This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the “system” may be impacted. The Recent Exploit/Technique table contains a “Workaround or Patch Available” column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
Vendor & Software Name
Vulnerability – Impact
Patches – Workarounds
Attacks Scripts
Common Name
Risk
Source
Cherokee HTTPD 0.1, 0.1.5, 0.1.6, 0.2, 0.2.5-0.2.7, 0.4.6-0.4.8, 0.4.17
A format string vulnerability exists in the ‘cherokee_logger_ncsa_write_string()’ function due to insufficient sanitization, which could let a remote malicious user execute arbitrary code.
Update available at: ftp://alobbs.com/cherokee/0.4/0.4.17/
cherokee-0.4.17.1.tar.gz
Gentoo: http://security.gentoo.org/glsa/glsa-200411-02.xml
We are not aware of any exploits for this vulnerability.
Cherokee HTTPD Auth_Pam Authentication Remote Format String
High
A remote Denial of Service vulnerability exists when a malicious user submits multiple specially crafted HTTP GET requests that contain spaces.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Apache Web Server Remote Denial of Service
CVE Name:
CAN-2004-0942
Low
Apache 2.0.35-2.0.52
A vulnerability exists when the ‘SSLCipherSuite’ directive is used in a directory or location context to require a restricted set of cipher suites, which could let a remote malicious user bypass security policies and obtain sensitive information.
OpenPKG: href=”http://www.cisa.gov/ftp://ftp.openpkg.org/release/”>ftp://ftp.openpkg.org/release/
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200410-21.xml”>http://security.gentoo.org/glsa/glsa-200410-21.xml
Slackware: href=”http://www.cisa.gov/ftp://ftp.slackware.com/pub/slackware/”>ftp://ftp.slackware.com/pub/slackware/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Mandrake:
http://www.mandrakesoft.com/security/advisories
There is no exploit code required.
Medium
OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004
Gentoo Linux Security Advisory, GLSA 200410-21, October 22, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:122, November 2, 2004
Conectiva Linux Security Announcement, CLA-2004:885, November 4, 2004
Apache Software Foundation
Conectiva
Gentoo
HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat
SGI
Trustix
Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD –current, 3.4, 3.5
Patches available at: http://marc.theaimsgroup.com/
?l=apache-httpd-dev&m=108687304202140&q=p3
OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/patches/
OpenPKG: ftp://ftp.openpkg.org/release/2.0/
UPD/apache-1.3.29-2.0.3.src.rpm
Gentoo: http://security.gentoo.org/glsa/glsa-200406-16.xml
Mandrake: http://www.mandrakesoft.com/security/advisories
SGI: ftp://patches.sgi.com/support/free/security/
Fedora Legacy: http://download.fedoralegacy.org/redhat/
Slackware: ftp://ftp.slackware.com/pub/slackware/
Trustix: http://http.trustix.org/pub/trustix/updates/
Currently we are not aware of any exploits for this vulnerability.
Low/High
(High if arbitrary code can be executed)
SecurityTracker Alert, 1010462, June 10, 2004
Gentoo Linux Security Advisory, GLSA 200406-16, June 22, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:065, June 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.029, June 11, 2004
SGI Security Advisory, 20040605-01-U, June 21, 2004
Fedora Legacy Update Advisory, FLSA:1737, October 14, 2004
US-Cert Vulnerability Note VU#541310, October 19, 2004
Slackware Security Advisory, SSA:2004-299-01, October 26, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31
A buffer overflow vulnerability exists in the ‘get_tag()’ function, which could let a malicious user execute arbitrary code.
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-03.xml
Slackware: ftp://ftp.slackware.com/pub/slackware/s
Trustix: http://http.trustix.org/pub/trustix/updates/
Exploit scripts have been published.
High
SecurityFocus, October 20, 2004
Slackware Security Advisory, SA:2004-305-01, November 1, 2004
Gentoo Linux Security Advisory, GLSA 200411-03, November 2, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0056, November 5, 2004
Astaro Security Linux 4
Several vulnerabilities exist: a vulnerability exists in the PPTP server, which could let a remote malicious user obtain sensitive information; and a vulnerability exists because the firewall incorrectly responds to ‘SYN-FIN’ packets, which could let a remote malicious user obtain sensitive information.
The vendor has issued a new version (4.024), available via Up2Date.
Currently we are not aware of any exploits for these vulnerabilities.
Astaro Security Linux System Information Disclosures
Medium
SA13089, November 4, 2004
wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0
Updates available at: href=”http://www.abisource.com/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode =show&root=/cvsroot&subdir=wv&command=DIFF_FRAMESET&root=/cvsroot&file=field.c&rev1=1.19&rev2=1.20″>http://www.abisource.com/bonsai/
cvsview2.cgi?diff_mode=context&whitespace_mode=show&
root=/cvsroot&subdir=wv&command=DIFF_FRAMESET&root
=/cvsroot&file=field.c&rev1=1.19&rev2=1.20
Fedora: href=”http://download.fedora.redhat.com/pub/fedora/linux/core/updates/”>http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200407-11.xml”>http://security.gentoo.org/glsa/glsa-200407-11.xml
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
Conectiva: href=”http://www.cisa.gov/ftp://atualizacoes.conectiva.com.br/”>ftp://atualizacoes.conectiva.com.br/
Debian: href=”http://security.debian.org/pool/updates/main/w/wv/”>http://security.debian.org/pool/updates/main/w/wv/
A Proof of Concept exploit has been published.
wvWare Library
Buffer Overflow
High
iDEFENSE Security Advisory, July 9, 2004
Conectiva Linux Security Announcement, CLA-2004:863, September 10, 2004
Debian Security Advisory, DSA 550-1, September 20, 2004
Debian Security Advisory, DSA 579-1, November 1, 2004
Email Filter 0.9 .0.5, 0.9 .0.4, 0.9 .0.3, 0.92, 0.92.4, 0.92.6, 0.92.7
Upgrades available at:
http://sourceforge.net/project/showfiles.php?group_id=62265
There is no exploit code required; however, a Proof of Concept exploit has been published.
Bogofilter EMail Filter Remote Denial of Service
CVE Name:
CAN-2004-1007
Low
Gentoo
Multiple vulnerabilities were reported in Gaim in the processing of the MSN protocol. A remote user may be able to execute arbitrary code on the target system. Several remotely exploitable buffer overflows were reported in the MSN protocol parsing functions.
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200408-12.xml”>http://security.gentoo.org/glsa/glsa-200408-12.xml
SuSE: href=”http://www.suse.de/de/security/2004_25_gaim.html”>http://www.suse.de/de/security/2004_25_gaim.html
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
Rob Flynn:
href=”http://sourceforge.net/project/showfiles.php?group_id=235&package_id=253&release_id=263425 “>http://sourceforge.net/project/showfiles.php?group_id=
235&package_id=253&release_id=263425
Slackware: href=”http://www.cisa.gov/ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-0.82-i486-1.tgz”>ftp://ftp.slackware.com/pub/slackware/slackware-9.1/
patches/packages/gaim-0.82-i486-1.tgz
Fedora Legacy: href=”http://download.fedoralegacy.org/redhat/”>http://download.fedoralegacy.org/redhat/
Conectiva: ftp://atualizacoes.conectiva.com.br/
We are not aware of any exploits for this vulnerability.
Gaim Buffer Overflows in Processing MSN Protocol
High
SecurityTracker, 1010872, August 5, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:081, August 13, 2004
Slackware Security Advisory, SSA:2004-239-01, August 26, 2004
Fedora Legacy Update Advisory, FLSA:1237, October 16, 2004
Conectiva Linux Security Announcement, CLA-2004:885, November 4, 2004
gdlib 2.0.23, 2.0.26-2.0.28
OpenPKG: ftp://ftp.openpkg.org/release/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-08.xml
An exploit script has been published.
GD Graphics Library Remote Integer Overflow
CVE Name:
CAN-2004-0990
High
Secunia Advisory,
SA12996, October 28, 2004
Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004
Linux 0.2.0_pre10 & prior versions
A vulnerability exists in the ‘qpkg’ Gentoolkit due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Update available at:
http://security.gentoo.org/glsa/glsa-200411-13.xml
Currently we are not aware of any exploits for this vulnerability.
Gentoo Gentoolkit ‘qpkg’ Elevated Privileges
Medium/ High
(High if root access can be obtained)
Linux 2.0.51-r2 & prior versions
A vulnerability exists in ‘dispatch_conf’ due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Update available at:
http://security.gentoo.org/glsa/glsa-200411-13.xml
Currently we are not aware of any exploits for this vulnerability.
Gentoo Portage ‘dispatch-conf’ Elevated Privileges
Medium/ High
(High if root access can be obtained)
groff 1.19
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu: http://security.ubuntu.com/ubuntu/
pool/main/g/groff/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-15.xml
There is no exploit code required.
GNU Troff (Groff) Insecure Temporary File Creation
CVE Name:
CAN-2004-0969
Medium
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice USN-13-1, November 1, 2004
Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2 004
Haserl 0.4-0.4.2, 0.5, 0.5.1
Upgrades available at:
http://prdownloads.sourceforge.net/haserl/
haserl-0.6.0.tar.gz?download
There is no exploit code required.
Haserl Environment Variable Manipulation
Medium
SA13031, November 1, 2004
OpenView Operations for HP-UX 6.0, 7.0, 8.0, OpenView Operations for Solaris 6.0, 7.0, 8.0
A vulnerability exists which could let a remote authenticated malicious user obtain elevated privileges.
Patches available at: http://itrc.hp.com
We are not aware of any exploits for this vulnerability.
HP OpenView Operations Remote Privilege Escalation
Medium
HPSBMA01092, November 2, 2004
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8
A buffer overflow vulnerability exists in the ‘EXIF’ parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/showfiles.php?group_id=24099
Redhat: http://rhn.redhat.com/errata/RHSA-2004-480.html
Ubuntu: http://security.ubuntu.com/ubuntu/pool/main/
i/imagemagick/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-11.xml
We are not aware of any exploits for this vulnerability.
ImageMagick Remote EXIF Parsing Buffer Overflow
CVE Name:
CAN-2004-0981
High
SecurityTracker Alert ID, 1011946, October 26, 2004
Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004
Zip 2.3
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/z/zip/
We are not aware of any exploits for this vulnerability.
Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow
CVE Name:
CAN-2004-1010
High
Bugtraq, November 3, 2004
Ubuntu Security Notice, USN-18-1, November 5, 2004
DHCPD 2.0.pl5
A format string vulnerability exists because user-supplied data is logged in an unsafe fashion, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://security.debian.org/pool/updates/main/d/dhcp/
We are not aware of any exploits for this vulnerability.
High
Perl 5.8.3
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/
There is no exploit code required.
Medium
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice, USN-16-1, November 3, 2004
LibTIFF 3.6.1
Debian:
href=”http://security.debian.org/pool/updates/main/t/tiff/”>http://security.debian.org/pool/updates/main/t/tiff/
Gentoo: href=” http://security.gentoo.org/glsa/glsa-200410-11.xml”>http://security.gentoo.org/glsa/glsa-200410-11.xml
Fedora: href=”http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/”>http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/
OpenPKG: href=”http://www.cisa.gov/ftp://ftp.openpkg.org/release/”>ftp://ftp.openpkg.org/release/
Trustix: href=”http://www.cisa.gov/ftp://ftp.trustix.org/pub/trustix/updates/”>ftp://ftp.trustix.org/pub/trustix/updates/
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
SuSE: href=”http://www.cisa.gov/ftp://ftp.suse.com/pub/suse/”>ftp://ftp.suse.com/pub/suse/
RedHat: href=”http://rhn.redhat.com/errata/RHSA-2004-577.html”>http://rhn.redhat.com/errata/RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Proofs of Concept exploits have been published.
LibTIFF Buffer Overflows
CVE Name:
href=”http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=+CAN-2004-0803″>CAN-2004-0803
href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804″>CAN-2004-0804 href=”http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=+CAN-2004-0803″>
href=”http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-0886″>CAN-2004-0886
Low/High
(High if arbitrary code can be execute)
Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004
Debian Security Advisory, DSA 567-1, October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:109 & MDKSA-2004:111, October 20 & 21, 2004
SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004
Slackware Security Advisory, SSA:2004-305-02, November 1, 2004
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9
Debian:
http://security.debian.org/pool/updates/main/i/iptables/i
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
There is no exploit code required.
Medium
Debian Security Advisory, DSA 580-1 , November 1, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004
Debian
Mandrake
OpenPKG
RedHat
SGI
Slackware
Trustix
Debian Linux 3.0, s/390, ppc, mipsel, mips, m68k, ia‑64, ia‑32, hppa, arm, alpha; rsync 2.3.1, 2.3.2 -1.3, 2.3.2 -1.2, sparc, PPC, m68k, intel, ARM, alpha, 2.3.2, 2.4.0, 2.4.1, 2.4.3‑ 2.4.6, 2.4.8, 2.5.0‑ 2.5.7, 2.6
A vulnerability exists due to insufficient sanitization of user-supplied path values, which could let a remote malicious user modify system information or obtain unauthorized access.
Debian: http://security.debian.org/pool/updates/main/r/rsync
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Rsync: http://rsync.samba.org/ftp/rsync/rsync-2.6.1.tar.gz
Slackware: ftp://ftp.slackware.com/pub/slackware/
Trustix: http://www.trustix.org/errata/misc/2004/
TSL-2004-0024-rsync.asc.txt
OpenPKG: ftp://ftp.openpkg.org/release/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-192.html
SGI: ftp://patches.sgi.com/support/free/security/
patches/ProPack/2.4/
Apple:
http://www.apple.com/support/security/security_updates.html
Fedora Legacy: http://download.fedoralegacy.org/redhat/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Currently we are not aware of any exploits for this vulnerability.
Medium
Debian Security Advisory, DSA 499-1, May 2, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:042, May 11, 2004
OpenPKG Security Advisory , OpenPKG-SA-2004.025, May 21, 2004
RedHat Security Advisory, RHSA-2004:192-06, May 19, 2004
SGI Security Advisories, 20040508-01-U & 20040509-01, May 28, 2004
Slackware Security Advisory, SSA:2004-124-01, May 3, 2004
Trustix Secure Linux Security Advisory, 2004-0024, April 30, 2004
Fedora Legacy Update Advisory, FLSA:2003, September 30, 2004
Conectiva Linux Security Announcement, CLA-2004:881, November 1, 2004
A vulnerability exists in rsync when running in daemon mode with chroot disabled. A remote user may be able read or write files on the target system that are located outside of the module’s path. A remote user can supply a specially crafted path to cause the path cleaning function to generate an absolute filename instead of a relative one. The flaw resides in the sanitize_path() function.
Updates and patches are available at: href=”http://rsync.samba.org/”>http://rsync.samba.org/
SuSE: href=”http://www.suse.de/de/security/2004_26_rsync.html”>http://www.suse.de/de/security/2004_26_rsync.html
Debian: href=”http://www.debian.org/security/2004/dsa-538″>http://www.debian.org/security/2004/dsa-538
Trustix: href=”http://www.trustix.net/errata/2004/0042/”>http://www.trustix.net/errata/2004/0042/
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
OpenPKG: ftp://ftp.openpkg.org/release/2.0/UPD/
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/
Fedora Legacy: http://download.fedoralegacy.org/redhat/
Conectiva: ftp://atualizacoes.conectiva.com.br/
We are not aware of any exploits for this vulnerability.
Rsync Input Validation Error in sanitize_path() May Let Remote Users Read or Write Arbitrary Files
CVE Name:
CAN-2004-0792
High
SecurityTracker 1010940, August 12, 2004
rsync August 2004 Security Advisory
SecurityFocus, September 1, 2004
Fedora Legacy Update Advisory, FLSA:2003, September 30, 2004
Conectiva Linux Security Announcement, CLA-2004:881, November 1, 2004
Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0, 1.0.1; Slackware Linux -current, 9.0, 9.1, 10.0
A buffer overflow vulnerability exists in the processing of MSNSLP messages due to insufficient verification, which could let a remote malicious user execute arbitrary code.
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200410-23.xml”>http://security.gentoo.org/glsa/glsa-200410-23.xml
Rob Flynn: href=”http://prdownloads.sourceforge.net/gaim/gaim-1.0.2.tar.gz?download”>http://prdownloads.sourceforge.net/gaim/
gaim-1.0.2.tar.gz?download
RedHat: href=”http://www.cisa.gov/ftp://updates.redhat.com”>ftp://updates.redhat.com
Slackware: href=”http://www.cisa.gov/ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-1.0.2-i486-1.tgz”>ftp://ftp.slackware.com/pub/slackware/slackware-10.0/
patches/packages/gaim-1.0.2-i486-1.tgz
Ubuntu:http://security.ubuntu.com/ubuntu/
pool/main/g/gaim/
Mandrake:
http://www.mandrakesoft.com/security/advisories
We are not aware of any exploits for this vulnerability.
High
Gentoo Linux Security Advisory, GLSA 200410-23, October 25, 2004
RedHat Security Advisory, RHSA-2004:604-01, October 20, 2004
Slackware Security Advisory, SSA:2004-296-01, October 22, 2004
Ubuntu Security Notice, USN-8-1 October 27, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:117, November 1, 2004
Linux kernel 2.6 -test1-test11, 2.6-l 2.6.8; SuSE Linux 9.1
Update available at: href=” http://kernel.org/”>http://kernel.org/
SuSE: href=”http://www.cisa.gov/ftp://ftp.suse.com/pub/suse/”>ftp://ftp.suse.com/pub/suse/
A Proof of Concept exploit script has been published.
Low
SuSE Security Announcement, SUSE-SA:2004:037, October 20, 2004
Packetstorm, November 5, 2004
LinuxPrinting.org Foomatic-Filters 3.03.0.2, 3.1;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
SuSE: href=”http://www.cisa.gov/ftp://ftp.suse.com/pub/suse”>ftp://ftp.suse.com/pub/suse
Trustix: href=”http://www.cisa.gov/ftp://ftp.trustix.org/pub/trustix/updates/”>ftp://ftp.trustix.org/pub/trustix/updates/
Fedora: http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-24.xml
Sun: http://sunsolve.sun.com/search/document.do
?assetkey=1-26-57646-1&searchclause=
Conectiva: ftp://atualizacoes.conectiva.com.br/
Fedora Legacy: http://download.fedoralegacy.org/fedora/1/updates/
We are not aware of any exploits for this vulnerability.
LinuxPrinting.org Foomatic-Filter Arbitrary Code Execution
High
Secunia Advisory, SA12557, September 16, 2004
Fedora Update Notification,
FEDORA-2004-303, September 21, 2004
Gentoo Linux Security Advisory, GLSA 200409-24, September 17, 2004
Sun(sm) Alert Notification, 57646, October 7, 2004
Conectiva Linux Security Announcement, CLA-2004:880, October 26, 2004
Fedora Legacy Update Advisory, FLSA:2076, November 5, 2004
LVM Logical Volume Management Utilities 1.0.4, 1.0.7, 1.0.8
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/
Debian:
http://security.debian.org/pool/updates/main/l/lvm10/
There is no exploit code required.
Trustix LVM Utilities Insecure Temporary File Creation
CVE Name:
CAN-2004-0972
Medium
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Ubuntu Security Notice, USN-15-1, November 1, 2004
Debian Security Advisory, DSA 583-1, November 3, 2004
OpenBSD 3.4, 3.5; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux Enterprise Server 9, 8;
X.org X11R6 6.7.0, 6.8;
XFree86 X11R6 3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1, Errata, 4.3.0; Avaya Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0
Multiple vulnerabilities exist: a stack overflow vulnerability exists in ‘xpmParseColors()’ in ‘parse.c’ when a specially crafted XPMv1 and XPMv2/3 file is submitted, which could let a remote malicious user execute arbitrary code; a stack overflow vulnerability exists in the ‘ParseAndPutPixels()’ function in -create.c’ when reading pixel values, which could let a remote malicious user execute arbitrary code; and an integer overflow vulnerability exists in the colorTable allocation in ‘xpmParseColors()’ in ‘parse.c,’ which could let a remote malicious user execute arbitrary code.
Debian: href=”http://security.debian.org/pool/updates/main/i/imlib/”>http://security.debian.org/pool/updates/main/i/imlib/
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”
target=_blank>http://www.mandrakesecure.net/en/ftp.php
OpenBSD:
href=”http://www.cisa.gov/ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/”>ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/
SuSE: href=”http://www.cisa.gov/ftp://ftp.suse.com/pub/suse/”>ftp://ftp.suse.com/pub/suse/
X.org: http://x.org/X11R6.8.1/
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200409-34.xml”>http://security.gentoo.org/glsa/glsa-200409-34.xml
IBM: href=”http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp”>http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
RedHat: href=”http://rhn.redhat.com/errata/RHSA-2004-478.html”>http://rhn.redhat.com/errata/RHSA-2004-478.html
Avaya: href=”http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203389&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()”>http://support.avaya.com/japple/css/japple?
temp.groupID=128450&temp.selectedFamily=128451
&temp.selectedProduct=154235&temp.selectedBucket
=126655&temp.feedbackState=askForFeedback&temp.
documentID=203389& PAGE=avaya.css.CSSLvl1Detail
&executeTransaction=avaya.css.UsageUpdate()
Sun: href=”http://sunsolve.sun.com/search/document.do?assetkey=1-26-57652-1&searchclause=”>http://sunsolve.sun.com/search/document.do
?assetkey=1-26-57652-1&searchclause=
Mandrake:
http://www.mandrakesoft.com/security/advisories
Proofs of Concept exploits have been published.
High
X.Org Foundation Security Advisory, September 16, 2004
US-CERT Vulnerability Notes, VU#537878 & VU#882750, September 30, 2004
SecurityFocus, October 4, 2004
SecurityFocus, October 18, 2004
Sun(sm) Alert Notification, 5765, October 18, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:124, November 2, 2004
MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0
Debian: http://security.debian.org/pool/updates/main/m/mysql/
Trustix: http://http.trustix.org/pub/trustix/updates/
OpenPKG: ftp://ftp.openpkg.org/release/
Mandrake:
http://www.mandrakesoft.com/security/advisories
We are not aware of any exploits for this vulnerability.
MySQL Mysql_real_connect Function Remote Buffer Overflow
CVE Name:
CAN-2004-0836
Secunia Advisory,
SA12305, August 20, 2004
Debian Security Advisory, DSA 562-1, October 11, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004
MySQL 3.23.49, 4.0.20
A vulnerability exists in the ‘mysqlhotcopy’ script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges.
Debian: href=”http://security.debian.org/pool/updates/main/m/”>http://security.debian.org/pool/updates/main/m/
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200409-02.xml”>http://security.gentoo.org/glsa/glsa-200409-02.xml
SuSE: href=”http://www.cisa.gov/ftp://ftp.suse.com/pub/suse/”>ftp://ftp.suse.com/pub/suse/
RedHat: href=”http://rhn.redhat.com/errata/RHSA-2004-569.html”>http://rhn.redhat.com/errata/RHSA-2004-569.html
OpenPKG: ftp://ftp.openpkg.org/release/
Mandrake:
http://www.mandrakesoft.com/security/advisories
There is no exploit code required.
MySQL
‘Mysqlhotcopy’ Script Elevated Privileges
Medium
Debian Security Advisory, DSA 540-1, August 18, 2004
Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004
SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004
RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004
MySQL 3.x, 4.x
Two vulnerabilities exist: a vulnerability exists due to an error in ‘ALTER TABLE … RENAME’ operations because the ‘CREATE/INSERT’ rights of old tables are checked, which potentially could let a remote malicious user bypass security restrictions; and a remote Denial of Service vulnerability exists when multiple threads issue ‘alter’ commands against ‘merge’ tables to modify the ‘union.’
Updates available at: http://dev.mysql.com/downloads/mysql/
Debian: http://security.debian.org/pool/updates/main/m/mysql
Trustix: http://http.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesoft.com/security/advisories
We are not aware of any exploits for these vulnerabilities.
Low/ Medium
(Low if a DoS; and Medium if security restrictions can be bypassed)
Secunia Advisory, SA12783, October 11, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, 2004
Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200410-25.xml
Mandrake:
http://www.mandrakesoft.com/security/advisories
There is no exploit code required.
Medium
Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004
Gentoo Linux Security Advisory GLSA 200410-25, October 25, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:121, November 2, 2004
PostgreSQL 7.0.2, 7.0.3, 7.1-7.1.3, 7.2-7.2.4, 7.3-7.3.4, 7.4, 7.4.3, 7.4.5
A vulnerability exists in the RPM initialization script. The impact was not specified.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability.
PostgreSQL Unspecified RPM Initialization Script
Not Specified
proxytunnel 1.0.6, 1.1.3, 1.2.0, 1.2.2
A format string vulnerability exists in the ‘message()’ function in ‘messages.c’ when running in daemon mode, which could let a remote malicious user execute arbitrary code.
Upgrade available at:
http://sourceforge.net/project/showfiles.php?group_id=39840
Gentoo: http://security.gentoo.org/glsa/glsa-200411-07.xml
We are not aware of any exploits for this vulnerability.
Proxytunnel Remote Format String
High
Qwikmail 0.3
A vulnerability exists due to a format string error in ‘qwik-smtpd.c,’ which could let a remote malicious user execute arbitrary code.
Patch available at: http://qwikmail.sourceforge.net/
smtpd/qwik-smtpd-0.3.patch
An exploit script has been published.
QwikMail Format String
High
Secunia Advisory,
SA13037, November 1, 2004
Packetstorm, November 10, 2004
Gaim 0.10 x, 0.10.3, 0.50-0.75
Fedora: href=”http://download.fedora.redhat.com/pub/fedora/linux/core/updates/”>
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200408-27.xml”>http://security.gentoo.org/glsa/glsa-200408-27.xml
Rob Flynn: href=”http://sourceforge.net/project/showfiles.php?group_id=235&package_id=253&release_id=263425″>http://sourceforge.net/project/showfiles.php?
group_id=235&package_id=253&release_id=263425
Slackware: href=”http://www.cisa.gov/ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.82-i486-1.tgz”>ftp://ftp.slackware.com/pub/slackware/slackware-10.0/
patches/packages/gaim-0.82-i486-1.tgz
Fedora Legacy: href=”http://download.fedoralegacy.org/redhat/”>http://download.fedoralegacy.org/redhat/
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
Conectiva: ftp://atualizacoes.conectiva.com.br/
We are not aware of any exploits for these vulnerabilities.
Low/High
(High if arbitrary code can be executed)
SecurityFocus, August 26, 2004
Fedora Legacy Update Advisory, FLSA:1237, October 16, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:110, October 21, 2004
Conectiva Linux Security Announcement, CLA-2004:884, November 4, 2004
MailMonitor for SMTP 2.1
Updates available at: http://www.sophos.com/sophos/products
/full/mmsmtp-linux-update.tar.gz
http://www.sophos.com/sophos/products/full/
mmsmtp-solaris-update.tar.Z
We are not aware of any exploits for this vulnerability.
Sophos MailMonitor SMTP Email Handling
Not Specified
SpamAssassin 3.0.1
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
SpamAssassin Remote Denial of Service
Low
Squid-cache.org Debian
Fedora
Gentoo
Mandrake
OpenPKG
RedHat
SGI
SuSE
Tinysofa
Trustix
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4 STABLE7, 2.4. 2.5 STABLE5, STABLE4, STABLE3, STABLE1
A buffer overflow vulnerability exists in ‘helpers/ntlm_auth/SMB/libntlmssp.c’ in the ‘ntlm_check_auth()’ function due to insufficient validation, which could let a remote malicious user execute arbitrary code.
Patches available at: http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch
Fedora:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200406-13.xml
Mandrake: http://www.mandrakesoft.com/security/advisories
RedHat: http://rhn.redhat.com/errata/RHSA-2004-242.html
SGI: ftp://patches.sgi.com/support/free/security/advisories/
SuSE: ftp://ftp.suse.com/pub/suse/
Trustix: http://http.trustix.org/pub/trustix/updates/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Exploit script has been published.
High
Fedora Update Notifications, FEDORA-2004-163 & 164, June 9, 2004
Gentoo Linux Security Advisory, GLSA 200406-13, June 17, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:059, June 9, 2004
RedHat Security Advisory, RHSA-2004:242-06, June 9, 2004
SGI Security Advisory, 20040604-01-U, June 21, 2004
SUSE Security Announcement, SuSE-SA:2004:016, June 9, 2004
Tinysofa Security Advisory, TSSA-2004-010, June 9, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0033, June 10, 2004
Conectiva Linux Security Announcement, CLA-2004:882, November 3, 2004
Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support
A remote Denial of Service vulnerability exists in the ‘asn_parse_header()’ function in ‘snmplib/asn1.c’ due to an input validation error when handling certain negative length fields.
Updates available at: href=” http://www.squid-cache.org/”>http://www.squid-cache.org/
Fedora: href=”http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/”>http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200410-15.xml”>http://security.gentoo.org/glsa/glsa-200410-15.xml
Trustix: href=”http://http.trustix.org/pub/trustix/updates/”>http://http.trustix.org/pub/trustix/updates/
RedHat: href=”http://rhn.redhat.com/errata/RHSA-2004-591.html”>http://rhn.redhat.com/errata/RHSA-2004-591.html
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
Debian: http://security.debian.org/pool/updates/main/s/squid/
OpenPKG: ftp://ftp.openpkg.org/release/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/
We are not aware of any exploits for this vulnerability.
Low
iDEFENSE Security Advisory, October 11, 2004
Fedora Update Notification,
FEDORA-2004-338, October 13, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Gentoo Linux Security Advisory, GLSA 200410-15, October 18, 2004
RedHat Security Advisory, RHSA-2004:591-04, October 20, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:112, October 21, 2004
Debian Security Advisory, DSA 576-1, October 29, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.048, October 29, 2004
Conectiva Linux Security Announcement, CLA-2004:882, November 3, 2004
Ubuntu Security Notice, USN-19-1, November 6, 2004
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4, STABLE7, 2.5 STABLE1-STABLE6, Squid Web Proxy Cache 3.0 PRE1-PRE3
A remote Denial of Service vulnerability exists in ‘lib/ntlmauth.c’ due to insufficient validation of negative values in the ‘ntlm_fetch_string()’ function.
Patches available at: href=”http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ntlm_fetch_string.patch”>http://www1.uk.squid-cache.org/squid/Versions
/v2/2.5/bugs/squid-2.5.STABLE6-ntlm_fetch_string.patch
Gentoo: href=”http://security.gentoo.org/glsa/glsa-200409-04.xml”>http://security.gentoo.org/glsa/glsa-200409-04.xml
Mandrake: href=”http://www.mandrakesecure.net/en/ftp.php”>http://www.mandrakesecure.net/en/ftp.php
Trustix: href=”http://http.trustix.org/pub/trustix/updates/”>http://http.trustix.org/pub/trustix/updates/
RedHat: http://rhn.redhat.com/errata/RHSA-2004-462.html
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
Conectiva: ftp://atualizacoes.conectiva.com.br/
Ubuntu:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/
We are not aware of any exploits for this vulnerability.
Squid Proxy NTLM Authentication Remote Denial of Service
Low
Secunia Advisory, SA12444, September 3, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:093, September 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0047, September 16, 2004
RedHat Security Advisory, RHSA-2004:462-10, September 30, 2004
Turbolinux Security Announcement, October 5, 2004
Conectiva Linux Security Announcement, CLA-2004:882, November 3, 2004
Ubuntu Security Notice, USN-19-1, November 6, 2004
Subversion 1.0-1.0.7, 1.1 .0 rc1-rc3
A vulnerability exists in the ‘mod_authz_svn’ module due to insufficient restricted access to metadata on unreadable paths, which could let a remote malicious user obtain sensitive information.
Update available at:
http://subversion.tigris.org/tarballs/subversion-1.0.8.tar.gz
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-35.xml
Conectiva: ftp://atualizacoes.conectiva.com.br/10/
There is no exploit code required.
Subversion Mod_Authz_Svn Metadata Information Disclosure
CVE Name:
CAN-2004-0749
Medium
SecurityTracker Alert ID, 1011390, September 23, 2004
Gentoo Linux Security Advisory, GLSA 200409-35, September 29, 2004
Conectiva Linux Security Announcement, CLA-2004:883, November 4, 2004
Technote
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Technote ‘main.cgi’ Input Validation
High
Shadow 4.0-4.0.4
Upgrades available at :
ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.5.tar.gz
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-09.xml
We are not aware of any exploits for this vulnerability.
Shadow Authentication Bypass
Medium
SecurityFocus, October 28, 2004
Gentoo Linux Security Advisory, GLSA 200411-09, November 4, 2004
Libxml2 2.6.12-2.6.14
Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the ‘xmlNanoFTPScanURL()’ function in ‘nanoftp.c’ due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the ‘xmlNanoFTPScanProxy()’ function in ‘nanoftp.c,’ which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://xmlsoft.org/sources/libxml2-2.6.15.tar.gz
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Fedora: http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/
Gentoo:
http://security.gentoo.org/glsa/glsa-200411-05.xml
Mandrake: http://www.mandrakesoft.com/security/advisories
OpenPKG: ftp://ftp.openpkg.org/release/
Trustix:
http://www.trustix.org/errata/2004/0055/
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libx/libxml2/
An exploit script has been published.
Libxml2 Multiple Remote Stack Buffer Overflows
CVE Name:
CAN-2004-0989
High
SecurityTracker Alert I, : 1011941, October 28, 2004
Fedora Update Notification,
FEDORA-2004-353, November 2, 2004
Gentoo Linux Security Advisory, GLSA 200411-05, November 2,2 004
Mandrakelinux Security Update Advisory, MDKSA-2004:127, November 4, 2004
OpenPKG Security Advisory, OpenPKG-SA-2004.050, November 1, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0055, November 1, 2004
Ubuntu Security Notice, USN-10-1, November 1, 2004
yChat 0.1-0.6
Upgrades available at:
http://ftp.buetow.org/pub/yChat/CPP-yChat/ychat-0.7.tar.bz2
We are not aware of any exploits for this vulnerability.
yChat HTTP Remote Denial of Service
Low
Ruby 1.8.x
A remote Denial of Service vulnerability exists due to an input validation error in
‘cgi.rb.’
Debian: http://security.debian.org/pool/updates/main/r/ruby
Mandrake: http://www.mandrakesoft.com/security/advisories
Currently we are not aware of any exploits for this vulnerability.
Ruby Infinite Loop Remote Denial of Service
CVE Name:
CAN-2004-0983
Low
SA13123, November 8, 2004
Zile Text Editor 1.4, 1.5-1.5.3, 1.6-1.6.2, 1.7 b1-b3
Several potential buffer overflows exist, which could possibly let a remote malicious user execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.net/zile/
zile-2.0-a1.tar.gz?download
We are not aware of any exploits for these vulnerabilities.
Zile Buffer Overflows
High
Vendor & Software Name
Vulnerability – Impact
Patches – Workarounds
Attacks Scripts
Common Name
Risk
Source
AntiBoard 0.7.3
No workaround or patch available at time of publishing.
There is no exploit code required.
AntiBoard Input Validation
High
IOS R12.x, 12.x
Potential workarounds available at: href=”http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml”>
http://www.cisco.com/warp/public/707/cisco-sa-20040827-
telnet.shtml
We are not aware of any exploits for this vulnerability.
Cisco IOS Telnet Service Remote Denial of Service
Low
Cisco Security Advisory, cisco-sa-20040827, August 27, 2004
US-CERT Vulnerability Note VU#384230
Cisco Security Advisory, 61671 Rev 2.2, October 20, 2004
Cisco Security Advisory, 61671 Rev 2.3, October 31, 2004
eGroupWare prior to 1.0.00.006
Update available at:
http://sourceforge.net/project/showfiles.php?group_id=78745
We are not aware of any exploits for this vulnerability.
eGroupWare JiNN Directory Traversal
Medium
SA13110, November 8, 2004
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux
A Cross-Site Scripting vulnerability exists in several files, including ‘view_photo.php,’ ‘index.php,’ and ‘init.php’ due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://sourceforge.net/project/showfiles.php?group_id=7130
Gentoo: http://security.gentoo.org/glsa/glsa-200411-10.xml
There is no exploit code required.
Gallery Cross-Site Scripting
High
FsPHPGallery 0.2, 0.3.1, 1.0.1, 1.1
Multiple vulnerabilities exist: a Denial of Service vulnerability exists due to an input validation error when resizing images; and a vulnerability exists in ‘index.php’ due to insufficient verification of input passed to the ‘dir’ parameter, which could let a malicious user obtain sensitive information.
Upgrades available at:
http://gallery.devrandom.org.uk/releases/fsphpgallery-1.2.tar.gz
There is no exploit code required.
FsPHPGallery Multiple Input Validation
Low/ Medium
(Medium if sensitive information can be obtained)
SA13074, November 3, 2004
Gbook MX 2.0, 3.0, 4.1
Upgrades available at:
http://sourceforge.net/project/showfiles.php?group_
id=80296&package_id=123432&release_id=279828
We are not aware of any exploits for these vulnerabilities.
Gbook MX Multiple Unspecified SQL Injection
Medium
Goollery 0.3
Multiple Cross-Site Scripting vulnerabilities due to insufficient sanitization of user-supplied input, exists which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Goollery Multiple Cross-Site Scripting
High
moodle 1.1.1, 1.2, 1.2.1, 1.3-1.3.4, 1.4.1, 1.4.2
Update available at: http://moodle.org/download/
There is no exploit code required.
Moodle Remote Glossary Module SQL Injection
High
SA13091, November 5, 2004
Archive::Zip 1.13,
F-Secure Anti-Virus for Microsoft Exchange 6.30, 6.30 SR1, and 6.31,
Computer Associates,
Eset,
Kaspersky,
McAfee,
Sophos,
RAV
Remote exploitation of an exceptional condition error in multiple vendors’ anti-virus software allows malicious users to bypass security protections by evading virus detection. The problem specifically exists in the parsing of .zip archive headers. This vulnerability affects multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV.
Instructions for Computer Associates, Eset, Kaspersky, McAfee, Sophos, and RAV are available at: http://www.idefense.com/application/poi/display?id
=153&type=vulnerabilities&flashstatus=true
Gentoo:
http://security.gentoo.org/glsa/glsa-200410-31.xml
Mandrakelinux 10.1 and Mandrakelinux 10.1/X86_64: http://www.mandrakesoft.com/security/advisories
A fix for F-Secure is available at::
ftp://ftp.f-secure.com/support/
hotfix/fsav-mse/fsavmse63x-02.zip
Proofs of Concept exploits have been published.
High
iDEFENSE Security Advisory, October 18, 2004
Secunia Advisory ID: SA13038, November 1, 2004
SecurityFocus, Bugtraq ID: 11448, November 2, 2004
SecurityTracker Alert ID: 1012057, November 3, 2004
Microsoft Internet Explorer 6, Microsoft Outlook Express 6,
Apple Safari 1.2.3 (v125.9)
Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information.
This vulnerability was confirmed in Internet Explorer SP1 but not SP2.
A Proof of Concept exploit has been published.
Multiple Web Browsers TABLE Elements Interpretation
Medium
Secunia Advisory, SA13015, October 29, 2004
US-CERT Vulnerability Notes VU#925430 & VU#702086, November 4, 2004
Microsoft Internet Explorer 6.0
Apple Safari 1.2.3 (v125.9)
Multiple browsers are prone to a remote Denial of Service vulnerability. The issue presents itself due to a malfunction that occurs when certain font tags are encountered and rendered. When a page that contains the malicious HTML code is viewed, the browser will crash.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Multiple Web Browsers Font Tag Denial Of Service
Low
SecurityFocus Bugtraq ID, 11536, October 26, 2004
US-CERT, Vulnerability Note VU#925430, November 4, 2004
ProSafe Dual Band Wireless VPN Firewall FWAG114
No workaround or patch available at time of publishing.
There is no exploit code required.
NetGear ProSafe Dual Band Wireless VPN Firewall Default SNMP Community String
Medium
AudienceConnect SecureEditor
Update available at:
http://sourceforge.net/project/showfiles.php?grou
p_id=98629&package_id=132849
We are not aware of any exploits for this vulnerability.
AudienceConnect SecureEditor Unauthorized Access
Medium
wzdftpd prior to 0.4.3
Update available at:
http://sourceforge.net/project/showfiles.php?group_id=78247
We are not aware of any exploits for this vulnerability.
Pierre Chifflier wzdftpd ident Processing Remote Denial of Service
Low
Java System Application Server 7.0 Standard Edition, Platform Edition, 7.0 2004Q2, Java System Web Server 6.0, SP1-SP7, 6.1, SP1
A remote Denial of Service vulnerability exists due to a failure to process malformed client certificates.
Patches available at:
http://wwws.sun.com/software/download/products/
There is no exploit code required.
Sun Java System Web & Application Servers Remote Denial of Service
Low
Java System Application Server 7.0 Standard Edition, Platform Edition, 7.0 2004Q2
A vulnerability exists in the processing of HTTP TRACE requests, which could let a remote malicious user obtain sensitive information.
Workaround available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57670-1
There is no exploit code required.
Sun Java System Application Server HTTP TRACE Information Disclosure
Medium
The table below contains a sample of exploit scripts and “how to” guides identified during this period. The “Workaround or Patch Available” column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
* Netsky-C and Bagle-AI tied for the last spot in the Top 10. Bagle-AI returns to the table after remaining relatively stable just off the Top 10 for the past several weeks.
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
