL 2.0 server supposed to prevent active protocol-version
- rollback attacks. With this verification step disabled, an attacker
- acting as a "man in the middle" can force a client and a server to
- negotiate the SSL 2.0 protocol even if these parties both support SSL
- 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe
- cryptographic weaknesses and is supported as a fallback only.</p>
- <p>Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor
- SSL_OP_ALL are not affected. Also, applications that disable
- use of SSL 2.0 are not affected.</p>
- </blockquote>
- </body>
- </description>
- <references>
+ SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied
+ by use of SSL_OP_ALL, which is intended to work around
+ various bugs in third-party software that might prevent
+ interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING
+ option disables a verification step in the SSL 2.0
+ server supposed to prevent active protocol-version
+ rollback attacks. With this verification step disabled,
+ an attacker acting as a "man in the middle" can force
+ a client and a server to negotiate the SSL 2.0 protocol
+ even if these parties both support SSL 3.0 or TLS 1.0.
+ The SSL 2.0 protocol is known to have severe cryptographic
+ weaknesses and is supported as a fallback only.</p>
+ <p>Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING
+ nor
+ SSL_OP_ALL are not affected. Also, applications that
+ disable use of SSL 2.0 are not affected.</p>
+ </blockquote>
+ </body>
+ </description> <references>
<freebsdsa>SA-05:21.openssl</freebsdsa>
<cvename>CVE-2005-2969</cvename>
<url>http://www.openssl.org/news/secadv_20051011.txt</url>
- </references>
- <dates>
- <discovery>2005-10-11</discovery>
- <entry>2005-10-12</entry>
+ </references> <dates>
+ <discovery>2005-10-11</discovery> <entry>2005-10-12</entry>
<modified>2005-10-25</modified>
</dates>
</vuln>
@@ -292,125 +289,110 @@ Note: Please add new entries to the beginning of this file.
<name>phpMyAdmin</name>
<range><ge>2.6.4.r1</ge><le>2.6.4.1</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A phpMyAdmin security announcement reports:</p>
- <blockquote cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4">
+ <p>A phpMyAdmin security announcement reports:</p> <blockquote
+ cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4">
<p>In libraries/grab_globals.lib.php, the $__redirect
- parameter was not correctly validated, opening the door to
- a local file inclusion attack.</p>
+ parameter was not correctly validated, opening the door
+ to a local file inclusion attack.</p>
<p>We consider this vulnerability to be serious.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>15053</bid>
- <mlist msgid="20051010161119.1689.qmail@securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112907764728209</mlist>
+ </description> <references>
+ <bid>15053</bid> <mlist
+ msgid="20051010161119.1689.qmail@securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112907764728209</mlist>
<url>http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4</url>
- </references>
- <dates>
- <discovery>2005-10-11</discovery>
- <entry>2005-10-11</entry>
+ </references> <dates>
+ <discovery>2005-10-11</discovery> <entry>2005-10-11</entry>
<modified>2005-10-13</modified>
</dates>
</vuln>
<vuln vid="d2b80c7c-3aae-11da-9484-00123ffe8333">
- <topic>zope28 -- expose RestructuredText functionality to untrusted users</topic>
- <affects>
+ <topic>zope28 -- expose RestructuredText functionality to
+ untrusted users</topic> <affects>
<package>
- <name>zope</name>
- <range><ge>2.6.0</ge><lt>2.7.8</lt></range>
+ <name>zope</name> <range><ge>2.6.0</ge><lt>2.7.8</lt></range>
<range><ge>2.8.0</ge><le>2.8.1_2</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Zope Hotfix Alert reports:</p>
- <blockquote cite="http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert">
+ <p>A Zope Hotfix Alert reports:</p> <blockquote
+ cite="http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert">
<p>This hotfix resolves a security issue with docutils.</p>
<p>Affected are possibly all Zope instances that expose
RestructuredText functionalies to untrusted users through
the web.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<bid>15082</bid>
<url>http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert</url>
- </references>
- <dates>
- <discovery>2005-10-09</discovery>
- <entry>2005-10-11</entry>
+ </references> <dates>
+ <discovery>2005-10-09</discovery> <entry>2005-10-11</entry>
<modified>2005-10-23</modified>
</dates>
</vuln>
<vuln vid="3bc5691e-38dd-11da-92f5-020039488e34">
- <topic>libxine -- format string vulnerability</topic>
- <affects>
+ <topic>libxine -- format string vulnerability</topic> <affects>
<package>
- <name>libxine</name>
- <range><lt>1.1.0_1</lt></range>
+ <name>libxine</name> <range><lt>1.1.0_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Gentoo Linux Security Advisory reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml">
- <p>Ulf Harnhammar discovered a format string bug in the routines
+ <p>Gentoo Linux Security Advisory reports:</p> <blockquote
+ cite="http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml">
+ <p>Ulf Harnhammar discovered a format string bug in the
+ routines
handling CDDB server response contents.</p>
- <p>An attacker could submit malicious information about an audio
- CD to a public CDDB server (or impersonate a public CDDB server).
- When the victim plays this CD on a multimedia frontend relying
- on xine-lib, it could end up executing arbitrary code.</p>
+ <p>An attacker could submit malicious information about
+ an audio
+ CD to a public CDDB server (or impersonate a public
+ CDDB server). When the victim plays this CD on a
+ multimedia frontend relying on xine-lib, it could end
+ up executing arbitrary code.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2967</cvename>
<url>http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml</url>
<url>http://xinehq.de/index.php/security/XSA-2005-1</url>
- </references>
- <dates>
- <discovery>2005-10-08</discovery>
- <entry>2005-10-09</entry>
+ </references> <dates>
+ <discovery>2005-10-08</discovery> <entry>2005-10-09</entry>
</dates>
</vuln>
<vuln vid="1f6e2ade-35c2-11da-811d-0050bf27ba24">
- <topic>imap-uw -- mailbox name handling remote buffer vulnerability</topic>
- <affects>
+ <topic>imap-uw -- mailbox name handling remote buffer
+ vulnerability</topic> <affects>
<package>
- <name>imap-uw</name>
- <range><lt>2004g</lt></range>
+ <name>imap-uw</name> <range><lt>2004g</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>FrSIRT reports:</p>
- <blockquote cite="http://www.frsirt.com/english/advisories/2005/1953">
- <p>A vulnerability has been identified in UW-IMAP, which could
- be exploited by remote attackers to execute arbitrary commands.
- This flaw is due to a stack overflow error in the
- "mail_valid_net_parse_work()" [src/c-client/mail.c] function that
- does not properly handle specially crafted mailbox names containing
- a quote (") character, which could be exploited by authenticated
- remote attackers to execute arbitrary commands with the privileges
- of the IMAP server.</p>
+ <p>FrSIRT reports:</p> <blockquote
+ cite="http://www.frsirt.com/english/advisories/2005/1953">
+ <p>A vulnerability has been identified in UW-IMAP, which
+ could
+ be exploited by remote attackers to execute arbitrary
+ commands. This flaw is due to a stack overflow error
+ in the "mail_valid_net_parse_work()" [src/c-client/mail.c]
+ function that does not properly handle specially crafted
+ mailbox names containing a quote (") character, which
+ could be exploited by authenticated remote attackers
+ to execute arbitrary commands with the privileges of
+ the IMAP server.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2933</cvename>
<url>http://www.frsirt.com/english/advisories/2005/1953</url>
<url>http://www.idefense.com/application/poi/display?id=313&amp;type=vulnerabilities</url>
<url>http://www.washington.edu/imap/documentation/RELNOTES.html</url>
- </references>
- <dates>
- <discovery>2005-10-05</discovery>
- <entry>2005-10-05</entry>
+ </references> <dates>
+ <discovery>2005-10-05</discovery> <entry>2005-10-05</entry>
</dates>
</vuln>
@@ -418,45 +400,40 @@ Note: Please add new entries to the beginning of this file.
<topic>weex -- remote format string vulnerability</topic>
<affects>
<package>
- <name>weex</name>
- <range><lt>2.6.1.5_1</lt></range>
+ <name>weex</name> <range><lt>2.6.1.5_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Emanuel Haupt reports:</p>
- <blockquote cite="http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833">
- <p>Someone who controls an FTP server that weex will log in to
- can set up malicious data in the account that weex will use,
- and that will cause a format string bug that will allow remote
- code execution. It will only happen when weex is first run or
- when its cache files are rebuilt with the -r option,
- though. The vulnerability was found by Ulf Harnhammar.</p>
+ <p>Emanuel Haupt reports:</p> <blockquote
+ cite="http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833">
+ <p>Someone who controls an FTP server that weex will log
+ in to
+ can set up malicious data in the account that weex will
+ use, and that will cause a format string bug that will
+ allow remote code execution. It will only happen when
+ weex is first run or when its cache files are rebuilt
+ with the -r option, though. The vulnerability was found
+ by Ulf Harnhammar.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<freebsdpr>ports/86833</freebsdpr>
- </references>
- <dates>
- <discovery>2005-10-02</discovery>
- <entry>2005-10-02</entry>
+ </references> <dates>
+ <discovery>2005-10-02</discovery> <entry>2005-10-02</entry>
</dates>
</vuln>
<vuln vid="8a3ece40-3315-11da-a263-0001020eed82">
- <topic>picasm -- buffer overflow vulnerability</topic>
- <affects>
+ <topic>picasm -- buffer overflow vulnerability</topic> <affects>
<package>
- <name>picasm</name>
- <range><lt>1.12c</lt></range>
+ <name>picasm</name> <range><lt>1.12c</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Shaun Colley reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111661253517089">
- <p>When generating error and warning messages, picasm copies
+ <p>Shaun Colley reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111661253517089">
+ <p>When generating error and warning messages, picasm
+ copies
strings into fixed length buffers without bounds
checking.</p>
<p>If an attacker could trick a user into assembling a
@@ -465,46 +442,36 @@ Note: Please add new entries to the beginning of this file.
This could result in full system compromise.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13698</bid>
- <cvename>CVE-2005-1679</cvename>
- <mlist msgid="c522a35a0505200807744163c4@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111661253517089</mlist>
- </references>
- <dates>
- <discovery>2005-05-20</discovery>
- <entry>2005-10-02</entry>
+ </description> <references>
+ <bid>13698</bid> <cvename>CVE-2005-1679</cvename> <mlist
+ msgid="c522a35a0505200807744163c4@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111661253517089</mlist>
+ </references> <dates>
+ <discovery>2005-05-20</discovery> <entry>2005-10-02</entry>
</dates>
</vuln>
<vuln vid="1e606080-3293-11da-ac91-020039488e34">
- <topic>uim -- privilege escalation vulnerability</topic>
- <affects>
+ <topic>uim -- privilege escalation vulnerability</topic> <affects>
<package>
- <name>ja-uim</name>
- <range><lt>0.4.9.1</lt></range>
+ <name>ja-uim</name> <range><lt>0.4.9.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The uim developers reports:</p>
- <blockquote cite="http://lists.freedesktop.org/archives/uim/2005-September/001346.html">
+ <p>The uim developers reports:</p> <blockquote
+ cite="http://lists.freedesktop.org/archives/uim/2005-September/001346.html">
<p>Masanari Yamamoto discovered that incorrect use
- of environment variables in uim. This bug causes
- privilege escalation if setuid/setgid applications
- was linked to libuim.</p>
- <p>This bug appears in 'immodule for Qt' enabled Qt.
- (Normal Qt is also safe.) In some distribution,
- mlterm is also an setuid/setgid application.</p>
+ of environment variables in uim. This bug causes privilege
+ escalation if setuid/setgid applications was linked to
+ libuim.</p>
+ <p>This bug appears in 'immodule for Qt' enabled Qt.
+ (Normal Qt is also safe.) In some distribution, mlterm
+ is also an setuid/setgid application.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://lists.freedesktop.org/archives/uim/2005-September/001346.html</url>
- </references>
- <dates>
- <discovery>2005-09-28</discovery>
- <entry>2005-10-01</entry>
+ </references> <dates>
+ <discovery>2005-09-28</discovery> <entry>2005-10-01</entry>
</dates>
</vuln>
@@ -512,36 +479,28 @@ Note: Please add new entries to the beginning of this file.
<topic>cfengine -- arbitrary file overwriting vulnerability</topic>
<affects>
<package>
- <name>cfengine</name>
- <range><lt>2.1.6_1</lt></range>
- </package>
- <package>
- <name>cfengine2</name>
- <range><gt>0</gt></range>
+ <name>cfengine</name> <range><lt>2.1.6_1</lt></range>
+ </package> <package>
+ <name>cfengine2</name> <range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Debian Security Advisory reports:</p>
- <blockquote cite="http://www.debian.org/security/2005/dsa-835">
+ <p>A Debian Security Advisory reports:</p> <blockquote
+ cite="http://www.debian.org/security/2005/dsa-835">
<p>Javier Fernández-Sanguino Peña discovered several
insecure temporary file uses in cfengine, a tool for
- configuring and maintaining networked machines, that can
- be exploited by a symlink attack to overwrite arbitrary
- files owned by the user executing cfengine, which is
- probably root.</p>
+ configuring and maintaining networked machines, that
+ can be exploited by a symlink attack to overwrite
+ arbitrary files owned by the user executing cfengine,
+ which is probably root.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2960</cvename>
- <bid>14994</bid>
+ </description> <references>
+ <cvename>CVE-2005-2960</cvename> <bid>14994</bid>
<url>http://www.debian.org/security/2005/dsa-835</url>
<url>http://www.debian.org/security/2005/dsa-836</url>
- </references>
- <dates>
- <discovery>2005-10-01</discovery>
- <entry>2005-10-01</entry>
+ </references> <dates>
+ <discovery>2005-10-01</discovery> <entry>2005-10-01</entry>
<modified>2005-10-07</modified>
</dates>
</vuln>
@@ -551,38 +510,30 @@ Note: Please add new entries to the beginning of this file.
vulnerabilities</topic>
<affects>
<package>
- <name>clamav</name>
- <range><lt>0.87</lt></range>
- </package>
- <package>
- <name>clamav-devel</name>
- <range><lt>20050917</lt></range>
+ <name>clamav</name> <range><lt>0.87</lt></range>
+ </package> <package>
+ <name>clamav-devel</name> <range><lt>20050917</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Gentoo Linux Security Advisory reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml">
+ <p>Gentoo Linux Security Advisory reports:</p> <blockquote
+ cite="http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml">
<p>Clam AntiVirus is vulnerable to a buffer overflow in
"libclamav/upx.c" when processing malformed UPX-packed
- executables. It can also be sent into an infinite loop in
- "libclamav/fsg.c" when processing specially-crafted
+ executables. It can also be sent into an infinite loop
+ in "libclamav/fsg.c" when processing specially-crafted
FSG-packed executables.</p>
<p>By sending a specially-crafted file an attacker could
execute arbitrary code with the permissions of the user
running Clam AntiVirus, or cause a Denial of Service.</p>
</blockquote>
</body>
- </description>
- <references>
- <certvu>363713</certvu>
- <cvename>CVE-2005-2919</cvename>
+ </description> <references>
+ <certvu>363713</certvu> <cvename>CVE-2005-2919</cvename>
<cvename>CVE-2005-2920</cvename>
<url>http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml</url>
- </references>
- <dates>
- <discovery>2005-09-16</discovery>
- <entry>2005-09-24</entry>
+ </references> <dates>
+ <discovery>2005-09-16</discovery> <entry>2005-09-24</entry>
<modified>2005-10-22</modified>
</dates>
</vuln>
@@ -591,31 +542,19 @@ Note: Please add new entries to the beginning of this file.
<topic>firefox &amp; mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.7,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.7</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.12,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.7,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.7</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.12,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <range><lt>1.7.12</lt></range>
- </package>
- <package>
- <name>linux-mozilla-devel</name>
- <range><gt>0</gt></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <range><lt>1.7.12</lt></range>
+ </package> <package>
+ <name>linux-mozilla-devel</name> <range><gt>0</gt></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -624,112 +563,96 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports of multiple
issues:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-58.html">
- <h1>Heap overrun in XBM image processing</h1>
- <p>jackerror reports that an improperly terminated XBM image
- ending with space characters instead of the expected end
- tag can lead to a heap buffer overrun. This appears to be
- exploitable to install or run malicious code on the user's
- machine.</p>
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-58.html">
+ <h1>Heap overrun in XBM image processing</h1> <p>jackerror
+ reports that an improperly terminated XBM image
+ ending with space characters instead of the expected
+ end tag can lead to a heap buffer overrun. This appears
+ to be exploitable to install or run malicious code on
+ the user's machine.</p>
<p>Thunderbird does not support the XBM format and is not
affected by this flaw.</p>
- <h1>Crash on "zero-width non-joiner" sequence</h1>
- <p>Mats Palmgren discovered that a reported crash on Unicode
- sequences with "zero-width non-joiner" characters was due
- to stack corruption that may be exploitable.</p>
- <h1>XMLHttpRequest header spoofing</h1>
- <p>It was possible to add illegal and malformed headers to
+ <h1>Crash on "zero-width non-joiner" sequence</h1> <p>Mats
+ Palmgren discovered that a reported crash on Unicode
+ sequences with "zero-width non-joiner" characters was
+ due to stack corruption that may be exploitable.</p>
+ <h1>XMLHttpRequest header spoofing</h1> <p>It was possible
+ to add illegal and malformed headers to
an XMLHttpRequest. This could have been used to exploit
- server or proxy flaws from the user's machine, or to fool
- a server or proxy into thinking a single request was a
- stream of separate requests. The severity of this
- vulnerability depends on the value of servers which might
- be vulnerable to HTTP request smuggling and similar
+ server or proxy flaws from the user's machine, or to
+ fool a server or proxy into thinking a single request
+ was a stream of separate requests. The severity of this
+ vulnerability depends on the value of servers which
+ might be vulnerable to HTTP request smuggling and similar
attacks, or which share an IP address (virtual hosting)
with the attacker's page.</p>
- <p>For users connecting to the web through a proxy this flaw
+ <p>For users connecting to the web through a proxy this
+ flaw
could be used to bypass the same-origin restriction on
XMLHttpRequests by fooling the proxy into handling a
- single request as multiple pipe-lined requests directed at
- arbitrary hosts. This could be used, for example, to read
- files on intranet servers behind a firewall.</p>
+ single request as multiple pipe-lined requests directed
+ at arbitrary hosts. This could be used, for example,
+ to read files on intranet servers behind a firewall.</p>
<h1>Object spoofing using XBL &lt;implements&gt;</h1>
<p>moz_bug_r_a4 demonstrated a DOM object spoofing bug
similar to <a
href="http://www.mozilla.org/security/announce/mfsa2005-55.html">MFSA
2005-55</a> using an XBL control that &lt;implements&gt;
- an internal interface. The severity depends on the version
- of Firefox: investigation so far indicates Firefox 1.0.x
- releases don't expose any vulnerable functionality to
- interfaces spoofed in this way, but that early Deer Park
- Alpha 1 versions did.</p>
+ an internal interface. The severity depends on the
+ version of Firefox: investigation so far indicates
+ Firefox 1.0.x releases don't expose any vulnerable
+ functionality to interfaces spoofed in this way, but
+ that early Deer Park Alpha 1 versions did.</p>
<p>XBL was changed to no longer allow unprivileged controls
from web content to implement XPCOM interfaces.</p>
- <h1>JavaScript integer overflow</h1>
- <p>Georgi Guninski reported an integer overflow in the
- JavaScript engine. We presume this could be exploited to
- run arbitrary code under favorable conditions.</p>
- <h1>Privilege escalation using about: scheme</h1>
- <p>heatsync and shutdown report two different ways to bypass
- the restriction on loading high privileged "chrome" pages
- from an unprivileged "about:" page. By itself this is
- harmless--once the "about" page's privilege is raised the
- original page no longer has access--but should this be
- combined with a same-origin violation this could lead to
- arbitrary code execution.</p>
- <h1>Chrome window spoofing</h1>
- <p>moz_bug_r_a4 demonstrates a way to get a blank "chrome"
+ <h1>JavaScript integer overflow</h1> <p>Georgi Guninski
+ reported an integer overflow in the
+ JavaScript engine. We presume this could be exploited
+ to run arbitrary code under favorable conditions.</p>
+ <h1>Privilege escalation using about: scheme</h1> <p>heatsync
+ and shutdown report two different ways to bypass
+ the restriction on loading high privileged "chrome"
+ pages from an unprivileged "about:" page. By itself
+ this is harmless--once the "about" page's privilege is
+ raised the original page no longer has access--but
+ should this be combined with a same-origin violation
+ this could lead to arbitrary code execution.</p>
+ <h1>Chrome window spoofing</h1> <p>moz_bug_r_a4 demonstrates
+ a way to get a blank "chrome"
canvas by opening a window from a reference to a closed
window. The resulting window is not privileged, but the
normal browser UI is missing and can be used to construct
a spoof page without any of the safety features of the
- browser chrome designed to alert users to phishing sites,
- such as the address bar and the status bar.</p>
+ browser chrome designed to alert users to phishing
+ sites, such as the address bar and the status bar.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2701</cvename>
- <cvename>CVE-2005-2702</cvename>
- <cvename>CVE-2005-2703</cvename>
- <cvename>CVE-2005-2704</cvename>
- <cvename>CVE-2005-2705</cvename>
- <cvename>CVE-2005-2706</cvename>
+ </description> <references>
+ <cvename>CVE-2005-2701</cvename> <cvename>CVE-2005-2702</cvename>
+ <cvename>CVE-2005-2703</cvename> <cvename>CVE-2005-2704</cvename>
+ <cvename>CVE-2005-2705</cvename> <cvename>CVE-2005-2706</cvename>
<cvename>CVE-2005-2707</cvename>
<url>http://www.mozilla.org/security/announce/mfsa2005-58.html</url>
- </references>
- <dates>
- <discovery>2005-09-22</discovery>
- <entry>2005-09-23</entry>
+ </references> <dates>
+ <discovery>2005-09-22</discovery> <entry>2005-09-23</entry>
<modified>2005-10-26</modified>
</dates>
</vuln>
@@ -739,31 +662,19 @@ Note: Please add new entries to the beginning of this file.
injection</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.7,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.7</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.12,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.7,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.7</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.12,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <range><lt>1.7.12</lt></range>
- </package>
- <package>
- <name>linux-mozilla-devel</name>
- <range><gt>0</gt></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <range><lt>1.7.12</lt></range>
+ </package> <package>
+ <name>linux-mozilla-devel</name> <range><gt>0</gt></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -772,70 +683,54 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/16869/">
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/16869/">
<p>Peter Zelezny has discovered a vulnerability in Firefox,
- which can be exploited by malicious people to compromise a
- user's system.</p>
- <p>The vulnerability is caused due to the shell script used
- to launch Firefox parsing shell commands that are enclosed
- within backticks in the URL provided via the command
- line. This can e.g. be exploited to execute arbitrary
- shell commands by tricking a user into following a
- malicious link in an external application which uses
+ which can be exploited by malicious people to compromise
+ a user's system.</p>
+ <p>The vulnerability is caused due to the shell script
+ used
+ to launch Firefox parsing shell commands that are
+ enclosed within backticks in the URL provided via the
+ command line. This can e.g. be exploited to execute
+ arbitrary shell commands by tricking a user into following
+ a malicious link in an external application which uses
Firefox as the default browser.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2968</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=307185</url>
<url>http://secunia.com/advisories/16869/</url>
<url>http://www.mozilla.org/security/announce/mfsa2005-59.html</url>
- </references>
- <dates>
- <discovery>2005-09-06</discovery>
- <entry>2005-09-22</entry>
+ </references> <dates>
+ <discovery>2005-09-06</discovery> <entry>2005-09-22</entry>
<modified>2005-10-26</modified>
</dates>
</vuln>
<vuln vid="e936d612-253f-11da-bc01-000e0c2e438a">
- <topic>apache -- Certificate Revocation List (CRL) off-by-one vulnerability</topic>
- <affects>
+ <topic>apache -- Certificate Revocation List (CRL) off-by-one
+ vulnerability</topic> <affects>
<package>
- <name>apache</name>
- <range><gt>2.*</gt><lt>2.0.54_1</lt></range>
+ <name>apache</name> <range><gt>2.*</gt><lt>2.0.54_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Marc Stern reports an off-by-one vulnerability in within
mod_ssl. The vulnerability lies in mod_ssl's Certificate
@@ -843,47 +738,40 @@ Note: Please add new entries to the beginning of this file.
CRL this could allow an attacker to crash a child process
causing a Denial of Service.</p>
</body>
- </description>
- <references>
- <bid>14366</bid>
- <cvename>CVE-2005-1268</cvename>
- </references>
- <dates>
- <discovery>2005-07-12</discovery>
- <entry>2005-09-17</entry>
+ </description> <references>
+ <bid>14366</bid> <cvename>CVE-2005-1268</cvename>
+ </references> <dates>
+ <discovery>2005-07-12</discovery> <entry>2005-09-17</entry>
</dates>
</vuln>
<vuln vid="7d52081f-2795-11da-bc01-000e0c2e438a">
- <topic>squirrelmail -- _$POST variable handling allows for various
+ <topic>squirrelmail -- _$POST variable handling allows for
+ various
attacks</topic>
<affects>
<package>
- <name>squirrelmail</name>
- <name>ja-squirrelmail</name>
+ <name>squirrelmail</name> <name>ja-squirrelmail</name>
<range><ge>1.4.0</ge><lt>1.4.5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Squirrelmail Advisory reports:</p>
- <blockquote cite="http://www.squirrelmail.org/security/issue/2005-07-13">
- <p>An extract($_POST) was done in options_identities.php which
+ <p>A Squirrelmail Advisory reports:</p> <blockquote
+ cite="http://www.squirrelmail.org/security/issue/2005-07-13">
+ <p>An extract($_POST) was done in options_identities.php
+ which
allowed for an attacker to set random variables in that
file. This could lead to the reading (and possible
- writing) of other people's preferences, cross site scripting
- or writing files in webserver-writable locations.</p>
+ writing) of other people's preferences, cross site
+ scripting or writing files in webserver-writable
+ locations.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>14254</bid>
- <cvename>CVE-2005-2095</cvename>
+ </description> <references>
+ <bid>14254</bid> <cvename>CVE-2005-2095</cvename>
<url>http://www.squirrelmail.org/security/issue/2005-07-13</url>
- </references>
- <dates>
- <discovery>2005-07-13</discovery>
- <entry>2005-09-17</entry>
+ </references> <dates>
+ <discovery>2005-07-13</discovery> <entry>2005-09-17</entry>
<modified>2005-09-19</modified>
</dates>
</vuln>
@@ -892,65 +780,51 @@ Note: Please add new entries to the beginning of this file.
<topic>X11 server -- pixmap allocation vulnerability</topic>
<affects>
<package>
- <name>XFree86-Server</name>
- <range><lt>4.5.0_2</lt></range>
- </package>
- <package>
- <name>xorg-server</name>
- <range><lt>6.8.2_5</lt></range>
+ <name>XFree86-Server</name> <range><lt>4.5.0_2</lt></range>
+ </package> <package>
+ <name>xorg-server</name> <range><lt>6.8.2_5</lt></range>
<range><gt>6.8.99</gt><lt>6.8.99.12_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Allocating large pixmaps by a client can trigger an integer
- overflow in the X server, potentially leading to execution of
- arbitrary code with elevated (root) privileges.</p>
+ <p>Allocating large pixmaps by a client can trigger an
+ integer
+ overflow in the X server, potentially leading to execution
+ of arbitrary code with elevated (root) privileges.</p>
</body>
- </description>
- <references>
- <bid>14807</bid>
- <certvu>102441</certvu>
+ </description> <references>
+ <bid>14807</bid> <certvu>102441</certvu>
<cvename>CVE-2005-2495</cvename>
<url>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166856</url>
<url>https://bugs.freedesktop.org/show_bug.cgi?id=594</url>
- </references>
- <dates>
- <discovery>2005-09-12</discovery>
- <entry>2005-09-15</entry>
+ </references> <dates>
+ <discovery>2005-09-12</discovery> <entry>2005-09-15</entry>
</dates>
</vuln>
<vuln vid="9750cf22-216d-11da-bc01-000e0c2e438a">
- <topic>unzip -- permission race vulnerability</topic>
- <affects>
+ <topic>unzip -- permission race vulnerability</topic> <affects>
<package>
- <name>unzip</name>
- <name>zh-unzip</name>
- <name>ko-unzip</name>
+ <name>unzip</name> <name>zh-unzip</name> <name>ko-unzip</name>
<range><lt>5.52_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Imran Ghory reports a vulnerability within unzip. The
vulnerability is caused by a race condition between
extracting an archive and changing the permissions of the
- extracted files. This would give an attacker enough time to
- remove a file and hardlink it to another file owned by the
- user running unzip. When unzip changes the permissions of
- the file it could give the attacker access to files that
- normally would not have been accessible for others.</p>
+ extracted files. This would give an attacker enough time
+ to remove a file and hardlink it to another file owned
+ by the user running unzip. When unzip changes the
+ permissions of the file it could give the attacker access
+ to files that normally would not have been accessible for
+ others.</p>
</body>
- </description>
- <references>
- <bid>14450</bid>
- <cvename>CVE-2005-2475</cvename>
- <mlist msgid="7389fc4b05080116031536adf7@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112300046224117</mlist>
- </references>
- <dates>
- <discovery>2005-08-02</discovery>
- <entry>2005-09-13</entry>
+ </description> <references>
+ <bid>14450</bid> <cvename>CVE-2005-2475</cvename> <mlist
+ msgid="7389fc4b05080116031536adf7@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112300046224117</mlist>
+ </references> <dates>
+ <discovery>2005-08-02</discovery> <entry>2005-09-13</entry>
</dates>
</vuln>
@@ -959,31 +833,19 @@ Note: Please add new entries to the beginning of this file.
vulnerability</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.6_5,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.7</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.11_1,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.6_5,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.7</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.11_1,2</lt></range>
<range><ge>1.8.*,2</ge><lt>1.8.b1_5,2</lt></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <range><lt>1.7.12</lt></range>
- </package>
- <package>
- <name>linux-mozilla-devel</name>
- <range><gt>0</gt></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <range><lt>1.7.12</lt></range>
+ </package> <package>
+ <name>linux-mozilla-devel</name> <range><gt>0</gt></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -992,66 +854,50 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Tom Ferris reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=full-disclosure&amp;m=112624614008387">
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tom Ferris reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=full-disclosure&amp;m=112624614008387">
<p>A buffer overflow vulnerability exists within Firefox
version 1.0.6 and all other prior versions which allows
- for an attacker to remotely execute arbitrary code on an
- affected host.</p>
+ for an attacker to remotely execute arbitrary code on
+ an affected host.</p>
<p>The problem seems to be when a hostname which has all
dashes causes the NormalizeIDN call in
- nsStandardURL::BuildNormalizedSpec to return true, but is
- sets encHost to an empty string. Meaning, Firefox appends
- 0 to approxLen and then appends the long string of dashes
- to the buffer instead.</p>
- </blockquote>
- <p><strong>Note:</strong> It is possible to disable IDN
+ nsStandardURL::BuildNormalizedSpec to return true, but
+ is sets encHost to an empty string. Meaning, Firefox
+ appends 0 to approxLen and then appends the long string
+ of dashes to the buffer instead.</p>
+ </blockquote> <p><strong>Note:</strong> It is possible to
+ disable IDN
support as a workaround to protect against this buffer
overflow. How to do this is described on the <em><a
- href="http://www.mozilla.org/security/idn.html">What Firefox
- and Mozilla users should know about the IDN buffer overflow
- security issue</a></em> web page.</p>
+ href="http://www.mozilla.org/security/idn.html">What
+ Firefox and Mozilla users should know about the IDN buffer
+ overflow security issue</a></em> web page.</p>
</body>
- </description>
- <references>
- <bid>14784</bid>
- <certvu>573857</certvu>
+ </description> <references>
+ <bid>14784</bid> <certvu>573857</certvu>
<cvename>CVE-2005-2871</cvename>
<url>http://marc.theaimsgroup.com/?l=full-disclosure&amp;m=112624614008387</url>
<url>http://www.mozilla.org/security/idn.html</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=307259</url>
<url>http://www.mozilla.org/security/announce/mfsa2005-57.html</url>
- </references>
- <dates>
- <discovery>2005-09-08</discovery>
- <entry>2005-09-10</entry>
+ </references> <dates>
+ <discovery>2005-09-08</discovery> <entry>2005-09-10</entry>
<modified>2005-10-26</modified>
</dates>
</vuln>
@@ -1060,228 +906,183 @@ Note: Please add new entries to the beginning of this file.
<topic>htdig -- cross site scripting vulnerability</topic>
<affects>
<package>
- <name>htdig</name>
- <range><lt>3.2.0.b6_1</lt></range>
+ <name>htdig</name> <range><lt>3.2.0.b6_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Michael Krax reports a vulnerability within htdig. The
vulnerability lies within an unsanitized config parameter,
allowing a malicious attacker to execute arbitrary scripting
- code on the target's browser. This might allow the attacker
- to obtain the user's cookies which are associated with the
- site, including cookies used for authentication.</p>
+ code on the target's browser. This might allow the
+ attacker to obtain the user's cookies which are associated
+ with the site, including cookies used for authentication.</p>
</body>
- </description>
- <references>
- <bid>12442</bid>
- <cvename>CVE-2005-0085</cvename>
+ </description> <references>
+ <bid>12442</bid> <cvename>CVE-2005-0085</cvename>
<url>http://www.securitytracker.com/alerts/2005/Feb/1013078.html</url>
- </references>
- <dates>
- <discovery>2005-02-03</discovery>
- <entry>2005-09-04</entry>
+ </references> <dates>
+ <discovery>2005-02-03</discovery> <entry>2005-09-04</entry>
<modified>2005-09-13</modified>
</dates>
</vuln>
<vuln vid="4e210d72-1c5c-11da-92ce-0048543d60ce">
- <topic>squid -- Denial Of Service Vulnerability in sslConnectTimeout</topic>
- <affects>
+ <topic>squid -- Denial Of Service Vulnerability in
+ sslConnectTimeout</topic> <affects>
<package>
- <name>squid</name>
- <range><lt>2.5.10_5</lt></range>
+ <name>squid</name> <range><lt>2.5.10_5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The squid patches page notes:</p>
- <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout">
- <p>After certain slightly odd requests Squid crashes with a segmentation fault in sslConnectTimeout.</p>
+ <p>The squid patches page notes:</p> <blockquote
+ cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout">
+ <p>After certain slightly odd requests Squid crashes with
+ a segmentation fault in sslConnectTimeout.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>14731</bid>
- <cvename>CVE-2005-2796</cvename>
+ </description> <references>
+ <bid>14731</bid> <cvename>CVE-2005-2796</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1355</url>
<url>http://secunia.com/advisories/16674/</url>
- </references>
- <dates>
- <discovery>2005-07-21</discovery>
- <entry>2005-09-04</entry>
+ </references> <dates>
+ <discovery>2005-07-21</discovery> <entry>2005-09-04</entry>
<modified>2005-10-02</modified>
</dates>
</vuln>
<vuln vid="0c0dc409-1c5e-11da-92ce-0048543d60ce">
- <topic>squid -- Possible Denial Of Service Vulnerability in store.c</topic>
- <affects>
+ <topic>squid -- Possible Denial Of Service Vulnerability in
+ store.c</topic> <affects>
<package>
- <name>squid</name>
- <range><lt>2.5.10_5</lt></range>
+ <name>squid</name> <range><lt>2.5.10_5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The squid patches page notes:</p>
- <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING">
- <p>Squid crashes with the above assertion failure [assertion failed:
- store.c:523: "e->store_status == STORE_PENDING"] in certain
- conditions involving aborted requests.</p>
+ <p>The squid patches page notes:</p> <blockquote
+ cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING">
+ <p>Squid crashes with the above assertion failure [assertion
+ failed:
+ store.c:523: "e->store_status == STORE_PENDING"] in
+ certain conditions involving aborted requests.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>14761</bid>
- <cvename>CVE-2005-2794</cvename>
+ </description> <references>
+ <bid>14761</bid> <cvename>CVE-2005-2794</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1368</url>
<url>http://secunia.com/advisories/16708/</url>
- </references>
- <dates>
- <discovery>2005-08-02</discovery>
- <entry>2005-09-04</entry>
+ </references> <dates>
+ <discovery>2005-08-02</discovery> <entry>2005-09-04</entry>
<modified>2005-10-02</modified>
</dates>
</vuln>
<vuln vid="30e4ed7b-1ca6-11da-bc01-000e0c2e438a">
- <topic>bind9 -- denial of service</topic>
- <affects>
+ <topic>bind9 -- denial of service</topic> <affects>
<package>
- <name>bind9</name>
- <range><eq>9.3.0</eq></range>
- </package>
- <system>
- <name>FreeBSD</name>
- <range><ge>5.3</ge><lt>5.3_16</lt></range>
+ <name>bind9</name> <range><eq>9.3.0</eq></range>
+ </package> <system>
+ <name>FreeBSD</name> <range><ge>5.3</ge><lt>5.3_16</lt></range>
</system>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Problem description</p>
- <p>A DNSSEC-related validator function in BIND 9.3.0 contains an
- inappropriate internal consistency test. When this test is
- triggered, named(8) will exit.</p>
- <p>Impact</p>
- <p>On systems with DNSSEC enabled, a remote attacker may be able
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Problem description</p> <p>A DNSSEC-related validator
+ function in BIND 9.3.0 contains an
+ inappropriate internal consistency test. When this test
+ is triggered, named(8) will exit.</p>
+ <p>Impact</p> <p>On systems with DNSSEC enabled, a remote
+ attacker may be able
to inject a specially crafted packet that will cause the
internal consistency test to trigger, and named(8) to
- terminate. As a result, the name server will no longer be
- available to service requests.</p>
- <p>Workaround</p>
- <p>DNSSEC is not enabled by default, and the "dnssec-enable"
+ terminate. As a result, the name server will no longer
+ be available to service requests.</p>
+ <p>Workaround</p> <p>DNSSEC is not enabled by default, and
+ the "dnssec-enable"
directive is not normally present. If DNSSEC has been
- enabled, disable it by changing the "dnssec-enable" directive
- to "dnssec-enable no;" in the named.conf(5) configuration
- file.</p>
+ enabled, disable it by changing the "dnssec-enable"
+ directive to "dnssec-enable no;" in the named.conf(5)
+ configuration file.</p>
</body>
- </description>
- <references>
- <certvu>938617</certvu>
- <cvename>CVE-2005-0034</cvename>
+ </description> <references>
+ <certvu>938617</certvu> <cvename>CVE-2005-0034</cvename>
<url>http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html?lang=en</url>
<url>http://www.isc.org/sw/bind/bind9.3.php#security</url>
- </references>
- <dates>
- <discovery>2005-01-25</discovery>
- <entry>2005-09-03</entry>
+ </references> <dates>
+ <discovery>2005-01-25</discovery> <entry>2005-09-03</entry>
</dates>
</vuln>
<vuln vid="947f4b14-1c89-11da-bc01-000e0c2e438a">
- <topic>bind -- buffer overrun vulnerability</topic>
- <affects>
+ <topic>bind -- buffer overrun vulnerability</topic> <affects>
<package>
- <name>bind84</name>
- <range><ge>8.4.4</ge><lt>8.4.6</lt></range>
+ <name>bind84</name> <range><ge>8.4.4</ge><lt>8.4.6</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An ISC advisory reports a buffer overrun vulnerability within
- bind. The vulnerability could result in a Denial of Service.
- A workaround is available by disabling recursion and glue
- fetching.</p>
+ <p>An ISC advisory reports a buffer overrun vulnerability
+ within
+ bind. The vulnerability could result in a Denial of
+ Service. A workaround is available by disabling recursion
+ and glue fetching.</p>
</body>
- </description>
- <references>
- <certvu>327633</certvu>
- <cvename>CVE-2005-0033</cvename>
+ </description> <references>
+ <certvu>327633</certvu> <cvename>CVE-2005-0033</cvename>
<url>http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html?lang=en</url>
<url>http://www.isc.org/sw/bind/bind-security.php</url>
- </references>
- <dates>
- <discovery>2005-01-25</discovery>
- <entry>2005-09-03</entry>
+ </references> <dates>
+ <discovery>2005-01-25</discovery> <entry>2005-09-03</entry>
<modified>2005-09-21</modified>
</dates>
</vuln>
<vuln vid="08df5d46-1baf-11da-8038-0040f42d58c6">
- <topic>urban -- stack overflow vulnerabilities</topic>
- <affects>
+ <topic>urban -- stack overflow vulnerabilities</topic> <affects>
<package>
- <name>urban</name>
- <range><lt>1.5.3_2</lt></range>
+ <name>urban</name> <range><lt>1.5.3_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Several filename-related stack overflow bugs allow a local
- attacker to elevate its privileges to the games group, since
- urban is installed setgid games.</p>
+ <p>Several filename-related stack overflow bugs allow a
+ local
+ attacker to elevate its privileges to the games group,
+ since urban is installed setgid games.</p>
<p>Issue discovered and fixed by &lt;shaun@rsc.cx&gt;.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2864</cvename>
- <mlist msgid="55104.213.107.125.108.1125844783.squirrel@webmail.rsc.cx">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112604855119036</mlist>
- </references>
- <dates>
- <discovery>2005-09-02</discovery>
- <entry>2005-09-02</entry>
+ </description> <references>
+ <cvename>CVE-2005-2864</cvename> <mlist
+ msgid="55104.213.107.125.108.1125844783.squirrel@webmail.rsc.cx">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112604855119036</mlist>
+ </references> <dates>
+ <discovery>2005-09-02</discovery> <entry>2005-09-02</entry>
<modified>2005-09-22</modified>
</dates>
</vuln>
<vuln vid="6e27f3b6-189b-11da-b6be-0090274e8dbb">
- <topic>fswiki - command injection vulnerability</topic>
- <affects>
+ <topic>fswiki - command injection vulnerability</topic> <affects>
<package>
- <name>fswiki</name>
- <range><lt>3.5.9</lt></range>
+ <name>fswiki</name> <range><lt>3.5.9</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>There is a command injection vulnerability in admin page
of fswiki.</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://jvn.jp/jp/JVN%2342435855/index.html</url>
- </references>
- <dates>
- <discovery>2005-08-29</discovery>
- <entry>2005-08-29</entry>
+ </references> <dates>
+ <discovery>2005-08-29</discovery> <entry>2005-08-29</entry>
</dates>
- </vuln>
- <vuln vid="e5afdf63-1746-11da-978e-0001020eed82">
+ </vuln> <vuln vid="e5afdf63-1746-11da-978e-0001020eed82">
<topic>evolution -- remote format string vulnerabilities</topic>
<affects>
<package>
- <name>evolution</name>
- <range><gt>1.5</gt><lt>2.2.3_1</lt></range>
+ <name>evolution</name> <range><gt>1.5</gt><lt>2.2.3_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A SITIC Vulnerability Advisory reports:</p>
- <blockquote cite="http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html">
+ <p>A SITIC Vulnerability Advisory reports:</p> <blockquote
+ cite="http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html">
<p>Evolution suffers from several format string bugs when
handling data from remote sources. These bugs lead to
crashes or the execution of arbitrary assembly language
@@ -1294,22 +1095,18 @@ Note: Please add new entries to the beginning of this file.
<li>The third format string bug occurs when displaying
task list data from remote servers.</li>
<li>The fourth, and least serious, format string bug
- occurs when the user goes to the Calendars tab to save
- task list data that is vulnerable to problem 3
- above. Other calendar entries that do not come from task
- lists are also affected.</li>
+ occurs when the user goes to the Calendars tab to
+ save task list data that is vulnerable to problem 3
+ above. Other calendar entries that do not come from
+ task lists are also affected.</li>
</ol>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2549</cvename>
- <cvename>CVE-2005-2550</cvename>
+ </description> <references>
+ <cvename>CVE-2005-2549</cvename> <cvename>CVE-2005-2550</cvename>
<url>http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html</url>
- </references>
- <dates>
- <discovery>2005-08-10</discovery>
- <entry>2005-08-27</entry>
+ </references> <dates>
+ <discovery>2005-08-10</discovery> <entry>2005-08-27</entry>
<modified>2005-08-29</modified>
</dates>
</vuln>
@@ -1318,31 +1115,25 @@ Note: Please add new entries to the beginning of this file.
<topic>pam_ldap -- authentication bypass vulnerability</topic>
<affects>
<package>
- <name>pam_ldap</name>
- <range><lt>1.8.0</lt></range>
+ <name>pam_ldap</name> <range><lt>1.8.0</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Luke Howard reports:</p>
- <blockquote cite="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166163">
- <p>If a pam_ldap client authenticates against an LDAP server
+ <p>Luke Howard reports:</p> <blockquote
+ cite="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166163">
+ <p>If a pam_ldap client authenticates against an LDAP
+ server
that returns a passwordPolicyResponse control, but omits
- the optional "error" field of the
- PasswordPolicyResponseValue, then the LDAP authentication
- result will be ignored and the authentication step will
- always succeed.</p>
+ the optional "error" field of the PasswordPolicyResponseValue,
+ then the LDAP authentication result will be ignored and
+ the authentication step will always succeed.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2641</cvename>
- <certvu>778916</certvu>
+ </description> <references>
+ <cvename>CVE-2005-2641</cvename> <certvu>778916</certvu>
<url>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166163</url>
- </references>
- <dates>
- <discovery>2005-08-22</discovery>
- <entry>2005-08-27</entry>
+ </references> <dates>
+ <discovery>2005-08-22</discovery> <entry>2005-08-27</entry>
</dates>
</vuln>
@@ -1350,12 +1141,10 @@ Note: Please add new entries to the beginning of this file.
<topic>pcre -- regular expression buffer overflow</topic>
<affects>
<package>
- <name>pcre</name>
- <name>pcre-utf8</name>
+ <name>pcre</name> <name>pcre-utf8</name>
<range><lt>6.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The pcre library is vulnerable to a buffer overflow
vulnerability due to insufficient validation of quantifier
@@ -1363,15 +1152,11 @@ Note: Please add new entries to the beginning of this file.
the permissions of the program using pcre by way of a
specially crated regular expression.</p>
</body>
- </description>
- <references>
- <bid>14620</bid>
- <cvename>CVE-2005-2491</cvename>
+ </description> <references>
+ <bid>14620</bid> <cvename>CVE-2005-2491</cvename>
<url>http://www.pcre.org/changelog.txt</url>
- </references>
- <dates>
- <discovery>2005-08-01</discovery>
- <entry>2005-08-26</entry>
+ </references> <dates>
+ <discovery>2005-08-01</discovery> <entry>2005-08-26</entry>
</dates>
</vuln>
@@ -1379,188 +1164,166 @@ Note: Please add new entries to the beginning of this file.
<topic>elm -- remote buffer overflow in Expires header</topic>
<affects>
<package>
- <name>elm</name>
- <range><lt>2.5.8</lt></range>
+ <name>elm</name> <range><lt>2.5.8</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Ulf Harnhammar has discovered a remotely exploitable buffer
- overflow in Elm e-mail client when parsing the Expires header
- of an e-mail message:</p>
- <blockquote cite="http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html">
+ <p>Ulf Harnhammar has discovered a remotely exploitable
+ buffer
+ overflow in Elm e-mail client when parsing the Expires
+ header of an e-mail message:</p>
+ <blockquote
+ cite="http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html">
<p>The attacker only needs to send the victim an e-mail
- message. When the victim with that message in his or her
- inbox starts Elm or simply views the inbox in an already
- started copy of Elm, the buffer overflow will happen
- immediately. The overflow is stack-based, and it gives full
- control over EIP, EBP and EBX. It is caused by a bad
- sscanf(3) call, using a format string containing &quot;%s&quot;
- to copy from a long char array to a shorter array.</p>
+ message. When the victim with that message in his or
+ her inbox starts Elm or simply views the inbox in an
+ already started copy of Elm, the buffer overflow will
+ happen immediately. The overflow is stack-based, and
+ it gives full control over EIP, EBP and EBX. It is
+ caused by a bad sscanf(3) call, using a format string
+ containing &quot;%s&quot; to copy from a long char array
+ to a shorter array.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html</url>
- </references>
- <dates>
- <discovery>2005-08-20</discovery>
- <entry>2005-08-23</entry>
+ </references> <dates>
+ <discovery>2005-08-20</discovery> <entry>2005-08-23</entry>
</dates>
</vuln>
<vuln vid="5ad3e437-e527-4514-b9ed-280b2ca1a8c9">
- <topic>openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server</topic>
+ <topic>openvpn -- multiple TCP clients connecting with the same
+ certificate at the same time can crash the server</topic>
<affects>
<package>
- <name>openvpn</name>
- <range><lt>2.0.1</lt></range>
+ <name>openvpn</name> <range><lt>2.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>James Yonan reports:</p>
- <blockquote cite="http://openvpn.net/changelog.html">
- <p>If two or more client machines try to connect to the server
- at the same time via TCP, using the same client certificate,
- and when --duplicate-cn is not enabled on the server, a race
- condition can crash the server with "Assertion failed at
- mtcp.c:411"</p>
+ <p>James Yonan reports:</p> <blockquote
+ cite="http://openvpn.net/changelog.html">
+ <p>If two or more client machines try to connect to the
+ server
+ at the same time via TCP, using the same client
+ certificate, and when --duplicate-cn is not enabled on
+ the server, a race condition can crash the server with
+ "Assertion failed at mtcp.c:411"</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2534</cvename>
<url>http://openvpn.net/changelog.html</url>
- </references>
- <dates>
- <discovery>2005-08-03</discovery>
- <entry>2005-08-19</entry>
+ </references> <dates>
+ <discovery>2005-08-03</discovery> <entry>2005-08-19</entry>
</dates>
</vuln>
<vuln vid="1986449a-8b74-40fa-b7cc-0d8def8aad65">
- <topic>openvpn -- denial of service: malicious authenticated &quot;tap&quot; client can deplete server virtual memory</topic>
+ <topic>openvpn -- denial of service: malicious authenticated
+ &quot;tap&quot; client can deplete server virtual memory</topic>
<affects>
<package>
- <name>openvpn</name>
- <range><lt>2.0.1</lt></range>
+ <name>openvpn</name> <range><lt>2.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>James Yonan reports:</p>
- <blockquote cite="http://openvpn.net/changelog.html">
+ <p>James Yonan reports:</p> <blockquote
+ cite="http://openvpn.net/changelog.html">
<p>A malicious [authenticated] client in &quot;dev tap&quot;
- ethernet bridging mode could theoretically flood the server
- with packets appearing to come from hundreds of thousands
- of different MAC addresses, causing the OpenVPN process to
- deplete system virtual memory as it expands its internal
- routing table.</p>
+ ethernet bridging mode could theoretically flood the
+ server with packets appearing to come from hundreds of
+ thousands of different MAC addresses, causing the OpenVPN
+ process to deplete system virtual memory as it expands
+ its internal routing table.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2533</cvename>
<url>http://openvpn.net/changelog.html</url>
- </references>
- <dates>
- <discovery>2005-07-27</discovery>
- <entry>2005-08-19</entry>
+ </references> <dates>
+ <discovery>2005-07-27</discovery> <entry>2005-08-19</entry>
</dates>
</vuln>
<vuln vid="d1c39c8e-05ab-4739-870f-765490fa2052">
- <topic>openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients</topic>
+ <topic>openvpn -- denial of service: undecryptable packet from
+ authorized client can disconnect unrelated clients</topic>
<affects>
<package>
- <name>openvpn</name>
- <range><lt>2.0.1</lt></range>
+ <name>openvpn</name> <range><lt>2.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>James Yonan reports:</p>
- <blockquote cite="http://openvpn.net/changelog.html">
- <p>If the client sends a packet which fails to decrypt on the
+ <p>James Yonan reports:</p> <blockquote
+ cite="http://openvpn.net/changelog.html">
+ <p>If the client sends a packet which fails to decrypt
+ on the
server, the OpenSSL error queue is not properly flushed,
- which can result in another unrelated client instance on the
- server seeing the error and responding to it, resulting in
- disconnection of the unrelated client.</p>
+ which can result in another unrelated client instance
+ on the server seeing the error and responding to it,
+ resulting in disconnection of the unrelated client.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2532</cvename>
<url>http://openvpn.net/changelog.html</url>
- </references>
- <dates>
- <discovery>2005-07-27</discovery>
- <entry>2005-08-19</entry>
+ </references> <dates>
+ <discovery>2005-07-27</discovery> <entry>2005-08-19</entry>
</dates>
</vuln>
<vuln vid="a51ad838-2077-48b2-a136-e888a7db5f8d">
- <topic>openvpn -- denial of service: client certificate validation can disconnect unrelated clients</topic>
- <affects>
+ <topic>openvpn -- denial of service: client certificate validation
+ can disconnect unrelated clients</topic> <affects>
<package>
- <name>openvpn</name>
- <range><lt>2.0.1</lt></range>
+ <name>openvpn</name> <range><lt>2.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>James Yonan reports:</p>
- <blockquote cite="http://openvpn.net/changelog.html">
+ <p>James Yonan reports:</p> <blockquote
+ cite="http://openvpn.net/changelog.html">
<p>DoS attack against server when run with "verb 0" and
- without "tls-auth". If a client connection to the server
- fails certificate verification, the OpenSSL error queue is
- not properly flushed, which can result in another unrelated
- client instance on the server seeing the error and
- responding to it, resulting in disconnection of the
- unrelated client.</p>
+ without "tls-auth". If a client connection to the
+ server fails certificate verification, the OpenSSL error
+ queue is not properly flushed, which can result in
+ another unrelated client instance on the server seeing
+ the error and responding to it, resulting in disconnection
+ of the unrelated client.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2531</cvename>
<url>http://openvpn.net/changelog.html</url>
- </references>
- <dates>
- <discovery>2005-08-03</discovery>
- <entry>2005-08-19</entry>
+ </references> <dates>
+ <discovery>2005-08-03</discovery> <entry>2005-08-19</entry>
</dates>
</vuln>
<vuln vid="5fde5c30-0f4e-11da-bc01-000e0c2e438a">
- <topic>tor -- diffie-hellman handshake flaw</topic>
- <affects>
+ <topic>tor -- diffie-hellman handshake flaw</topic> <affects>
<package>
- <name>tor</name>
- <range><lt>0.1.0.14</lt></range>
+ <name>tor</name> <range><lt>0.1.0.14</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A tor advisory reports</p>
- <blockquote cite="http://archives.seul.org/or/announce/Aug-2005/msg00002.html">
+ <p>A tor advisory reports</p> <blockquote
+ cite="http://archives.seul.org/or/announce/Aug-2005/msg00002.html">
<p>Tor clients can completely loose anonymity, confidentiality,
- and data integrity if the first Tor server in their path is
- malicious. Specifically, if the Tor client chooses a
- malicious Tor server for her first hop in the circuit, that
- server can learn all the keys she negotiates for the rest of
- the circuit (or just spoof the whole circuit), and then read
- and/or modify all her traffic over that circuit.</p>
+ and data integrity if the first Tor server in their
+ path is malicious. Specifically, if the Tor client
+ chooses a malicious Tor server for her first hop in the
+ circuit, that server can learn all the keys she negotiates
+ for the rest of the circuit (or just spoof the whole
+ circuit), and then read and/or modify all her traffic
+ over that circuit.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2643</cvename>
<url>http://archives.seul.org/or/announce/Aug-2005/msg00002.html</url>
- </references>
- <dates>
- <discovery>2005-08-11</discovery>
- <entry>2005-08-17</entry>
+ </references> <dates>
+ <discovery>2005-08-11</discovery> <entry>2005-08-17</entry>
<modified>2005-09-21</modified>
</dates>
</vuln>
@@ -1569,41 +1332,33 @@ Note: Please add new entries to the beginning of this file.
<topic>acroread -- plug-in buffer overflow vulnerability</topic>
<affects>
<package>
- <name>acroread</name>
- <range><lt>7.0.1</lt></range>
+ <name>acroread</name> <range><lt>7.0.1</lt></range>
<range><gt>5.*,1</gt><lt>7.0.1,1</lt></range>
- </package>
- <package>
- <name>acroread4</name>
- <name>acroread5</name>
+ </package> <package>
+ <name>acroread4</name> <name>acroread5</name>
<range><ge>0</ge></range>
+ </package> <package>
+ <name>acroread7</name> <range><lt>7.0.1</lt></range>
</package>
- <package>
- <name>acroread7</name>
- <range><lt>7.0.1</lt></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Adobe Security Advisory reports:</p>
- <blockquote cite="http://www.adobe.com/support/techdocs/321644.html">
- <p>The identified vulnerability is a buffer overflow within
- a core application plug-in, which is part of Adobe Acrobat
- and Adobe Reader. If a malicious file were opened it could
- trigger a buffer overflow as the file is being loaded into
- Adobe Acrobat and Adobe Reader. A buffer overflow can
- cause the application to crash and increase the risk of
- malicious code execution.</p>
+ <p>A Adobe Security Advisory reports:</p> <blockquote
+ cite="http://www.adobe.com/support/techdocs/321644.html">
+ <p>The identified vulnerability is a buffer overflow
+ within
+ a core application plug-in, which is part of Adobe
+ Acrobat and Adobe Reader. If a malicious file were
+ opened it could trigger a buffer overflow as the file
+ is being loaded into Adobe Acrobat and Adobe Reader. A
+ buffer overflow can cause the application to crash and
+ increase the risk of malicious code execution.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2470</cvename>
<url>http://www.adobe.com/support/techdocs/321644.html</url>
- </references>
- <dates>
- <discovery>2005-08-16</discovery>
- <entry>2005-08-16</entry>
+ </references> <dates>
+ <discovery>2005-08-16</discovery> <entry>2005-08-16</entry>
</dates>
</vuln>
@@ -1611,56 +1366,45 @@ Note: Please add new entries to the beginning of this file.
<topic>pear-XML_RPC -- remote PHP code injection vulnerability</topic>
<affects>
<package>
- <name>pear-XML_RPC</name>
- <range><lt>1.4.0</lt></range>
- </package>
- <package>
- <name>phpmyfaq</name>
- <range><lt>1.4.11</lt></range>
- </package>
- <package>
- <name>drupal</name>
- <range><lt>4.6.3</lt></range>
- </package>
- <package>
- <name>eGroupWare</name>
- <range><lt>1.0.0.009</lt></range>
- </package>
- <package>
- <name>phpAdsNew</name>
- <range><lt>2.0.5</lt></range>
- </package>
- <package>
- <name>phpgroupware</name>
- <range><lt>0.9.16.007</lt></range>
- </package>
- <package>
- <name>b2evolution</name>
- <range><lt>0.9.0.12_2</lt></range>
+ <name>pear-XML_RPC</name> <range><lt>1.4.0</lt></range>
+ </package> <package>
+ <name>phpmyfaq</name> <range><lt>1.4.11</lt></range>
+ </package> <package>
+ <name>drupal</name> <range><lt>4.6.3</lt></range>
+ </package> <package>
+ <name>eGroupWare</name> <range><lt>1.0.0.009</lt></range>
+ </package> <package>
+ <name>phpAdsNew</name> <range><lt>2.0.5</lt></range>
+ </package> <package>
+ <name>phpgroupware</name> <range><lt>0.9.16.007</lt></range>
+ </package> <package>
+ <name>b2evolution</name> <range><lt>0.9.0.12_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Hardened-PHP Project Security Advisory reports:</p>
- <blockquote cite="http://www.hardened-php.net/advisory_142005.66.html">
- <p>When the library parses XMLRPC requests/responses, it constructs
- a string of PHP code, that is later evaluated. This means any
- failure to properly handle the construction of this string can
- result in arbitrary execution of PHP code.</p>
- <p>This new injection vulnerability is cause by not properly
+ <blockquote
+ cite="http://www.hardened-php.net/advisory_142005.66.html">
+ <p>When the library parses XMLRPC requests/responses, it
+ constructs
+ a string of PHP code, that is later evaluated. This
+ means any failure to properly handle the construction
+ of this string can result in arbitrary execution of PHP
+ code.</p>
+ <p>This new injection vulnerability is cause by not
+ properly
handling the situation, when certain XML tags are nested
- in the parsed document, that were never meant to be nested
- at all. This can be easily exploited in a way, that
- user-input is placed outside of string delimiters within
- the evaluation string, which obviously results in
- arbitrary code execution.</p>
- </blockquote>
- <p>Note that several applications contains an embedded version
- on XML_RPC, therefor making them the vulnerable to the same
- code injection vulnerability.</p>
- </body>
- </description>
- <references>
+ in the parsed document, that were never meant to be
+ nested at all. This can be easily exploited in a way,
+ that user-input is placed outside of string delimiters
+ within the evaluation string, which obviously results
+ in arbitrary code execution.</p>
+ </blockquote> <p>Note that several applications contains
+ an embedded version
+ on XML_RPC, therefor making them the vulnerable to the
+ same code injection vulnerability.</p>
+ </body>
+ </description> <references>
<cvename>CVE-2005-2498</cvename>
<url>http://b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1</url>
<url>http://downloads.phpgroupware.org/changelog</url>
@@ -1670,10 +1414,8 @@ Note: Please add new entries to the beginning of this file.
<url>http://www.hardened-php.net/advisory_142005.66.html</url>
<url>http://www.hardened-php.net/advisory_152005.67.html</url>
<url>http://www.phpmyfaq.de/advisory_2005-08-15.php</url>
- </references>
- <dates>
- <discovery>2005-08-15</discovery>
- <entry>2005-08-15</entry>
+ </references> <dates>
+ <discovery>2005-08-15</discovery> <entry>2005-08-15</entry>
<modified>2005-09-04</modified>
</dates>
</vuln>
@@ -1682,83 +1424,68 @@ Note: Please add new entries to the beginning of this file.
<topic>awstats -- arbitrary code execution vulnerability</topic>
<affects>
<package>
- <name>awstats</name>
- <range><lt>6.4_1</lt></range>
+ <name>awstats</name> <range><lt>6.4_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An iDEFENSE Security Advisory reports:</p>
- <blockquote cite="http://www.idefense.com/application/poi/display?id=290&amp;type=vulnerabilities">
+ <p>An iDEFENSE Security Advisory reports:</p> <blockquote
+ cite="http://www.idefense.com/application/poi/display?id=290&amp;type=vulnerabilities">
<p>Remote exploitation of an input validation vulnerability
in AWStats allows remote attackers to execute arbitrary
commands.</p>
<p>The problem specifically exists because of insufficient
- input filtering before passing user-supplied data to an
- <code>eval()</code> function. As part of the statistics
- reporting function, AWStats displays information about the
- most common referrer values that caused users to visit the
- website. The referrer data is used without proper
- sanitation in an <code>eval()</code> statement, resulting
- in the execution of arbitrary perl code.</p>
+ input filtering before passing user-supplied data to
+ an <code>eval()</code> function. As part of the statistics
+ reporting function, AWStats displays information about
+ the most common referrer values that caused users to
+ visit the website. The referrer data is used without
+ proper sanitation in an <code>eval()</code> statement,
+ resulting in the execution of arbitrary perl code.</p>
<p>Successful exploitation results in the execution of
- arbitrary commands with permissions of the web
- service. Exploitation will not occur until the stats page
- has been regenerated with the tainted referrer values from
+ arbitrary commands with permissions of the web service.
+ Exploitation will not occur until the stats page has
+ been regenerated with the tainted referrer values from
the http access log. Note that AWStats is only vulnerable
in situations where at least one URLPlugin is enabled.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1527</cvename>
- <mlist msgid="20050811155502.61E3C7A00B4@mail.idefense.com">http://marc.theaimsgroup.com/?l=full-disclosure&amp;m=112377934108902</mlist>
+ </description> <references>
+ <cvename>CVE-2005-1527</cvename> <mlist
+ msgid="20050811155502.61E3C7A00B4@mail.idefense.com">http://marc.theaimsgroup.com/?l=full-disclosure&amp;m=112377934108902</mlist>
<url>http://www.idefense.com/application/poi/display?id=290&amp;type=vulnerabilities</url>
- </references>
- <dates>
- <discovery>2005-08-09</discovery>
- <entry>2005-08-14</entry>
+ </references> <dates>
+ <discovery>2005-08-09</discovery> <entry>2005-08-14</entry>
<modified>2005-08-23</modified>
</dates>
</vuln>
<vuln vid="3b4a6982-0b24-11da-bc08-0001020eed82">
- <topic>libgadu -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.4.0_1</lt></range>
- </package>
- <package>
- <name>kdenetwork</name>
- <range><gt>3.2.2</gt><lt>3.4.2</lt></range>
- </package>
- <package>
- <name>pl-ekg</name>
- <range><lt>1.6r3,1</lt></range>
- </package>
- <package>
- <name>centericq</name>
- <range><lt>4.21.0_1</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Wojtek Kaniewski reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112198499417250">
- <p>Multiple vulnerabilities have been found in libgadu, a
- library for handling Gadu-Gadu instant messaging
- protocol. It is a part of ekg, a Gadu-Gadu client, but is
- widely used in other clients. Also some of the user
- contributed scripts were found to behave in an insecure
- manner.</p>
+ <topic>libgadu -- multiple vulnerabilities</topic> <affects>
+ <package>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.4.0_1</lt></range>
+ </package> <package>
+ <name>kdenetwork</name> <range><gt>3.2.2</gt><lt>3.4.2</lt></range>
+ </package> <package>
+ <name>pl-ekg</name> <range><lt>1.6r3,1</lt></range>
+ </package> <package>
+ <name>centericq</name> <range><lt>4.21.0_1</lt></range>
+ </package>
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wojtek Kaniewski reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112198499417250">
+ <p>Multiple vulnerabilities have been found in libgadu,
+ a
+ library for handling Gadu-Gadu instant messaging protocol.
+ It is a part of ekg, a Gadu-Gadu client, but is widely
+ used in other clients. Also some of the user contributed
+ scripts were found to behave in an insecure manner.</p>
<ul>
- <li>integer overflow in libgadu (CVE-2005-1852) that could
+ <li>integer overflow in libgadu (CVE-2005-1852) that
+ could
be triggered by an incomming message and lead to
application crash and/or remote code execution</li>
<li>insecure file creation (CVE-2005-1850) and shell
@@ -1769,49 +1496,37 @@ Note: Please add new entries to the beginning of this file.
triggered by an incomming network data or an application
passing invalid user input to the library</li>
<li>memory alignment errors in libgadu that could be
- triggered by an incomming message and lead to bus errors
- on architectures like SPARC</li>
+ triggered by an incomming message and lead to bus
+ errors on architectures like SPARC</li>
<li>endianness errors in libgadu that could cause invalid
- behaviour of applications on big-endian
- architectures</li>
+ behaviour of applications on big-endian architectures</li>
</ul>
</blockquote>
</body>
- </description>
- <references>
- <bid>14345</bid>
- <cvename>CVE-2005-1850</cvename>
- <cvename>CVE-2005-1851</cvename>
- <cvename>CVE-2005-1852</cvename>
- <cvename>CVE-2005-2369</cvename>
- <cvename>CVE-2005-2370</cvename>
- <cvename>CVE-2005-2448</cvename>
- <mlist msgid="42DFF06F.7060005@toxygen.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112198499417250</mlist>
+ </description> <references>
+ <bid>14345</bid> <cvename>CVE-2005-1850</cvename>
+ <cvename>CVE-2005-1851</cvename> <cvename>CVE-2005-1852</cvename>
+ <cvename>CVE-2005-2369</cvename> <cvename>CVE-2005-2370</cvename>
+ <cvename>CVE-2005-2448</cvename> <mlist
+ msgid="42DFF06F.7060005@toxygen.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112198499417250</mlist>
<url>http://gaim.sourceforge.net/security/?id=20</url>
<url>http://www.kde.org/info/security/advisory-20050721-1.txt</url>
- </references>
- <dates>
- <discovery>2005-07-21</discovery>
- <entry>2005-08-12</entry>
+ </references> <dates>
+ <discovery>2005-07-21</discovery> <entry>2005-08-12</entry>
<modified>2005-10-23</modified>
</dates>
</vuln>
<vuln vid="09db2844-0b21-11da-bc08-0001020eed82">
- <topic>gaim -- AIM/ICQ non-UTF-8 filename crash</topic>
- <affects>
+ <topic>gaim -- AIM/ICQ non-UTF-8 filename crash</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.4.0_1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.4.0_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/?id=21">
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/?id=21">
<p>A remote user could cause Gaim to crash on some systems
by sending the Gaim user a file whose filename contains
certain invalid characters. It is unknown what combination
@@ -1820,14 +1535,11 @@ Note: Please add new entries to the beginning of this file.
especially susceptible.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2102</cvename>
<url>http://gaim.sourceforge.net/security/?id=21</url>
- </references>
- <dates>
- <discovery>2005-08-09</discovery>
- <entry>2005-08-12</entry>
+ </references> <dates>
+ <discovery>2005-08-09</discovery> <entry>2005-08-12</entry>
</dates>
</vuln>
@@ -1835,74 +1547,56 @@ Note: Please add new entries to the beginning of this file.
<topic>gaim -- AIM/ICQ away message buffer overflow</topic>
<affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.4.0_1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.4.0_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/?id=22">
- <p>A remote AIM or ICQ user can cause a buffer overflow in
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/?id=22">
+ <p>A remote AIM or ICQ user can cause a buffer overflow
+ in
Gaim by setting an away message containing many AIM
substitution strings (such as %t or %n).</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2103</cvename>
<url>http://gaim.sourceforge.net/security/?id=22</url>
- </references>
- <dates>
- <discovery>2005-08-09</discovery>
- <entry>2005-08-12</entry>
+ </references> <dates>
+ <discovery>2005-08-09</discovery> <entry>2005-08-12</entry>
</dates>
</vuln>
<vuln vid="24eee285-09c7-11da-bc08-0001020eed82">
- <topic>xpdf -- disk fill DoS vulnerability</topic>
- <affects>
+ <topic>xpdf -- disk fill DoS vulnerability</topic> <affects>
<package>
- <name>xpdf</name>
- <range><lt>3.00_7</lt></range>
- </package>
- <package>
- <name>kdegraphics</name>
- <range><lt>3.4.2</lt></range>
- </package>
- <package>
- <name>gpdf</name>
- <range><lt>2.10.0_2</lt></range>
- </package>
- <package>
- <name>cups-base</name>
- <range><lt>1.1.23.0_5</lt></range>
+ <name>xpdf</name> <range><lt>3.00_7</lt></range>
+ </package> <package>
+ <name>kdegraphics</name> <range><lt>3.4.2</lt></range>
+ </package> <package>
+ <name>gpdf</name> <range><lt>2.10.0_2</lt></range>
+ </package> <package>
+ <name>cups-base</name> <range><lt>1.1.23.0_5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>xpdf is vulnerable to a denial of service vulnerability
which can cause xpdf to create an infinitely large file,
thereby filling up the /tmp partition, when opening a
specially crafted PDF file.</p>
- <p>Note that several applications contains an embedded version
+ <p>Note that several applications contains an embedded
+ version
of xpdf, therefor making them the vulnerable to the same
DoS. In CUPS this vulnerability would cause the pdftops
filter to crash.</p>
</body>
- </description>
- <references>
- <bid>14529</bid>
- <cvename>CVE-2005-2097</cvename>
+ </description> <references>
+ <bid>14529</bid> <cvename>CVE-2005-2097</cvename>
<url>http://rhn.redhat.com/errata/RHSA-2005-670.html</url>
<url>http://www.kde.org/info/security/advisory-20050809-1.txt</url>
- </references>
- <dates>
- <discovery>2005-08-09</discovery>
- <entry>2005-08-12</entry>
+ </references> <dates>
+ <discovery>2005-08-09</discovery> <entry>2005-08-12</entry>
<modified>2005-09-07</modified>
</dates>
</vuln>
@@ -1911,115 +1605,101 @@ Note: Please add new entries to the beginning of this file.
<topic>gforge -- XSS and email flood vulnerabilities</topic>
<affects>
<package>
- <name>gforge</name>
- <range><gt>0</gt></range>
+ <name>gforge</name> <range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jose Antonio Coret reports that GForge contains multiple
Cross Site Scripting vulnerabilities and an e-mail flood
vulnerability:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112259845904350">
+ <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112259845904350">
<p>The login form is also vulnerable to XSS (Cross Site
- Scripting) attacks. This may be used to launch phising
+ Scripting) attacks. This may be used to launch phising
attacks by sending HTML e-mails (i.e.: saying that you
need to upgrade to the latest GForge version due to a
- security problem) and putting in the e-mail an HTML link
- that points to an specially crafted url that inserts an
- html form in the GForge login page and when the user press
- the login button, he/she send the credentials to the
- attackers website.</p>
-
- <p>The 'forgot your password?' feature allows a remote user
+ security problem) and putting in the e-mail an HTML
+ link that points to an specially crafted url that inserts
+ an html form in the GForge login page and when the user
+ press the login button, he/she send the credentials to
+ the attackers website.</p>
+
+ <p>The 'forgot your password?' feature allows a remote
+ user
to load a certain URL to cause the service to send a
validation e-mail to the specified user's e-mail address.
- There is no limit to the number of messages sent over a
- period of time, so a remote user can flood the target
+ There is no limit to the number of messages sent over
+ a period of time, so a remote user can flood the target
user's secondary e-mail address. E-Mail Flood, E-Mail
bomber.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>14405</bid>
- <cvename>CVE-2005-2430</cvename>
- <cvename>CVE-2005-2431</cvename>
- <mlist msgid="1122496636.26878.2.camel@localhost.localdomain">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112259845904350</mlist>
- </references>
- <dates>
- <discovery>2005-07-27</discovery>
- <entry>2005-08-09</entry>
+ </description> <references>
+ <bid>14405</bid> <cvename>CVE-2005-2430</cvename>
+ <cvename>CVE-2005-2431</cvename> <mlist
+ msgid="1122496636.26878.2.camel@localhost.localdomain">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112259845904350</mlist>
+ </references> <dates>
+ <discovery>2005-07-27</discovery> <entry>2005-08-09</entry>
</dates>
</vuln>
<vuln vid="0274a9f1-0759-11da-bc08-0001020eed82">
- <topic>postnuke -- multiple vulnerabilities</topic>
- <affects>
+ <topic>postnuke -- multiple vulnerabilities</topic> <affects>
<package>
- <name>postnuke</name>
- <range><lt>0.760</lt></range>
+ <name>postnuke</name> <range><lt>0.760</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Postnuke Security Announcementss reports of the following
vulnerabilities:</p>
<blockquote cite="http://news.postnuke.com/Article2691.html">
<ul>
- <li>missing input validation within /modules/Messages/readpmsg.php</li>
- <li>possible path disclosure within /user.php</li>
- <li>possible path disclosure within /modules/News/article.php</li>
- <li>possible remote code injection within /includes/pnMod.php</li>
- <li>possible cross-site-scripting in /index.php</li>
+ <li>missing input validation within
+ /modules/Messages/readpmsg.php</li> <li>possible path
+ disclosure within /user.php</li> <li>possible path
+ disclosure within /modules/News/article.php</li>
+ <li>possible remote code injection within
+ /includes/pnMod.php</li> <li>possible cross-site-scripting
+ in /index.php</li>
</ul>
- </blockquote>
- <blockquote cite="http://news.postnuke.com/Article2699.html">
+ </blockquote> <blockquote
+ cite="http://news.postnuke.com/Article2699.html">
<ul>
<li>remote code injection via xml rpc library</li>
</ul>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1621</cvename>
- <cvename>CVE-2005-1695</cvename>
- <cvename>CVE-2005-1696</cvename>
- <cvename>CVE-2005-1698</cvename>
- <cvename>CVE-2005-1777</cvename>
- <cvename>CVE-2005-1778</cvename>
- <cvename>CVE-2005-1921</cvename>
- <mlist msgid="20050527223753.21735.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111721364707520</mlist>
+ </description> <references>
+ <cvename>CVE-2005-1621</cvename> <cvename>CVE-2005-1695</cvename>
+ <cvename>CVE-2005-1696</cvename> <cvename>CVE-2005-1698</cvename>
+ <cvename>CVE-2005-1777</cvename> <cvename>CVE-2005-1778</cvename>
+ <cvename>CVE-2005-1921</cvename> <mlist
+ msgid="20050527223753.21735.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111721364707520</mlist>
<url>http://secunia.com/advisories/15450/</url>
<url>http://news.postnuke.com/Article2691.html</url>
<url>http://news.postnuke.com/Article2699.html</url>
- </references>
- <dates>
- <discovery>2005-05-27</discovery>
- <entry>2005-08-08</entry>
+ </references> <dates>
+ <discovery>2005-05-27</discovery> <entry>2005-08-08</entry>
</dates>
</vuln>
<vuln vid="0bf9d7fb-05b3-11da-bc08-0001020eed82">
- <topic>mambo -- multiple vulnerabilities</topic>
- <affects>
+ <topic>mambo -- multiple vulnerabilities</topic> <affects>
<package>
- <name>mambo</name>
- <range><lt>4.5.2.3</lt></range>
+ <name>mambo</name> <range><lt>4.5.2.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15710/">
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15710/">
<p>Some vulnerabilities have been reported in Mambo, where
- some have unknown impacts and others can be exploited by
- malicious people to conduct spoofing and SQL injection
+ some have unknown impacts and others can be exploited
+ by malicious people to conduct spoofing and SQL injection
attacks.</p>
<ol>
<li>Input passed to the "user_rating" parameter when
- voting isn't properly sanitised before being used in a
- SQL query. This can be exploited to manipulate SQL
+ voting isn't properly sanitised before being used in
+ a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.</li>
<li>Some unspecified vulnerabilities in the "mosDBTable"
class and the "DOMIT" library have an unknown
@@ -2029,15 +1709,11 @@ Note: Please add new entries to the beginning of this file.
</ol>
</blockquote>
</body>
- </description>
- <references>
- <bid>13966</bid>
- <cvename>CVE-2005-2002</cvename>
+ </description> <references>
+ <bid>13966</bid> <cvename>CVE-2005-2002</cvename>
<url>http://secunia.com/advisories/15710/</url>
- </references>
- <dates>
- <discovery>2005-06-15</discovery>
- <entry>2005-08-05</entry>
+ </references> <dates>
+ <discovery>2005-06-15</discovery> <entry>2005-08-05</entry>
</dates>
</vuln>
@@ -2045,189 +1721,156 @@ Note: Please add new entries to the beginning of this file.
<topic>ipsec -- Incorrect key usage in AES-XCBC-MAC</topic>
<affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_6</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_6</lt></range>
<range><ge>5.*</ge><lt>5.3_20</lt></range>
</system>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem description</h1>
- <p>A programming error in the implementation of the
+ <h1>Problem description</h1> <p>A programming error in the
+ implementation of the
AES-XCBC-MAC algorithm for authentication resulted in a
- constant key being used instead of the key specified by the
- system administrator.</p>
- <h1>Impact</h1>
- <p>If the AES-XCBC-MAC algorithm is used for authentication in
- the absence of any encryption, then an attacker may be able to
- forge packets which appear to originate from a different
- system and thereby succeed in establishing an IPsec session.
- If access to sensitive information or systems is controlled
- based on the identity of the source system, this may result
- in information disclosure or privilege escalation.</p>
+ constant key being used instead of the key specified by
+ the system administrator.</p>
+ <h1>Impact</h1> <p>If the AES-XCBC-MAC algorithm is used
+ for authentication in
+ the absence of any encryption, then an attacker may be
+ able to forge packets which appear to originate from a
+ different system and thereby succeed in establishing an
+ IPsec session. If access to sensitive information or
+ systems is controlled based on the identity of the source
+ system, this may result in information disclosure or
+ privilege escalation.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2359</cvename>
<freebsdsa>SA-05:19.ipsec</freebsdsa>
- </references>
- <dates>
- <discovery>2005-07-27</discovery>
- <entry>2005-08-05</entry>
+ </references> <dates>
+ <discovery>2005-07-27</discovery> <entry>2005-08-05</entry>
</dates>
</vuln>
<vuln vid="837b9fb2-0595-11da-86bc-000e0c2e438a">
- <topic>zlib -- buffer overflow vulnerability</topic>
- <affects>
+ <topic>zlib -- buffer overflow vulnerability</topic> <affects>
<package>
- <name>linux_base-suse</name>
- <range><lt>9.3_1</lt></range>
- </package>
- <system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_6</lt></range>
+ <name>linux_base-suse</name> <range><lt>9.3_1</lt></range>
+ </package> <system>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_6</lt></range>
<range><ge>5.3</ge><lt>5.3_20</lt></range>
</system>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem description</h1>
- <p>A fixed-size buffer is used in the decompression of data
- streams. Due to erronous analysis performed when zlib was
- written, this buffer, which was belived to be sufficiently
- large to handle any possible input stream, is in fact too
- small.</p>
- <h1>Impact</h1>
- <p>A carefully constructed compressed data stream can result in
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem description</h1> <p>A fixed-size buffer is used
+ in the decompression of data
+ streams. Due to erronous analysis performed when zlib
+ was written, this buffer, which was belived to be
+ sufficiently large to handle any possible input stream,
+ is in fact too small.</p>
+ <h1>Impact</h1> <p>A carefully constructed compressed data
+ stream can result in
zlib overwriting some data structures. This may cause
- applications to halt, resulting in a denial of service; or
- it may result in an attacker gaining elevated privileges.</p>
+ applications to halt, resulting in a denial of service;
+ or it may result in an attacker gaining elevated
+ privileges.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1849</cvename>
- <freebsdsa>SA-05:18.zlib</freebsdsa>
- </references>
- <dates>
- <discovery>2005-07-27</discovery>
- <entry>2005-08-05</entry>
+ </description> <references>
+ <cvename>CVE-2005-1849</cvename> <freebsdsa>SA-05:18.zlib</freebsdsa>
+ </references> <dates>
+ <discovery>2005-07-27</discovery> <entry>2005-08-05</entry>
<modified>2005-09-24</modified>
</dates>
</vuln>
<vuln vid="7257b26f-0597-11da-86bc-000e0c2e438a">
- <topic>devfs -- ruleset bypass</topic>
- <affects>
+ <topic>devfs -- ruleset bypass</topic> <affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_5</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_5</lt></range>
<range><ge>5.*</ge><lt>5.3_19</lt></range>
</system>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem description</h1>
- <p>Due to insufficient parameter checking of the node type
+ <h1>Problem description</h1> <p>Due to insufficient parameter
+ checking of the node type
during device creation, any user can expose hidden device
nodes on devfs mounted file systems within their jail.
Device nodes will be created in the jail with their normal
default access permissions.</p>
- <h1>Impact</h1>
- <p>Jailed processes can get access to restricted resources on
- the host system. For jailed processes running with superuser
- privileges this implies access to all devices on the system.
- This level of access can lead to information leakage and
- privilege escalation.</p>
- </body>
- </description>
- <references>
+ <h1>Impact</h1> <p>Jailed processes can get access to
+ restricted resources on
+ the host system. For jailed processes running with
+ superuser privileges this implies access to all devices
+ on the system. This level of access can lead to information
+ leakage and privilege escalation.</p>
+ </body>
+ </description> <references>
<cvename>CVE-2005-2218</cvename>
<freebsdsa>SA-05:17.devfs</freebsdsa>
- </references>
- <dates>
- <discovery>2005-07-20</discovery>
- <entry>2005-08-05</entry>
+ </references> <dates>
+ <discovery>2005-07-20</discovery> <entry>2005-08-05</entry>
</dates>
</vuln>
<vuln vid="c28f4705-043f-11da-bc08-0001020eed82">
- <topic>proftpd -- format string vulnerabilities</topic>
- <affects>
+ <topic>proftpd -- format string vulnerabilities</topic> <affects>
<package>
- <name>proftpd</name>
- <name>proftpd-mysql</name>
+ <name>proftpd</name> <name>proftpd-mysql</name>
<range><lt>1.3.0.rc2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The ProFTPD release notes states:</p>
- <blockquote cite="http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2">
- <p>sean &lt;infamous42md at hotpop.com&gt; found two format
+ <p>The ProFTPD release notes states:</p> <blockquote
+ cite="http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2">
+ <p>sean &lt;infamous42md at hotpop.com&gt; found two
+ format
string vulnerabilities, one in mod_sql's SQLShowInfo
- directive, and one involving the 'ftpshut' utility. Both
- can be considered low risk, as they require active
- involvement on the part of the site administrator in order
- to be exploited.</p>
- </blockquote>
- <p>These vulnerabilities could potentially lead to information
- disclosure, a denial-of-server situation, or execution of
- arbitrary code with the permissions of the user running
+ directive, and one involving the 'ftpshut' utility.
+ Both can be considered low risk, as they require active
+ involvement on the part of the site administrator in
+ order to be exploited.</p>
+ </blockquote> <p>These vulnerabilities could potentially
+ lead to information
+ disclosure, a denial-of-server situation, or execution
+ of arbitrary code with the permissions of the user running
ProFTPD.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2390</cvename>
<url>http://www.gentoo.org/security/en/glsa/glsa-200508-02.xml</url>
<url>http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2</url>
- </references>
- <dates>
- <discovery>2005-07-26</discovery>
- <entry>2005-08-03</entry>
+ </references> <dates>
+ <discovery>2005-07-26</discovery> <entry>2005-08-03</entry>
</dates>
</vuln>
<vuln vid="debbb39c-fdb3-11d9-a30d-00b0d09acbfc">
- <topic>nbsmtp -- format string vulnerability</topic>
- <affects>
+ <topic>nbsmtp -- format string vulnerability</topic> <affects>
<package>
- <name>nbsmtp</name>
- <range><lt>0.99_1</lt></range>
+ <name>nbsmtp</name> <range><lt>0.99_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>When nbsmtp is executed in debug mode, server messages
- will be printed to stdout and logged via syslog. Syslog is
- used insecurely and user-supplied format characters are
- directly fed to the syslog function, which results in a
- format string vulnerability.</p>
- <p>Under some circumstances, an SMTP server may be able to
- abuse this vulnerability in order to alter the nbsmtp
- process and execute malicious code.</p>
+ <p>When nbsmtp is executed in debug mode, server messages
+ will be printed to stdout and logged via syslog. Syslog is
+ used insecurely and user-supplied format characters are
+ directly fed to the syslog function, which results in a
+ format string vulnerability.</p> <p>Under some circumstances,
+ an SMTP server may be able to abuse this vulnerability in
+ order to alter the nbsmtp process and execute malicious
+ code.</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt</url>
- </references>
- <dates>
- <discovery>2005-07-25</discovery>
- <entry>2005-08-01</entry>
+ </references> <dates>
+ <discovery>2005-07-25</discovery> <entry>2005-08-01</entry>
</dates>
- </vuln>
- <vuln vid="b1e8c810-01d0-11da-bc08-0001020eed82">
+ </vuln> <vuln vid="b1e8c810-01d0-11da-bc08-0001020eed82">
<topic>sylpheed -- MIME-encoded file name buffer overflow
vulnerability</topic>
<affects>
<package>
- <name>sylpheed</name>
- <name>sylpheed-gtk2</name>
- <name>sylpheed-claws</name>
- <range><lt>1.0.4</lt></range>
+ <name>sylpheed</name> <name>sylpheed-gtk2</name>
+ <name>sylpheed-claws</name> <range><lt>1.0.4</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Sylpheed is vulnerable to a buffer overflow when displaying
emails with attachments that have MIME-encoded file names.
@@ -2235,15 +1878,11 @@ Note: Please add new entries to the beginning of this file.
potentially allowing execution of arbitrary code with the
permissions of the user running sylpheed.</p>
</body>
- </description>
- <references>
- <bid>12934</bid>
- <cvename>CVE-2005-0926</cvename>
+ </description> <references>
+ <bid>12934</bid> <cvename>CVE-2005-0926</cvename>
<url>http://sylpheed.good-day.net/changelog.html.en</url>
- </references>
- <dates>
- <discovery>2005-03-29</discovery>
- <entry>2005-07-31</entry>
+ </references> <dates>
+ <discovery>2005-03-29</discovery> <entry>2005-07-31</entry>
</dates>
</vuln>
@@ -2251,29 +1890,23 @@ Note: Please add new entries to the beginning of this file.
<topic>phpmyadmin -- cross site scripting vulnerability</topic>
<affects>
<package>
- <name>phpmyadmin</name>
- <name>phpMyAdmin</name>
+ <name>phpmyadmin</name> <name>phpMyAdmin</name>
<range><lt>2.6.2.r1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A phpMyAdmin security announcement reports:</p>
- <blockquote cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3">
+ <p>A phpMyAdmin security announcement reports:</p> <blockquote
+ cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3">
<p>The convcharset parameter was not correctly validated,
opening the door to a XSS attack. </p>
</blockquote>
</body>
- </description>
- <references>
- <bid>12982</bid>
- <cvename>CVE-2005-0992</cvename>
- <mlist msgid="4f9e4516050404101223fbdeed@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111264361622660</mlist>
+ </description> <references>
+ <bid>12982</bid> <cvename>CVE-2005-0992</cvename> <mlist
+ msgid="4f9e4516050404101223fbdeed@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111264361622660</mlist>
<url>http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3</url>
- </references>
- <dates>
- <discovery>2005-04-03</discovery>
- <entry>2005-07-31</entry>
+ </references> <dates>
+ <discovery>2005-04-03</discovery> <entry>2005-07-31</entry>
</dates>
</vuln>
@@ -2281,66 +1914,56 @@ Note: Please add new entries to the beginning of this file.
<topic>gnupg -- OpenPGP symmetric encryption vulnerability</topic>
<affects>
<package>
- <name>gnupg</name>
- <range><lt>1.4.1</lt></range>
- </package>
- <package>
- <name>p5-Crypt-OpenPGP</name>
- <name>pgp</name>
- <name>pgpin</name>
+ <name>gnupg</name> <range><lt>1.4.1</lt></range>
+ </package> <package>
+ <name>p5-Crypt-OpenPGP</name> <name>pgp</name> <name>pgpin</name>
<range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Serge Mister and Robert Zuccherato reports that the OpenPGP
- protocol is vulnerable to a cryptographic attack when using
- symmetric encryption in an automated way.</p>
- <p>David Shaw reports about the impact:</p>
- <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html">
+ <p>Serge Mister and Robert Zuccherato reports that the
+ OpenPGP
+ protocol is vulnerable to a cryptographic attack when
+ using symmetric encryption in an automated way.</p>
+ <p>David Shaw reports about the impact:</p> <blockquote
+ cite="http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html">
<p>This attack, while very significant from a cryptographic
point of view, is not generally effective in the real
world. To be specific, unless you have your OpenPGP
program set up as part of an automated system to accept
encrypted messages, decrypt them, and then provide a
- response to the submitter, then this does not affect you
- at all.</p>
- </blockquote>
- <p>Note that the <q>fix</q> in GnuPG does note completely
+ response to the submitter, then this does not affect
+ you at all.</p>
+ </blockquote> <p>Note that the <q>fix</q> in GnuPG does
+ note completely
eliminate the potential problem:</p>
- <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html">
+ <blockquote
+ cite="http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html">
<p>These patches disable a portion of the OpenPGP protocol
- that the attack is exploiting. This change should not be
- user visible. With the patch in place, this attack will
- not work using a public-key encrypted message. It will
- still work using a passphrase-encrypted message.</p>
+ that the attack is exploiting. This change should not
+ be user visible. With the patch in place, this attack
+ will not work using a public-key encrypted message. It
+ will still work using a passphrase-encrypted message.</p>
</blockquote>
</body>
- </description>
- <references>
- <certvu>303094</certvu>
- <cvename>CVE-2005-0366</cvename>
+ </description> <references>
+ <certvu>303094</certvu> <cvename>CVE-2005-0366</cvename>
<url>http://eprint.iacr.org/2005/033</url>
<url>http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html</url>
- </references>
- <dates>
- <discovery>2005-02-08</discovery>
- <entry>2005-07-31</entry>
+ </references> <dates>
+ <discovery>2005-02-08</discovery> <entry>2005-07-31</entry>
<modified>2005-08-03</modified>
</dates>
</vuln>
<vuln vid="81f127a8-0038-11da-86bc-000e0c2e438a">
- <topic>vim -- vulnerabilities in modeline handling: glob, expand</topic>
- <affects>
+ <topic>vim -- vulnerabilities in modeline handling: glob,
+ expand</topic> <affects>
<package>
- <name>vim</name>
- <name>vim-lite</name>
- <name>vim+ruby</name>
+ <name>vim</name> <name>vim-lite</name> <name>vim+ruby</name>
<range><ge>6.3</ge><lt>6.3.82</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Georgi Guninski discovered a way to construct Vim modelines
that execute arbitrary shell commands. The vulnerability
@@ -2348,117 +1971,94 @@ Note: Please add new entries to the beginning of this file.
that call the glob() or expand() functions. An attacker
could trick an user to read or edit a trojaned file with
modelines enabled, after which the attacker is able to
- execute arbitrary commands with the privileges of the user.</p>
- <p><strong>Note:</strong> It is generally recommended that VIM
- users use <code>set nomodeline</code> in
- <code>~/.vimrc</code> to avoid the possibility of trojaned
- text files.</p>
+ execute arbitrary commands with the privileges of the
+ user.</p>
+ <p><strong>Note:</strong> It is generally recommended that
+ VIM
+ users use <code>set nomodeline</code> in <code>~/.vimrc</code>
+ to avoid the possibility of trojaned text files.</p>
</body>
- </description>
- <references>
- <bid>14374</bid>
- <cvename>CVE-2005-2368</cvename>
+ </description> <references>
+ <bid>14374</bid> <cvename>CVE-2005-2368</cvename>
<url>http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html</url>
- </references>
- <dates>
- <discovery>2005-07-25</discovery>
- <entry>2005-07-31</entry>
+ </references> <dates>
+ <discovery>2005-07-25</discovery> <entry>2005-07-31</entry>
</dates>
</vuln>
<vuln vid="68222076-010b-11da-bc08-0001020eed82">
- <topic>tiff -- buffer overflow vulnerability</topic>
- <affects>
+ <topic>tiff -- buffer overflow vulnerability</topic> <affects>
<package>
- <name>tiff</name>
- <range><lt>3.7.3</lt></range>
- </package>
- <package>
- <name>linux-tiff</name>
- <range><lt>3.6.1_3</lt></range>
- </package>
- <package>
- <name>pdflib</name>
- <name>pdflib-perl</name>
+ <name>tiff</name> <range><lt>3.7.3</lt></range>
+ </package> <package>
+ <name>linux-tiff</name> <range><lt>3.6.1_3</lt></range>
+ </package> <package>
+ <name>pdflib</name> <name>pdflib-perl</name>
<range><lt>6.0.1_2</lt></range>
- </package>
- <package>
- <name>gdal</name>
- <range><lt>1.2.1_2</lt></range>
- </package>
- <package>
- <name>fractorama</name>
- <name>iv</name>
- <name>ivtools</name>
- <name>ja-iv</name>
- <name>ja-libimg</name>
- <name>paraview</name>
+ </package> <package>
+ <name>gdal</name> <range><lt>1.2.1_2</lt></range>
+ </package> <package>
+ <name>fractorama</name> <name>iv</name> <name>ivtools</name>
+ <name>ja-iv</name> <name>ja-libimg</name> <name>paraview</name>
<range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Gentoo Linux Security Advisory reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml">
+ <p>A Gentoo Linux Security Advisory reports:</p> <blockquote
+ cite="http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml">
<p>Tavis Ormandy of the Gentoo Linux Security Audit Team
discovered a stack based buffer overflow in the libTIFF
library when reading a TIFF image with a malformed
BitsPerSample tag.</p>
- <p>Successful exploitation would require the victim to open
+ <p>Successful exploitation would require the victim to
+ open
a specially crafted TIFF image, resulting in the execution
of arbitrary code.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1544</cvename>
<url>http://bugzilla.remotesensing.org/show_bug.cgi?id=843</url>
<url>http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml</url>
<url>http://www.remotesensing.org/libtiff/v3.7.3.html</url>
- </references>
- <dates>
- <discovery>2005-05-10</discovery>
- <entry>2005-07-30</entry>
+ </references> <dates>
+ <discovery>2005-05-10</discovery> <entry>2005-07-30</entry>
<modified>2005-08-01</modified>
</dates>
</vuln>
<vuln vid="934b1de4-00d7-11da-bc08-0001020eed82">
- <topic>opera -- image dragging vulnerability</topic>
- <affects>
+ <topic>opera -- image dragging vulnerability</topic> <affects>
<package>
- <name>linux-opera</name>
- <name>opera-devel</name>
- <name>opera</name>
- <range><lt>8.02</lt></range>
+ <name>linux-opera</name> <name>opera-devel</name>
+ <name>opera</name> <range><lt>8.02</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15756/">
- <p>Secunia Research has discovered a vulnerability in Opera,
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15756/">
+ <p>Secunia Research has discovered a vulnerability in
+ Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks and retrieve a user's
files.</p>
- <p>The vulnerability is caused due to Opera allowing a user
+ <p>The vulnerability is caused due to Opera allowing a
+ user
to drag e.g. an image, which is actually a "javascript:"
URI, resulting in cross-site scripting if dropped over
another site. This may also be used to populate a file
- upload form, resulting in uploading of arbitrary files to
- a malicious web site.</p>
- <p>Successful exploitation requires that the user is tricked
+ upload form, resulting in uploading of arbitrary files
+ to a malicious web site.</p>
+ <p>Successful exploitation requires that the user is
+ tricked
into dragging and dropping e.g. an image or a link.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://secunia.com/advisories/15756/</url>
<url>http://www.opera.com/freebsd/changelogs/802/</url>
- </references>
- <dates>
- <discovery>2005-07-28</discovery>
- <entry>2005-07-30</entry>
+ </references> <dates>
+ <discovery>2005-07-28</discovery> <entry>2005-07-30</entry>
</dates>
</vuln>
@@ -2466,38 +2066,34 @@ Note: Please add new entries to the beginning of this file.
<topic>opera -- download dialog spoofing vulnerability</topic>
<affects>
<package>
- <name>linux-opera</name>
- <name>opera-devel</name>
- <name>opera</name>
- <range><lt>8.02</lt></range>
+ <name>linux-opera</name> <name>opera-devel</name>
+ <name>opera</name> <range><lt>8.02</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15870/">
- <p>Secunia Research has discovered a vulnerability in Opera,
- which can be exploited by malicious people to trick users
- into executing malicious files.</p>
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15870/">
+ <p>Secunia Research has discovered a vulnerability in
+ Opera,
+ which can be exploited by malicious people to trick
+ users into executing malicious files.</p>
<p>The vulnerability is caused due to an error in the
- handling of extended ASCII codes in the download
- dialog. This can be exploited to spoof the file extension
- in the file download dialog via a specially crafted
+ handling of extended ASCII codes in the download dialog.
+ This can be exploited to spoof the file extension in
+ the file download dialog via a specially crafted
"Content-Disposition" HTTP header.</p>
- <p>Successful exploitation may result in users being tricked
+ <p>Successful exploitation may result in users being
+ tricked
into executing a malicious file via the download dialog,
- but requires that the "Arial Unicode MS" font
- (ARIALUNI.TTF) has been installed on the system.</p>
+ but requires that the "Arial Unicode MS" font (ARIALUNI.TTF)
+ has been installed on the system.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://secunia.com/advisories/15870/</url>
<url>http://www.opera.com/freebsd/changelogs/802/</url>
- </references>
- <dates>
- <discovery>2005-07-28</discovery>
- <entry>2005-07-30</entry>
+ </references> <dates>
+ <discovery>2005-07-28</discovery> <entry>2005-07-30</entry>
</dates>
</vuln>
@@ -2505,93 +2101,76 @@ Note: Please add new entries to the beginning of this file.
<topic>ethereal -- multiple protocol dissectors vulnerabilities</topic>
<affects>
<package>
- <name>ethereal</name>
- <name>ethereal-lite</name>
- <name>tethereal</name>
- <name>tethereal-lite</name>
+ <name>ethereal</name> <name>ethereal-lite</name>
+ <name>tethereal</name> <name>tethereal-lite</name>
<range><ge>0.8.5</ge><lt>0.10.12</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An Ethreal Security Advisories reports:</p>
- <blockquote cite="http://www.ethereal.com/appnotes/enpa-sa-00020.html">
+ <p>An Ethreal Security Advisories reports:</p> <blockquote
+ cite="http://www.ethereal.com/appnotes/enpa-sa-00020.html">
<p>Our testing program has turned up several more security
issues:</p>
<ul>
- <li>The LDAP dissector could free static memory and crash.</li>
- <li>The AgentX dissector could crash.</li>
- <li>The 802.3 dissector could go into an infinite loop.</li>
- <li>The PER dissector could abort.</li>
- <li>The DHCP dissector could go into an infinite loop.</li>
- <li>The BER dissector could abort or loop infinitely.</li>
- <li>The MEGACO dissector could go into an infinite loop.</li>
- <li>The GIOP dissector could dereference a null pointer.</li>
- <li>The SMB dissector was susceptible to a buffer overflow.</li>
- <li>The WBXML could dereference a null pointer.</li>
- <li>The H1 dissector could go into an infinite loop.</li>
- <li>The DOCSIS dissector could cause a crash.</li>
- <li>The SMPP dissector could go into an infinite loop.</li>
- <li>SCTP graphs could crash.</li>
- <li>The HTTP dissector could crash.</li>
- <li>The SMB dissector could go into a large loop.</li>
- <li>The DCERPC dissector could crash.</li>
- <li>Several dissectors could crash while reassembling packets.</li>
- </ul>
- <p>Steve Grubb at Red Hat found the following issues:</p>
- <ul>
- <li>The CAMEL dissector could dereference a null pointer.</li>
- <li>The DHCP dissector could crash.</li>
- <li>The CAMEL dissector could crash.</li>
- <li>The PER dissector could crash.</li>
- <li>The RADIUS dissector could crash.</li>
- <li>The Telnet dissector could crash.</li>
- <li>The IS-IS LSP dissector could crash.</li>
+ <li>The LDAP dissector could free static memory and
+ crash.</li> <li>The AgentX dissector could crash.</li>
+ <li>The 802.3 dissector could go into an infinite
+ loop.</li> <li>The PER dissector could abort.</li>
+ <li>The DHCP dissector could go into an infinite
+ loop.</li> <li>The BER dissector could abort or loop
+ infinitely.</li> <li>The MEGACO dissector could go into
+ an infinite loop.</li> <li>The GIOP dissector could
+ dereference a null pointer.</li> <li>The SMB dissector
+ was susceptible to a buffer overflow.</li> <li>The WBXML
+ could dereference a null pointer.</li> <li>The H1
+ dissector could go into an infinite loop.</li> <li>The
+ DOCSIS dissector could cause a crash.</li> <li>The SMPP
+ dissector could go into an infinite loop.</li> <li>SCTP
+ graphs could crash.</li> <li>The HTTP dissector could
+ crash.</li> <li>The SMB dissector could go into a large
+ loop.</li> <li>The DCERPC dissector could crash.</li>
+ <li>Several dissectors could crash while reassembling
+ packets.</li>
+ </ul> <p>Steve Grubb at Red Hat found the following
+ issues:</p> <ul>
+ <li>The CAMEL dissector could dereference a null
+ pointer.</li> <li>The DHCP dissector could crash.</li>
+ <li>The CAMEL dissector could crash.</li> <li>The PER
+ dissector could crash.</li> <li>The RADIUS dissector
+ could crash.</li> <li>The Telnet dissector could
+ crash.</li> <li>The IS-IS LSP dissector could crash.</li>
<li>The NCP dissector could crash.</li>
- </ul>
- <p>iDEFENSE found the following issues:</p>
- <ul>
- <li>Several dissectors were susceptible to a format string
+ </ul> <p>iDEFENSE found the following issues:</p> <ul>
+ <li>Several dissectors were susceptible to a format
+ string
overflow.</li>
- </ul>
- <h1>Impact:</h1>
- <p>It may be possible to make Ethereal crash, use up
+ </ul> <h1>Impact:</h1> <p>It may be possible to make
+ Ethereal crash, use up
available memory, or run arbitrary code by injecting a
purposefully malformed packet onto the wire or by
convincing someone to read a malformed packet trace
file.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.ethereal.com/appnotes/enpa-sa-00020.html</url>
- </references>
- <dates>
- <discovery>2005-07-26</discovery>
- <entry>2005-07-30</entry>
+ </references> <dates>
+ <discovery>2005-07-26</discovery> <entry>2005-07-30</entry>
</dates>
</vuln>
<vuln vid="651996e0-fe07-11d9-8329-000e0c2e438a">
- <topic>apache -- http request smuggling</topic>
- <affects>
+ <topic>apache -- http request smuggling</topic> <affects>
<package>
- <name>apache</name>
- <range><lt>1.3.33_2</lt></range>
+ <name>apache</name> <range><lt>1.3.33_2</lt></range>
<range><gt>2.*</gt><lt>2.0.54_1</lt></range>
<range><gt>2.1.0</gt><lt>2.1.6_1</lt></range>
- </package>
- <package>
- <name>apache+ssl</name>
- <range><lt>1.3.33.1.55_1</lt></range>
- </package>
- <package>
- <name>apache+mod_perl</name>
- <range><lt>1.3.33_3</lt></range>
- </package>
- <package>
- <name>apache+mod_ssl</name>
- <name>apache+mod_ssl+ipv6</name>
+ </package> <package>
+ <name>apache+ssl</name> <range><lt>1.3.33.1.55_1</lt></range>
+ </package> <package>
+ <name>apache+mod_perl</name> <range><lt>1.3.33_3</lt></range>
+ </package> <package>
+ <name>apache+mod_ssl</name> <name>apache+mod_ssl+ipv6</name>
<name>apache+mod_ssl+mod_accel</name>
<name>apache+mod_ssl+mod_accel+ipv6</name>
<name>apache+mod_ssl+mod_accel+mod_deflate</name>
@@ -2605,16 +2184,12 @@ Note: Please add new entries to the beginning of this file.
<name>apache+mod_ssl+mod_snmp+mod_deflate+ipv6</name>
<name>apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6</name>
<range><lt>1.3.33+2.8.22_1</lt></range>
- </package>
- <package>
- <name>apache_fp</name>
- <name>apache+ipv6</name>
- <name>ru-apache+mod_ssl</name>
- <name>ru-apache</name>
+ </package> <package>
+ <name>apache_fp</name> <name>apache+ipv6</name>
+ <name>ru-apache+mod_ssl</name> <name>ru-apache</name>
<range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Watchfire whitepaper reports an vulnerability in the
Apache webserver. The vulnerability can be exploited by
@@ -2622,29 +2197,22 @@ Note: Please add new entries to the beginning of this file.
poisoining, session hijacking and most importantly the
ability to bypass web application firewall protection.
Exploiting this vulnerability requires multiple carefully
- crafted HTTP requests, taking advantage of an caching server,
- proxy server, web application firewall etc. This only affects
- installations where Apache is used as HTTP proxy in
- combination with the following web servers:</p>
+ crafted HTTP requests, taking advantage of an caching
+ server, proxy server, web application firewall etc. This
+ only affects installations where Apache is used as HTTP
+ proxy in combination with the following web servers:</p>
<ul>
- <li>IIS/6.0 and 5.0</li>
- <li>Apache 2.0.45 (as web server)</li>
- <li>apache 1.3.29</li>
- <li>WebSphere 5.1 and 5.0</li>
- <li>WebLogic 8.1 SP1</li>
- <li>Oracle9iAS web server 9.0.2</li>
- <li>SunONE web server 6.1 SP4</li>
+ <li>IIS/6.0 and 5.0</li> <li>Apache 2.0.45 (as web
+ server)</li> <li>apache 1.3.29</li> <li>WebSphere 5.1 and
+ 5.0</li> <li>WebLogic 8.1 SP1</li> <li>Oracle9iAS web
+ server 9.0.2</li> <li>SunONE web server 6.1 SP4</li>
</ul>
</body>
- </description>
- <references>
- <bid>14106</bid>
- <cvename>CVE-2005-2088</cvename>
+ </description> <references>
+ <bid>14106</bid> <cvename>CVE-2005-2088</cvename>
<url>http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf</url>
- </references>
- <dates>
- <discovery>2005-07-25</discovery>
- <entry>2005-07-26</entry>
+ </references> <dates>
+ <discovery>2005-07-25</discovery> <entry>2005-07-26</entry>
<modified>2005-08-11</modified>
</dates>
</vuln>
@@ -2653,18 +2221,14 @@ Note: Please add new entries to the beginning of this file.
<topic>clamav -- multiple remote buffer overflows</topic>
<affects>
<package>
- <name>clamav</name>
- <range><lt>0.86.2</lt></range>
- </package>
- <package>
- <name>clamav-devel</name>
- <range><le>20050704</le></range>
+ <name>clamav</name> <range><lt>0.86.2</lt></range>
+ </package> <package>
+ <name>clamav-devel</name> <range><le>20050704</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/16180/">
+ <p>An Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/16180/">
<p>Neel Mehta and Alex Wheeler have reported some
vulnerabilities in Clam AntiVirus, which can be exploited
by malicious people to cause a DoS (Denial of Service)
@@ -2676,22 +2240,19 @@ Note: Please add new entries to the beginning of this file.
TNEF file with a length value of -1 in the header.</li>
<li>An integer overflow error in "libclamav/chmunpack.c"
can be exploited to cause a heap-based buffer overflow
- via a specially crafted CHM file with a chunk entry that
- has a filename length of -1.</li>
+ via a specially crafted CHM file with a chunk entry
+ that has a filename length of -1.</li>
<li>A boundary error in "libclamav/fsg.c" when
processing a FSG compressed file can cause a heap-based
buffer overflow.</li>
</ol>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.rem0te.com/public/images/clamav.pdf</url>
<url>http://secunia.com/advisories/16180/</url>
- </references>
- <dates>
- <discovery>2005-07-24</discovery>
- <entry>2005-07-25</entry>
+ </references> <dates>
+ <discovery>2005-07-24</discovery> <entry>2005-07-25</entry>
</dates>
</vuln>
@@ -2699,78 +2260,64 @@ Note: Please add new entries to the beginning of this file.
<topic>isc-dhcpd -- format string vulnerabilities</topic>
<affects>
<package>
- <name>isc-dhcp3-client</name>
- <name>isc-dhcp3-devel</name>
- <name>isc-dhcp3-relay</name>
- <name>isc-dhcp3-server</name>
- <name>isc-dhcp3</name>
- <name>isc-dhcp</name>
- <name>isc-dhcpd</name>
+ <name>isc-dhcp3-client</name> <name>isc-dhcp3-devel</name>
+ <name>isc-dhcp3-relay</name> <name>isc-dhcp3-server</name>
+ <name>isc-dhcp3</name> <name>isc-dhcp</name> <name>isc-dhcpd</name>
<range><lt>3.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The ISC DHCP programs are vulnerable to several format
- string vulnerabilities which may allow a remote attacker to
- execute arbitrary code with the permissions of the DHCP
- programs, typically root for the DHCP server.</p>
+ string vulnerabilities which may allow a remote attacker
+ to execute arbitrary code with the permissions of the
+ DHCP programs, typically root for the DHCP server.</p>
</body>
- </description>
- <references>
- <bid>11591</bid>
- <certvu>448384</certvu>
- <cvename>CVE-2004-1006</cvename>
- <mlist msgid="20041109003345.GG763@isc.org">http://marc.theaimsgroup.com/?l=dhcp-announce&amp;m=109996073218290</mlist>
- </references>
- <dates>
- <discovery>2004-11-08</discovery>
- <entry>2005-07-23</entry>
+ </description> <references>
+ <bid>11591</bid> <certvu>448384</certvu>
+ <cvename>CVE-2004-1006</cvename> <mlist
+ msgid="20041109003345.GG763@isc.org">http://marc.theaimsgroup.com/?l=dhcp-announce&amp;m=109996073218290</mlist>
+ </references> <dates>
+ <discovery>2004-11-08</discovery> <entry>2005-07-23</entry>
</dates>
</vuln>
<vuln vid="b4892b5b-fb1c-11d9-96ba-00909925db3e">
- <topic>egroupware -- multiple cross-site scripting (XSS) and SQL
+ <topic>egroupware -- multiple cross-site scripting (XSS) and
+ SQL
injection vulnerabilities</topic>
<affects>
<package>
- <name>egroupware</name>
- <range><lt>1.0.0.007</lt></range>
+ <name>egroupware</name> <range><lt>1.0.0.007</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Multiple cross-site scripting (XSS) vulnerabilities in eGroupware
- before 1.0.0.007 allow remote attackers to inject arbitrary web
- script or HTML via the (1) ab_id, (2) page, (3) type,
- or (4) lang parameter to index.php or (5) category_id parameter.
- </p>
- <p>Multiple SQL injection vulnerabilities in index.php in eGroupware
- before 1.0.0.007 allow remote attackers to execute arbitrary SQL
- commands via the (1) filter or (2) cats_app parameter.
+ <p>Multiple cross-site scripting (XSS) vulnerabilities in
+ eGroupware
+ before 1.0.0.007 allow remote attackers to inject arbitrary
+ web script or HTML via the (1) ab_id, (2) page, (3) type,
+ or (4) lang parameter to index.php or (5) category_id
+ parameter.
+ </p> <p>Multiple SQL injection vulnerabilities in index.php
+ in eGroupware
+ before 1.0.0.007 allow remote attackers to execute arbitrary
+ SQL commands via the (1) filter or (2) cats_app parameter.
</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1202</cvename>
- <cvename>CVE-2005-1203</cvename>
+ </description> <references>
+ <cvename>CVE-2005-1202</cvename> <cvename>CVE-2005-1203</cvename>
<url>http://sourceforge.net/project/shownotes.php?release_id=320768</url>
- </references>
- <dates>
- <discovery>2005-04-20</discovery>
- <entry>2005-07-23</entry>
+ </references> <dates>
+ <discovery>2005-04-20</discovery> <entry>2005-07-23</entry>
</dates>
</vuln>
<vuln vid="3f4ac724-fa8b-11d9-afcf-0060084a00e5">
- <topic>fetchmail -- denial of service/crash from malicious POP3 server</topic>
- <affects>
+ <topic>fetchmail -- denial of service/crash from malicious POP3
+ server</topic> <affects>
<package>
- <name>fetchmail</name>
- <range><eq>6.2.5.1</eq></range>
+ <name>fetchmail</name> <range><eq>6.2.5.1</eq></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>In fetchmail 6.2.5.1, the the remote code injection via
POP3 UIDL was fixed, but a denial of service attack was
@@ -2778,17 +2325,15 @@ Note: Please add new entries to the beginning of this file.
<p>Two possible NULL-pointer dereferences allow a malicous
POP3 server to crash fetchmail by respondig with UID lines
containing only the article number but no UID (in violation
- of RFC-1939), or a message without Message-ID when no UIDL
- support is available.</p>
+ of RFC-1939), or a message without Message-ID when no
+ UIDL support is available.</p>
</body>
- </description>
- <references>
- <mlist msgid="20050721172317.GB3071@amilo.ms.mff.cuni.cz">http://lists.berlios.de/pipermail/fetchmail-devel/2005-July/000397.html</mlist>
+ </description> <references>
+ <mlist
+ msgid="20050721172317.GB3071@amilo.ms.mff.cuni.cz">http://lists.berlios.de/pipermail/fetchmail-devel/2005-July/000397.html</mlist>
<url>http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt</url>
- </references>
- <dates>
- <discovery>2005-07-21</discovery>
- <entry>2005-07-22</entry>
+ </references> <dates>
+ <discovery>2005-07-21</discovery> <entry>2005-07-22</entry>
</dates>
</vuln>
@@ -2796,11 +2341,9 @@ Note: Please add new entries to the beginning of this file.
<topic>dnrd -- remote buffer and stack overflow vulnerabilities</topic>
<affects>
<package>
- <name>dnrd</name>
- <range><lt>2.19.1</lt></range>
+ <name>dnrd</name> <range><lt>2.19.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Natanael Copa reports that dnrd is vulnerable to a remote
buffer overflow and a remote stack overflow. These
@@ -2813,15 +2356,11 @@ Note: Please add new entries to the beginning of this file.
<p>The stack overflow vulnerability can cause dnrd to
crash.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2315</cvename>
- <cvename>CVE-2005-2316</cvename>
+ </description> <references>
+ <cvename>CVE-2005-2315</cvename> <cvename>CVE-2005-2316</cvename>
<freebsdpr>ports/83851</freebsdpr>
- </references>
- <dates>
- <discovery>2005-07-21</discovery>
- <entry>2005-07-21</entry>
+ </references> <dates>
+ <discovery>2005-07-21</discovery> <entry>2005-07-21</entry>
</dates>
</vuln>
@@ -2829,11 +2368,9 @@ Note: Please add new entries to the beginning of this file.
<topic>PowerDNS -- LDAP backend fails to escape all queries</topic>
<affects>
<package>
- <name>powerdns</name>
- <range><lt>2.9.18</lt></range>
+ <name>powerdns</name> <range><lt>2.9.18</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The LDAP backend in PowerDNS has issues with escaping
queries which could cause connection errors. This would
@@ -2843,45 +2380,38 @@ Note: Please add new entries to the beginning of this file.
<p>This is known to affect all releases prior to 2.9.18.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2302</cvename>
<url>http://doc.powerdns.com/security-policy.html</url>
<url>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112155941310297&amp;w=2</url>
- </references>
- <dates>
- <discovery>2005-07-16</discovery>
- <entry>2005-07-21</entry>
+ </references> <dates>
+ <discovery>2005-07-16</discovery> <entry>2005-07-21</entry>
</dates>
</vuln>
<vuln vid="3497d7be-2fef-45f4-8162-9063751b573a">
- <topic>fetchmail -- remote root/code injection from malicious POP3 server</topic>
- <affects>
+ <topic>fetchmail -- remote root/code injection from malicious
+ POP3 server</topic> <affects>
<package>
- <name>fetchmail</name>
- <range><lt>6.2.5.1</lt></range>
+ <name>fetchmail</name> <range><lt>6.2.5.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>fetchmail's POP3/UIDL code does not truncate received UIDs properly.
- A malicious or compromised POP3 server can thus corrupt fetchmail's
- stack and inject code when fetchmail is using UIDL, either through
- configuration, or as a result of certain server capabilities. Note
- that fetchmail is run as root on some sites, so an attack might
- compromise the root account and thus the whole machine.</p>
+ <p>fetchmail's POP3/UIDL code does not truncate received
+ UIDs properly.
+ A malicious or compromised POP3 server can thus corrupt
+ fetchmail's stack and inject code when fetchmail is using
+ UIDL, either through configuration, or as a result of
+ certain server capabilities. Note that fetchmail is run
+ as root on some sites, so an attack might compromise the
+ root account and thus the whole machine.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2335</cvename>
- <freebsdpr>ports/83805</freebsdpr>
+ </description> <references>
+ <cvename>CVE-2005-2335</cvename> <freebsdpr>ports/83805</freebsdpr>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762</url>
<url>http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt</url>
- </references>
- <dates>
- <discovery>2005-07-20</discovery>
- <entry>2005-07-20</entry>
+ </references> <dates>
+ <discovery>2005-07-20</discovery> <entry>2005-07-20</entry>
<modified>2005-07-21</modified>
</dates>
</vuln>
@@ -2890,36 +2420,32 @@ Note: Please add new entries to the beginning of this file.
<topic>kdebase -- Kate backup file permission leak</topic>
<affects>
<package>
- <name>kdebase</name>
- <range><ge>3.2.0</ge><lt>3.4.1</lt></range>
- </package>
- <package>
+ <name>kdebase</name> <range><ge>3.2.0</ge><lt>3.4.1</lt></range>
+ </package> <package>
<name>linux_base-suse</name>
<range><ge>9.3</ge><lt>9.3_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A KDE Security Advisory explains:</p>
- <blockquote cite="http://www.kde.org/info/security/advisory-20050718-1.txt">
- <p>Kate / Kwrite create a file backup before saving a modified
- file. These backup files are created with default permissions,
- even if the original file had more strict permissions set.</p>
+ <p>A KDE Security Advisory explains:</p> <blockquote
+ cite="http://www.kde.org/info/security/advisory-20050718-1.txt">
+ <p>Kate / Kwrite create a file backup before saving a
+ modified
+ file. These backup files are created with default
+ permissions, even if the original file had more strict
+ permissions set.</p>
<p>Depending on the system security settings, backup files
might be readable by other users. Kate / Kwrite are
network transparent applications and therefore this
vulnerability might not be restricted to local users.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1920</cvename>
<url>https://bugs.kde.org/show_bug.cgi?id=103331</url>
<url>http://www.kde.org/info/security/advisory-20050718-1.txt</url>
- </references>
- <dates>
- <discovery>2005-07-18</discovery>
- <entry>2005-07-18</entry>
+ </references> <dates>
+ <discovery>2005-07-18</discovery> <entry>2005-07-18</entry>
<modified>2005-10-09</modified>
</dates>
</vuln>
@@ -2928,29 +2454,18 @@ Note: Please add new entries to the beginning of this file.
<topic>firefox &amp; mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.5,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.5</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.9,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.5,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.5</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.9,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.9</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.9</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -2959,76 +2474,65 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Foundation reports of multiple security
vulnerabilities in Firefox and Mozilla:</p>
- <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html">
+ <blockquote
+ cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html">
<ul>
- <li><em>MFSA 2005-56</em> Code execution through shared function
+ <li><em>MFSA 2005-56</em> Code execution through shared
+ function
objects</li>
<li><em>MFSA 2005-55</em> XHTML node spoofing</li>
- <li><em>MFSA 2005-54</em> Javascript prompt origin spoofing</li>
- <li><em>MFSA 2005-53</em> Standalone applications can run arbitrary
+ <li><em>MFSA 2005-54</em> Javascript prompt origin
+ spoofing</li> <li><em>MFSA 2005-53</em> Standalone
+ applications can run arbitrary
code through the browser</li>
- <li><em>MFSA 2005-52</em> Same origin violation: frame calling
+ <li><em>MFSA 2005-52</em> Same origin violation: frame
+ calling
top.focus()</li>
<li><em>MFSA 2005-51</em> The return of frame-injection
spoofing</li>
- <li><em>MFSA 2005-50</em> Possibly exploitable crash in
+ <li><em>MFSA 2005-50</em> Possibly exploitable crash
+ in
InstallVersion.compareTo()</li>
- <li><em>MFSA 2005-49</em> Script injection from Firefox sidebar
+ <li><em>MFSA 2005-49</em> Script injection from Firefox
+ sidebar
panel using data:</li>
- <li><em>MFSA 2005-48</em> Same-origin violation with InstallTrigger
+ <li><em>MFSA 2005-48</em> Same-origin violation with
+ InstallTrigger
callback</li>
<li><em>MFSA 2005-47</em> Code execution via "Set as
Wallpaper"</li>
- <li><em>MFSA 2005-46</em> XBL scripts ran even when Javascript
+ <li><em>MFSA 2005-46</em> XBL scripts ran even when
+ Javascript
disabled</li>
<li><em>MFSA 2005-45</em> Content-generated event
vulnerabilities</li>
</ul>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1937</cvename>
- <cvename>CVE-2005-2260</cvename>
- <cvename>CVE-2005-2261</cvename>
- <cvename>CVE-2005-2262</cvename>
- <cvename>CVE-2005-2263</cvename>
- <cvename>CVE-2005-2264</cvename>
- <cvename>CVE-2005-2265</cvename>
- <cvename>CVE-2005-2266</cvename>
- <cvename>CVE-2005-2267</cvename>
- <cvename>CVE-2005-2268</cvename>
- <cvename>CVE-2005-2269</cvename>
- <cvename>CVE-2005-2270</cvename>
+ </description> <references>
+ <cvename>CVE-2005-1937</cvename> <cvename>CVE-2005-2260</cvename>
+ <cvename>CVE-2005-2261</cvename> <cvename>CVE-2005-2262</cvename>
+ <cvename>CVE-2005-2263</cvename> <cvename>CVE-2005-2264</cvename>
+ <cvename>CVE-2005-2265</cvename> <cvename>CVE-2005-2266</cvename>
+ <cvename>CVE-2005-2267</cvename> <cvename>CVE-2005-2268</cvename>
+ <cvename>CVE-2005-2269</cvename> <cvename>CVE-2005-2270</cvename>
<url>http://www.mozilla.org/projects/security/known-vulnerabilities.html</url>
<url>http://www.mozilla.org/security/announce/mfsa2005-45.html</url>
<url>http://www.mozilla.org/security/announce/mfsa2005-46.html</url>
@@ -3042,10 +2546,8 @@ Note: Please add new entries to the beginning of this file.
<url>http://www.mozilla.org/security/announce/mfsa2005-54.html</url>
<url>http://www.mozilla.org/security/announce/mfsa2005-55.html</url>
<url>http://www.mozilla.org/security/announce/mfsa2005-56.html</url>
- </references>
- <dates>
- <discovery>2005-07-12</discovery>
- <entry>2005-07-16</entry>
+ </references> <dates>
+ <discovery>2005-07-12</discovery> <entry>2005-07-16</entry>
</dates>
</vuln>
@@ -3053,26 +2555,21 @@ Note: Please add new entries to the beginning of this file.
<topic>drupal -- PHP code execution vulnerabilities</topic>
<affects>
<package>
- <name>drupal</name>
- <range><lt>4.6.2</lt></range>
+ <name>drupal</name> <range><lt>4.6.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Kuba Zygmunt discovered a flaw in the input validation routines
+ <p>Kuba Zygmunt discovered a flaw in the input validation
+ routines
of Drupal's filter mechanism. An attacker could execute
- arbitrary PHP code on a target site when public comments or
- postings are allowed.</p>
+ arbitrary PHP code on a target site when public comments
+ or postings are allowed.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1921</cvename>
- <cvename>CVE-2005-2106</cvename>
+ </description> <references>
+ <cvename>CVE-2005-1921</cvename> <cvename>CVE-2005-2106</cvename>
<url>http://drupal.org/files/sa-2005-002/advisory.txt</url>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-07-16</entry>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-07-16</entry>
</dates>
</vuln>
@@ -3080,30 +2577,24 @@ Note: Please add new entries to the beginning of this file.
<topic>phpSysInfo -- cross site scripting vulnerability</topic>
<affects>
<package>
- <name>phpSysInfo</name>
- <range><gt>0</gt></range>
+ <name>phpSysInfo</name> <range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Securityreason.com advisory reports that various cross
site scripting vulnerabilities have been found in phpSysInfo.
- Input is not properly sanitised before it is returned to the
- user. A malicious person could exploit this to execute
+ Input is not properly sanitised before it is returned to
+ the user. A malicious person could exploit this to execute
arbitrary HTML and script code in a users browser session.
- Also it is possible to view the full path of certain scripts
- by accessing them directly.</p>
+ Also it is possible to view the full path of certain
+ scripts by accessing them directly.</p>
</body>
- </description>
- <references>
- <bid>12887</bid>
- <cvename>CVE-2005-0869</cvename>
- <cvename>CVE-2005-0870</cvename>
- <mlist msgid="20050323180207.11987.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111161017209422</mlist>
- </references>
- <dates>
- <discovery>2005-03-22</discovery>
- <entry>2005-07-09</entry>
+ </description> <references>
+ <bid>12887</bid> <cvename>CVE-2005-0869</cvename>
+ <cvename>CVE-2005-0870</cvename> <mlist
+ msgid="20050323180207.11987.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111161017209422</mlist>
+ </references> <dates>
+ <discovery>2005-03-22</discovery> <entry>2005-07-09</entry>
</dates>
</vuln>
@@ -3115,8 +2606,7 @@ Note: Please add new entries to the beginning of this file.
<range><gt>4.1</gt><lt>4.1.12</lt></range>
<range><gt>5.0</gt><lt>5.0.6</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Zataz advisory reports that MySQL contains a security
flaw which could allow a malicious local user to inject
@@ -3126,15 +2616,11 @@ Note: Please add new entries to the beginning of this file.
creates temporary files based on the PID used by the
script.</p>
</body>
- </description>
- <references>
- <bid>13660</bid>
- <cvename>CVE-2005-1636</cvename>
+ </description> <references>
+ <bid>13660</bid> <cvename>CVE-2005-1636</cvename>
<url>http://www.zataz.net/adviso/mysql-05172005.txt</url>
- </references>
- <dates>
- <discovery>2005-05-07</discovery>
- <entry>2005-07-09</entry>
+ </references> <dates>
+ <discovery>2005-05-07</discovery> <entry>2005-07-09</entry>
</dates>
</vuln>
@@ -3142,48 +2628,39 @@ Note: Please add new entries to the beginning of this file.
<topic>net-snmp -- fixproc insecure temporary file creation</topic>
<affects>
<package>
- <name>net-snmp</name>
- <range><lt>5.2.1.2</lt></range>
+ <name>net-snmp</name> <range><lt>5.2.1.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Gentoo advisory reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200505-18.xml">
+ <p>A Gentoo advisory reports:</p> <blockquote
+ cite="http://www.gentoo.org/security/en/glsa/glsa-200505-18.xml">
<p>Net-SNMP creates temporary files in an insecure manner,
possibly allowing the execution of arbitrary code.</p>
<p>A malicious local attacker could exploit a race condition
- to change the content of the temporary files before they
- are executed by fixproc, possibly leading to the execution
- of arbitrary code. A local attacker could also create
- symbolic links in the temporary files directory, pointing
- to a valid file somewhere on the filesystem. When fixproc
- is executed, this would result in the file being
- overwritten.</p>
+ to change the content of the temporary files before
+ they are executed by fixproc, possibly leading to the
+ execution of arbitrary code. A local attacker could
+ also create symbolic links in the temporary files
+ directory, pointing to a valid file somewhere on the
+ filesystem. When fixproc is executed, this would result
+ in the file being overwritten.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13715</bid>
- <cvename>CVE-2005-1740</cvename>
+ </description> <references>
+ <bid>13715</bid> <cvename>CVE-2005-1740</cvename>
<url>http://security.gentoo.org/glsa/glsa-200505-18.xml</url>
- </references>
- <dates>
- <discovery>2005-05-23</discovery>
- <entry>2005-07-09</entry>
+ </references> <dates>
+ <discovery>2005-05-23</discovery> <entry>2005-07-09</entry>
<modified>2005-07-13</modified>
</dates>
</vuln>
<vuln vid="326c517a-d029-11d9-9aed-000e0c2e438a">
- <topic>phpbb -- multiple vulnerabilities</topic>
- <affects>
+ <topic>phpbb -- multiple vulnerabilities</topic> <affects>
<package>
- <name>phpbb</name>
- <range><lt>2.0.12</lt></range>
+ <name>phpbb</name> <range><lt>2.0.12</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpBB is vulnerable to remote exploitation of an input
validation vulnerability allows attackers to read the
@@ -3192,18 +2669,13 @@ Note: Please add new entries to the beginning of this file.
unlink arbitrary system files under the privileges of the
webserver.</p>
</body>
- </description>
- <references>
- <bid>12618</bid>
- <bid>12621</bid>
- <bid>12623</bid>
- <cvename>CVE-2005-0258</cvename>
- <cvename>CVE-2005-0259</cvename>
+ </description> <references>
+ <bid>12618</bid> <bid>12621</bid> <bid>12623</bid>
+ <cvename>CVE-2005-0258</cvename> <cvename>CVE-2005-0259</cvename>
<url>http://security.gentoo.org/glsa/glsa-200503-02.xml</url>
<url>http://www.idefense.com/application/poi/display?id=205&amp;type=vulnerabilities</url>
<url>http://www.idefense.com/application/poi/display?id=204&amp;type=vulnerabilities</url>
- </references>
- <dates>
+ </references> <dates>
<discovery>2005-02-22</discovery>
<entry>2005-07-09</entry>
</dates>
@@ -3213,62 +2685,51 @@ Note: Please add new entries to the beginning of this file.
<topic>shtool -- insecure temporary file creation</topic>
<affects>
<package>
- <name>shtool</name>
- <range><le>2.0.1</le></range>
+ <name>shtool</name> <range><le>2.0.1</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Zataz advisory reports that shtool contains a security
- flaw which could allow a malicious local user to create or
- overwrite the contents of arbitrary files. The attacker
- could fool a user into executing the arbitrary file possibly
- executing arbitrary code.</p>
+ flaw which could allow a malicious local user to create
+ or overwrite the contents of arbitrary files. The attacker
+ could fool a user into executing the arbitrary file
+ possibly executing arbitrary code.</p>
</body>
- </description>
- <references>
+ </description> <references>
<bid>13767</bid>
<url>http://www.zataz.net/adviso/shtool-05252005.txt</url>
- </references>
- <dates>
- <discovery>2005-05-25</discovery>
- <entry>2005-07-09</entry>
+ </references> <dates>
+ <discovery>2005-05-25</discovery> <entry>2005-07-09</entry>
</dates>
</vuln>
<vuln vid="88188a8c-eff6-11d9-8310-0001020eed82">
- <topic>phppgadmin -- "formLanguage" local file inclusion vulnerability</topic>
- <affects>
+ <topic>phppgadmin -- "formLanguage" local file inclusion
+ vulnerability</topic> <affects>
<package>
- <name>phppgadmin</name>
- <range><lt>3.5.4</lt></range>
+ <name>phppgadmin</name> <range><lt>3.5.4</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15941/">
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15941/">
<p>A vulnerability has been reported in phpPgAdmin, which
can be exploited by malicious people to disclose sensitive
information.</p>
<p>Input passed to the "formLanguage" parameter in
- "index.php" isn't properly verified, before it is used to
- include files. This can be exploited to include arbitrary
- files from local resources.</p>
+ "index.php" isn't properly verified, before it is used
+ to include files. This can be exploited to include
+ arbitrary files from local resources.</p>
<p>Successful exploitation requires that "magic_quotes_gpc"
is disabled.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>14142</bid>
- <cvename>CVE-2005-2256</cvename>
+ </description> <references>
+ <bid>14142</bid> <cvename>CVE-2005-2256</cvename>
<url>http://secunia.com/advisories/15941/</url>
<url>http://sourceforge.net/project/shownotes.php?release_id=342261</url>
- </references>
- <dates>
- <discovery>2005-07-05</discovery>
- <entry>2005-07-08</entry>
+ </references> <dates>
+ <discovery>2005-07-05</discovery> <entry>2005-07-08</entry>
<modified>2005-07-21</modified>
</dates>
</vuln>
@@ -3278,116 +2739,98 @@ Note: Please add new entries to the beginning of this file.
vulnerabilities</topic>
<affects>
<package>
- <name>pear-XML_RPC</name>
- <range><lt>1.3.2</lt></range>
+ <name>pear-XML_RPC</name> <range><lt>1.3.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The pear-XML_RPC release notes reports that the following
issues has been fixed:</p>
- <blockquote cite="http://pear.php.net/package/XML_RPC/download/1.3.2">
+ <blockquote
+ cite="http://pear.php.net/package/XML_RPC/download/1.3.2">
<p>Eliminate path disclosure vulnerabilities by suppressing
error messages when eval()'ing.</p>
- <p>Eliminate path disclosure vulnerability by catching bogus
+ <p>Eliminate path disclosure vulnerability by catching
+ bogus
parameters submitted to
<code>XML_RPC_Value::serializeval()</code>.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://pear.php.net/package/XML_RPC/download/1.3.2</url>
- </references>
- <dates>
- <discovery>2005-07-07</discovery>
- <entry>2005-07-08</entry>
+ </references> <dates>
+ <discovery>2005-07-07</discovery> <entry>2005-07-08</entry>
</dates>
</vuln>
<vuln vid="9a035a56-eff0-11d9-8310-0001020eed82">
- <topic>ekg -- insecure temporary file creation</topic>
- <affects>
+ <topic>ekg -- insecure temporary file creation</topic> <affects>
<package>
- <name>pl-ekg</name>
- <range><lt>1.6r2,1</lt></range>
+ <name>pl-ekg</name> <range><lt>1.6r2,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Eric Romang reports that ekg creates temporary files in an
- insecure manner. This can be exploited by an attacker using
- a symlink attack to overwrite arbitrary files and possibly
- execute arbitrary commands with the permissions of the user
- running ekg.</p>
+ <p>Eric Romang reports that ekg creates temporary files in
+ an
+ insecure manner. This can be exploited by an attacker
+ using a symlink attack to overwrite arbitrary files and
+ possibly execute arbitrary commands with the permissions
+ of the user running ekg.</p>
</body>
- </description>
- <references>
- <bid>14146</bid>
- <cvename>CVE-2005-1916</cvename>
- <mlist msgid="42CA2DDB.5030606@zataz.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112060146011122</mlist>
+ </description> <references>
+ <bid>14146</bid> <cvename>CVE-2005-1916</cvename> <mlist
+ msgid="42CA2DDB.5030606@zataz.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112060146011122</mlist>
<url>http://bugs.gentoo.org/show_bug.cgi?id=94172</url>
- </references>
- <dates>
- <discovery>2005-07-05</discovery>
- <entry>2005-07-08</entry>
+ </references> <dates>
+ <discovery>2005-07-05</discovery> <entry>2005-07-08</entry>
<modified>2005-07-31</modified>
</dates>
</vuln>
<vuln vid="6e33f4ab-efed-11d9-8310-0001020eed82">
- <topic>bugzilla -- multiple vulnerabilities</topic>
- <affects>
+ <topic>bugzilla -- multiple vulnerabilities</topic> <affects>
<package>
- <name>bugzilla</name>
- <name>ja-bugzilla</name>
+ <name>bugzilla</name> <name>ja-bugzilla</name>
<range><ge>2.17.1</ge><lt>2.18.2 </lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Bugzilla Security Advisory reports:</p>
- <blockquote cite="http://www.bugzilla.org/security/2.18.1/">
+ <p>A Bugzilla Security Advisory reports:</p> <blockquote
+ cite="http://www.bugzilla.org/security/2.18.1/">
<p>Any user can change any flag on any bug, even if they
don't have access to that bug, or even if they can't
- normally make bug changes. This also allows them to expose
- the summary of a bug.</p>
+ normally make bug changes. This also allows them to
+ expose the summary of a bug.</p>
<p>Bugs are inserted into the database before they are
marked as private, in Bugzilla code. Thus, MySQL
- replication can lag in between the time that the bug is
- inserted and when it is marked as private (usually less
- than a second). If replication lags at this point, the bug
- summary will be accessible to all users until replication
- catches up. Also, on a very slow machine, there may be a
- pause longer than a second that allows users to see the
- title of the newly-filed bug.</p>
+ replication can lag in between the time that the bug
+ is inserted and when it is marked as private (usually
+ less than a second). If replication lags at this point,
+ the bug summary will be accessible to all users until
+ replication catches up. Also, on a very slow machine,
+ there may be a pause longer than a second that allows
+ users to see the title of the newly-filed bug.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2173</cvename>
- <cvename>CVE-2005-2174</cvename>
+ </description> <references>
+ <cvename>CVE-2005-2173</cvename> <cvename>CVE-2005-2174</cvename>
<url>http://www.bugzilla.org/security/2.18.1/</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=292544</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=293159</url>
- </references>
- <dates>
- <discovery>2005-07-07</discovery>
- <entry>2005-07-08</entry>
+ </references> <dates>
+ <discovery>2005-07-07</discovery> <entry>2005-07-08</entry>
<modified>2005-07-18</modified>
</dates>
</vuln>
<vuln vid="d177d9f9-e317-11d9-8088-00123f0f7307">
- <topic>nwclient -- multiple vulnerabilities</topic>
- <affects>
+ <topic>nwclient -- multiple vulnerabilities</topic> <affects>
<package>
- <name>nwclient</name>
- <range><gt>0</gt></range>
+ <name>nwclient</name> <range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Insecure file permissions, network access control and DNS
+ <p>Insecure file permissions, network access control and
+ DNS
usage put systems that use Legato NetWorker at risk.</p>
<p>When the software is running, several files that contain
sensitive information are created with insecure permissions.
@@ -3395,26 +2838,20 @@ Note: Please add new entries to the beginning of this file.
be used for privilege elevation.</p>
<p>An empty &quot;servers&quot; file, which should normally
contain hostnames of authorized backup servers, may allow
- unauthorized backups to be made. Sensitive information can
- be extracted from these backups.</p>
+ unauthorized backups to be made. Sensitive information
+ can be extracted from these backups.</p>
<p>When reverse DNS fails for the Legato client IP a weak
authorization scheme, containing a flaw that allows
unauthorized access, is used. This may allow unauthorized
access.</p>
</body>
- </description>
- <references>
- <bid>3564</bid>
- <bid>3840</bid>
- <bid>3842</bid>
- <cvename>CVE-2001-0910</cvename>
- <cvename>CVE-2002-0113</cvename>
+ </description> <references>
+ <bid>3564</bid> <bid>3840</bid> <bid>3842</bid>
+ <cvename>CVE-2001-0910</cvename> <cvename>CVE-2002-0113</cvename>
<cvename>CVE-2002-0114</cvename>
<url>http://portal1.legato.com/resources/bulletins/372.html</url>
- </references>
- <dates>
- <discovery>2002-01-10</discovery>
- <entry>2005-07-08</entry>
+ </references> <dates>
+ <discovery>2002-01-10</discovery> <entry>2005-07-08</entry>
</dates>
</vuln>
@@ -3422,20 +2859,16 @@ Note: Please add new entries to the beginning of this file.
<topic>acroread -- insecure temporary file creation</topic>
<affects>
<package>
- <name>acroread4</name>
- <name>acroread5</name>
+ <name>acroread4</name> <name>acroread5</name>
<range><ge>0</ge></range>
- </package>
- <package>
- <name>acroread</name>
- <range><lt>7.0.0</lt></range>
+ </package> <package>
+ <name>acroread</name> <range><lt>7.0.0</lt></range>
<range><gt>5.*,1</gt><lt>7.0.0,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia Research reports:</p>
- <blockquote cite="http://secunia.com/secunia_research/2005-6/advisory/">
+ <p>Secunia Research reports:</p> <blockquote
+ cite="http://secunia.com/secunia_research/2005-6/advisory/">
<p>Secunia has discovered a security issue in Adobe Reader
for Linux, which can be exploited by malicious, local
users to gain knowledge of sensitive information.</p>
@@ -3443,18 +2876,16 @@ Note: Please add new entries to the beginning of this file.
created with permissions based on a user's umask in the
"/tmp" folder under certain circumstances when documents
are opened.</p>
- <p>Successful exploitation allows an unprivileged user to
+ <p>Successful exploitation allows an unprivileged user
+ to
read arbitrary users' documents.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1912</cvename>
<url>http://secunia.com/secunia_research/2005-6/advisory/</url>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-07-06</entry>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-07-06</entry>
</dates>
</vuln>
@@ -3462,46 +2893,40 @@ Note: Please add new entries to the beginning of this file.
<topic>clamav -- cabinet file handling DoS vulnerability</topic>
<affects>
<package>
- <name>clamav</name>
- <range><lt>0.86</lt></range>
- </package>
- <package>
- <name>clamav-devel</name>
- <range><lt>20050620</lt></range>
+ <name>clamav</name> <range><lt>0.86</lt></range>
+ </package> <package>
+ <name>clamav-devel</name> <range><lt>20050620</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An iDEFENSE Security Advisory reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006456809016">
- <p>Remote exploitation of an input validation error in Clam
+ <p>An iDEFENSE Security Advisory reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006456809016">
+ <p>Remote exploitation of an input validation error in
+ Clam
AntiVirus ClamAV allows attackers to cause a denial of
service condition.</p>
<p>The vulnerability specifically exists due to insufficient
validation on cabinet file header data. The
- <code>ENSURE_BITS()</code> macro fails to check for zero
- length reads, allowing a carefully constructed cabinet
- file to cause an infinite loop.</p>
+ <code>ENSURE_BITS()</code> macro fails to check for
+ zero length reads, allowing a carefully constructed
+ cabinet file to cause an infinite loop.</p>
<p>ClamAV is used in a number of mail gateway
- products. Successful exploitation requires an attacker to
- send a specially constructed CAB file through a mail
- gateway or personal anti-virus client utilizing the ClamAV
- scanning engine. The infinate loop will cause the ClamAV
- software to use all available processor resources,
- resulting in a denial of service or severe degradation to
- system performance. Remote exploitation can be achieved by
- sending a malicious file in an e-mail message or during an
- HTTP session.</p>
+ products. Successful exploitation requires an attacker
+ to send a specially constructed CAB file through a mail
+ gateway or personal anti-virus client utilizing the
+ ClamAV scanning engine. The infinate loop will cause
+ the ClamAV software to use all available processor
+ resources, resulting in a denial of service or severe
+ degradation to system performance. Remote exploitation
+ can be achieved by sending a malicious file in an e-mail
+ message or during an HTTP session.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1923</cvename>
- <mlist msgid="FB24803D1DF2A34FA59FC157B77C97050462A3AB@IDSERV04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006456809016</mlist>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-07-06</entry>
+ </description> <references>
+ <cvename>CVE-2005-1923</cvename> <mlist
+ msgid="FB24803D1DF2A34FA59FC157B77C97050462A3AB@IDSERV04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006456809016</mlist>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-07-06</entry>
</dates>
</vuln>
@@ -3509,24 +2934,22 @@ Note: Please add new entries to the beginning of this file.
<topic>clamav -- MS-Expand file handling DoS vulnerability</topic>
<affects>
<package>
- <name>clamav</name>
- <range><lt>0.86</lt></range>
- </package>
- <package>
- <name>clamav-devel</name>
- <range><lt>20050620</lt></range>
+ <name>clamav</name> <range><lt>0.86</lt></range>
+ </package> <package>
+ <name>clamav-devel</name> <range><lt>20050620</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An iDEFENSE Security Advisory reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006402411598">
- <p>Remote exploitation of an input validation error in Clam
+ <p>An iDEFENSE Security Advisory reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006402411598">
+ <p>Remote exploitation of an input validation error in
+ Clam
AntiVirus ClamAV allows attackers to cause a denial of
service condition.</p>
<p>The vulnerability specifically exists due to improper
behavior during exceptional conditions.</p>
- <p>Successful exploitation allows attackers to exhaust file
+ <p>Successful exploitation allows attackers to exhaust
+ file
descriptors pool and memory. Anti-virus detection
functionality will fail if there is no file descriptors
available with which to open files. Remote exploitation
@@ -3534,144 +2957,114 @@ Note: Please add new entries to the beginning of this file.
message or during an HTTP session.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1922</cvename>
- <mlist msgid="FB24803D1DF2A34FA59FC157B77C97050462A3AC@IDSERV04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006402411598</mlist>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-07-06</entry>
+ </description> <references>
+ <cvename>CVE-2005-1922</cvename> <mlist
+ msgid="FB24803D1DF2A34FA59FC157B77C97050462A3AC@IDSERV04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006402411598</mlist>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-07-06</entry>
</dates>
</vuln>
<vuln vid="8efe93e2-ee62-11d9-8310-0001020eed82">
- <topic>zlib -- buffer overflow vulnerability</topic>
- <affects>
+ <topic>zlib -- buffer overflow vulnerability</topic> <affects>
<package>
- <name>zsync</name>
- <range><lt>0.4.1</lt></range>
- </package>
- <system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_4</lt></range>
+ <name>zsync</name> <range><lt>0.4.1</lt></range>
+ </package> <system>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_4</lt></range>
<range><ge>5.3</ge><lt>5.3_18</lt></range>
</system>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>An error in the handling of corrupt compressed data streams
+ <h1>Problem Description</h1> <p>An error in the handling
+ of corrupt compressed data streams
can result in a buffer being overflowed.</p>
- <h1>Impact</h1>
- <p>By carefully crafting a corrupt compressed data stream, an
+ <h1>Impact</h1> <p>By carefully crafting a corrupt compressed
+ data stream, an
attacker can overwrite data structures in a zlib-using
- application. This may cause the application to halt,
+ application. This may cause the application to halt,
causing a denial of service; or it may result in the
attacker gaining elevated privileges.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2096</cvename>
- <freebsdsa>SA-05:16.zlib</freebsdsa>
- </references>
- <dates>
- <discovery>2005-07-06</discovery>
- <entry>2005-07-06</entry>
+ </description> <references>
+ <cvename>CVE-2005-2096</cvename> <freebsdsa>SA-05:16.zlib</freebsdsa>
+ </references> <dates>
+ <discovery>2005-07-06</discovery> <entry>2005-07-06</entry>
<modified>2005-10-01</modified>
</dates>
</vuln>
<vuln vid="70c59485-ee5a-11d9-8310-0001020eed82">
- <topic>acroread -- buffer overflow vulnerability</topic>
- <affects>
+ <topic>acroread -- buffer overflow vulnerability</topic> <affects>
<package>
- <name>acroread4</name>
- <name>acroread5</name>
+ <name>acroread4</name> <name>acroread5</name>
<range><ge>0</ge></range>
- </package>
- <package>
- <name>acroread</name>
- <range><lt>7.0.0</lt></range>
+ </package> <package>
+ <name>acroread</name> <range><lt>7.0.0</lt></range>
<range><gt>5.*,1</gt><lt>7.0.0,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An Adobe Security Advisory reports:</p>
- <blockquote cite="http://www.adobe.com/support/techdocs/329083.html">
+ <p>An Adobe Security Advisory reports:</p> <blockquote
+ cite="http://www.adobe.com/support/techdocs/329083.html">
<p>A vulnerability within Adobe Reader has been
identified. Under certain circumstances, remote
exploitation of a buffer overflow in Adobe Reader could
allow an attacker to execute arbitrary code.</p>
<p>If exploited, it could allow the execution of arbitrary
code under the privileges of the local user. Remote
- exploitation is possible if the malicious PDF document is
- sent as an email attachment or if the PDF document is
- accessed via a web link.</p>
+ exploitation is possible if the malicious PDF document
+ is sent as an email attachment or if the PDF document
+ is accessed via a web link.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1625</cvename>
- <url>http://www.adobe.com/support/techdocs/329083.html</url>
- <mlist msgid="FB24803D1DF2A34FA59FC157B77C97050462A5E2@IDSERV04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112059685332569</mlist>
- </references>
- <dates>
- <discovery>2005-07-05</discovery>
- <entry>2005-07-06</entry>
+ <url>http://www.adobe.com/support/techdocs/329083.html</url> <mlist
+ msgid="FB24803D1DF2A34FA59FC157B77C97050462A5E2@IDSERV04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112059685332569</mlist>
+ </references> <dates>
+ <discovery>2005-07-05</discovery> <entry>2005-07-06</entry>
</dates>
</vuln>
<vuln vid="b2a1a3b5-ed95-11d9-8310-0001020eed82">
- <topic>net-snmp -- remote DoS vulnerability</topic>
- <affects>
+ <topic>net-snmp -- remote DoS vulnerability</topic> <affects>
<package>
- <name>net-snmp</name>
- <range><lt>5.2.1.2</lt></range>
+ <name>net-snmp</name> <range><lt>5.2.1.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Net-SNMP release announcement reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=net-snmp-announce&amp;m=112059518426328">
+ <p>A Net-SNMP release announcement reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=net-snmp-announce&amp;m=112059518426328">
<p>A security vulnerability has been found in Net-SNMP
releases that could allow a denial of service attack
- against Net-SNMP agent's which have opened a stream based
- protocol (EG, TCP but not UDP; it should be noted that
- Net-SNMP does not by default open a TCP port).</p>
+ against Net-SNMP agent's which have opened a stream
+ based protocol (EG, TCP but not UDP; it should be noted
+ that Net-SNMP does not by default open a TCP port).</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>14168</bid>
- <cvename>CVE-2005-2177</cvename>
- <mlist msgid="sdzmt5sul0.fsf@wes.hardakers.net">http://marc.theaimsgroup.com/?l=net-snmp-announce&amp;m=112059518426328</mlist>
- </references>
- <dates>
- <discovery>2005-07-02</discovery>
- <entry>2005-07-05</entry>
+ </description> <references>
+ <bid>14168</bid> <cvename>CVE-2005-2177</cvename> <mlist
+ msgid="sdzmt5sul0.fsf@wes.hardakers.net">http://marc.theaimsgroup.com/?l=net-snmp-announce&amp;m=112059518426328</mlist>
+ </references> <dates>
+ <discovery>2005-07-02</discovery> <entry>2005-07-05</entry>
<modified>2005-10-26</modified>
</dates>
</vuln>
<vuln vid="1cf00643-ed8a-11d9-8310-0001020eed82">
- <topic>cacti -- multiple vulnerabilities</topic>
- <affects>
+ <topic>cacti -- multiple vulnerabilities</topic> <affects>
<package>
- <name>cacti</name>
- <range><lt>0.8.6f</lt></range>
+ <name>cacti</name> <range><lt>0.8.6f</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Stefan Esser reports:</p>
- <blockquote cite="http://www.hardened-php.net/advisory-032005.php">
+ <p>Stefan Esser reports:</p> <blockquote
+ cite="http://www.hardened-php.net/advisory-032005.php">
<p>Wrongly implemented user input filters lead to multiple
SQL Injection vulnerabilities which can lead f.e. to
disclosure of the admin password hash.</p>
- </blockquote>
- <blockquote cite="http://www.hardened-php.net/advisory-042005.php">
+ </blockquote> <blockquote
+ cite="http://www.hardened-php.net/advisory-042005.php">
<p>Wrongly implemented user input filters allows injection
of user input into executed commandline.</p>
<p>Alberto Trivero posted his Remote Command Execution
@@ -3680,92 +3073,84 @@ Note: Please add new entries to the beginning of this file.
that the malfunctioning input filters, which were already
mentioned in the previous advisory are also responsible
for this bug still being exploitable.</p>
- </blockquote>
- <blockquote cite="http://www.hardened-php.net/advisory-052005.php">
+ </blockquote> <blockquote
+ cite="http://www.hardened-php.net/advisory-052005.php">
<p>A HTTP headers bypass switch can also be used to
- completely bypass the authentification system of Cacti. As
- admin it is possible to execute shell commands with the
- permission of the webserver.</p>
+ completely bypass the authentification system of Cacti.
+ As admin it is possible to execute shell commands with
+ the permission of the webserver.</p>
<p>While looking at the source of Cacti a HTTP headers
bypass switch was discovered, that also switches off a
call to <code>session_start()</code> and the manual
application of <code>addslashes()</code> in case of
<code>magic_quotes_gpc=Off</code>.</p>
- <p>When register_globals is turned on* an attacker can use
+ <p>When register_globals is turned on* an attacker can
+ use
this switch to disables Cacti's use of PHP's session
- support and therefore supply the session variables on his
- own through f.e. the URL. Additionally using the switch
- renders several SQL statements vulnerable to SQL
- Injections attacks, when magic_quotes_gpc is turned off,
- which is the recommended setting.</p>
+ support and therefore supply the session variables on
+ his own through f.e. the URL. Additionally using the
+ switch renders several SQL statements vulnerable to SQL
+ Injections attacks, when magic_quotes_gpc is turned
+ off, which is the recommended setting.</p>
<p>Logged in as an admin it is possible to issue shell
commands.</p>
- <p>(*) register_globals is turned off by default since PHP
+ <p>(*) register_globals is turned off by default since
+ PHP
4.2 but is activated on most servers because of older
scripts requiring it.</p>
</blockquote>
</body>
- </description>
- <references>
- <mlist msgid="007301c57753$5ab17f60$0100a8c0@alberto">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111954136315248</mlist>
+ </description> <references>
+ <mlist
+ msgid="007301c57753$5ab17f60$0100a8c0@alberto">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111954136315248</mlist>
<url>http://www.hardened-php.net/advisory-032005.php</url>
<url>http://www.hardened-php.net/advisory-042005.php</url>
<url>http://www.hardened-php.net/advisory-052005.php</url>
- </references>
- <dates>
- <discovery>2005-06-22</discovery>
- <entry>2005-07-05</entry>
+ </references> <dates>
+ <discovery>2005-06-22</discovery> <entry>2005-07-05</entry>
</dates>
</vuln>
<vuln vid="dca0a345-ed81-11d9-8310-0001020eed82">
- <topic>wordpress -- multiple vulnerabilities</topic>
- <affects>
+ <topic>wordpress -- multiple vulnerabilities</topic> <affects>
<package>
- <name>wordpress</name>
- <range><lt>1.5.1.3,1</lt></range>
+ <name>wordpress</name> <range><lt>1.5.1.3,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>GulfTech Security Research reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006967221438">
- <p>There are a number of vulnerabilities in WordPress that
- may allow an attacker to ultimately run arbitrary code on
- the vulnerable system. These vulnerabilities include SQL
- Injection, Cross Site Scripting, and also issues that may
- aid an attacker in social engineering.</p>
+ <p>GulfTech Security Research reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006967221438">
+ <p>There are a number of vulnerabilities in WordPress
+ that
+ may allow an attacker to ultimately run arbitrary code
+ on the vulnerable system. These vulnerabilities include
+ SQL Injection, Cross Site Scripting, and also issues
+ that may aid an attacker in social engineering.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2107</cvename>
- <cvename>CVE-2005-2108</cvename>
- <cvename>CVE-2005-2109</cvename>
- <cvename>CVE-2005-2110</cvename>
- <mlist msgid="42C2BE6E.2050408@gulftech.org">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006967221438</mlist>
- </references>
- <dates>
- <discovery>2005-06-28</discovery>
- <entry>2005-07-05</entry>
+ </description> <references>
+ <cvename>CVE-2005-2107</cvename> <cvename>CVE-2005-2108</cvename>
+ <cvename>CVE-2005-2109</cvename> <cvename>CVE-2005-2110</cvename>
+ <mlist
+ msgid="42C2BE6E.2050408@gulftech.org">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112006967221438</mlist>
+ </references> <dates>
+ <discovery>2005-06-28</discovery> <entry>2005-07-05</entry>
</dates>
</vuln>
<vuln vid="a4955b32-ed84-11d9-8310-0001020eed82">
- <topic>wordpress -- multiple vulnerabilities</topic>
- <affects>
+ <topic>wordpress -- multiple vulnerabilities</topic> <affects>
<package>
- <name>wordpress</name>
- <range><lt>1.5.1.2,1</lt></range>
+ <name>wordpress</name> <range><lt>1.5.1.2,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Gentoo Linux Security Advisory reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200506-04.xml">
+ <p>A Gentoo Linux Security Advisory reports:</p> <blockquote
+ cite="http://www.gentoo.org/security/en/glsa/glsa-200506-04.xml">
<p>Due to a lack of input validation, WordPress is
vulnerable to SQL injection and XSS attacks.</p>
- <p>An attacker could use the SQL injection vulnerabilites to
+ <p>An attacker could use the SQL injection vulnerabilites
+ to
gain information from the database. Furthermore the
cross-site scripting issues give an attacker the ability
to inject and execute malicious script code or to steal
@@ -3773,14 +3158,11 @@ Note: Please add new entries to the beginning of this file.
compromising the victim's browser.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1810</cvename>
<url>http://www.gentoo.org/security/en/glsa/glsa-200506-04.xml</url>
- </references>
- <dates>
- <discovery>2005-04-12</discovery>
- <entry>2005-07-05</entry>
+ </references> <dates>
+ <discovery>2005-04-12</discovery> <entry>2005-07-05</entry>
</dates>
</vuln>
@@ -3788,32 +3170,28 @@ Note: Please add new entries to the beginning of this file.
<topic>phpbb -- remote PHP code execution vulnerability</topic>
<affects>
<package>
- <name>phpbb</name>
- <range><lt>2.0.16</lt></range>
+ <name>phpbb</name> <range><lt>2.0.16</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>FrSIRT Advisory reports:</p>
- <blockquote cite="http://www.frsirt.com/english/advisories/2005/0904">
+ <p>FrSIRT Advisory reports:</p> <blockquote
+ cite="http://www.frsirt.com/english/advisories/2005/0904">
<p>A vulnerability was identified in phpBB, which
may be exploited by attackers to compromise a vulnerable
- web server. This flaw is due to an input validation error
- in the "viewtopic.php" script that does not properly filter
- the "highlight" parameter before calling the "preg_replace()"
- function, which may be exploited by remote attackers to execute
- arbitrary PHP commands with the privileges of the web server.</p>
+ web server. This flaw is due to an input validation
+ error in the "viewtopic.php" script that does not
+ properly filter the "highlight" parameter before calling
+ the "preg_replace()" function, which may be exploited
+ by remote attackers to execute arbitrary PHP commands
+ with the privileges of the web server.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-2086</cvename>
<url>http://www.frsirt.com/english/advisories/2005/0904</url>
<url>http://www.phpbb.com/phpBB/viewtopic.php?t=302011</url>
- </references>
- <dates>
- <discovery>2005-06-28</discovery>
- <entry>2005-07-03</entry>
+ </references> <dates>
+ <discovery>2005-06-28</discovery> <entry>2005-07-03</entry>
<modified>2005-07-07</modified>
</dates>
</vuln>
@@ -3822,126 +3200,108 @@ Note: Please add new entries to the beginning of this file.
<topic>pear-XML_RPC -- arbitrary remote code execution</topic>
<affects>
<package>
- <name>pear-XML_RPC</name>
- <range><lt>1.3.1</lt></range>
+ <name>pear-XML_RPC</name> <range><lt>1.3.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>GulfTech Security Research Team reports:</p>
- <blockquote cite="http://www.gulftech.org/?node=research&amp;article_id=00087-07012005">
- <p>PEAR XML_RPC is vulnerable to a very high risk php code
+ <p>GulfTech Security Research Team reports:</p> <blockquote
+ cite="http://www.gulftech.org/?node=research&amp;article_id=00087-07012005">
+ <p>PEAR XML_RPC is vulnerable to a very high risk php
+ code
injection vulnerability due to unsanatized data being
passed into an eval() call.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1921</cvename>
<url>http://www.gulftech.org/?node=research&amp;article_id=00087-07012005</url>
<url>http://www.hardened-php.net/advisory-022005.php</url>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-07-03</entry>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-07-03</entry>
</dates>
</vuln>
<vuln vid="f70f8860-e8ee-11d9-b875-0001020eed82">
- <topic>kernel -- ipfw packet matching errors with address tables</topic>
- <affects>
+ <topic>kernel -- ipfw packet matching errors with address
+ tables</topic> <affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_3</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_3</lt></range>
</system>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>The ipfw tables lookup code caches the result of the last
- query. The kernel may process multiple packets
- concurrently, performing several concurrent table lookups.
- Due to an insufficient locking, a cached result can become
- corrupted that could cause some addresses to be incorrectly
- matched against a lookup table.</p>
- <h1>Impact</h1>
- <p>When lookup tables are used with ipfw, packets may on very
- rare occasions incorrectly match a lookup table. This could
- result in a packet being treated contrary to the defined
- packet filtering ruleset. For example, a packet may be
- allowed to pass through when it should have been
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description</h1> <p>The ipfw tables lookup code
+ caches the result of the last
+ query. The kernel may process multiple packets concurrently,
+ performing several concurrent table lookups. Due to an
+ insufficient locking, a cached result can become corrupted
+ that could cause some addresses to be incorrectly matched
+ against a lookup table.</p>
+ <h1>Impact</h1> <p>When lookup tables are used with ipfw,
+ packets may on very
+ rare occasions incorrectly match a lookup table. This
+ could result in a packet being treated contrary to the
+ defined packet filtering ruleset. For example, a packet
+ may be allowed to pass through when it should have been
discarded.</p>
<p>The problem can only occur on Symmetric Multi-Processor
(SMP) systems, or on Uni Processor (UP) systems with the
PREEMPTION kernel option enabled (not the default).</p>
- <h1>Workaround</h1>
- <p>a) Do not use lookup tables.</p>
- <p>OR</p>
- <p>b) Disable concurrent processing of packets in the network
+ <h1>Workaround</h1> <p>a) Do not use lookup tables.</p>
+ <p>OR</p> <p>b) Disable concurrent processing of packets
+ in the network
stack by setting the "debug.mpsafenet=0" tunable:</p>
<p># echo "debug.mpsafenet=0" &lt;&lt; /boot/loader.conf</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-2019</cvename>
- <freebsdsa>SA-05:13.ipfw</freebsdsa>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-06-29</entry>
+ </description> <references>
+ <cvename>CVE-2005-2019</cvename> <freebsdsa>SA-05:13.ipfw</freebsdsa>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-06-29</entry>
<modified>2005-07-06</modified>
</dates>
</vuln>
<vuln vid="197f444f-e8ef-11d9-b875-0001020eed82">
- <topic>bzip2 -- denial of service and permission race vulnerabilities</topic>
- <affects>
+ <topic>bzip2 -- denial of service and permission race
+ vulnerabilities</topic> <affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_3</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_3</lt></range>
<range><ge>5.*</ge><lt>5.3_17</lt></range>
<range><ge>4.11</ge><lt>4.11_11</lt></range>
<range><lt>4.10_16</lt></range>
- </system>
- <package>
- <name>bzip2</name>
- <range><lt>1.0.3_1</lt></range>
+ </system> <package>
+ <name>bzip2</name> <range><lt>1.0.3_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>Two problems have been discovered relating to the
- extraction of bzip2-compressed files. First, a carefully
+ <h1>Problem Description</h1> <p>Two problems have been
+ discovered relating to the
+ extraction of bzip2-compressed files. First, a carefully
constructed invalid bzip2 archive can cause bzip2 to enter
an infinite loop. Second, when creating a new file, bzip2
closes the file before setting its permissions.</p>
- <h1>Impact</h1>
- <p>The first problem can cause bzip2 to extract a bzip2
- archive to an infinitely large file. If bzip2 is used in
- automated processing of untrusted files this could be
+ <h1>Impact</h1> <p>The first problem can cause bzip2 to
+ extract a bzip2
+ archive to an infinitely large file. If bzip2 is used
+ in automated processing of untrusted files this could be
exploited by an attacker to create an denial-of-service
situation by exhausting disk space or by consuming all
available cpu time.</p>
- <p>The second problem can allow a local attacker to change the
- permissions of local files owned by the user executing bzip2
- providing that they have write access to the directory in
- which the file is being extracted.</p>
- <h1>Workaround</h1>
- <p>Do not uncompress bzip2 archives from untrusted sources and
- do not uncompress files in directories where untrusted users
- have write access.</p>
+ <p>The second problem can allow a local attacker to change
+ the
+ permissions of local files owned by the user executing
+ bzip2 providing that they have write access to the directory
+ in which the file is being extracted.</p>
+ <h1>Workaround</h1> <p>Do not uncompress bzip2 archives
+ from untrusted sources and
+ do not uncompress files in directories where untrusted
+ users have write access.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0953</cvename>
- <cvename>CVE-2005-1260</cvename>
+ </description> <references>
+ <cvename>CVE-2005-0953</cvename> <cvename>CVE-2005-1260</cvename>
<freebsdsa>SA-05:14.bzip2</freebsdsa>
<url>http://scary.beasts.org/security/CESA-2005-002.txt</url>
- </references>
- <dates>
- <discovery>2005-03-30</discovery>
- <entry>2005-06-29</entry>
+ </references> <dates>
+ <discovery>2005-03-30</discovery> <entry>2005-06-29</entry>
<modified>2005-07-06</modified>
</dates>
</vuln>
@@ -3950,46 +3310,40 @@ Note: Please add new entries to the beginning of this file.
<topic>kernel -- TCP connection stall denial of service</topic>
<affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_3</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_3</lt></range>
<range><ge>5.*</ge><lt>5.3_17</lt></range>
<range><ge>4.11</ge><lt>4.11_11</lt></range>
<range><lt>4.10_16</lt></range>
</system>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>Two problems have been discovered in the FreeBSD TCP stack.</p>
- <p>First, when a TCP packets containing a timestamp is
+ <h1>Problem Description</h1> <p>Two problems have been
+ discovered in the FreeBSD TCP stack.</p> <p>First, when a
+ TCP packets containing a timestamp is
received, inadequate checking of sequence numbers is
- performed, allowing an attacker to artificially increase the
- internal "recent" timestamp for a connection.</p>
- <p>Second, a TCP packet with the SYN flag set is accepted for
+ performed, allowing an attacker to artificially increase
+ the internal "recent" timestamp for a connection.</p>
+ <p>Second, a TCP packet with the SYN flag set is accepted
+ for
established connections, allowing an attacker to overwrite
certain TCP options.</p>
- <h1>Impact</h1>
- <p>Using either of the two problems an attacker with knowledge
- of the local and remote IP and port numbers associated with
- a connection can cause a denial of service situation by
- stalling the TCP connection. The stalled TCP connection my
- be closed after some time by the other host.</p>
- <h1>Workaround</h1>
- <p>In some cases it may be possible to defend against these
+ <h1>Impact</h1> <p>Using either of the two problems an
+ attacker with knowledge
+ of the local and remote IP and port numbers associated
+ with a connection can cause a denial of service situation
+ by stalling the TCP connection. The stalled TCP connection
+ my be closed after some time by the other host.</p>
+ <h1>Workaround</h1> <p>In some cases it may be possible to
+ defend against these
attacks by blocking the attack packets using a firewall.
Packets used to effect either of these attacks would have
spoofed source IP addresses.</p>
</body>
- </description>
- <references>
- <certvu>637934</certvu>
- <cvename>CVE-2005-0356</cvename>
- <cvename>CVE-2005-2068</cvename>
- <freebsdsa>SA-05:15.tcp</freebsdsa>
- </references>
- <dates>
- <discovery>2005-06-29</discovery>
- <entry>2005-06-29</entry>
+ </description> <references>
+ <certvu>637934</certvu> <cvename>CVE-2005-0356</cvename>
+ <cvename>CVE-2005-2068</cvename> <freebsdsa>SA-05:15.tcp</freebsdsa>
+ </references> <dates>
+ <discovery>2005-06-29</discovery> <entry>2005-06-29</entry>
<modified>2005-07-06</modified>
</dates>
</vuln>
@@ -3998,25 +3352,23 @@ Note: Please add new entries to the beginning of this file.
<topic>ethereal -- multiple protocol dissectors vulnerabilities</topic>
<affects>
<package>
- <name>ethereal</name>
- <name>ethereal-lite</name>
- <name>tethereal</name>
- <name>tethereal-lite</name>
+ <name>ethereal</name> <name>ethereal-lite</name>
+ <name>tethereal</name> <name>tethereal-lite</name>
<range><ge>0.8.14</ge><lt>0.10.11</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An Ethreal Security Advisories reports:</p>
- <blockquote cite="http://www.ethereal.com/appnotes/enpa-sa-00019.html">
+ <p>An Ethreal Security Advisories reports:</p> <blockquote
+ cite="http://www.ethereal.com/appnotes/enpa-sa-00019.html">
<p>An aggressive testing program as well as independent
discovery has turned up a multitude of security issues:</p>
<ul>
- <li>The ANSI A dissector was susceptible to format string
+ <li>The ANSI A dissector was susceptible to format
+ string
vulnerabilities. Discovered by Bryan Fulton.</li>
- <li>The GSM MAP dissector could crash.</li>
- <li>The AIM dissector could cause a crash.</li>
- <li>The DISTCC dissector was susceptible to a buffer
+ <li>The GSM MAP dissector could crash.</li> <li>The AIM
+ dissector could cause a crash.</li> <li>The DISTCC
+ dissector was susceptible to a buffer
overflow. Discovered by Ilja van Sprundel</li>
<li>The FCELS dissector was susceptible to a buffer
overflow. Discovered by Neil Kettle</li>
@@ -4026,21 +3378,23 @@ Note: Please add new entries to the beginning of this file.
exception, endless looping, and other problems.</li>
<li>The LMP dissector was susceptible to an endless
loop.</li>
- <li>The Telnet dissector could abort.</li>
- <li>The TZSP dissector could cause a segmentation
+ <li>The Telnet dissector could abort.</li> <li>The TZSP
+ dissector could cause a segmentation
fault.</li>
<li>The WSP dissector was susceptible to a null pointer
exception and assertions.</li>
<li>The 802.3 Slow protocols dissector could throw an
assertion.</li>
<li>The BER dissector could throw assertions.</li>
- <li>The SMB Mailslot dissector was susceptible to a null
+ <li>The SMB Mailslot dissector was susceptible to a
+ null
pointer exception and could throw assertions.</li>
<li>The H.245 dissector was susceptible to a null pointer
exception.</li>
<li>The Bittorrent dissector could cause a segmentation
fault.</li>
- <li>The SMB dissector could cause a segmentation fault and
+ <li>The SMB dissector could cause a segmentation fault
+ and
throw assertions.</li>
<li>The Fibre Channel dissector could cause a crash.</li>
<li>The DICOM dissector could attempt to allocate large
@@ -4050,7 +3404,8 @@ Note: Please add new entries to the beginning of this file.
<li>The RSVP dissector could loop indefinitely.</li>
<li>The DHCP dissector was susceptible to format string
vulnerabilities, and could abort.</li>
- <li>The SRVLOC dissector could crash unexpectedly or go
+ <li>The SRVLOC dissector could crash unexpectedly or
+ go
into an infinite loop.</li>
<li>The EIGRP dissector could loop indefinitely.</li>
<li>The ISIS dissector could overflow a buffer.</li>
@@ -4070,85 +3425,70 @@ Note: Please add new entries to the beginning of this file.
loop.</li>
<li>The RPC dissector was susceptible to a null pointer
exception.</li>
- <li>The NCP dissector could overflow a buffer or loop for
+ <li>The NCP dissector could overflow a buffer or loop
+ for
a large amount of time.</li>
<li>The RADIUS dissector could throw an assertion.</li>
<li>The GSM dissector could access an invalid
pointer.</li>
<li>The SMB PIPE dissector could throw an assertion.</li>
- <li>The L2TP dissector was susceptible to an infinite loop.</li>
- <li>The SMB NETLOGON dissector could dereference a null
+ <li>The L2TP dissector was susceptible to an infinite
+ loop.</li> <li>The SMB NETLOGON dissector could dereference
+ a null
pointer.</li>
<li>The MRDISC dissector could throw an assertion.</li>
- <li>The ISUP dissector could overflow a buffer or cause a
+ <li>The ISUP dissector could overflow a buffer or cause
+ a
segmentation fault.</li>
- <li>The LDAP dissector could crash.</li>
- <li>The TCAP dissector could overflow a buffer or throw an
+ <li>The LDAP dissector could crash.</li> <li>The TCAP
+ dissector could overflow a buffer or throw an
assertion.</li>
- <li>The NTLMSSP dissector could crash.</li>
- <li>The Presentation dissector could overflow a
+ <li>The NTLMSSP dissector could crash.</li> <li>The
+ Presentation dissector could overflow a
buffer.</li>
- <li>Additionally, a number of dissectors could throw an
+ <li>Additionally, a number of dissectors could throw
+ an
assertion when passing an invalid protocol tree item
length.</li>
</ul>
</blockquote>
</body>
- </description>
- <references>
- <bid>13391</bid>
- <bid>13504</bid>
- <bid>13567</bid>
- <cvename>CVE-2005-1281</cvename>
- <cvename>CVE-2005-1456</cvename>
- <cvename>CVE-2005-1457</cvename>
- <cvename>CVE-2005-1458</cvename>
- <cvename>CVE-2005-1459</cvename>
- <cvename>CVE-2005-1460</cvename>
- <cvename>CVE-2005-1461</cvename>
- <cvename>CVE-2005-1462</cvename>
- <cvename>CVE-2005-1463</cvename>
- <cvename>CVE-2005-1464</cvename>
- <cvename>CVE-2005-1465</cvename>
- <cvename>CVE-2005-1466</cvename>
- <cvename>CVE-2005-1467</cvename>
- <cvename>CVE-2005-1468</cvename>
- <cvename>CVE-2005-1469</cvename>
- <cvename>CVE-2005-1470</cvename>
+ </description> <references>
+ <bid>13391</bid> <bid>13504</bid> <bid>13567</bid>
+ <cvename>CVE-2005-1281</cvename> <cvename>CVE-2005-1456</cvename>
+ <cvename>CVE-2005-1457</cvename> <cvename>CVE-2005-1458</cvename>
+ <cvename>CVE-2005-1459</cvename> <cvename>CVE-2005-1460</cvename>
+ <cvename>CVE-2005-1461</cvename> <cvename>CVE-2005-1462</cvename>
+ <cvename>CVE-2005-1463</cvename> <cvename>CVE-2005-1464</cvename>
+ <cvename>CVE-2005-1465</cvename> <cvename>CVE-2005-1466</cvename>
+ <cvename>CVE-2005-1467</cvename> <cvename>CVE-2005-1468</cvename>
+ <cvename>CVE-2005-1469</cvename> <cvename>CVE-2005-1470</cvename>
<url>http://www.ethereal.com/appnotes/enpa-sa-00019.html</url>
- </references>
- <dates>
- <discovery>2005-05-04</discovery>
- <entry>2005-06-24</entry>
+ </references> <dates>
+ <discovery>2005-05-04</discovery> <entry>2005-06-24</entry>
</dates>
</vuln>
<vuln vid="691ed622-e499-11d9-a8bd-000cf18bbe54">
- <topic>tor -- information disclosure</topic>
- <affects>
+ <topic>tor -- information disclosure</topic> <affects>
<package>
- <name>tor</name>
- <range><lt>0.1.0.10</lt></range>
+ <name>tor</name> <range><lt>0.1.0.10</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Roger Dingledine reports:</p>
- <blockquote cite="http://archives.seul.org/or/announce/Jun-2005/msg00001.html">
+ <p>Roger Dingledine reports:</p> <blockquote
+ cite="http://archives.seul.org/or/announce/Jun-2005/msg00001.html">
<p>The Tor 0.1.0.10 release from a few days ago
includes a fix for a bug that might allow an attacker
to read arbitrary memory (maybe even keys) from an exit
- server's process space. We haven't heard any reports of
- exploits yet, but hey.</p>
+ server's process space. We haven't heard any reports
+ of exploits yet, but hey.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<mlist>http://archives.seul.org/or/announce/Jun-2005/msg00001.html</mlist>
- </references>
- <dates>
- <discovery>2005-06-16</discovery>
- <entry>2005-06-24</entry>
+ </references> <dates>
+ <discovery>2005-06-16</discovery> <entry>2005-06-24</entry>
</dates>
</vuln>
@@ -4156,30 +3496,25 @@ Note: Please add new entries to the beginning of this file.
<topic>linux-realplayer -- RealText parsing heap overflow</topic>
<affects>
<package>
- <name>linux-realplayer</name>
- <range><le>10.0.4_1</le></range>
+ <name>linux-realplayer</name> <range><le>10.0.4_1</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An iDEFENSE Security Advisory reports:</p>
- <blockquote cite="http://www.idefense.com/application/poi/display?id=250&amp;type=vulnerabilities&amp;flashstatus=false">
+ <p>An iDEFENSE Security Advisory reports:</p> <blockquote
+ cite="http://www.idefense.com/application/poi/display?id=250&amp;type=vulnerabilities&amp;flashstatus=false">
<p>Remote exploitation of a heap-based buffer
overflow vulnerability in the RealText file format
- parser within various versions of RealNetworks
- Inc.'s RealPlayer could allow attackers to
- execute arbitrary code.</p>
+ parser within various versions of RealNetworks Inc.'s
+ RealPlayer could allow attackers to execute arbitrary
+ code.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1277</cvename>
<url>http://www.idefense.com/application/poi/display?id=250&amp;type=vulnerabilities&amp;flashstatus=false</url>
<url>http://service.real.com/help/faq/security/050623_player/EN/</url>
- </references>
- <dates>
- <discovery>2005-06-23</discovery>
- <entry>2005-06-24</entry>
+ </references> <dates>
+ <discovery>2005-06-23</discovery> <entry>2005-06-24</entry>
</dates>
</vuln>
@@ -4187,95 +3522,79 @@ Note: Please add new entries to the beginning of this file.
<topic>ruby -- arbitrary command execution on XMLRPC server</topic>
<affects>
<package>
- <name>ruby</name>
- <name>ruby_static</name>
+ <name>ruby</name> <name>ruby_static</name>
<range><le>1.8.2_3</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Nobuhiro IMAI reports:</p>
- <blockquote cite="http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237">
+ <p>Nobuhiro IMAI reports:</p> <blockquote
+ cite="http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237">
<p>the default value modification on
- Module#public_instance_methods (from false to true) breaks
- s.add_handler(XMLRPC::iPIMethods("sample"), MyHandler.new) style
- security protection.</p>
- <p>This problem could allow a remote attacker to execute arbitrary
+ Module#public_instance_methods (from false to true)
+ breaks s.add_handler(XMLRPC::iPIMethods("sample"),
+ MyHandler.new) style security protection.</p>
+ <p>This problem could allow a remote attacker to execute
+ arbitrary
commands on XMLRPC server of libruby.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1992</cvename>
<url>http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064</url>
- </references>
- <dates>
- <discovery>2005-06-22</discovery>
- <entry>2005-06-23</entry>
+ </references> <dates>
+ <discovery>2005-06-22</discovery> <entry>2005-06-23</entry>
</dates>
</vuln>
<vuln vid="96948a6a-e239-11d9-83cf-0010dc5df42d">
- <topic>cacti -- potential SQL injection and cross site scripting attacks</topic>
- <affects>
+ <topic>cacti -- potential SQL injection and cross site scripting
+ attacks</topic> <affects>
<package>
- <name>cacti</name>
- <range><le>0.8.6d</le></range>
+ <name>cacti</name> <range><le>0.8.6d</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>iDEFENSE security group disclosed potential SQL injection
+ <p>iDEFENSE security group disclosed potential SQL injection
attacks from unchecked user input and two security holes
regarding potential cross site scripting attacks</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.cacti.net/release_notes_0_8_6e.php</url>
- </references>
- <dates>
- <discovery>2005-06-21</discovery>
- <entry>2005-06-21</entry>
+ </references> <dates>
+ <discovery>2005-06-21</discovery> <entry>2005-06-21</entry>
</dates>
</vuln>
<vuln vid="79217c9b-e1d9-11d9-b875-0001020eed82">
- <topic>opera -- XMLHttpRequest security bypass</topic>
- <affects>
+ <topic>opera -- XMLHttpRequest security bypass</topic> <affects>
<package>
- <name>linux-opera</name>
- <name>opera-devel</name>
- <name>opera</name>
- <range><gt>8.*</gt><lt>8.01</lt></range>
+ <name>linux-opera</name> <name>opera-devel</name>
+ <name>opera</name> <range><gt>8.*</gt><lt>8.01</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15008/">
- <p>Secunia Research has discovered a vulnerability in Opera,
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15008/">
+ <p>Secunia Research has discovered a vulnerability in
+ Opera,
which can be exploited by malicious people to steal
- content or to perform actions on other web sites with the
- privileges of the user.</p>
+ content or to perform actions on other web sites with
+ the privileges of the user.</p>
<p>Normally, it should not be possible for the
<code>XMLHttpRequest</code> object to access resources
- from outside the domain of which the object was
- opened. However, due to insufficient validation of server
- side redirects, it is possible to circumvent this
- restriction.</p>
+ from outside the domain of which the object was opened.
+ However, due to insufficient validation of server side
+ redirects, it is possible to circumvent this restriction.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1475</cvename>
<url>http://secunia.com/advisories/15008/</url>
<url>http://secunia.com/secunia_research/2005-4/advisory/</url>
<url>http://www.opera.com/freebsd/changelogs/801/#security</url>
- </references>
- <dates>
- <discovery>2005-06-16</discovery>
- <entry>2005-06-20</entry>
+ </references> <dates>
+ <discovery>2005-06-16</discovery> <entry>2005-06-20</entry>
</dates>
</vuln>
@@ -4284,17 +3603,15 @@ Note: Please add new entries to the beginning of this file.
vulnerability</topic>
<affects>
<package>
- <name>linux-opera</name>
- <name>opera-devel</name>
- <name>opera</name>
- <range><lt>8.01</lt></range>
+ <name>linux-opera</name> <name>opera-devel</name>
+ <name>opera</name> <range><lt>8.01</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15411/">
- <p>Secunia Research has discovered a vulnerability in Opera,
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15411/">
+ <p>Secunia Research has discovered a vulnerability in
+ Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks and to read local files.</p>
<p>The vulnerability is caused due to Opera not properly
@@ -4302,15 +3619,12 @@ Note: Please add new entries to the beginning of this file.
opened in e.g. new windows or frames.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1669</cvename>
<url>http://secunia.com/advisories/15411/</url>
<url>http://www.opera.com/freebsd/changelogs/801/#security</url>
- </references>
- <dates>
- <discovery>2005-06-16</discovery>
- <entry>2005-06-20</entry>
+ </references> <dates>
+ <discovery>2005-06-16</discovery> <entry>2005-06-20</entry>
</dates>
</vuln>
@@ -4318,34 +3632,29 @@ Note: Please add new entries to the beginning of this file.
<topic>opera -- redirection cross-site scripting vulnerability</topic>
<affects>
<package>
- <name>linux-opera</name>
- <name>opera-devel</name>
- <name>opera</name>
- <range><gt>8.*</gt><lt>8.01</lt></range>
+ <name>linux-opera</name> <name>opera-devel</name>
+ <name>opera</name> <range><gt>8.*</gt><lt>8.01</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia Advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15423/">
- <p>Secunia Research has discovered a vulnerability in Opera,
+ <p>A Secunia Advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15423/">
+ <p>Secunia Research has discovered a vulnerability in
+ Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks against users.</p>
<p>The vulnerability is caused due to input not being
sanitised, when Opera generates a temporary page for
- displaying a redirection when "Automatic redirection" is
- disabled (not default setting).</p>
+ displaying a redirection when "Automatic redirection"
+ is disabled (not default setting).</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://secunia.com/advisories/15423/</url>
<url>http://secunia.com/secunia_research/2003-1/advisory/</url>
<url>http://www.opera.com/freebsd/changelogs/801/#security</url>
- </references>
- <dates>
- <discovery>2005-06-16</discovery>
- <entry>2005-06-20</entry>
+ </references> <dates>
+ <discovery>2005-06-16</discovery> <entry>2005-06-20</entry>
</dates>
</vuln>
@@ -4353,33 +3662,29 @@ Note: Please add new entries to the beginning of this file.
<topic>sudo -- local race condition vulnerability</topic>
<affects>
<package>
- <name>sudo</name>
- <range><lt>1.6.8.9</lt></range>
+ <name>sudo</name> <range><lt>1.6.8.9</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Todd C. Miller reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111928183431376">
+ <p>Todd C. Miller reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111928183431376">
<p>A race condition in Sudo's command pathname handling
- prior to Sudo version 1.6.8p9 that could allow a user with
- Sudo privileges to run arbitrary commands.</p>
- <p>Exploitation of the bug requires that the user be allowed
- to run one or more commands via Sudo and be able to create
- symbolic links in the filesystem. Furthermore, a sudoers
- entry giving another user access to the ALL pseudo-command
- must follow the user's sudoers entry for the race to
- exist.</p>
+ prior to Sudo version 1.6.8p9 that could allow a user
+ with Sudo privileges to run arbitrary commands.</p>
+ <p>Exploitation of the bug requires that the user be
+ allowed
+ to run one or more commands via Sudo and be able to
+ create symbolic links in the filesystem. Furthermore,
+ a sudoers entry giving another user access to the ALL
+ pseudo-command must follow the user's sudoers entry for
+ the race to exist.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13993</bid>
- <mlist msgid="200506201424.j5KEOhQI024645@xerxes.courtesan.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111928183431376</mlist>
- </references>
- <dates>
- <discovery>2005-06-20</discovery>
- <entry>2005-06-20</entry>
+ </description> <references>
+ <bid>13993</bid> <mlist
+ msgid="200506201424.j5KEOhQI024645@xerxes.courtesan.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111928183431376</mlist>
+ </references> <dates>
+ <discovery>2005-06-20</discovery> <entry>2005-06-20</entry>
</dates>
</vuln>
@@ -4387,46 +3692,43 @@ Note: Please add new entries to the beginning of this file.
<topic>trac -- file upload/download vulnerability</topic>
<affects>
<package>
- <name>trac</name>
- <range><lt>0.8.4</lt></range>
+ <name>trac</name> <range><lt>0.8.4</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Stefan Esser reports:</p>
- <blockquote cite="http://www.hardened-php.net/advisory-012005.php">
+ <p>Stefan Esser reports:</p> <blockquote
+ cite="http://www.hardened-php.net/advisory-012005.php">
<p>Trac's wiki and ticket systems allows to add attachments
to wiki entries and bug tracker tickets. These attachments
- are stored within directories that are determined by the
- id of the corresponding ticket or wiki entry.</p>
+ are stored within directories that are determined by
+ the id of the corresponding ticket or wiki entry.</p>
<p>Due to a missing validation of the id parameter it is
- possible for an attacker to supply arbitrary paths to the
- upload and attachment viewer scripts. This means that a
- potential attacker can retrieve any file accessible by the
- webserver user.</p>
- <p>Additionally it is possible to upload arbitrary files (up
+ possible for an attacker to supply arbitrary paths to
+ the upload and attachment viewer scripts. This means
+ that a potential attacker can retrieve any file accessible
+ by the webserver user.</p>
+ <p>Additionally it is possible to upload arbitrary files
+ (up
to a configured file length) to any place the webserver
has write access too.</p>
<p>For obvious reasons this can lead to the execution of
arbitrary code if it possible to upload files to the
document root or it's subdirectories. One example of a
- configuration would be f.e. running Trac and
- s9y/wordpress with writeable content directories on the
- same webserver.</p>
- <p>Another potential usage of this exploit would be to abuse
+ configuration would be f.e. running Trac and s9y/wordpress
+ with writeable content directories on the same
+ webserver.</p>
+ <p>Another potential usage of this exploit would be to
+ abuse
Trac powered webservers as storage for f.e. torrent
files.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<bid>13990</bid>
<url>http://www.hardened-php.net/advisory-012005.php</url>
<url>http://projects.edgewall.com/trac/wiki/ChangeLog</url>
- </references>
- <dates>
- <discovery>2005-06-20</discovery>
- <entry>2005-06-20</entry>
+ </references> <dates>
+ <discovery>2005-06-20</discovery> <entry>2005-06-20</entry>
</dates>
</vuln>
@@ -4434,34 +3736,30 @@ Note: Please add new entries to the beginning of this file.
<topic>razor-agents -- denial of service vulnerability</topic>
<affects>
<package>
- <name>razor-agents</name>
- <range><le>2.71</le></range>
+ <name>razor-agents</name> <range><le>2.71</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia security advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15739/">
+ <p>A Secunia security advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15739/">
<p>Two vulnerabilities have been reported in Razor-agents,
- which can be exploited by malicious people to cause a DoS
- (Denial of Service).</p>
+ which can be exploited by malicious people to cause a
+ DoS (Denial of Service).</p>
<ol>
<li>An unspecified error in the preprocessing of certain
HTML messages can be exploited to crash the
application.</li>
- <li>A bug in the discovery logic causes Razor-agents to go
+ <li>A bug in the discovery logic causes Razor-agents
+ to go
into an infinite loop and consume a large amount of
memory when discovery fails.</li>
</ol>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://secunia.com/advisories/15739/</url>
- </references>
- <dates>
- <discovery>2005-06-17</discovery>
- <entry>2005-06-20</entry>
+ </references> <dates>
+ <discovery>2005-06-17</discovery> <entry>2005-06-20</entry>
</dates>
</vuln>
@@ -4472,63 +3770,57 @@ Note: Please add new entries to the beginning of this file.
<name>p5-Mail-SpamAssassin</name>
<range><ge>3.0.1</ge><lt>3.0.4</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Apache SpamAssassin Security Team reports:</p>
- <blockquote cite="http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e">
+ <p>Apache SpamAssassin Security Team reports:</p> <blockquote
+ cite="http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e">
<p>Apache SpamAssassin 3.0.4 was recently released, and
- fixes a denial of service vulnerability in versions 3.0.1, 3.0.2,
- and 3.0.3. The vulnerability allows certain misformatted
- long message headers to cause spam checking to
- take a very long time.</p>
+ fixes a denial of service vulnerability in versions
+ 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows
+ certain misformatted long message headers to cause spam
+ checking to take a very long time.</p>
<p>While the exploit has yet to be seen in the wild,
we are concerned that there may be attempts to abuse
the vulnerability in the future. Therefore, we strongly
- recommend all users of these versions upgrade to
- Apache SpamAssassin 3.0.4 as soon as possible.</p>
+ recommend all users of these versions upgrade to Apache
+ SpamAssassin 3.0.4 as soon as possible.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1266</cvename>
- <mlist msgid="c17072.35054.586017.822288@proton.pathname.com">http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e</mlist>
- </references>
- <dates>
- <discovery>2005-06-15</discovery>
- <entry>2005-06-18</entry>
+ </description> <references>
+ <cvename>CVE-2005-1266</cvename> <mlist
+ msgid="c17072.35054.586017.822288@proton.pathname.com">http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e</mlist>
+ </references> <dates>
+ <discovery>2005-06-15</discovery> <entry>2005-06-18</entry>
</dates>
</vuln>
<vuln vid="e879ca68-e01b-11d9-a8bd-000cf18bbe54">
- <topic>squirrelmail -- Several cross site scripting vulnerabilities</topic>
- <affects>
+ <topic>squirrelmail -- Several cross site scripting
+ vulnerabilities</topic> <affects>
<package>
- <name>squirrelmail</name>
- <name>ja-squirrelmail</name>
+ <name>squirrelmail</name> <name>ja-squirrelmail</name>
<range><ge>1.4.0</ge><le>1.4.4</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A SquirrelMail Security Advisory reports:</p>
- <blockquote cite="http://www.squirrelmail.org/security/issue/2005-06-15">
- <p>Several cross site scripting (XSS) vulnerabilities have been discovered
+ <p>A SquirrelMail Security Advisory reports:</p> <blockquote
+ cite="http://www.squirrelmail.org/security/issue/2005-06-15">
+ <p>Several cross site scripting (XSS) vulnerabilities
+ have been discovered
in SquirrelMail versions 1.4.0 - 1.4.4.</p>
- <p>The vulnerabilities are in two categories: the majority can be
- exploited through URL manipulation, and some by sending a specially
- crafted email to a victim. When done very carefully,
- this can cause the session of the user to be hijacked.</p>
+ <p>The vulnerabilities are in two categories: the majority
+ can be
+ exploited through URL manipulation, and some by sending
+ a specially crafted email to a victim. When done very
+ carefully, this can cause the session of the user to
+ be hijacked.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1769</cvename>
<url>http://www.squirrelmail.org/security/issue/2005-06-15</url>
- </references>
- <dates>
- <discovery>2005-06-15</discovery>
- <entry>2005-06-18</entry>
+ </references> <dates>
+ <discovery>2005-06-15</discovery> <entry>2005-06-18</entry>
</dates>
</vuln>
@@ -4536,28 +3828,24 @@ Note: Please add new entries to the beginning of this file.
<topic>acroread -- XML External Entity vulnerability</topic>
<affects>
<package>
- <name>acroread7</name>
- <name>ja-acroread</name>
+ <name>acroread7</name> <name>ja-acroread</name>
<range><ge>7.0.0</ge><lt>7.0.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Sverre H. Huseby discovered a vulnerability in Adobe Acrobat
- and Adobe Reader.
- Under certain circumstances, using XML scripts it is possible
- to discover the existence of local files.</p>
+ <p>Sverre H. Huseby discovered a vulnerability in Adobe
+ Acrobat
+ and Adobe Reader. Under certain circumstances, using XML
+ scripts it is possible to discover the existence of local
+ files.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1306</cvename>
<url>http://shh.thathost.com/secadv/adobexxe/</url>
<url>http://www.adobe.com/support/techdocs/331710.html</url>
<url>http://support.adobe.co.jp/faq/faq/qadoc.sv?226360+002+3</url>
- </references>
- <dates>
- <discovery>2005-06-15</discovery>
- <entry>2005-06-18</entry>
+ </references> <dates>
+ <discovery>2005-06-15</discovery> <entry>2005-06-18</entry>
<modified>2005-08-28</modified>
</dates>
</vuln>
@@ -4567,54 +3855,49 @@ Note: Please add new entries to the beginning of this file.
vulnerabilities</topic>
<affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_2</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_2</lt></range>
<range><ge>5.0</ge><lt>5.3_16</lt></range>
<range><ge>4.11</ge><lt>4.11_10</lt></range>
<range><ge>4.10</ge><lt>4.10_15</lt></range>
<range><ge>4.9</ge><lt>4.9_18</lt></range>
<range><lt>4.8_33</lt></range>
- </system>
- <package>
- <name>gzip</name>
- <range><lt>1.3.5_2</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>Two problems related to extraction of files exist in gzip:</p>
- <p>The first problem is that gzip does not properly sanitize
- filenames containing "/" when uncompressing files using the
- -N command line option.</p>
- <p>The second problem is that gzip does not set permissions on
+ </system> <package>
+ <name>gzip</name> <range><lt>1.3.5_2</lt></range>
+ </package>
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description</h1> <p>Two problems related to
+ extraction of files exist in gzip:</p> <p>The first problem
+ is that gzip does not properly sanitize
+ filenames containing "/" when uncompressing files using
+ the -N command line option.</p>
+ <p>The second problem is that gzip does not set permissions
+ on
newly extracted files until after the file has been created
and the file descriptor has been closed.</p>
- <h1>Impact</h1>
- <p>The first problem can allow an attacker to overwrite
- arbitrary local files when uncompressing a file using the -N
- command line option.</p>
- <p>The second problem can allow a local attacker to change the
+ <h1>Impact</h1> <p>The first problem can allow an attacker
+ to overwrite
+ arbitrary local files when uncompressing a file using the
+ -N command line option.</p>
+ <p>The second problem can allow a local attacker to change
+ the
permissions of arbitrary local files, on the same partition
as the one the user is uncompressing a file on, by removing
- the file the user is uncompressing and replacing it with a
- hardlink before the uncompress operation is finished.</p>
- <h1>Workaround</h1>
- <p>Do not use the -N command line option on untrusted files
+ the file the user is uncompressing and replacing it with
+ a hardlink before the uncompress operation is finished.</p>
+ <h1>Workaround</h1> <p>Do not use the -N command line option
+ on untrusted files
and do not uncompress files in directories where untrusted
users have write access.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0988</cvename>
- <cvename>CVE-2005-1228</cvename>
- <freebsdsa>SA-05:11.gzip</freebsdsa>
- <mlist msgid="7389fc4b05040412574f819112@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111271860708210</mlist>
- <mlist msgid="7389fc4b0504201224759f31b@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111402732406477</mlist>
- </references>
- <dates>
- <discovery>2005-04-20</discovery>
- <entry>2005-06-18</entry>
+ </description> <references>
+ <cvename>CVE-2005-0988</cvename> <cvename>CVE-2005-1228</cvename>
+ <freebsdsa>SA-05:11.gzip</freebsdsa> <mlist
+ msgid="7389fc4b05040412574f819112@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111271860708210</mlist>
+ <mlist
+ msgid="7389fc4b0504201224759f31b@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111402732406477</mlist>
+ </references> <dates>
+ <discovery>2005-04-20</discovery> <entry>2005-06-18</entry>
<modified>2005-07-06</modified>
</dates>
</vuln>
@@ -4623,104 +3906,80 @@ Note: Please add new entries to the beginning of this file.
<topic>tcpdump -- infinite loops in protocol decoding</topic>
<affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_2</lt></range>
- <range><ge>5.3</ge><lt>5.3_16</lt></range>
- </system>
- <package>
- <name>tcpdump</name>
- <range><lt>3.8.3_2</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>Several tcpdump protocol decoders contain programming
- errors which can cause them to go into infinite loops.</p>
- <h1>Impact</h1>
- <p>An attacker can inject specially crafted packets into the
- network which, when processed by tcpdump, could lead to a
- denial-of-service. After the attack, tcpdump would no
- longer capture traffic, and would potentially use all
- available processor time.</p>
- </body>
- </description>
- <references>
- <cvename>CVE-2005-1267</cvename>
- <cvename>CVE-2005-1278</cvename>
- <cvename>CVE-2005-1279</cvename>
- <cvename>CVE-2005-1280</cvename>
- <freebsdsa>SA-05:10.tcpdump</freebsdsa>
- <mlist msgid="20050426100140.1945.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111454406222040</mlist>
- <mlist msgid="20050426100057.1748.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111454461300644</mlist>
- <mlist msgid="20050619091553.GB982@zaphod.nitro.dk">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111928309502304</mlist>
- </references>
- <dates>
- <discovery>2005-06-09</discovery>
- <entry>2005-06-18</entry>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_2</lt></range>
+ <range><ge>5.3</ge><lt>5.3_16</lt></range>
+ </system> <package>
+ <name>tcpdump</name> <range><lt>3.8.3_2</lt></range>
+ </package>
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description</h1> <p>Several tcpdump protocol
+ decoders contain programming
+ errors which can cause them to go into infinite loops.</p>
+ <h1>Impact</h1> <p>An attacker can inject specially crafted
+ packets into the
+ network which, when processed by tcpdump, could lead to
+ a denial-of-service. After the attack, tcpdump would no
+ longer capture traffic, and would potentially use all
+ available processor time.</p>
+ </body>
+ </description> <references>
+ <cvename>CVE-2005-1267</cvename> <cvename>CVE-2005-1278</cvename>
+ <cvename>CVE-2005-1279</cvename> <cvename>CVE-2005-1280</cvename>
+ <freebsdsa>SA-05:10.tcpdump</freebsdsa> <mlist
+ msgid="20050426100140.1945.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111454406222040</mlist>
+ <mlist
+ msgid="20050426100057.1748.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111454461300644</mlist>
+ <mlist
+ msgid="20050619091553.GB982@zaphod.nitro.dk">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111928309502304</mlist>
+ </references> <dates>
+ <discovery>2005-06-09</discovery> <entry>2005-06-18</entry>
<modified>2005-06-20</modified>
</dates>
</vuln>
<vuln vid="2701611f-df5c-11d9-b875-0001020eed82">
- <topic>gaim -- Yahoo! remote crash vulnerability</topic>
- <affects>
+ <topic>gaim -- Yahoo! remote crash vulnerability</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.3.1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.3.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Jacopo Ottaviani reports that Gaim can be crashed by being
- offered files with names containing non-ASCII
- characters via the Yahoo! protocol.</p>
+ <p>Jacopo Ottaviani reports that Gaim can be crashed by
+ being
+ offered files with names containing non-ASCII characters
+ via the Yahoo! protocol.</p>
</body>
- </description>
- <references>
- <bid>13931</bid>
- <cvename>CVE-2005-1269</cvename>
+ </description> <references>
+ <bid>13931</bid> <cvename>CVE-2005-1269</cvename>
<url>http://gaim.sourceforge.net/security/index.php?id=18</url>
- </references>
- <dates>
- <discovery>2005-06-10</discovery>
- <entry>2005-06-17</entry>
+ </references> <dates>
+ <discovery>2005-06-10</discovery> <entry>2005-06-17</entry>
</dates>
</vuln>
<vuln vid="b6612eee-df5f-11d9-b875-0001020eed82">
- <topic>gaim -- MSN Remote DoS vulnerability</topic>
- <affects>
+ <topic>gaim -- MSN Remote DoS vulnerability</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.3.1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.3.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=19">
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/index.php?id=19">
<p>Remote attackers can cause a denial of service (crash)
via a malformed MSN message that leads to a memory
allocation of a large size, possibly due to an integer
signedness error.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13932</bid>
- <cvename>CVE-2005-1934</cvename>
+ </description> <references>
+ <bid>13932</bid> <cvename>CVE-2005-1934</cvename>
<url>http://gaim.sourceforge.net/security/index.php?id=19</url>
- </references>
- <dates>
- <discovery>2005-06-10</discovery>
- <entry>2005-06-17</entry>
+ </references> <dates>
+ <discovery>2005-06-10</discovery> <entry>2005-06-17</entry>
</dates>
</vuln>
@@ -4728,54 +3987,40 @@ Note: Please add new entries to the beginning of this file.
<topic>gallery -- remote code injection via HTTP_POST_VARS</topic>
<affects>
<package>
- <name>gallery</name>
- <range><lt>1.4.1.1</lt></range>
+ <name>gallery</name> <range><lt>1.4.1.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A web server running Gallery can be exploited for arbitrary
PHP code execution through the use of a maliciously crafted
URL.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2004-2124</cvename>
- <mlist msgid="0c0a01c3e525$1c0ed2b0$c90c030a@bmedirattatg">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=107524414317693</mlist>
- </references>
- <dates>
- <discovery>2004-01-27</discovery>
- <entry>2005-06-17</entry>
+ </description> <references>
+ <cvename>CVE-2004-2124</cvename> <mlist
+ msgid="0c0a01c3e525$1c0ed2b0$c90c030a@bmedirattatg">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=107524414317693</mlist>
+ </references> <dates>
+ <discovery>2004-01-27</discovery> <entry>2005-06-17</entry>
</dates>
</vuln>
<vuln vid="5752a0df-60c5-4876-a872-f12f9a02fa05">
- <topic>gallery -- cross-site scripting</topic>
- <affects>
+ <topic>gallery -- cross-site scripting</topic> <affects>
<package>
- <name>gallery</name>
- <range><lt>1.4.4.5</lt></range>
+ <name>gallery</name> <range><lt>1.4.4.5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gallery includes several cross-site scripting vulnerabilities
that could allow malicious content to be injected.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2004-1106</cvename>
- <cvename>CVE-2005-0219</cvename>
- <cvename>CVE-2005-0220</cvename>
- <cvename>CVE-2005-0221</cvename>
- <cvename>CVE-2005-0222</cvename>
- <bid>11602</bid>
+ </description> <references>
+ <cvename>CVE-2004-1106</cvename> <cvename>CVE-2005-0219</cvename>
+ <cvename>CVE-2005-0220</cvename> <cvename>CVE-2005-0221</cvename>
+ <cvename>CVE-2005-0222</cvename> <bid>11602</bid>
<url>http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=147</url>
<url>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110608459222364</url>
- </references>
- <dates>
- <discovery>2005-01-26</discovery>
- <entry>2005-06-17</entry>
+ </references> <dates>
+ <discovery>2005-01-26</discovery> <entry>2005-06-17</entry>
</dates>
</vuln>
@@ -4783,39 +4028,33 @@ Note: Please add new entries to the beginning of this file.
<topic>kstars -- exploitable set-user-ID application fliccd</topic>
<affects>
<package>
- <name>kdeedu</name>
- <range><lt>3.3.2_1</lt></range>
+ <name>kdeedu</name> <range><lt>3.3.2_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A KDE Security Advisory explains:</p>
- <blockquote cite="http://www.kde.org/info/security/advisory-20050215-1.txt">
- <h1>Overview</h1>
- <p>KStars includes support for the Instrument Neutral
- Distributed Interface (INDI). The build system of this
- extra 3rd party software contained an installation hook to
- install fliccd (part of INDI) as SUID root
- application.</p>
- <p>Erik Sjölund discovered that the code contains several
- vulnerabilities that allow stack based buffer
- overflows.</p>
- <h1>Impact</h1>
- <p>If the fliccd binary is installed as suid root, it
- enables root privilege escalation for local users, or, if
- the daemon is actually running (which it does not by
- default) and is running as root, remote root privilege
- escalation.</p>
+ <p>A KDE Security Advisory explains:</p> <blockquote
+ cite="http://www.kde.org/info/security/advisory-20050215-1.txt">
+ <h1>Overview</h1> <p>KStars includes support for the
+ Instrument Neutral
+ Distributed Interface (INDI). The build system of this
+ extra 3rd party software contained an installation hook
+ to install fliccd (part of INDI) as SUID root
+ application.</p>
+ <p>Erik Sjölund discovered that the code contains several
+ vulnerabilities that allow stack based buffer overflows.</p>
+ <h1>Impact</h1> <p>If the fliccd binary is installed as
+ suid root, it
+ enables root privilege escalation for local users, or,
+ if the daemon is actually running (which it does not
+ by default) and is running as root, remote root privilege
+ escalation.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0011</cvename>
<url>http://www.kde.org/info/security/advisory-20050215-1.txt</url>
- </references>
- <dates>
- <discovery>2005-01-05</discovery>
- <entry>2005-06-17</entry>
+ </references> <dates>
+ <discovery>2005-01-05</discovery> <entry>2005-06-17</entry>
</dates>
</vuln>
@@ -4823,57 +4062,41 @@ Note: Please add new entries to the beginning of this file.
<topic>fd_set -- bitmap index overflow in multiple applications</topic>
<affects>
<package>
- <name>gatekeeper</name>
- <range><lt>2.2.1</lt></range>
- </package>
- <package>
- <name>citadel</name>
- <range><lt>6.29</lt></range>
- </package>
- <package>
- <name>3proxy</name>
- <range><lt>0.5.b</lt></range>
- </package>
- <package>
- <name>jabber</name>
- <name>bnc</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>rinetd</name>
- <range><lt>0.62_1</lt></range>
- </package>
- <package>
- <name>dante</name>
- <range><lt>1.1.15</lt></range>
- </package>
- <package>
- <name>bld</name>
- <range><lt>0.3.3</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>3APA3A reports:</p>
- <blockquote cite="http://www.security.nnov.ru/advisories/sockets.asp">
+ <name>gatekeeper</name> <range><lt>2.2.1</lt></range>
+ </package> <package>
+ <name>citadel</name> <range><lt>6.29</lt></range>
+ </package> <package>
+ <name>3proxy</name> <range><lt>0.5.b</lt></range>
+ </package> <package>
+ <name>jabber</name> <name>bnc</name> <range><ge>0</ge></range>
+ </package> <package>
+ <name>rinetd</name> <range><lt>0.62_1</lt></range>
+ </package> <package>
+ <name>dante</name> <range><lt>1.1.15</lt></range>
+ </package> <package>
+ <name>bld</name> <range><lt>0.3.3</lt></range>
+ </package>
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>3APA3A reports:</p> <blockquote
+ cite="http://www.security.nnov.ru/advisories/sockets.asp">
<p>If programmer fails to check socket number before using
select() or fd_set macros, it's possible to overwrite
memory behind fd_set structure. Very few select() based
- application actually check FD_SETSIZE value. <em>[...]</em></p>
+ application actually check FD_SETSIZE value.
+ <em>[...]</em></p>
<p>Depending on vulnerable application it's possible to
overwrite portions of memory. Impact is close to
off-by-one overflows, code execution doesn't seems
exploitable.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.security.nnov.ru/advisories/sockets.asp</url>
- <mlist msgid="1473827718.20050124233008@security.nnov.ru">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110660879328901</mlist>
- </references>
- <dates>
- <discovery>2004-12-12</discovery>
- <entry>2005-06-17</entry>
+ <mlist
+ msgid="1473827718.20050124233008@security.nnov.ru">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110660879328901</mlist>
+ </references> <dates>
+ <discovery>2004-12-12</discovery> <entry>2005-06-17</entry>
<modified>2005-10-04</modified>
</dates>
</vuln>
@@ -4882,32 +4105,30 @@ Note: Please add new entries to the beginning of this file.
<topic>leafnode -- denial of service vulnerability</topic>
<affects>
<package>
- <name>leafnode</name>
- <range><lt>1.11.3</lt></range>
+ <name>leafnode</name> <range><lt>1.11.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Matthias Andree reports:</p>
- <blockquote cite="http://leafnode.sourceforge.net/leafnode-SA-2005-02.txt">
- <p>A vulnerability was found in the fetchnews program (the NNTP
- client) that may under some circumstances cause a wait for input
- that never arrives, fetchnews "hangs". [...]</p>
- <p>As only one fetchnews program can run at a time, subsequently
- started fetchnews and texpire programs will terminate. [...]</p>
+ <p>Matthias Andree reports:</p> <blockquote
+ cite="http://leafnode.sourceforge.net/leafnode-SA-2005-02.txt">
+ <p>A vulnerability was found in the fetchnews program
+ (the NNTP
+ client) that may under some circumstances cause a wait
+ for input that never arrives, fetchnews "hangs". [...]</p>
+ <p>As only one fetchnews program can run at a time,
+ subsequently
+ started fetchnews and texpire programs will terminate.
+ [...]</p>
<p>Upgrade your leafnode package to version 1.11.3.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1911</cvename>
<url>http://leafnode.sourceforge.net/leafnode-SA-2005-02.txt</url>
- <freebsdpr>ports/82056</freebsdpr>
- <mlist msgid="20050608215155.GB27234@merlin.emma.line.org">http://marc.theaimsgroup.com/?l=vulnwatch&amp;m=111827180929063</mlist>
- </references>
- <dates>
- <discovery>2005-06-08</discovery>
- <entry>2005-06-09</entry>
+ <freebsdpr>ports/82056</freebsdpr> <mlist
+ msgid="20050608215155.GB27234@merlin.emma.line.org">http://marc.theaimsgroup.com/?l=vulnwatch&amp;m=111827180929063</mlist>
+ </references> <dates>
+ <discovery>2005-06-08</discovery> <entry>2005-06-09</entry>
</dates>
</vuln>
@@ -4915,56 +4136,46 @@ Note: Please add new entries to the beginning of this file.
<topic>gforge -- directory traversal vulnerability</topic>
<affects>
<package>
- <name>gforge</name>
- <range><lt>4.0</lt></range>
+ <name>gforge</name> <range><lt>4.0</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>An STG Security Advisory reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110627132209963">
+ <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110627132209963">
<p>GForge CVS module made by Dragos Moinescu and another
module made by Ronald Petty have a directory traversal
vulnerability. [...] malicious attackers can read
arbitrary directory lists.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0299</cvename>
- <bid>12318</bid>
- <mlist msgid="20050120051735.2832.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110627132209963</mlist>
- </references>
- <dates>
- <discovery>2005-01-20</discovery>
- <entry>2005-06-03</entry>
+ </description> <references>
+ <cvename>CVE-2005-0299</cvename> <bid>12318</bid> <mlist
+ msgid="20050120051735.2832.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110627132209963</mlist>
+ </references> <dates>
+ <discovery>2005-01-20</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
<vuln vid="d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616">
- <topic>imap-uw -- authentication bypass when CRAM-MD5 is enabled</topic>
- <affects>
+ <topic>imap-uw -- authentication bypass when CRAM-MD5 is
+ enabled</topic> <affects>
<package>
- <name>imap-uw</name>
- <range><lt>2004b,1</lt></range>
+ <name>imap-uw</name> <range><lt>2004b,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The CRAM-MD5 authentication support of the University of
- Washington IMAP and POP3 servers contains a vulnerability that
- may allow an attacker to bypass authentication and impersonate
- arbitrary users. Only installations with CRAM-MD5 support
- configured are affected.</p>
+ <p>The CRAM-MD5 authentication support of the University
+ of
+ Washington IMAP and POP3 servers contains a vulnerability
+ that may allow an attacker to bypass authentication and
+ impersonate arbitrary users. Only installations with
+ CRAM-MD5 support configured are affected.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0198</cvename>
- <certvu>702777</certvu>
- </references>
- <dates>
- <discovery>2005-01-04</discovery>
- <entry>2005-06-03</entry>
+ </description> <references>
+ <cvename>CVE-2005-0198</cvename> <certvu>702777</certvu>
+ </references> <dates>
+ <discovery>2005-01-04</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
@@ -4972,55 +4183,45 @@ Note: Please add new entries to the beginning of this file.
<topic>squid -- denial-of-service vulnerabilities</topic>
<affects>
<package>
- <name>squid</name>
- <range><lt>2.5.9</lt></range>
+ <name>squid</name> <range><lt>2.5.9</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Squid team reported several denial-of-service
- vulnerabilities related to the handling of DNS responses and
- NT Lan Manager messages. These may allow an attacker to crash
- the Squid cache.</p>
+ vulnerabilities related to the handling of DNS responses
+ and NT Lan Manager messages. These may allow an attacker
+ to crash the Squid cache.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0446</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert</url>
- <cvename>CVE-2005-0096</cvename>
- <cvename>CVE-2005-0097</cvename>
+ <cvename>CVE-2005-0096</cvename> <cvename>CVE-2005-0097</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth</url>
- </references>
- <dates>
- <discovery>2005-01-16</discovery>
- <entry>2005-06-03</entry>
+ </references> <dates>
+ <discovery>2005-01-16</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
<vuln vid="3b260179-e464-460d-bf9f-d5cda6204020">
- <topic>racoon -- remote denial-of-service</topic>
- <affects>
+ <topic>racoon -- remote denial-of-service</topic> <affects>
<package>
- <name>racoon</name>
- <range><lt>20050510a</lt></range>
+ <name>racoon</name> <range><lt>20050510a</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Sebastian Krahmer discovered that the racoon ISAKMP daemon
- could be crashed with a maliciously crafted UDP packet. No
- authentication is required in order to perform the attack.</p>
+ <p>Sebastian Krahmer discovered that the racoon ISAKMP
+ daemon
+ could be crashed with a maliciously crafted UDP packet.
+ No authentication is required in order to perform the
+ attack.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0398</cvename>
<mlist>http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&amp;forum_id=32000</mlist>
<url>http://xforce.iss.net/xforce/xfdb/19707</url>
<url>https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&amp;action=view</url>
- </references>
- <dates>
- <discovery>2005-03-12</discovery>
- <entry>2005-06-03</entry>
+ </references> <dates>
+ <discovery>2005-03-12</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
@@ -5028,25 +4229,22 @@ Note: Please add new entries to the beginning of this file.
<topic>xli -- integer overflows in image size calculations</topic>
<affects>
<package>
- <name>xli</name>
- <range><le>1.17.0_1</le></range>
+ <name>xli</name> <range><le>1.17.0_1</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Tavis Ormandy discovered several integer overflows in xli's
- image size handling. A maliciously crafted image may be able
- to cause a heap buffer overflow and execute arbitrary code.</p>
+ <p>Tavis Ormandy discovered several integer overflows in
+ xli's
+ image size handling. A maliciously crafted image may be
+ able to cause a heap buffer overflow and execute arbitrary
+ code.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0639</cvename>
<url>http://bugs.gentoo.org/show_bug.cgi?id=79762</url>
<url>http://pantransit.reptiles.org/prog/xli/CHANGES</url>
- </references>
- <dates>
- <discovery>2005-02-08</discovery>
- <entry>2005-06-03</entry>
+ </references> <dates>
+ <discovery>2005-02-08</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
@@ -5055,33 +4253,27 @@ Note: Please add new entries to the beginning of this file.
compressed files</topic>
<affects>
<package>
- <name>xli</name>
- <range><le>1.17.0_1</le></range>
+ <name>xli</name> <range><le>1.17.0_1</le></range>
+ </package> <package>
+ <name>xloadimage</name> <range><le>4.1.10</le></range>
</package>
- <package>
- <name>xloadimage</name>
- <range><le>4.1.10</le></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Tavis Ormandy discovered that xli and xloadimage attempt to
+ <p>Tavis Ormandy discovered that xli and xloadimage attempt
+ to
decompress images by piping them through <code>gunzip</code>
or similar decompression tools. Unfortunately, the
unsanitized file name is included as part of the command.
This is dangerous, as in some situations, such as mailcap
- processing, an attacker may control the input file name. As a
- result, an attacker may be able to cause arbitrary command
- execution.</p>
+ processing, an attacker may control the input file name.
+ As a result, an attacker may be able to cause arbitrary
+ command execution.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0638</cvename>
<url>http://bugs.gentoo.org/show_bug.cgi?id=79762</url>
- </references>
- <dates>
- <discovery>2005-02-18</discovery>
- <entry>2005-06-03</entry>
+ </references> <dates>
+ <discovery>2005-02-18</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
@@ -5089,33 +4281,26 @@ Note: Please add new entries to the beginning of this file.
<topic>xloadimage -- buffer overflow in FACES image handling</topic>
<affects>
<package>
- <name>xli</name>
- <range><le>1.17.0_1</le></range>
- </package>
- <package>
- <name>xloadimage</name>
- <range><lt>4.1.9</lt></range>
+ <name>xli</name> <range><le>1.17.0_1</le></range>
+ </package> <package>
+ <name>xloadimage</name> <range><lt>4.1.9</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>In 2001, zen-parse discovered a buffer overflow in
- xloadimage's FACES image loader. A maliciously crafted image
- could cause xloadimage to execute arbitrary code. A published
- exploit exists for this vulnerability.</p>
+ xloadimage's FACES image loader. A maliciously crafted
+ image could cause xloadimage to execute arbitrary code.
+ A published exploit exists for this vulnerability.</p>
<p>In 2005, Rob Holland discovered that the same vulnerability
was present in xli.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2001-0775</cvename>
<mlist>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=99477230306845</mlist>
<url>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=46186</url>
<url>http://bugs.gentoo.org/show_bug.cgi?id=79762</url>
- </references>
- <dates>
- <discovery>2000-02-19</discovery>
- <entry>2005-06-03</entry>
+ </references> <dates>
+ <discovery>2000-02-19</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
@@ -5124,38 +4309,30 @@ Note: Please add new entries to the beginning of this file.
issues</topic>
<affects>
<package>
- <name>yamt</name>
- <range><lt>0.5_2</lt></range>
+ <name>yamt</name> <range><lt>0.5_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Stanislav Brabec discovered errors in yamt's path name
- handling that lead to buffer overflows and directory traversal
- issues. When processing a file with a maliciously crafted ID3
- tag, yamt might overwrite arbitrary files or possibly execute
- arbitrary code.</p>
- <p>The SuSE package ChangeLog contains:</p>
- <blockquote>
+ handling that lead to buffer overflows and directory
+ traversal issues. When processing a file with a maliciously
+ crafted ID3 tag, yamt might overwrite arbitrary files or
+ possibly execute arbitrary code.</p>
+ <p>The SuSE package ChangeLog contains:</p> <blockquote>
<ul>
- <li>Several security fixes (#49337):</li>
- <li>directory traversal in rename</li>
- <li>directory traversal in sort</li>
- <li>buffer overflow in sort</li>
- <li>buffer overflow in rename</li>
+ <li>Several security fixes (#49337):</li> <li>directory
+ traversal in rename</li> <li>directory traversal in
+ sort</li> <li>buffer overflow in sort</li> <li>buffer
+ overflow in rename</li>
</ul>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1846</cvename>
- <cvename>CVE-2005-1847</cvename>
+ </description> <references>
+ <cvename>CVE-2005-1846</cvename> <cvename>CVE-2005-1847</cvename>
<url>http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html</url>
<url>ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm</url>
- </references>
- <dates>
- <discovery>2005-01-20</discovery>
- <entry>2005-06-03</entry>
+ </references> <dates>
+ <discovery>2005-01-20</discovery> <entry>2005-06-03</entry>
</dates>
</vuln>
@@ -5163,57 +4340,50 @@ Note: Please add new entries to the beginning of this file.
<topic>xview -- multiple buffer overflows in xv_parse_one</topic>
<affects>
<package>
- <name>xview</name>
- <range><lt>3.2.1_3</lt></range>
+ <name>xview</name> <range><lt>3.2.1_3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Debian Security Advisory reports:</p>
- <blockquote cite="http://www.debian.org/security/2005/dsa-672">
- <p>Erik Sjölund discovered that programs linked against xview
- are vulnerable to a number of buffer overflows in the XView
- library. When the overflow is triggered in a program which
- is installed setuid root a malicious user could perhaps
- execute arbitrary code as privileged user.</p>
+ <p>A Debian Security Advisory reports:</p> <blockquote
+ cite="http://www.debian.org/security/2005/dsa-672">
+ <p>Erik Sjölund discovered that programs linked against
+ xview
+ are vulnerable to a number of buffer overflows in the
+ XView library. When the overflow is triggered in a
+ program which is installed setuid root a malicious user
+ could perhaps execute arbitrary code as privileged
+ user.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0076</cvename>
<url>http://www.debian.org/security/2005/dsa-672</url>
<url>http://xforce.iss.net/xforce/xfdb/19271</url>
- </references>
- <dates>
- <discovery>2005-02-09</discovery>
- <entry>2005-06-01</entry>
+ </references> <dates>
+ <discovery>2005-02-09</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
<vuln vid="f7e8d2ca-410e-40b2-8748-3abd021e44a9">
- <topic>xtrlock -- X display locking bypass</topic>
- <affects>
+ <topic>xtrlock -- X display locking bypass</topic> <affects>
<package>
- <name>xtrlock</name>
- <range><lt>2.0.10</lt></range>
+ <name>xtrlock</name> <range><lt>2.0.10</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The X display locking program <code>xtrlock</code> contains
- an integer overflow bug. It is possible for an attacker with
- physical access to the system to bypass the display lock.</p>
+ <p>The X display locking program <code>xtrlock</code>
+ contains
+ an integer overflow bug. It is possible for an attacker
+ with physical access to the system to bypass the display
+ lock.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0079</cvename>
<url>http://www.debian.org/security/2005/dsa-649</url>
<url>http://xforce.iss.net/xforce/xfdb/18991</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278191</url>
- </references>
- <dates>
- <discovery>2004-10-25</discovery>
- <entry>2005-06-01</entry>
+ </references> <dates>
+ <discovery>2004-10-25</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
@@ -5221,122 +4391,104 @@ Note: Please add new entries to the beginning of this file.
<topic>linux_base -- vulnerabilities in Red Hat 7.1 libraries</topic>
<affects>
<package>
- <name>linux_base</name>
- <range><lt>7.3</lt></range>
+ <name>linux_base</name> <range><lt>7.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Trevor Johnson reported that the Red Hat Linux RPMs used
- by linux_base contained multiple older vulnerabilities, such
- as a DNS resolver issue and critical bugs in X font handling
- and XPM image handling.</p>
+ by linux_base contained multiple older vulnerabilities,
+ such as a DNS resolver issue and critical bugs in X font
+ handling and XPM image handling.</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://fedoralegacy.org/updates/RH7.3/2004-10-23-FLSA_2004_1947__Updated_glibc_packages_fix_flaws.html</url>
<url>http://rhn.redhat.com/errata/RHSA-2004-059.html</url>
<url>http://rhn.redhat.com/errata/RHSA-2004-478.html</url>
<url>http://rhn.redhat.com/errata/RHSA-2004-612.html</url>
- <cvename>CVE-2002-0029</cvename>
- <cvename>CVE-2004-0083</cvename>
- <cvename>CVE-2004-0084</cvename>
- <cvename>CVE-2004-0106</cvename>
- <cvename>CVE-2004-0687</cvename>
- <cvename>CVE-2004-0688</cvename>
- <cvename>CVE-2004-0692</cvename>
- <cvename>CVE-2004-0914</cvename>
- </references>
- <dates>
- <discovery>2004-09-27</discovery>
- <entry>2005-06-01</entry>
+ <cvename>CVE-2002-0029</cvename> <cvename>CVE-2004-0083</cvename>
+ <cvename>CVE-2004-0084</cvename> <cvename>CVE-2004-0106</cvename>
+ <cvename>CVE-2004-0687</cvename> <cvename>CVE-2004-0688</cvename>
+ <cvename>CVE-2004-0692</cvename> <cvename>CVE-2004-0914</cvename>
+ </references> <dates>
+ <discovery>2004-09-27</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
<vuln vid="79630c0c-8dcc-45d0-9908-4087fe1d618c">
- <topic>squirrelmail -- XSS and remote code injection vulnerabilities</topic>
- <affects>
+ <topic>squirrelmail -- XSS and remote code injection
+ vulnerabilities</topic> <affects>
<package>
- <name>squirrelmail</name>
- <name>ja-squirrelmail</name>
+ <name>squirrelmail</name> <name>ja-squirrelmail</name>
<range><lt>1.4.4</lt></range>
</package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>A SquirrelMail Security Advisory reports:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110702772714662">
- <p>SquirrelMail 1.4.4 has been released to resolve a number of
- security issues disclosed below. It is strongly recommended
- that all running SquirrelMail prior to 1.4.4 upgrade to the
- latest release.</p>
- <h1>Remote File Inclusion</h1>
- <p>Manoel Zaninetti reported an issue in src/webmail.php which
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A SquirrelMail Security Advisory reports:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110702772714662">
+ <p>SquirrelMail 1.4.4 has been released to resolve a
+ number of
+ security issues disclosed below. It is strongly
+ recommended that all running SquirrelMail prior to 1.4.4
+ upgrade to the latest release.</p>
+ <h1>Remote File Inclusion</h1> <p>Manoel Zaninetti reported
+ an issue in src/webmail.php which
would allow a crafted URL to include a remote web page.
- This was assigned CAN-2005-0103 by the Common
- Vulnerabilities and Exposures.</p>
- <h1>Cross Site Scripting Issues</h1>
- <p>A possible cross site scripting issue exists in
+ This was assigned CAN-2005-0103 by the Common Vulnerabilities
+ and Exposures.</p>
+ <h1>Cross Site Scripting Issues</h1> <p>A possible cross
+ site scripting issue exists in
src/webmail.php that is only accessible when the PHP
- installation is running with register_globals set to On.
- This issue was uncovered internally by the SquirrelMail
- Development team. This isssue was assigned CAN-2005-0104 by
- the Common Vulnerabilities and Exposures.</p>
- <p>A second issue which was resolved in the 1.4.4-rc1 release
+ installation is running with register_globals set to
+ On. This issue was uncovered internally by the
+ SquirrelMail Development team. This isssue was assigned
+ CAN-2005-0104 by the Common Vulnerabilities and
+ Exposures.</p>
+ <p>A second issue which was resolved in the 1.4.4-rc1
+ release
was uncovered and assigned CAN-2004-1036 by the Common
- Vulnerabilities and Exposures. This issue could allow a
- remote user to send a specially crafted header and cause
- execution of script (such as javascript) in the client
- browser.</p>
- <h1>Local File Inclusion</h1>
- <p>A possible local file inclusion issue was uncovered by one
+ Vulnerabilities and Exposures. This issue could allow
+ a remote user to send a specially crafted header and
+ cause execution of script (such as javascript) in the
+ client browser.</p>
+ <h1>Local File Inclusion</h1> <p>A possible local file
+ inclusion issue was uncovered by one
of our developers involving custom preference handlers.
- This issue is only active if the PHP installation is running
- with register_globals set to On.</p>
+ This issue is only active if the PHP installation is
+ running with register_globals set to On.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2004-1036</cvename>
- <cvename>CVE-2005-0075</cvename>
- <cvename>CVE-2005-0103</cvename>
- <cvename>CVE-2005-0104</cvename>
- <mlist msgid="47249.24.0.109.81.1106975343.squirrel@sm-14.netdork.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110702772714662</mlist>
+ </description> <references>
+ <cvename>CVE-2004-1036</cvename> <cvename>CVE-2005-0075</cvename>
+ <cvename>CVE-2005-0103</cvename> <cvename>CVE-2005-0104</cvename>
+ <mlist
+ msgid="47249.24.0.109.81.1106975343.squirrel@sm-14.netdork.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110702772714662</mlist>
<url>http://www.squirrelmail.org/security/issue/2005-01-14</url>
<url>http://www.squirrelmail.org/security/issue/2005-01-19</url>
<url>http://www.squirrelmail.org/security/issue/2005-01-20</url>
- </references>
- <dates>
- <discovery>2005-01-29</discovery>
- <entry>2005-06-01</entry>
+ </references> <dates>
+ <discovery>2005-01-29</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
<vuln vid="0d9ba03b-0dbb-42b4-ae0f-60e27af78e22">
- <topic>sympa -- buffer overflow in "queue"</topic>
- <affects>
+ <topic>sympa -- buffer overflow in "queue"</topic> <affects>
<package>
- <name>sympa</name>
- <range><lt>4.1.2_1</lt></range>
+ <name>sympa</name> <range><lt>4.1.2_1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Erik Sjölund discovered a vulnerabilitiy in Sympa. The
- <code>queue</code> application processes messages received via
- aliases. It contains a buffer overflow in the usage of
- <code>sprintf</code>. In some configurations, it may allow an
- attacker to execute arbitrary code as the <code>sympa</code>
- user.</p>
+ <code>queue</code> application processes messages received
+ via aliases. It contains a buffer overflow in the usage
+ of <code>sprintf</code>. In some configurations, it may
+ allow an attacker to execute arbitrary code as the
+ <code>sympa</code> user.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0073</cvename>
<url>http://www.debian.org/security/2005/dsa-677</url>
- </references>
- <dates>
- <discovery>2005-02-11</discovery>
- <entry>2005-06-01</entry>
+ </references> <dates>
+ <discovery>2005-02-11</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
@@ -5344,69 +4496,59 @@ Note: Please add new entries to the beginning of this file.
<topic>mailman -- generated passwords are poor quality</topic>
<affects>
<package>
- <name>mailman</name>
- <name>ja-mailman</name>
+ <name>mailman</name> <name>ja-mailman</name>
<range><lt>2.1.6</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Florian Weimer wrote:</p>
- <blockquote cite="http://mail.python.org/pipermail/mailman-developers/attachments/20041215/be238297/attachment.mht">
- <p>Mailman 2.1.5 uses weak auto-generated passwords for new
+ <p>Florian Weimer wrote:</p> <blockquote
+ cite="http://mail.python.org/pipermail/mailman-developers/attachments/20041215/be238297/attachment.mht">
+ <p>Mailman 2.1.5 uses weak auto-generated passwords for
+ new
subscribers. These passwords are assigned when members
- subscribe without specifying their own password (either by
- email or the web frontend). Knowledge of this password
- allows an attacker to gain access to the list archive even
- though she's not a member and the archive is restricted to
- members only. [...]</p>
+ subscribe without specifying their own password (either
+ by email or the web frontend). Knowledge of this
+ password allows an attacker to gain access to the list
+ archive even though she's not a member and the archive
+ is restricted to members only. [...]</p>
<p>This means that only about 5 million different passwords
- are ever generated, a number that is in the range of brute
- force attacks -- you only have to guess one subscriber
- address (which is usually not that hard).</p>
+ are ever generated, a number that is in the range of
+ brute force attacks -- you only have to guess one
+ subscriber address (which is usually not that hard).</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2004-1143</cvename>
<mlist>http://mail.python.org/pipermail/mailman-developers/2004-December/017553.html</mlist>
- <mlist msgid="87llc0u6l8.fsf@deneb.enyo.de">http://mail.python.org/pipermail/mailman-developers/attachments/20041215/be238297/attachment.mht</mlist>
- </references>
- <dates>
- <discovery>2004-12-15</discovery>
- <entry>2005-06-01</entry>
+ <mlist
+ msgid="87llc0u6l8.fsf@deneb.enyo.de">http://mail.python.org/pipermail/mailman-developers/attachments/20041215/be238297/attachment.mht</mlist>
+ </references> <dates>
+ <discovery>2004-12-15</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
<vuln vid="ad9d2518-3471-4737-b60b-9a1f51023b28">
- <topic>mailman -- password disclosure</topic>
- <affects>
+ <topic>mailman -- password disclosure</topic> <affects>
<package>
- <name>mailman</name>
- <name>ja-mailman</name>
+ <name>mailman</name> <name>ja-mailman</name>
<range><lt>2.1.5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Barry Warsaw reports:</p>
- <blockquote
+ <p>Barry Warsaw reports:</p> <blockquote
cite="http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html">
<p>Today I am releasing Mailman 2.1.5, a bug fix release
- [...] This version also contains a fix for an exploit that
- could allow 3rd parties to retrieve member passwords. It is
- thus highly recommended that all existing sites upgrade to
- the latest version.</p>
+ [...] This version also contains a fix for an exploit
+ that could allow 3rd parties to retrieve member passwords.
+ It is thus highly recommended that all existing sites
+ upgrade to the latest version.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2004-0412</cvename>
<mlist>http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html</mlist>
- </references>
- <dates>
- <discovery>2004-05-15</discovery>
- <entry>2005-06-01</entry>
+ </references> <dates>
+ <discovery>2004-05-15</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
@@ -5417,151 +4559,119 @@ Note: Please add new entries to the beginning of this file.
<name>jakarta-tomcat</name>
<range><ge>5.*</ge><lt>5.5.7</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oliver Karow discovered cross-site scripting issues in
- the Apache Jakarta Tomcat manager. The developers refer to
- the issues as <q>minor</q>.</p>
+ the Apache Jakarta Tomcat manager. The developers refer
+ to the issues as <q>minor</q>.</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.oliverkarow.de/research/jakarta556_xss.txt</url>
<mlist>http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html</mlist>
- </references>
- <dates>
- <discovery>2005-01-03</discovery>
- <entry>2005-06-01</entry>
+ </references> <dates>
+ <discovery>2005-01-03</discovery> <entry>2005-06-01</entry>
</dates>
</vuln>
<vuln vid="84479a62-ca5f-11d9-b772-000c29b00e99">
- <topic>fswiki -- XSS problem in file upload form</topic>
- <affects>
+ <topic>fswiki -- XSS problem in file upload form</topic> <affects>
<package>
- <name>fswiki</name>
- <range><le>3.5.6</le></range>
+ <name>fswiki</name> <range><le>3.5.6</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Secunia security advisory reports:</p>
- <blockquote cite="http://secunia.com/advisories/15538">
- <p>A vulnerability has been reported in FreeStyle Wiki and
- FSWikiLite, which can be exploited by malicious people to
- conduct script insertion attacks.</p>
+ <p>A Secunia security advisory reports:</p> <blockquote
+ cite="http://secunia.com/advisories/15538">
+ <p>A vulnerability has been reported in FreeStyle Wiki
+ and
+ FSWikiLite, which can be exploited by malicious people
+ to conduct script insertion attacks.</p>
<p>Input passed in uploaded attachments is not properly
- sanitised before being used. This can be exploited to inject
- arbitrary HTML and script code, which will be executed in a
- user's browser session in context of an affected site when
- the malicious attachment is viewed.</p>
+ sanitised before being used. This can be exploited to
+ inject arbitrary HTML and script code, which will be
+ executed in a user's browser session in context of an
+ affected site when the malicious attachment is viewed.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1799</cvename>
<url>http://secunia.com/advisories/15538</url>
<freebsdpr>ports/81520</freebsdpr>
<url>http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005%2D5%2D19</url>
<url>http://jvn.jp/jp/JVN%23465742E4/index.html</url>
- </references>
- <dates>
- <discovery>2005-05-19</discovery>
- <entry>2005-05-29</entry>
+ </references> <dates>
+ <discovery>2005-05-19</discovery> <entry>2005-05-29</entry>
<modified>2005-06-01</modified>
</dates>
- </vuln>
- <vuln vid="2fbe16c2-cab6-11d9-9aed-000e0c2e438a">
- <topic>freeradius -- sql injection and denial of service vulnerability</topic>
- <affects>
- <package>
- <name>freeradius</name>
- <range><le>1.0.2_1</le></range>
- </package>
+ </vuln> <vuln vid="2fbe16c2-cab6-11d9-9aed-000e0c2e438a">
+ <topic>freeradius -- sql injection and denial of service
+ vulnerability</topic> <affects>
<package>
- <name>freeradius-devel</name>
- <range><gt>0</gt></range>
+ <name>freeradius</name> <range><le>1.0.2_1</le></range>
+ </package> <package>
+ <name>freeradius-devel</name> <range><gt>0</gt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Gentoo Advisory reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml">
+ <p>A Gentoo Advisory reports:</p> <blockquote
+ cite="http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml">
<p>The FreeRADIUS server is vulnerable to an SQL injection
attack and a buffer overflow, possibly resulting in
disclosure and modification of data and Denial of
Service.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13540</bid>
- <bid>13541</bid>
+ </description> <references>
+ <bid>13540</bid> <bid>13541</bid>
<url>http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml</url>
- </references>
- <dates>
- <discovery>2005-05-17</discovery>
- <entry>2005-05-22</entry>
+ </references> <dates>
+ <discovery>2005-05-17</discovery> <entry>2005-05-22</entry>
</dates>
</vuln>
<vuln vid="641e8609-cab5-11d9-9aed-000e0c2e438a">
- <topic>ppxp -- local root exploit</topic>
- <affects>
+ <topic>ppxp -- local root exploit</topic> <affects>
<package>
- <name>ppxp</name>
- <range><gt>0</gt></range>
+ <name>ppxp</name> <range><gt>0</gt></range>
+ </package> <package>
+ <name>ja-ppxp</name> <range><gt>0</gt></range>
</package>
- <package>
- <name>ja-ppxp</name>
- <range><gt>0</gt></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Debian Advisory reports:</p>
- <blockquote cite="http://www.debian.org/security/2005/dsa-725">
- <p>Jens Steube discovered that ppxp, yet another PPP program,
+ <p>A Debian Advisory reports:</p> <blockquote
+ cite="http://www.debian.org/security/2005/dsa-725">
+ <p>Jens Steube discovered that ppxp, yet another PPP
+ program,
does not release root privileges when opening potentially
- user supplied log files. This can be tricked into opening
- a root shell.</p>
+ user supplied log files. This can be tricked into
+ opening a root shell.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0392</cvename>
<url>http://www.debian.org/security/2005/dsa-725</url>
- </references>
- <dates>
- <discovery>2005-05-19</discovery>
- <entry>2005-05-22</entry>
+ </references> <dates>
+ <discovery>2005-05-19</discovery> <entry>2005-05-22</entry>
</dates>
</vuln>
<vuln vid="1033750f-cab4-11d9-9aed-000e0c2e438a">
- <topic>oops -- format string vulnerability</topic>
- <affects>
+ <topic>oops -- format string vulnerability</topic> <affects>
<package>
- <name>oops</name>
- <range><le>1.5.24</le></range>
+ <name>oops</name> <range><le>1.5.24</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A RST/GHC Advisory reports that there is an format string
- vulnerability in oops. The vulnerability can be found in
- the MySQL/PgSQL authentication module. Succesful
+ vulnerability in oops. The vulnerability can be found
+ in the MySQL/PgSQL authentication module. Succesful
exploitation may allow execution of arbitrary code.</p>
</body>
- </description>
- <references>
- <bid>13172</bid>
- <cvename>CVE-2005-1121</cvename>
+ </description> <references>
+ <bid>13172</bid> <cvename>CVE-2005-1121</cvename>
<url>http://rst.void.ru/papers/advisory24.txt</url>
- </references>
- <dates>
- <discovery>2005-04-14</discovery>
- <entry>2005-05-22</entry>
+ </references> <dates>
+ <discovery>2005-04-14</discovery> <entry>2005-05-22</entry>
</dates>
</vuln>
@@ -5569,96 +4679,76 @@ Note: Please add new entries to the beginning of this file.
<topic>cdrdao -- unspecified privilege escalation vulnerability</topic>
<affects>
<package>
- <name>cdrdao</name>
- <range><lt>1.2.0</lt></range>
+ <name>cdrdao</name> <range><lt>1.2.0</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The developers of cdrdao report that there is a potential
root exploit in the software. In order to be able to
succesfully exploit this vulnerability cdrdao must be
installed setuid root. When succesfully exploited a local
- user might get escalated privileges. By default this port is
- not installed setuid root.</p>
+ user might get escalated privileges. By default this
+ port is not installed setuid root.</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://secunia.com/advisories/15354/</url>
<url>http://sourceforge.net/forum/forum.php?forum_id=466399</url>
- </references>
- <dates>
- <discovery>2005-05-13</discovery>
- <entry>2005-05-19</entry>
+ </references> <dates>
+ <discovery>2005-05-13</discovery> <entry>2005-05-19</entry>
</dates>
</vuln>
<vuln vid="ad5e70bb-c429-11d9-ac59-02061b08fc24">
- <topic>gaim -- MSN remote DoS vulnerability</topic>
- <affects>
+ <topic>gaim -- MSN remote DoS vulnerability</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.3.0</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.3.0</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=17">
- <p>Potential remote denial of service bug resulting from not
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/index.php?id=17">
+ <p>Potential remote denial of service bug resulting from
+ not
checking a pointer for non-NULL before passing it to
strncmp, which results in a crash. This can be triggered
by a remote client sending an SLP message with an empty
body.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1262</cvename>
<url>http://gaim.sourceforge.net/security/index.php?id=17</url>
- </references>
- <dates>
- <discovery>2005-05-10</discovery>
- <entry>2005-05-14</entry>
+ </references> <dates>
+ <discovery>2005-05-10</discovery> <entry>2005-05-14</entry>
</dates>
</vuln>
<vuln vid="889061af-c427-11d9-ac59-02061b08fc24">
- <topic>gaim -- remote crash on some protocols</topic>
- <affects>
+ <topic>gaim -- remote crash on some protocols</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.3.0</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.3.0</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The GAIM team reports that GAIM is vulnerable to a
denial-of-service vulnerability which can cause GAIM to
crash:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=16">
+ <blockquote
+ cite="http://gaim.sourceforge.net/security/index.php?id=16">
<p>It is possible for a remote user to overflow a static
buffer by sending an IM containing a very large URL
(greater than 8192 bytes) to the Gaim user. This is not
possible on all protocols, due to message length
- restrictions. Jabber are SILC are known to be
- vulnerable.</p>
+ restrictions. Jabber are SILC are known to be vulnerable.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1261</cvename>
<url>http://gaim.sourceforge.net/security/index.php?id=16</url>
- </references>
- <dates>
- <discovery>2005-05-10</discovery>
- <entry>2005-05-14</entry>
+ </references> <dates>
+ <discovery>2005-05-10</discovery> <entry>2005-05-14</entry>
</dates>
</vuln>
@@ -5666,86 +4756,83 @@ Note: Please add new entries to the beginning of this file.
<topic>kernel -- information disclosure when using HTT</topic>
<affects>
<system>
- <name>FreeBSD</name>
- <range><ge>5.4</ge><lt>5.4_1</lt></range>
+ <name>FreeBSD</name> <range><ge>5.4</ge><lt>5.4_1</lt></range>
<range><ge>5.0</ge><lt>5.3_15</lt></range>
<range><ge>4.11</ge><lt>4.11_9</lt></range>
<range><lt>4.10_14</lt></range>
</system>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem description and impact</h1>
- <p>When running on processors supporting Hyper-Threading Technology, it is
- possible for a malicious thread to monitor the execution of another
- thread.</p>
- <p>Information may be disclosed to local users, allowing in many
- cases for privilege escalation. For example, on a multi-user
- system, it may be possible to steal cryptographic keys used in
- applications such as OpenSSH or SSL-enabled web servers.</p>
- <p><strong>NOTE:</strong> Similar problems may exist in other
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem description and impact</h1> <p>When running on
+ processors supporting Hyper-Threading Technology, it is
+ possible for a malicious thread to monitor the execution
+ of another thread.</p>
+ <p>Information may be disclosed to local users, allowing
+ in many
+ cases for privilege escalation. For example, on a
+ multi-user system, it may be possible to steal cryptographic
+ keys used in applications such as OpenSSH or SSL-enabled
+ web servers.</p>
+ <p><strong>NOTE:</strong> Similar problems may exist in
+ other
simultaneous multithreading implementations, or even some
systems in the absence of simultaneous multithreading.
- However, current research has only demonstrated this flaw in
- Hyper-Threading Technology, where shared memory caches are
- used.</p>
- <h1>Workaround</h1>
- <p>Systems not using processors with Hyper-Threading Technology
- support are not affected by this issue. On systems which are
- affected, the security flaw can be eliminated by setting the
- "machdep.hlt_logical_cpus" tunable:</p>
+ However, current research has only demonstrated this flaw
+ in Hyper-Threading Technology, where shared memory caches
+ are used.</p>
+ <h1>Workaround</h1> <p>Systems not using processors with
+ Hyper-Threading Technology
+ support are not affected by this issue. On systems which
+ are affected, the security flaw can be eliminated by
+ setting the "machdep.hlt_logical_cpus" tunable:</p>
<pre># echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf</pre>
- <p>The system must be rebooted in order for tunables to take effect.</p>
- <p>Use of this workaround is not recommended on "dual-core" systems, as
+ <p>The system must be rebooted in order for tunables to
+ take effect.</p> <p>Use of this workaround is not recommended
+ on "dual-core" systems, as
this workaround will also disable one of the processor
cores.</p>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0109</cvename>
- <freebsdsa>SA-05:09.htt</freebsdsa>
+ </description> <references>
+ <cvename>CVE-2005-0109</cvename> <freebsdsa>SA-05:09.htt</freebsdsa>
<url>http://www.daemonology.net/hyperthreading-considered-harmful/</url>
- </references>
- <dates>
- <discovery>2005-05-13</discovery>
- <entry>2005-05-13</entry>
+ </references> <dates>
+ <discovery>2005-05-13</discovery> <entry>2005-05-13</entry>
</dates>
</vuln>
<vuln vid="66dbb2ee-99b8-45b2-bb3e-640caea67a60">
- <topic>leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout</topic>
- <affects>
+ <topic>leafnode -- fetchnews denial-of-service triggered by
+ transmission abort/timeout</topic> <affects>
<package>
- <name>leafnode</name>
- <range><ge>1.9.48</ge><lt>1.11.2</lt></range>
+ <name>leafnode</name> <range><ge>1.9.48</ge><lt>1.11.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>When an upstream server aborts the transmission or stops sending
- data after the fetchnews program has requested an article header
- or body, fetchnews may crash, without querying further servers
- that are configured. This can prevent articles from being fetched.
+ <p>When an upstream server aborts the transmission or stops
+ sending
+ data after the fetchnews program has requested an article
+ header or body, fetchnews may crash, without querying
+ further servers that are configured. This can prevent
+ articles from being fetched.
</p>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt</url>
- <cvename>CVE-2005-1453</cvename>
- <freebsdpr>ports/80663</freebsdpr>
- <bid>13489</bid>
- <bid>13492</bid>
- <mlist msgid="20050504152311.GA25593@merlin.emma.line.org">http://sourceforge.net/mailarchive/forum.php?thread_id=7186974&amp;forum_id=10210</mlist>
- <mlist msgid="20050504152311.GA25593@merlin.emma.line.org">http://article.gmane.org/gmane.network.leafnode.announce/52</mlist>
- <mlist msgid="20050504152311.GA25593@merlin.emma.line.org">http://www.dt.e-technik.uni-dortmund.de/pipermail/leafnode-list/2005q2/000900.html</mlist>
- <mlist msgid="20050504152311.GA25593@merlin.emma.line.org">http://www.fredi.de/maillist/msg00111.html</mlist>
- <mlist msgid="20050504152311.GA25593@merlin.emma.line.org">http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html</mlist>
+ <cvename>CVE-2005-1453</cvename> <freebsdpr>ports/80663</freebsdpr>
+ <bid>13489</bid> <bid>13492</bid> <mlist
+ msgid="20050504152311.GA25593@merlin.emma.line.org">http://sourceforge.net/mailarchive/forum.php?thread_id=7186974&amp;forum_id=10210</mlist>
+ <mlist
+ msgid="20050504152311.GA25593@merlin.emma.line.org">http://article.gmane.org/gmane.network.leafnode.announce/52</mlist>
+ <mlist
+ msgid="20050504152311.GA25593@merlin.emma.line.org">http://www.dt.e-technik.uni-dortmund.de/pipermail/leafnode-list/2005q2/000900.html</mlist>
+ <mlist
+ msgid="20050504152311.GA25593@merlin.emma.line.org">http://www.fredi.de/maillist/msg00111.html</mlist>
+ <mlist
+ msgid="20050504152311.GA25593@merlin.emma.line.org">http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html</mlist>
<url>http://www.frsirt.com/english/advisories/2005/0468</url>
<url>http://secunia.com/advisories/15252</url>
- </references>
- <dates>
- <discovery>2005-05-04</discovery>
- <entry>2005-05-13</entry>
+ </references> <dates>
+ <discovery>2005-05-04</discovery> <entry>2005-05-13</entry>
</dates>
</vuln>
@@ -5754,29 +4841,18 @@ Note: Please add new entries to the beginning of this file.
overrides</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.4,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.4</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.8,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.4,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.4</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.8,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.8</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.8</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -5785,59 +4861,48 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-44.html">
- <p>Additional checks were added to make sure Javascript eval
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-44.html">
+ <p>Additional checks were added to make sure Javascript
+ eval
and Script objects are run with the privileges of the
context that created them, not the potentially elevated
privilege of the context calling them in order to protect
against an additional variant of <a
href="http://www.mozilla.org/security/announce/mfsa2005-41.html">MFSA
2005-41</a>.</p>
- </blockquote>
- <p>The Mozilla Foundation Security Advisory MFSA 2005-41
+ </blockquote> <p>The Mozilla Foundation Security Advisory
+ MFSA 2005-41
reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-41.html">
- <p>moz_bug_r_a4 reported several exploits giving an attacker
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-41.html">
+ <p>moz_bug_r_a4 reported several exploits giving an
+ attacker
the ability to install malicious code or steal data,
- requiring only that the user do commonplace actions like
- click on a link or open the context menu.</p>
+ requiring only that the user do commonplace actions
+ like click on a link or open the context menu.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.mozilla.org/security/announce/mfsa2005-44.html</url>
- </references>
- <dates>
- <discovery>2005-05-11</discovery>
- <entry>2005-05-12</entry>
+ </references> <dates>
+ <discovery>2005-05-11</discovery> <entry>2005-05-12</entry>
</dates>
</vuln>
@@ -5846,29 +4911,18 @@ Note: Please add new entries to the beginning of this file.
checks</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.4,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.4</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.8,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.4,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.4</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.8,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.8</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.8</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -5877,43 +4931,31 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-43.html">
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-43.html">
<p>Some security checks intended to prevent script injection
were incorrect and could be bypassed by wrapping a
- javascript: url in the view-source:
- pseudo-protocol. Michael Krax demonstrated that a variant
- of his <a
+ javascript: url in the view-source: pseudo-protocol.
+ Michael Krax demonstrated that a variant of his <a
href="http://www.mozilla.org/security/announce/mfsa2005-37.html">favicon</a>
- exploit could still execute arbitrary code, and the same
- technique could also be used to perform cross-site
+ exploit could still execute arbitrary code, and the
+ same technique could also be used to perform cross-site
scripting.</p>
<p>Georgi Guninski demonstrated the same flaw wrapping
javascript: urls with the jar: pseudo-protocol.</p>
@@ -5922,13 +4964,10 @@ Note: Please add new entries to the beginning of this file.
<p><strong>Workaround:</strong> Disable Javascript</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.mozilla.org/security/announce/mfsa2005-43.html</url>
- </references>
- <dates>
- <discovery>2005-05-11</discovery>
- <entry>2005-05-12</entry>
+ </references> <dates>
+ <discovery>2005-05-11</discovery> <entry>2005-05-12</entry>
</dates>
</vuln>
@@ -5937,29 +4976,18 @@ Note: Please add new entries to the beginning of this file.
vulnerability</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.4,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.4</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.8,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.4,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.4</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.8,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.8</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.8</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -5968,41 +4996,31 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-42.html">
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-42.html">
<p>Two vulnerabilities have been discovered in Firefox,
which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's
system.</p>
<ol>
- <li>The problem is that "IFRAME" JavaScript URLs are not
+ <li>The problem is that "IFRAME" JavaScript URLs are
+ not
properly protected from being executed in context of
another URL in the history list. This can be exploited
to execute arbitrary HTML and script code in a user's
@@ -6010,53 +5028,44 @@ Note: Please add new entries to the beginning of this file.
<li>Input passed to the "IconURL" parameter in
"InstallTrigger.install()" is not properly verified
before being used. This can be exploited to execute
- arbitrary JavaScript code with escalated privileges via
- a specially crafted JavaScript URL.</li>
- </ol>
- <p>Successful exploitation requires that the site is allowed
- to install software (default sites are
- "update.mozilla.org" and "addons.mozilla.org").</p>
+ arbitrary JavaScript code with escalated privileges
+ via a specially crafted JavaScript URL.</li>
+ </ol> <p>Successful exploitation requires that the site
+ is allowed
+ to install software (default sites are "update.mozilla.org"
+ and "addons.mozilla.org").</p>
<p>A combination of vulnerability 1 and 2 can be exploited
to execute arbitrary code.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1476</cvename>
- <cvename>CVE-2005-1477</cvename>
+ </description> <references>
+ <cvename>CVE-2005-1476</cvename> <cvename>CVE-2005-1477</cvename>
<url>http://www.mozilla.org/security/announce/mfsa2005-42.html</url>
- </references>
- <dates>
- <discovery>2005-05-08</discovery>
- <entry>2005-05-11</entry>
+ </references> <dates>
+ <discovery>2005-05-08</discovery> <entry>2005-05-11</entry>
</dates>
</vuln>
<vuln vid="01bb84e2-bd88-11d9-a281-02e018374e71">
- <topic>groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files</topic>
- <affects>
+ <topic>groff -- pic2graph and eqn2graph are vulnerable to symlink
+ attack through temporary files</topic> <affects>
<package>
<name>ja-groff</name>
<range><ge>1.18.1</ge><lt>1.18.1_8</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The eqn2graph and pic2graph scripts in groff 1.18.1
- allow local users to overwrite arbitrary files via
- a symlink attack on temporary files.</p>
+ allow local users to overwrite arbitrary files via a
+ symlink attack on temporary files.</p>
</body>
- </description>
- <references>
- <freebsdpr>ports/80671</freebsdpr>
- <bid>12058</bid>
+ </description> <references>
+ <freebsdpr>ports/80671</freebsdpr> <bid>12058</bid>
<cvename>CVE-2004-1296</cvename>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372</url>
- </references>
- <dates>
- <discovery>2004-12-20</discovery>
- <entry>2005-05-09</entry>
+ </references> <dates>
+ <discovery>2004-12-20</discovery> <entry>2005-05-09</entry>
</dates>
</vuln>
@@ -6064,26 +5073,21 @@ Note: Please add new entries to the beginning of this file.
<topic>groff -- groffer uses temporary files unsafely</topic>
<affects>
<package>
- <name>ja-groff</name>
- <range><ge>1.18</ge><lt>1.18.1_8</lt></range>
+ <name>ja-groff</name> <range><ge>1.18</ge><lt>1.18.1_8</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The groffer script in the groff package 1.18 and later versions
- allows local users to overwrite files via a symlink attack
+ <p>The groffer script in the groff package 1.18 and later
+ versions
+ allows local users to overwrite files via a symlink attack
on temporary files.</p>
</body>
- </description>
- <references>
- <freebsdpr>ports/80671</freebsdpr>
- <bid>11287</bid>
+ </description> <references>
+ <freebsdpr>ports/80671</freebsdpr> <bid>11287</bid>
<cvename>CVE-2004-0969</cvename>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278265</url>
- </references>
- <dates>
- <discovery>2004-09-30</discovery>
- <entry>2005-05-09</entry>
+ </references> <dates>
+ <discovery>2004-09-30</discovery> <entry>2005-05-09</entry>
</dates>
</vuln>
@@ -6091,60 +5095,48 @@ Note: Please add new entries to the beginning of this file.
<topic>sharutils -- unshar insecure temporary file creation</topic>
<affects>
<package>
- <name>sharutils</name>
- <range><lt>4.3.80</lt></range>
+ <name>sharutils</name> <range><lt>4.3.80</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An Ubuntu Advisory reports:</p>
- <blockquote cite="http://www.ubuntulinux.org/support/documentation/usn/usn-104-1">
- <p>Joey Hess discovered that "unshar" created temporary files
+ <p>An Ubuntu Advisory reports:</p> <blockquote
+ cite="http://www.ubuntulinux.org/support/documentation/usn/usn-104-1">
+ <p>Joey Hess discovered that "unshar" created temporary
+ files
in an insecure manner. This could allow a symbolic link
attack to create or overwrite arbitrary files with the
privileges of the user invoking the program.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>12981</bid>
- <cvename>CVE-2005-0990</cvename>
+ </description> <references>
+ <bid>12981</bid> <cvename>CVE-2005-0990</cvename>
<url>http://www.ubuntulinux.org/support/documentation/usn/usn-104-1</url>
- </references>
- <dates>
- <discovery>2005-04-04</discovery>
- <entry>2005-05-01</entry>
+ </references> <dates>
+ <discovery>2005-04-04</discovery> <entry>2005-05-01</entry>
</dates>
</vuln>
<vuln vid="8c5ad0cf-ba37-11d9-837d-000e0c2e438a">
- <topic>rsnapshot -- local privilege escalation</topic>
- <affects>
+ <topic>rsnapshot -- local privilege escalation</topic> <affects>
<package>
- <name>rsnapshot</name>
- <range><lt>1.1.7</lt></range>
+ <name>rsnapshot</name> <range><lt>1.1.7</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>An rsnapshot Advisory reports:</p>
- <blockquote cite="http://www.rsnapshot.org/security/2005/001.html">
+ <p>An rsnapshot Advisory reports:</p> <blockquote
+ cite="http://www.rsnapshot.org/security/2005/001.html">
<p>The copy_symlink() subroutine in rsnapshot incorrectly
- changes file ownership on the files pointed to by symlinks,
- not on the symlinks themselves. This would allow, under
- certain circumstances, an arbitrary user to take ownership
- of a file on the main filesystem.</p>
+ changes file ownership on the files pointed to by
+ symlinks, not on the symlinks themselves. This would
+ allow, under certain circumstances, an arbitrary user
+ to take ownership of a file on the main filesystem.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13095</bid>
- <cvename>CVE-2005-1064</cvename>
+ </description> <references>
+ <bid>13095</bid> <cvename>CVE-2005-1064</cvename>
<url>http://www.rsnapshot.org/security/2005/001.html</url>
- </references>
- <dates>
- <discovery>2005-04-10</discovery>
- <entry>2005-05-01</entry>
+ </references> <dates>
+ <discovery>2005-04-10</discovery> <entry>2005-05-01</entry>
</dates>
</vuln>
@@ -6152,64 +5144,55 @@ Note: Please add new entries to the beginning of this file.
<topic>coppermine -- IP spoofing and XSS vulnerability</topic>
<affects>
<package>
- <name>coppermine</name>
- <range><lt>1.3.2</lt></range>
+ <name>coppermine</name> <range><lt>1.3.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>GHC team reports about coppermine</p>
- <blockquote cite="http://www.securityfocus.com/archive/1/396080">
+ <p>GHC team reports about coppermine</p> <blockquote
+ cite="http://www.securityfocus.com/archive/1/396080">
<p>The lack of sanitizing of user defined variables may
result in undesirable consequences such as IP spoofing
or XSS attack.</p>
<p>Generally users of Coppermine Gallery can post comments.
- Remote address &amp; x-forwarded-for variables are logged
- for admin's eyes. X-Forwarded-for variable does not pass
- throu any filtration before logging into database. User
- can define/redefine this variable.</p>
+ Remote address &amp; x-forwarded-for variables are
+ logged for admin's eyes. X-Forwarded-for variable does
+ not pass throu any filtration before logging into
+ database. User can define/redefine this variable.</p>
</blockquote>
</body>
- </description>
- <references>
- <mlist msgid="20050418122434.10438.qmail@www.securityfocus.com">http://www.securityfocus.com/archive/1/396080</mlist>
- <bid>13218</bid>
- <cvename>CVE-2005-1172</cvename>
+ </description> <references>
+ <mlist
+ msgid="20050418122434.10438.qmail@www.securityfocus.com">http://www.securityfocus.com/archive/1/396080</mlist>
+ <bid>13218</bid> <cvename>CVE-2005-1172</cvename>
<url>http://coppermine.sourceforge.net/board/index.php?topic=17134.0</url>
- </references>
- <dates>
- <discovery>2005-04-18</discovery>
- <entry>2005-05-01</entry>
+ </references> <dates>
+ <discovery>2005-04-18</discovery> <entry>2005-05-01</entry>
</dates>
</vuln>
<vuln vid="cd286cc5-b762-11d9-bfb7-000c6ec775d9">
- <topic>ImageMagick -- ReadPNMImage() heap overflow vulnerability</topic>
- <affects>
+ <topic>ImageMagick -- ReadPNMImage() heap overflow
+ vulnerability</topic> <affects>
<package>
- <name>ImageMagick</name>
- <range><lt>6.2.2</lt></range>
+ <name>ImageMagick</name> <range><lt>6.2.2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Damian Put reports about ImageMagick:</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111445767107869">
+ <p>Damian Put reports about ImageMagick:</p> <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111445767107869">
<p>Remote exploitation of a heap overflow vulnerability
could allow execution of arbitrary code or course denial
of service.</p>
- <p>A heap overflow exists in ReadPNMImage() function, that
+ <p>A heap overflow exists in ReadPNMImage() function,
+ that
is used to decode a PNM image files.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<bid>13351</bid>
<url>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111445767107869</url>
- </references>
- <dates>
- <discovery>2005-04-25</discovery>
- <entry>2005-04-27</entry>
+ </references> <dates>
+ <discovery>2005-04-25</discovery> <entry>2005-04-27</entry>
</dates>
</vuln>
@@ -6218,59 +5201,49 @@ Note: Please add new entries to the beginning of this file.
vulnerabilities</topic>
<affects>
<package>
- <name>mplayer</name>
- <name>mplayer-gtk</name>
- <name>mplayer-gtk2</name>
- <name>mplayer-esound</name>
- <name>mplayer-gtk-esound</name>
- <name>mplayer-gtk2-esound</name>
+ <name>mplayer</name> <name>mplayer-gtk</name>
+ <name>mplayer-gtk2</name> <name>mplayer-esound</name>
+ <name>mplayer-gtk-esound</name> <name>mplayer-gtk2-esound</name>
<range><lt>0.99.7</lt></range>
+ </package> <package>
+ <name>libxine</name> <range><ge>0.9.9</ge><lt>1.0.1</lt></range>
</package>
- <package>
- <name>libxine</name>
- <range><ge>0.9.9</ge><lt>1.0.1</lt></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A xine security announcement reports:</p>
- <blockquote cite="http://xinehq.de/index.php/security/XSA-2004-8">
+ <p>A xine security announcement reports:</p> <blockquote
+ cite="http://xinehq.de/index.php/security/XSA-2004-8">
<p>By a user receiving data from a malicious network
streaming server, an attacker can overrun a heap buffer,
which can, on some systems, lead to or help in executing
- attacker-chosen malicious code with the permissions of the
- user running a xine-lib based media application.</p>
+ attacker-chosen malicious code with the permissions of
+ the user running a xine-lib based media application.</p>
<p>Both the MMS and Real RTSP streaming client code made
- some too-strong assumptions on the transferred
- data. Several critical bounds checks were missing,
- resulting in the possibility of heap overflows, should the
- remote server not adhere to these assumptions. In the MMS
- case, a remote server could present content with too many
+ some too-strong assumptions on the transferred data.
+ Several critical bounds checks were missing, resulting
+ in the possibility of heap overflows, should the remote
+ server not adhere to these assumptions. In the MMS case,
+ a remote server could present content with too many
individual streams; in the RTSP case, a remote server's
reply could have too many lines.</p>
- <p>An attacker can set up a server delivering malicious data
+ <p>An attacker can set up a server delivering malicious
+ data
to the users. This can be used to overflow a heap buffer,
- which can, with certain implementations of heap
- management, lead to attacker chosen data written to the
- stack. This can cause attacker-chosen code being executed
- with the permissions of the user running the
- application. By tricking users to retrieve a stream, which
- can be as easy as providing a link on a website, this
- vulnerability can be exploited remotely.</p>
+ which can, with certain implementations of heap management,
+ lead to attacker chosen data written to the stack. This
+ can cause attacker-chosen code being executed with the
+ permissions of the user running the application. By
+ tricking users to retrieve a stream, which can be as
+ easy as providing a link on a website, this vulnerability
+ can be exploited remotely.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13270</bid>
- <bid>13271</bid>
- <cvename>CVE-2005-1195</cvename>
+ </description> <references>
+ <bid>13270</bid> <bid>13271</bid> <cvename>CVE-2005-1195</cvename>
<url>http://www.mplayerhq.hu/homepage/design7/news.html#vuln10</url>
<url>http://www.mplayerhq.hu/homepage/design7/news.html#vuln11</url>
<url>http://xinehq.de/index.php/security/XSA-2004-8</url>
- </references>
- <dates>
- <discovery>2005-04-16</discovery>
- <entry>2005-04-25</entry>
+ </references> <dates>
+ <discovery>2005-04-16</discovery> <entry>2005-04-25</entry>
</dates>
</vuln>
@@ -6278,33 +5251,28 @@ Note: Please add new entries to the beginning of this file.
<topic>gaim -- AIM/ICQ remote denial of service vulnerability</topic>
<affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.1.3</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.1.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The GAIM team reports that GAIM is vulnerable to a
denial-of-service vulnerability which can cause GAIM to
freeze:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=10">
- <p>Certain malformed SNAC packets sent by other AIM or ICQ
+ <blockquote
+ cite="http://gaim.sourceforge.net/security/index.php?id=10">
+ <p>Certain malformed SNAC packets sent by other AIM or
+ ICQ
users can trigger an infinite loop in Gaim when parsing
- the SNAC. The remote user would need a custom client, able
- to generate malformed SNACs.</p>
+ the SNAC. The remote user would need a custom client,
+ able to generate malformed SNACs.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0472</cvename>
<url>http://gaim.sourceforge.net/security/index.php?id=10</url>
- </references>
- <dates>
- <discovery>2005-02-17</discovery>
- <entry>2005-04-25</entry>
+ </references> <dates>
+ <discovery>2005-02-17</discovery> <entry>2005-04-25</entry>
</dates>
</vuln>
@@ -6312,31 +5280,24 @@ Note: Please add new entries to the beginning of this file.
<topic>gaim -- remote DoS on receiving malformed HTML</topic>
<affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.1.4</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.1.4</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=12">
- <p>Receiving malformed HTML can result in an invalid memory
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/index.php?id=12">
+ <p>Receiving malformed HTML can result in an invalid
+ memory
access causing Gaim to crash.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0208</cvename>
- <cvename>CVE-2005-0473</cvename>
+ </description> <references>
+ <cvename>CVE-2005-0208</cvename> <cvename>CVE-2005-0473</cvename>
<url>http://gaim.sourceforge.net/security/index.php?id=11</url>
<url>http://gaim.sourceforge.net/security/index.php?id=12</url>
- </references>
- <dates>
- <discovery>2005-02-17</discovery>
- <entry>2005-04-25</entry>
+ </references> <dates>
+ <discovery>2005-02-17</discovery> <entry>2005-04-25</entry>
</dates>
</vuln>
@@ -6345,31 +5306,26 @@ Note: Please add new entries to the beginning of this file.
vulnerability</topic>
<affects>
<package>
- <name>kdewebdev</name>
- <range><lt>3.4.0_1,2</lt></range>
+ <name>kdewebdev</name> <range><lt>3.4.0_1,2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A KDE Security Advisory reports:</p>
- <blockquote cite="http://www.kde.org/info/security/advisory-20050420-1.txt">
+ <p>A KDE Security Advisory reports:</p> <blockquote
+ cite="http://www.kde.org/info/security/advisory-20050420-1.txt">
<p>Kommander executes without user confirmation data files
from possibly untrusted locations. As they contain
scripts, the user might accidentally run arbitrary
code.</p>
- <p><strong>Impact:</strong> Remotly supplied kommander files
- from untrusted sources are executed without
- confirmation.</p>
+ <p><strong>Impact:</strong> Remotly supplied kommander
+ files
+ from untrusted sources are executed without confirmation.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0754</cvename>
<url>http://www.kde.org/info/security/advisory-20050420-1.txt</url>
- </references>
- <dates>
- <discovery>2005-04-20</discovery>
- <entry>2005-04-23</entry>
+ </references> <dates>
+ <discovery>2005-04-20</discovery> <entry>2005-04-23</entry>
</dates>
</vuln>
@@ -6378,74 +5334,61 @@ Note: Please add new entries to the beginning of this file.
modification vulnerability</topic>
<affects>
<package>
- <name>junkbuster</name>
- <range><lt>2.0.2_3</lt></range>
+ <name>junkbuster</name> <range><lt>2.0.2_3</lt></range>
+ </package> <package>
+ <name>junkbuster-zlib</name> <range><gt>0</gt></range>
</package>
- <package>
- <name>junkbuster-zlib</name>
- <range><gt>0</gt></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Debian advisory reports:</p>
- <blockquote cite="http://www.debian.org/security/2005/dsa-713">
- <p>James Ranson discovered that an attacker can modify the
- referrer setting with a carefully crafted URL by accidently
- overwriting a global variable.</p>
+ <p>A Debian advisory reports:</p> <blockquote
+ cite="http://www.debian.org/security/2005/dsa-713">
+ <p>James Ranson discovered that an attacker can modify
+ the
+ referrer setting with a carefully crafted URL by
+ accidently overwriting a global variable.</p>
<p>Tavis Ormandy from the Gentoo Security Team discovered
several heap corruptions due to inconsistent use of an
internal function that can crash the daemon or possibly
lead to the execution of arbitrary code.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13146</bid>
- <bid>13147</bid>
- <cvename>CVE-2005-1108</cvename>
+ </description> <references>
+ <bid>13146</bid> <bid>13147</bid> <cvename>CVE-2005-1108</cvename>
<cvename>CVE-2005-1109</cvename>
<url>http://www.debian.org/security/2005/dsa-713</url>
<url>http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml</url>
- </references>
- <dates>
- <discovery>2005-04-13</discovery>
- <entry>2005-04-22</entry>
+ </references> <dates>
+ <discovery>2005-04-13</discovery> <entry>2005-04-22</entry>
</dates>
</vuln>
<vuln vid="06404241-b306-11d9-a788-0001020eed82">
- <topic>kdelibs -- kimgio input validation errors</topic>
- <affects>
+ <topic>kdelibs -- kimgio input validation errors</topic> <affects>
<package>
- <name>kdelibs</name>
- <range><ge>3.2</ge><lt>3.4.0_2</lt></range>
+ <name>kdelibs</name> <range><ge>3.2</ge><lt>3.4.0_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A KDE Security Advisory reports:</p>
- <blockquote cite="http://www.kde.org/info/security/advisory-20050421-1.txt">
- <p>kimgio contains a PCX image file format reader that does
- not properly perform input validation. A source code audit
- performed by the KDE security team discovered several
- vulnerabilities in the PCX and other image file format
- readers, some of them exploitable to execute arbitrary
- code.</p>
+ <p>A KDE Security Advisory reports:</p> <blockquote
+ cite="http://www.kde.org/info/security/advisory-20050421-1.txt">
+ <p>kimgio contains a PCX image file format reader that
+ does
+ not properly perform input validation. A source code
+ audit performed by the KDE security team discovered
+ several vulnerabilities in the PCX and other image file
+ format readers, some of them exploitable to execute
+ arbitrary code.</p>
<p><strong>Impact:</strong> Remotely supplied, specially
crafted image files can be used to execute arbitrary
code.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-1046</cvename>
<url>http://bugs.kde.org/102328</url>
<url>http://www.kde.org/info/security/advisory-20050421-1.txt</url>
- </references>
- <dates>
- <discovery>2005-04-21</discovery>
- <entry>2005-04-22</entry>
+ </references> <dates>
+ <discovery>2005-04-21</discovery> <entry>2005-04-22</entry>
</dates>
</vuln>
@@ -6453,51 +5396,44 @@ Note: Please add new entries to the beginning of this file.
<topic>gld -- format string and buffer overflow vulnerabilities</topic>
<affects>
<package>
- <name>gld</name>
- <range><lt>1.5</lt></range>
+ <name>gld</name> <range><lt>1.5</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Gld has been found vulnerable to multiple buffer overflows as
+ <p>Gld has been found vulnerable to multiple buffer overflows
+ as
well as multiple format string vulnerabilities.</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111339935903880">
+ <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111339935903880">
<p>An attacker could exploit this vulnerability to execute
- arbitrary code with the permissions of the user running Gld,
- the default user being root.</p>
- </blockquote>
- <p>The FreeBSD port defaults to running gld as the root user.
+ arbitrary code with the permissions of the user running
+ Gld, the default user being root.</p>
+ </blockquote> <p>The FreeBSD port defaults to running gld
+ as the root user.
The risk of exploitation can be minimized by making gld
- listen on the loopback address only, or configure it to only
- accept connections from trusted smtp servers.</p>
+ listen on the loopback address only, or configure it to
+ only accept connections from trusted smtp servers.</p>
</body>
- </description>
- <references>
- <bid>13129</bid>
- <bid>13133</bid>
- <cvename>CVE-2005-1099</cvename>
- <cvename>CVE-2005-1100</cvename>
- <mlist msgid="20050412004111.562AC7A890E@ws4-4.us4.outblaze.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111339935903880</mlist>
- <mlist msgid="20050413174736.20947.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111342432325670</mlist>
- </references>
- <dates>
- <discovery>2005-04-12</discovery>
- <entry>2005-04-19</entry>
+ </description> <references>
+ <bid>13129</bid> <bid>13133</bid> <cvename>CVE-2005-1099</cvename>
+ <cvename>CVE-2005-1100</cvename> <mlist
+ msgid="20050412004111.562AC7A890E@ws4-4.us4.outblaze.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111339935903880</mlist>
+ <mlist
+ msgid="20050413174736.20947.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111342432325670</mlist>
+ </references> <dates>
+ <discovery>2005-04-12</discovery> <entry>2005-04-19</entry>
</dates>
</vuln>
<vuln vid="0163b498-af54-11d9-acd0-000854d03344">
- <topic>axel -- remote buffer overflow</topic>
- <affects>
+ <topic>axel -- remote buffer overflow</topic> <affects>
<package>
- <name>axel</name>
- <range><lt>1.0a_4</lt></range>
+ <name>axel</name> <range><lt>1.0a_4</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Debian Security Advisory reports:</p>
- <blockquote cite="http://www.debian.org/security/2005/dsa-706">
+ <p>A Debian Security Advisory reports:</p> <blockquote
+ cite="http://www.debian.org/security/2005/dsa-706">
<p>Ulf Härnhammar from the Debian Security Audit Project
discovered a buffer overflow in axel, a light download
accelerator. When reading remote input the program did
@@ -6505,15 +5441,11 @@ Note: Please add new entries to the beginning of this file.
and maybe trigger the execution of arbitrary code.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13059</bid>
- <cvename>CVE-2005-0390</cvename>
+ </description> <references>
+ <bid>13059</bid> <cvename>CVE-2005-0390</cvename>
<url>http://www.debian.org/security/2005/dsa-706</url>
- </references>
- <dates>
- <discovery>2005-04-16</discovery>
- <entry>2005-04-17</entry>
+ </references> <dates>
+ <discovery>2005-04-16</discovery> <entry>2005-04-17</entry>
</dates>
</vuln>
@@ -6521,43 +5453,38 @@ Note: Please add new entries to the beginning of this file.
<topic>firefox -- PLUGINSPAGE privileged javascript execution</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.3,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.3</lt></range>
+ <name>firefox</name> <range><lt>1.0.3,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-34.html">
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-34.html">
<p>When a webpage requires a plugin that is not installed
the user can click to launch the Plugin Finder Service
- (PFS) to find an appropriate plugin. If the service does
- not have an appropriate plugin the EMBED tag is checked
- for a PLUGINSPAGE attribute, and if one is found the PFS
- dialog will contain a "manual install" button that will
- load the PLUGINSPAGE url.</p>
+ (PFS) to find an appropriate plugin. If the service
+ does not have an appropriate plugin the EMBED tag is
+ checked for a PLUGINSPAGE attribute, and if one is found
+ the PFS dialog will contain a "manual install" button
+ that will load the PLUGINSPAGE url.</p>
<p>Omar Khan reported that if the PLUGINSPAGE attribute
- contains a javascript: url then pressing the button could
- launch arbitrary code capable of stealing local data or
- installing malicious code.</p>
- <p>Doron Rosenberg reported a variant that injects script by
+ contains a javascript: url then pressing the button
+ could launch arbitrary code capable of stealing local
+ data or installing malicious code.</p>
+ <p>Doron Rosenberg reported a variant that injects script
+ by
appending it to a malformed URL of any protocol.</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0752</cvename>
<url>http://www.mozilla.org/security/announce/mfsa2005-34.html</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=288556</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=289171</url>
- </references>
- <dates>
- <discovery>2005-03-31</discovery>
- <entry>2005-04-16</entry>
+ </references> <dates>
+ <discovery>2005-03-31</discovery> <entry>2005-04-16</entry>
</dates>
</vuln>
@@ -6565,87 +5492,64 @@ Note: Please add new entries to the beginning of this file.
<topic>jdk -- jar directory traversal vulnerability</topic>
<affects>
<package>
- <name>jdk</name>
- <range><le>1.2.2p11_3</le></range>
+ <name>jdk</name> <range><le>1.2.2p11_3</le></range>
<range><ge>1.3.*</ge><le>1.3.1p9_4</le></range>
<range><ge>1.4.*</ge><le>1.4.2p7</le></range>
<range><ge>1.5.*</ge><le>1.5.0p1_1</le></range>
- </package>
- <package>
- <name>linux-ibm-jdk</name>
- <range><le>1.4.2_1</le></range>
- </package>
- <package>
- <name>linux-sun-jdk</name>
- <range><le>1.4.2.08_1</le></range>
+ </package> <package>
+ <name>linux-ibm-jdk</name> <range><le>1.4.2_1</le></range>
+ </package> <package>
+ <name>linux-sun-jdk</name> <range><le>1.4.2.08_1</le></range>
<range><ge>1.5.*</ge><le>1.5.2.02,2</le></range>
+ </package> <package>
+ <name>linux-blackdown-jdk</name> <range><le>1.4.2_2</le></range>
+ </package> <package>
+ <name>diablo-jdk</name> <range><le>1.3.1.0_1</le></range>
+ </package> <package>
+ <name>linux-jdk</name> <range><ge>0</ge></range>
</package>
- <package>
- <name>linux-blackdown-jdk</name>
- <range><le>1.4.2_2</le></range>
- </package>
- <package>
- <name>diablo-jdk</name>
- <range><le>1.3.1.0_1</le></range>
- </package>
- <package>
- <name>linux-jdk</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Pluf has discovered a vulnerability in Sun Java JDK/SDK,
- which potentially can be exploited by malicious people to
- compromise a user's system.</p>
- <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111331593310508">
- <p>The jar tool does not check properly if the files to be
+ which potentially can be exploited by malicious people
+ to compromise a user's system.</p>
+ <blockquote
+ cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111331593310508">
+ <p>The jar tool does not check properly if the files to
+ be
extracted have the string "../" on its names, so it's
- possible for an attacker to create a malicious jar file in
- order to overwrite arbitrary files within the filesystem.</p>
+ possible for an attacker to create a malicious jar file
+ in order to overwrite arbitrary files within the
+ filesystem.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-1080</cvename>
- <mlist msgid="200504120226.10559.pluf@7a69ezine.org">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111331593310508</mlist>
+ </description> <references>
+ <cvename>CVE-2005-1080</cvename> <mlist
+ msgid="200504120226.10559.pluf@7a69ezine.org">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111331593310508</mlist>
<url>http://www.securiteam.com/securitynews/5IP0C0AFGW.html</url>
<url>http://secunia.com/advisories/14902/</url>
- </references>
- <dates>
- <discovery>2005-04-11</discovery>
- <entry>2005-04-16</entry>
+ </references> <dates>
+ <discovery>2005-04-11</discovery> <entry>2005-04-16</entry>
<modified>2005-05-02</modified>
</dates>
</vuln>
<vuln vid="f650d5b8-ae62-11d9-a788-0001020eed82">
- <topic>mozilla -- privilege escalation via DOM property overrides</topic>
- <affects>
- <package>
- <name>firefox</name>
- <range><lt>1.0.3,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.3</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.7,2</lt></range>
+ <topic>mozilla -- privilege escalation via DOM property
+ overrides</topic> <affects>
+ <package>
+ <name>firefox</name> <range><lt>1.0.3,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.3</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.7,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.7</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.7</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -6654,68 +5558,56 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-41.html">
- <p>moz_bug_r_a4 reported several exploits giving an attacker
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-41.html">
+ <p>moz_bug_r_a4 reported several exploits giving an
+ attacker
the ability to install malicious code or steal data,
- requiring only that the user do commonplace actions like
- click on a link or open the context menu. The common cause
- in each case was privileged UI code ("chrome") being
- overly trusting of DOM nodes from the content
- window. Scripts in the web page can override properties
- and methods of DOM nodes and shadow the native values,
- unless steps are taken to get the true underlying values.</p>
+ requiring only that the user do commonplace actions
+ like click on a link or open the context menu. The
+ common cause in each case was privileged UI code
+ ("chrome") being overly trusting of DOM nodes from the
+ content window. Scripts in the web page can override
+ properties and methods of DOM nodes and shadow the
+ native values, unless steps are taken to get the true
+ underlying values.</p>
<p>We found that most extensions also interacted with
- content DOM in a natural, but unsafe, manner. Changes were
- made so that chrome code using this natural DOM coding
- style will now automatically use the native DOM value if
- it exists without having to use cumbersome wrapper
- objects.</p>
+ content DOM in a natural, but unsafe, manner. Changes
+ were made so that chrome code using this natural DOM
+ coding style will now automatically use the native DOM
+ value if it exists without having to use cumbersome
+ wrapper objects.</p>
<p>Most of the specific exploits involved tricking the
- privileged code into calling eval() on an
- attacker-supplied script string, or the equivalent using
- the Script() object. Checks were added in the security
- manager to make sure eval and Script objects are run with
- the privileges of the context that created them, not the
+ privileged code into calling eval() on an attacker-supplied
+ script string, or the equivalent using the Script()
+ object. Checks were added in the security manager to
+ make sure eval and Script objects are run with the
+ privileges of the context that created them, not the
potentially elevated privileges of the context calling
them.</p>
<p><strong>Workaround</strong>: Disable Javascript</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.mozilla.org/security/announce/mfsa2005-41.html</url>
- </references>
- <dates>
- <discovery>2005-04-15</discovery>
- <entry>2005-04-16</entry>
+ </references> <dates>
+ <discovery>2005-04-15</discovery> <entry>2005-04-16</entry>
</dates>
</vuln>
@@ -6723,29 +5615,18 @@ Note: Please add new entries to the beginning of this file.
<topic>mozilla -- code execution through javascript: favicons</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.3,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.3</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.7,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.3,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.3</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.7,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.7</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.7</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -6754,50 +5635,36 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-37.html">
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-37.html">
<p>Firefox and the Mozilla Suite support custom "favicons"
- through the &lt;LINK rel="icon"&gt; tag. If a link tag is added
- to the page programmatically and a javascript: url is
- used, then script will run with elevated privileges and
- could run or install malicious software.</p>
+ through the &lt;LINK rel="icon"&gt; tag. If a link tag
+ is added to the page programmatically and a javascript:
+ url is used, then script will run with elevated privileges
+ and could run or install malicious software.</p>
<p><strong>Workaround</strong>: Disable Javascript</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.mozilla.org/security/announce/mfsa2005-37.html</url>
- </references>
- <dates>
- <discovery>2005-04-12</discovery>
- <entry>2005-04-16</entry>
+ </references> <dates>
+ <discovery>2005-04-12</discovery> <entry>2005-04-16</entry>
</dates>
</vuln>
@@ -6806,29 +5673,18 @@ Note: Please add new entries to the beginning of this file.
contents</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.3,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.3</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.7,2</lt></range>
+ <name>firefox</name> <range><lt>1.0.3,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.3</lt></range>
+ </package> <package>
+ <name>mozilla</name> <range><lt>1.7.7,2</lt></range>
<range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <name>linux-mozilla-devel</name>
- <range><lt>1.7.7</lt></range>
- <range><ge>1.8.*</ge></range>
- </package>
- <package>
- <name>netscape7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ </package> <package>
+ <name>linux-mozilla</name> <name>linux-mozilla-devel</name>
+ <range><lt>1.7.7</lt></range> <range><ge>1.8.*</ge></range>
+ </package> <package>
+ <name>netscape7</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These ports are obsolete. -->
<name>de-linux-mozillafirebird</name>
<name>el-linux-mozillafirebird</name>
@@ -6837,35 +5693,24 @@ Note: Please add new entries to the beginning of this file.
<name>linux-mozillafirebird</name>
<name>ru-linux-mozillafirebird</name>
<name>zhCN-linux-mozillafirebird</name>
- <name>zhTW-linux-mozillafirebird</name>
- <range><ge>0</ge></range>
- </package>
- <package>
+ <name>zhTW-linux-mozillafirebird</name> <range><ge>0</ge></range>
+ </package> <package>
<!-- These package names are obsolete. -->
- <name>de-linux-netscape</name>
- <name>de-netscape7</name>
- <name>fr-linux-netscape</name>
- <name>fr-netscape7</name>
- <name>ja-linux-netscape</name>
- <name>ja-netscape7</name>
- <name>linux-netscape</name>
- <name>linux-phoenix</name>
- <name>mozilla+ipv6</name>
- <name>mozilla-embedded</name>
- <name>mozilla-firebird</name>
- <name>mozilla-gtk1</name>
- <name>mozilla-gtk2</name>
- <name>mozilla-gtk</name>
- <name>mozilla-thunderbird</name>
- <name>phoenix</name>
- <name>pt_BR-netscape7</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
+ <name>de-linux-netscape</name> <name>de-netscape7</name>
+ <name>fr-linux-netscape</name> <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name> <name>ja-netscape7</name>
+ <name>linux-netscape</name> <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name> <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name> <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name> <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name> <name>phoenix</name>
+ <name>pt_BR-netscape7</name> <range><ge>0</ge></range>
+ </package>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-33.html">
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-33.html">
<p>A bug in javascript's regular expression string
replacement when using an anonymous function as the
replacement argument allows a malicious script to capture
@@ -6875,15 +5720,12 @@ Note: Please add new entries to the beginning of this file.
<p><strong>Workaround</strong>: Disable Javascript</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0989</cvename>
<url>http://www.mozilla.org/security/announce/mfsa2005-33.html</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=288688</url>
- </references>
- <dates>
- <discovery>2005-04-01</discovery>
- <entry>2005-04-16</entry>
+ </references> <dates>
+ <discovery>2005-04-01</discovery> <entry>2005-04-16</entry>
</dates>
</vuln>
@@ -6891,34 +5733,28 @@ Note: Please add new entries to the beginning of this file.
<topic>firefox -- arbitrary code execution in sidebar panel</topic>
<affects>
<package>
- <name>firefox</name>
- <range><lt>1.0.3,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.0.3</lt></range>
+ <name>firefox</name> <range><lt>1.0.3,1</lt></range>
+ </package> <package>
+ <name>linux-firefox</name> <range><lt>1.0.3</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Mozilla Foundation Security Advisory reports:</p>
- <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-39.html">
+ <blockquote
+ cite="http://www.mozilla.org/security/announce/mfsa2005-39.html">
<p>Sites can use the _search target to open links in the
Firefox sidebar. Two missing security checks allow
- malicious scripts to first open a privileged page (such as
- about:config) and then inject script using a javascript:
- url. This could be used to install malicious code or steal
- data without user interaction.</p>
+ malicious scripts to first open a privileged page (such
+ as about:config) and then inject script using a javascript:
+ url. This could be used to install malicious code or
+ steal data without user interaction.</p>
<p><strong>Workaround</strong>: Disable Javascript</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<url>http://www.mozilla.org/security/announce/mfsa2005-39.html</url>
- </references>
- <dates>
- <discovery>2005-04-12</discovery>
- <entry>2005-04-16</entry>
+ </references> <dates>
+ <discovery>2005-04-12</discovery> <entry>2005-04-16</entry>
</dates>
</vuln>
@@ -6926,73 +5762,48 @@ Note: Please add new entries to the beginning of this file.
<topic>openoffice -- DOC document heap overflow vulnerability</topic>
<affects>
<package>
- <name>openoffice</name>
- <name>ar-openoffice</name>
- <name>ca-openoffice</name>
- <name>cs-openoffice</name>
- <name>de-openoffice</name>
- <name>dk-openoffice</name>
- <name>el-openoffice</name>
- <name>es-openoffice</name>
- <name>et-openoffice</name>
- <name>fi-openoffice</name>
- <name>fr-openoffice</name>
- <name>gr-openoffice</name>
- <name>hu-openoffice</name>
- <name>it-openoffice</name>
- <name>ja-openoffice</name>
- <name>ko-openoffice</name>
- <name>nl-openoffice</name>
- <name>pl-openoffice</name>
- <name>pt-openoffice</name>
- <name>pt_BR-openoffice</name>
- <name>ru-openoffice</name>
- <name>se-openoffice</name>
- <name>sk-openoffice</name>
- <name>sl-openoffice-SI</name>
- <name>tr-openoffice</name>
- <name>zh-openoffice-CN</name>
- <name>zh-openoffice-TW</name>
- <!-- Deprecated names -->
- <name>jp-openoffice</name>
- <name>kr-openoffice</name>
- <name>sl-openoffice-SL</name>
- <name>zh-openoffice</name>
- <name>zh_TW-openoffice</name>
- <range><lt>1.1.4_2</lt></range>
+ <name>openoffice</name> <name>ar-openoffice</name>
+ <name>ca-openoffice</name> <name>cs-openoffice</name>
+ <name>de-openoffice</name> <name>dk-openoffice</name>
+ <name>el-openoffice</name> <name>es-openoffice</name>
+ <name>et-openoffice</name> <name>fi-openoffice</name>
+ <name>fr-openoffice</name> <name>gr-openoffice</name>
+ <name>hu-openoffice</name> <name>it-openoffice</name>
+ <name>ja-openoffice</name> <name>ko-openoffice</name>
+ <name>nl-openoffice</name> <name>pl-openoffice</name>
+ <name>pt-openoffice</name> <name>pt_BR-openoffice</name>
+ <name>ru-openoffice</name> <name>se-openoffice</name>
+ <name>sk-openoffice</name> <name>sl-openoffice-SI</name>
+ <name>tr-openoffice</name> <name>zh-openoffice-CN</name>
+ <name>zh-openoffice-TW</name> <!-- Deprecated names -->
+ <name>jp-openoffice</name> <name>kr-openoffice</name>
+ <name>sl-openoffice-SL</name> <name>zh-openoffice</name>
+ <name>zh_TW-openoffice</name> <range><lt>1.1.4_2</lt></range>
<range><gt>2.*</gt><le>2.0.20050406</le></range>
- </package>
- <package>
- <name>openoffice</name>
- <name>ja-openoffice</name>
+ </package> <package>
+ <name>openoffice</name> <name>ja-openoffice</name>
<range><ge>6.0.a609</ge><le>6.0.a638</le></range>
<range><ge>641c</ge><le>645</le></range>
- <range><eq>1.1RC4</eq></range>
- <range><eq>1.1rc5</eq></range>
+ <range><eq>1.1RC4</eq></range> <range><eq>1.1rc5</eq></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>AD-LAB reports that a heap-based buffer overflow
vulnerability exists in OpenOffice's handling of DOC
- documents. When reading a DOC document 16 bit from a 32 bit
- integer is used for memory allocation, but the full 32 bit
- is used for further processing of the document. This can
- allow an attacker to crash OpenOffice, or potentially
- execute arbitrary code as the user running OpenOffice, by
- tricking an user into opening a specially crafted DOC
- document.</p>
- </body>
- </description>
- <references>
- <bid>13092</bid>
- <cvename>CVE-2005-0941</cvename>
- <mlist msgid="20050412000438.17342.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111325305109137</mlist>
+ documents. When reading a DOC document 16 bit from a 32
+ bit integer is used for memory allocation, but the full
+ 32 bit is used for further processing of the document.
+ This can allow an attacker to crash OpenOffice, or
+ potentially execute arbitrary code as the user running
+ OpenOffice, by tricking an user into opening a specially
+ crafted DOC document.</p>
+ </body>
+ </description> <references>
+ <bid>13092</bid> <cvename>CVE-2005-0941</cvename> <mlist
+ msgid="20050412000438.17342.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111325305109137</mlist>
<url>http://www.openoffice.org/issues/show_bug.cgi?id=46388</url>
- </references>
- <dates>
- <discovery>2005-04-11</discovery>
- <entry>2005-04-13</entry>
+ </references> <dates>
+ <discovery>2005-04-11</discovery> <entry>2005-04-13</entry>
<modified>2005-04-20</modified>
</dates>
</vuln>
@@ -7002,18 +5813,16 @@ Note: Please add new entries to the beginning of this file.
vulnerability</topic>
<affects>
<package>
- <name>portupgrade</name>
- <range><lt>20041226_2</lt></range>
+ <name>portupgrade</name> <range><lt>20041226_2</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon L. Nielsen discovered that portupgrade handles
- temporary files in an insecure manner. This could allow an
- unprivileged local attacker to execute arbitrary commands or
- overwrite arbitrary files with the permissions of the user
- running portupgrade, typically root, by way of a symlink
- attack.</p>
+ temporary files in an insecure manner. This could allow
+ an unprivileged local attacker to execute arbitrary
+ commands or overwrite arbitrary files with the permissions
+ of the user running portupgrade, typically root, by way
+ of a symlink attack.</p>
<p>The following issues exist where the temporary files are
created, by default in the world writeable directory
/var/tmp, with the permissions of the user running
@@ -7029,91 +5838,73 @@ Note: Please add new entries to the beginning of this file.
the old package to a predictable temporary file, allowing
an attacker to overwrite arbitrary files via a symlink
attack.</li>
- <li>portupgrade will <q>touch</q> a temporary temporary file
+ <li>portupgrade will <q>touch</q> a temporary temporary
+ file
with a constant filename (pkgdb.fixme) allowing an
- attacker to create arbitrary zero-byte files via a symlink
- attack.</li>
- </ul>
- <p>A workaround for these issues is to set the
+ attacker to create arbitrary zero-byte files via a
+ symlink attack.</li>
+ </ul> <p>A workaround for these issues is to set the
<code>PKG_TMPDIR</code> environment variable to a directory
only write-able by the user running portupgrade.</p>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0610</cvename>
- </references>
- <dates>
- <discovery>2005-04-12</discovery>
- <entry>2005-04-12</entry>
+ </references> <dates>
+ <discovery>2005-04-12</discovery> <entry>2005-04-12</entry>
</dates>
</vuln>
<vuln vid="ecf68408-a9f5-11d9-a788-0001020eed82">
- <topic>gaim -- jabber remote crash</topic>
- <affects>
+ <topic>gaim -- jabber remote crash</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.2.1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.2.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/?id=15">
- <p>A remote jabber user can cause Gaim to crash by sending a
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/?id=15">
+ <p>A remote jabber user can cause Gaim to crash by sending
+ a
specific file transfer request.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13004</bid>
- <cvename>CVE-2005-0967</cvename>
+ </description> <references>
+ <bid>13004</bid> <cvename>CVE-2005-0967</cvename>
<url>http://gaim.sourceforge.net/security/?id=15</url>
- </references>
- <dates>
- <discovery>2005-04-04</discovery>
- <entry>2005-04-10</entry>
+ </references> <dates>
+ <discovery>2005-04-04</discovery> <entry>2005-04-10</entry>
</dates>
</vuln>
<vuln vid="ec09baa3-a9f5-11d9-a788-0001020eed82">
- <topic>gaim -- remote DoS on receiving certain messages over IRC</topic>
- <affects>
+ <topic>gaim -- remote DoS on receiving certain messages over
+ IRC</topic> <affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.2.1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.2.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/?id=14">
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/?id=14">
<p>The IRC protocol plugin in Gaim 1.2.0, and possibly
earlier versions, allows (1) remote attackers to inject
arbitrary Gaim markup via irc_msg_kick, irc_msg_mode,
- irc_msg_part, irc_msg_quit, (2) remote attackers to inject
- arbitrary Pango markup and pop up empty dialog boxes via
- irc_msg_invite, or (3) malicious IRC servers to cause a
- denial of service (application crash) by injecting certain
- Pango markup into irc_msg_badmode, irc_msg_banned,
- irc_msg_unknown, irc_msg_nochan functions.</p>
+ irc_msg_part, irc_msg_quit, (2) remote attackers to
+ inject arbitrary Pango markup and pop up empty dialog
+ boxes via irc_msg_invite, or (3) malicious IRC servers
+ to cause a denial of service (application crash) by
+ injecting certain Pango markup into irc_msg_badmode,
+ irc_msg_banned, irc_msg_unknown, irc_msg_nochan
+ functions.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>13003</bid>
- <cvename>CVE-2005-0966</cvename>
+ </description> <references>
+ <bid>13003</bid> <cvename>CVE-2005-0966</cvename>
<url>http://gaim.sourceforge.net/security/?id=14</url>
- </references>
- <dates>
- <discovery>2005-04-02</discovery>
- <entry>2005-04-10</entry>
+ </references> <dates>
+ <discovery>2005-04-02</discovery> <entry>2005-04-10</entry>
</dates>
</vuln>
@@ -7121,75 +5912,56 @@ Note: Please add new entries to the beginning of this file.
<topic>gaim -- remote DoS on receiving malformed HTML</topic>
<affects>
<package>
- <name>gaim</name>
- <name>ja-gaim</name>
- <name>ko-gaim</name>
- <name>ru-gaim</name>
- <range><lt>1.2.1</lt></range>
+ <name>gaim</name> <name>ja-gaim</name> <name>ko-gaim</name>
+ <name>ru-gaim</name> <range><lt>1.2.1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The GAIM team reports:</p>
- <blockquote cite="http://gaim.sourceforge.net/security/?id=13">
+ <p>The GAIM team reports:</p> <blockquote
+ cite="http://gaim.sourceforge.net/security/?id=13">
<p>The gaim_markup_strip_html function in Gaim 1.2.0, and
possibly earlier versions, allows remote attackers to
- cause a denial of service (application crash) via a string
- that contains malformed HTML, which causes an
+ cause a denial of service (application crash) via a
+ string that contains malformed HTML, which causes an
out-of-bounds read.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>12999</bid>
- <cvename>CVE-2005-0965</cvename>
+ </description> <references>
+ <bid>12999</bid> <cvename>CVE-2005-0965</cvename>
<url>http://gaim.sourceforge.net/security/?id=13</url>
- </references>
- <dates>
- <discovery>2005-04-02</discovery>
- <entry>2005-04-10</entry>
+ </references> <dates>
+ <discovery>2005-04-02</discovery> <entry>2005-04-10</entry>
</dates>
</vuln>
<vuln vid="07f3fe15-a9de-11d9-a788-0001020eed82">
- <topic>php -- readfile() DoS vulnerability</topic>
- <affects>
+ <topic>php -- readfile() DoS vulnerability</topic> <affects>
<package>
- <name>mod_php4-twig</name>
- <name>php4-cgi</name>
- <name>php4-cli</name>
- <name>php4-dtc</name>
- <name>php4-horde</name>
- <name>php4-nms</name>
- <name>php4</name>
+ <name>mod_php4-twig</name> <name>php4-cgi</name>
+ <name>php4-cli</name> <name>php4-dtc</name> <name>php4-horde</name>
+ <name>php4-nms</name> <name>php4</name>
<range><lt>4.3.5_7</lt></range>
- </package>
- <package>
- <name>mod_php</name>
- <name>mod_php4</name>
+ </package> <package>
+ <name>mod_php</name> <name>mod_php4</name>
<range><lt>4.3.5_7,1</lt></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>A SUSE Security advisory reports:</p>
- <blockquote cite="http://www.novell.com/linux/security/advisories/2005_06_sr.html">
- <p>A bug in the readfile() function of php4 could be used to
+ <p>A SUSE Security advisory reports:</p> <blockquote
+ cite="http://www.novell.com/linux/security/advisories/2005_06_sr.html">
+ <p>A bug in the readfile() function of php4 could be used
+ to
to crash the httpd running the php4 code when accessing
files with a multiple of the architectures page size
leading to a denial of service.</p>
</blockquote>
</body>
- </description>
- <references>
- <bid>12665</bid>
- <cvename>CVE-2005-0596</cvename>
+ </description> <references>
+ <bid>12665</bid> <cvename>CVE-2005-0596</cvename>
<url>http://bugs.php.net/bug.php?id=27037</url>
<url>http://www.novell.com/linux/security/advisories/2005_06_sr.html</url>
- </references>
- <dates>
- <discovery>2004-01-25</discovery>
- <entry>2005-04-10</entry>
+ </references> <dates>
+ <discovery>2004-01-25</discovery> <entry>2005-04-10</entry>
</dates>
</vuln>
@@ -7197,65 +5969,58 @@ Note: Please add new entries to the beginning of this file.
<topic>squid -- DoS on failed PUT/POST requests vulnerability</topic>
<affects>
<package>
- <name>squid</name>
- <range><le>2.5.7_12</le></range>
+ <name>squid</name> <range><le>2.5.7_12</le></range>
</package>
- </affects>
- <description>
+ </affects> <description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The squid patches page notes:</p>
- <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post">
+ <p>The squid patches page notes:</p> <blockquote
+ cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post">
<p>An inconsistent state is entered on a failed PUT/POST
request making a high risk for segmentation faults or
other strange errors</p>
</blockquote>
</body>
- </description>
- <references>
+ </description> <references>
<cvename>CVE-2005-0718</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1224</url>
- </references>
- <dates>
- <discovery>2005-02-03</discovery>
- <entry>2005-04-10</entry>
+ </references> <dates>
+ <discovery>2005-02-03</discovery> <entry>2005-04-10</entry>
</dates>
</vuln>
<vuln vid="396ee517-a607-11d9-ac72-000bdb1444a4">
- <topic>horde -- Horde Page Title Cross-Site Scripting Vulnerability</topic>
- <affects>
+ <topic>horde -- Horde Page Title Cross-Site Scripting
+ Vulnerability</topic> <affects>
<package>
- <name>horde</name>
- <name>horde-php5</name>
+ <name>horde</name> <name>horde-php5</name>
<range><gt>3.*</gt><lt>3.0.4</lt></range>
</package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia Advisory: SA14730</p>
- <blockquote cite="http://secunia.com/advisories/14730">
- <p>A vulnerability has been reported in Horde, which can be
- exploited by malicious people to conduct cross-site scripting
- attacks.</p>
- <p>Input passed when setting the parent frame's page title via
- JavaScript is not properly sanitised before being returned to
- the user. This can be exploited to execute arbitrary HTML and
- script code in a user's browser session in context of an affected
- site.</p>
- <p>The vulnerability has been reported in version 3.0.4-RC2. Prior
+ </affects> <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia Advisory: SA14730</p> <blockquote
+ cite="http://secunia.com/advisories/14730">
+ <p>A vulnerability has been reported in Horde, which can
+ be
+ exploited by malicious people to conduct cross-site
+ scripting attacks.</p>
+ <p>Input passed when setting the parent frame's page title
+ via
+ JavaScript is not properly sanitised before being
+ returned to the user. This can be exploited to execute
+ arbitrary HTML and script code in a user's browser
+ session in context of an affected site.</p>
+ <p>The vulnerability has been reported in version 3.0.4-RC2.
+ Prior
versions may also be affected.</p>
</blockquote>
</body>
- </description>
- <references>
- <cvename>CVE-2005-0961</cvename>
- <mlist msgid="20050329111028.6A112117243@neo.wg.de">http://lists.horde.org/archives/announce/2005/000176.html</mlist>
+ </description> <references>
+ <cvename>CVE-2005-0961</cvename> <mlist
+ msgid="20050329111028.6A112117243@neo.wg.de">http://lists.horde.org/archives/announce/2005/000176.html</mlist>
<url>http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&amp;r2=1.515.2.93&amp;ty=h</url>
- </references>
- <dates>
- <discovery>2005-03-29</discovery>
- <entry>2005-04-05</entry>
+ </references> <dates>
+ <discovery>2005-03-29</discovery> <entry>2005-04-05</entry>
</dates>
</vuln>
@@ -7263,100 +6028,82 @@ Note: Please add new entries to the beginning of this file.
<topic>wu-ftpd -- remote globbing DoS vulnerability</topic>
<affects>
<package>
- <name>wu-ftpd</name>
- <range><lt>2.6.2_6</lt></range>
- </package>