Sax2 Network Intrusion Detection System

A professional intrusion detection and prevention  system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.  

Name: CVE-2004-0002

Description:
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.

Status: Candidate
Phase: Proposed (20040318)
Reference: CONFIRM:http://lists.freebsd.org/pipermail/cvs-src/2004-January/016271.html
 

Votes:

   ACCEPT(4) Williams, Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."

Status: Candidate
Phase: Modified (20061101)
Reference: CONFIRM:http://www.linuxcompatible.org/print25630.html
Reference: DEBIAN:DSA-479
Reference: URL:http://www.debian.org/security/2004/dsa-479
Reference: DEBIAN:DSA-480
Reference: URL:http://www.debian.org/security/2004/dsa-480
Reference: DEBIAN:DSA-481
Reference: URL:http://www.debian.org/security/2004/dsa-481
Reference: DEBIAN:DSA-482
Reference: URL:http://www.debian.org/security/2004/dsa-482
Reference: DEBIAN:DSA-489
Reference: URL:http://www.debian.org/security/2004/dsa-489
Reference: DEBIAN:DSA-491
Reference: URL:http://www.debian.org/security/2004/dsa-491
Reference: DEBIAN:DSA-495
Reference: URL:http://www.debian.org/security/2004/dsa-495
Reference: MANDRAKE:MDKSA-2004:029
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
Reference: REDHAT:RHSA-2004:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2004:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
Reference: REDHAT:RHSA-2004:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-166.html
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
Reference: TURBO:TLSA-2004-14
Reference: URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
Reference: CIAC:O-082
Reference: URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
Reference: CIAC:O-121
Reference: URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
Reference: CIAC:O-126
Reference: URL:http://www.ciac.org/ciac/bulletins/o-126.shtml
Reference: CIAC:O-127
Reference: URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
Reference: CIAC:O-145
Reference: URL:http://www.ciac.org/ciac/bulletins/o-145.shtml
Reference: BID:9570
Reference: URL:http://www.securityfocus.com/bid/9570
Reference: SECUNIA:10782
Reference: URL:http://secunia.com/advisories/10782
Reference: SECUNIA:10911
Reference: URL:http://secunia.com/advisories/10911
Reference: SECUNIA:10912
Reference: URL:http://secunia.com/advisories/10912
Reference: SECUNIA:11202
Reference: URL:http://secunia.com/advisories/11202
Reference: SECUNIA:11361
Reference: URL:http://secunia.com/advisories/11361
Reference: SECUNIA:11362
Reference: URL:http://secunia.com/advisories/11362
Reference: SECUNIA:11369
Reference: URL:http://secunia.com/advisories/11369
Reference: SECUNIA:11370
Reference: URL:http://secunia.com/advisories/11370
Reference: SECUNIA:11376
Reference: URL:http://secunia.com/advisories/11376
Reference: SECUNIA:11464
Reference: URL:http://secunia.com/advisories/11464
Reference: SECUNIA:11891
Reference: URL:http://secunia.com/advisories/11891
Reference: SECUNIA:12075
Reference: URL:http://secunia.com/advisories/12075
Reference: OVAL:oval:org.mitre.oval:def:1017
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1017
Reference: OVAL:oval:org.mitre.oval:def:834
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:834
Reference: XF:linux-r128-gain-priviliges(15029)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15029
 

Votes:

   ACCEPT(5) Green, Baker, Cole, Armstrong, Cox
   NOOP(2) Christey, Wall

 Christey> DEBIAN:DSA-479
   URL:http://www.debian.org/security/2004/dsa-479
   DEBIAN:DSA-480
   URL:http://www.debian.org/security/2004/dsa-480
   DEBIAN:DSA-481
   URL:http://www.debian.org/security/2004/dsa-481
   DEBIAN:DSA-482
   URL:http://www.debian.org/security/2004/dsa-482
 Christey> DEBIAN:DSA-489
   URL:http://www.debian.org/security/2004/dsa-489
   DEBIAN:DSA-491
   URL:http://www.debian.org/security/2004/dsa-491
 Christey> DEBIAN:DSA-495
   URL:http://www.debian.org/security/2004/dsa-495
   REDHAT:RHSA-2004:166
   URL:http://rhn.redhat.com/errata/RHSA-2004-166.html
 Christey> REDHAT:RHSA-2004:188
   URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
 Christey> CONECTIVA:CLA-2004:846
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

Description:
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: GENTOO:GLSA-200401-04
Reference: URL:http://www.linuxsecurity.com/content/view/105690/104/
Reference: SLACKWARE:SSA:2004-026
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
Reference: SUSE:SuSE-SA:2004:004
Reference: URL:http://www.novell.com/linux/security/advisories/2004_04_gaim.html
Reference: CERT-VN:VU#190366
Reference: URL:http://www.kb.cert.org/vuls/id/190366
Reference: CERT-VN:VU#226974
Reference: URL:http://www.kb.cert.org/vuls/id/226974
Reference: CERT-VN:VU#404470
Reference: URL:http://www.kb.cert.org/vuls/id/404470
Reference: CERT-VN:VU#655974
Reference: URL:http://www.kb.cert.org/vuls/id/655974
Reference: OSVDB:3736
Reference: URL:http://www.osvdb.org/3736
Reference: SECTRACK:1008850
Reference: URL:http://www.securitytracker.com/id?1008850
Reference: XF:gaim-mime-decoder-bo(14942)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14942
Reference: XF:gaim-mime-decoder-oob(14944)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14944
Reference: XF:gaim-yahoodecode-offbyone-bo(14935)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14935
Reference: XF:gaim-sscanf-oob(14938)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14938
 

Votes:

   ACCEPT(5) Green, Baker, Cole, Armstrong, Cox
   NOOP(2) Christey, Wall

 Christey> CERT-VN:VU#404470
   URL:http://www.kb.cert.org/vuls/id/404470
   CERT-VN:VU#655974
   URL:http://www.kb.cert.org/vuls/id/655974
   CERT-VN:VU#226974
   URL:http://www.kb.cert.org/vuls/id/226974
   CERT-VN:VU#190366
   URL:http://www.kb.cert.org/vuls/id/190366

Description:
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html
Reference: REDHAT:RHSA-2004:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html
Reference: REDHAT:RHSA-2004:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html
Reference: REDHAT:RHSA-2004:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-045.html
Reference: MANDRAKE:MDKSA-2004:006
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
Reference: SGI:20040202-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Reference: SUSE:SuSE-SA:2004:004
Reference: URL:http://www.novell.com/linux/security/advisories/2004_04_gaim.html
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: SLACKWARE:SSA:2004-026
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
Reference: GENTOO:GLSA-200401-04
Reference: URL:http://security.gentoo.org/glsa/glsa-200401-04.xml
Reference: CERT-VN:VU#297198
Reference: URL:http://www.kb.cert.org/vuls/id/297198
Reference: CERT-VN:VU#371382
Reference: URL:http://www.kb.cert.org/vuls/id/371382
Reference: CERT-VN:VU#444158
Reference: URL:http://www.kb.cert.org/vuls/id/444158
Reference: CERT-VN:VU#503030
Reference: URL:http://www.kb.cert.org/vuls/id/503030
Reference: CERT-VN:VU#527142
Reference: URL:http://www.kb.cert.org/vuls/id/527142
Reference: CERT-VN:VU#871838
Reference: URL:http://www.kb.cert.org/vuls/id/871838
Reference: BID:9489
Reference: URL:http://www.securityfocus.com/bid/9489
Reference: OSVDB:3731
Reference: URL:http://www.osvdb.org/3731
Reference: OSVDB:3732
Reference: URL:http://www.osvdb.org/3732
Reference: OVAL:oval:org.mitre.oval:def:818
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:818
Reference: SECTRACK:1008850
Reference: URL:http://www.securitytracker.com/id?1008850
Reference: XF:gaim-http-proxy-bo(14947)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14947
Reference: XF:gaim-login-name-bo(14940)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14940
Reference: XF:gaim-login-value-bo(14941)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14941
Reference: XF:gaim-urlparser-bo(14945)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14945
Reference: XF:gaim-yahoopacketread-keyname-bo(14943)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14943
Reference: XF:gaim-yahoowebpending-cookie-bo(14939)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14939
 

Votes:

   ACCEPT(5) Green, Baker, Cole, Armstrong, Cox
   NOOP(2) Christey, Wall

 Cox> Although the 0.59.1 version of Gaim shipped by Red Hat contained these
   flaws, Yahoo connections were not functional and therefore the majority of
   the issues could not be exploited, leading to the abstraction comment above.
 Christey> CERT-VN:VU#871838
   URL:http://www.kb.cert.org/vuls/id/871838
   CERT-VN:VU#444158
   URL:http://www.kb.cert.org/vuls/id/444158
   CERT-VN:VU#503030
   URL:http://www.kb.cert.org/vuls/id/503030
   CERT-VN:VU#371382
   URL:http://www.kb.cert.org/vuls/id/371382
   CERT-VN:VU#297198
   URL:http://www.kb.cert.org/vuls/id/297198
   CERT-VN:VU#527142
   URL:http://www.kb.cert.org/vuls/id/527142
 Christey> Normalize Gentoo reference

Description:
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: GENTOO:GLSA-200401-04
Reference: URL:http://security.gentoo.org/glsa/glsa-200401-04.xml
Reference: MANDRAKE:MDKSA-2004:006
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
Reference: REDHAT:RHSA-2004:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html
Reference: REDHAT:RHSA-2004:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html
Reference: SLACKWARE:SSA:2004-026
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
Reference: SUSE:SuSE-SA:2004:004
Reference: URL:http://www.securityfocus.com/advisories/6281
Reference: CERT-VN:VU#197142
Reference: URL:http://www.kb.cert.org/vuls/id/197142
Reference: BID:9489
Reference: URL:http://www.securityfocus.com/bid/9489
Reference: OSVDB:3733
Reference: URL:http://www.osvdb.org/3733
Reference: OVAL:oval:org.mitre.oval:def:819
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:819
Reference: SECTRACK:1008850
Reference: URL:http://www.securitytracker.com/id?1008850
Reference: XF:gaim-extractinfo-bo(14946)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14946
 

Votes:

   ACCEPT(5) Green, Baker, Cole, Armstrong, Cox
   NOOP(2) Christey, Wall

 Christey> Normalize Gentoo, Slackware reference
 Christey> CERT-VN:VU#197142

Description:
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html
Reference: REDHAT:RHSA-2004:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html
Reference: REDHAT:RHSA-2004:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html
Reference: MANDRAKE:MDKSA-2004:006
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: REDHAT:RHSA-2004:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-045.html
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: BUGTRAQ:20040127 [slackware-security] GAIM security update (SSA:2004-026-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2
Reference: GENTOO:GLSA-200401-04
Reference: URL:http://security.gentoo.org/glsa/glsa-200401-04.xml
Reference: SGI:20040202-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Reference: CERT-VN:VU#779614
Reference: URL:http://www.kb.cert.org/vuls/id/779614
Reference: OSVDB:3734
Reference: URL:http://www.osvdb.org/3734
Reference: OVAL:oval:org.mitre.oval:def:820
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:820
Reference: SECTRACK:1008850
Reference: URL:http://www.securitytracker.com/id?1008850
Reference: XF:gaim-directim-bo(14937)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14937
 

Votes:

   ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Cox
   NOOP(1) Christey

 Christey> CERT-VN:VU#779614

Description:
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20040105)
Reference: CONECTIVA:CLA-2004:820
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Reference: DEBIAN:DSA-479
Reference: URL:http://www.debian.org/security/2004/dsa-479
Reference: DEBIAN:DSA-480
Reference: URL:http://www.debian.org/security/2004/dsa-480
Reference: DEBIAN:DSA-481
Reference: URL:http://www.debian.org/security/2004/dsa-481
Reference: DEBIAN:DSA-482
Reference: URL:http://www.debian.org/security/2004/dsa-482
Reference: DEBIAN:DSA-489
Reference: URL:http://www.debian.org/security/2004/dsa-489
Reference: DEBIAN:DSA-491
Reference: URL:http://www.debian.org/security/2004/dsa-491
Reference: DEBIAN:DSA-495
Reference: URL:http://www.debian.org/security/2004/dsa-495
Reference: FEDORA:FEDORA-2004-079
Reference: URL:http://fedoranews.org/updates/FEDORA-2004-079.shtml
Reference: MANDRAKE:MDKSA-2004:015
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:015
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2004:069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-069.html
Reference: REDHAT:RHSA-2004:188
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
Reference: TURBO:TLSA-2004-05
Reference: URL:http://www.securityfocus.com/advisories/6759
Reference: CIAC:O-082
Reference: URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
Reference: BID:9691
Reference: URL:http://www.securityfocus.com/bid/9691
Reference: XF:linux-ncplookup-gain-privileges(15250)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15250
Reference: OVAL:oval:org.mitre.oval:def:1035
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1035
Reference: OVAL:oval:org.mitre.oval:def:835
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:835
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040105)
 

Votes:

Description:
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.

Status: Candidate
Phase: Modified (20071113)
Reference: DEBIAN:DSA-412
Reference: URL:http://www.debian.org/security/2004/dsa-412
Reference: BID:9365
Reference: URL:http://www.securityfocus.com/bid/9365
Reference: SECTRACK:1008616
Reference: URL:http://www.securitytracker.com/id?1008616
Reference: SECUNIA:10549
Reference: URL:http://secunia.com/advisories/10549
Reference: SECUNIA:10550
Reference: URL:http://secunia.com/advisories/10550
Reference: XF:nd-long-string-bo(14141)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14141
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Williams
   NOOP(2) Wall, Cox

 Williams> need to change desc.  i think this was fixed in 0.8.2.
   http://www.gohome.org/nd

Description:
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.

Status: Candidate
Phase: Modified (20071113)
Reference: DEBIAN:DSA-419
Reference: URL:http://www.debian.org/security/2004/dsa-419
Reference: BID:9386
Reference: URL:http://www.securityfocus.com/bid/9386
Reference: SECTRACK:1008662
Reference: URL:http://www.securitytracker.com/id?1008662
Reference: SECUNIA:10591
Reference: URL:http://secunia.com/advisories/10591
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Williams
   NOOP(2) Wall, Cox

 Williams> i believe this affects phpGroupWare 0.9.14.006 and earlier, and phpGroupWare 0.9.16RC1 and earlier.
   http://phpgroupware.org/downloads

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040106)
 

Votes:

Description:
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340897710308&w=2
Reference: MISC:http://www.excluded.org/advisories/advisory05.txt
Reference: BID:9366
Reference: URL:http://www.securityfocus.com/bid/9366
Reference: OSVDB:3424
Reference: URL:http://www.osvdb.org/3424
Reference: SECTRACK:1008623
Reference: URL:http://www.securitytracker.com/id?1008623
Reference: SECUNIA:10566
Reference: URL:http://secunia.com/advisories/10566
Reference: XF:lotus-notes-insecure-permissions(14153)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14153
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(4) Williams, Wall, Cole, Cox

 Williams> insufficient data.

Description:
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: BID:9368
Reference: URL:http://www.securityfocus.com/bid/9368
Reference: OSVDB:3343
Reference: URL:http://www.osvdb.org/3343
Reference: SECTRACK:1008632
Reference: URL:http://www.securitytracker.com/id?1008632
Reference: SECUNIA:10565
Reference: URL:http://secunia.com/advisories/10565
Reference: XF:phpgedview-pgvbasedirectory-file-include(14159)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14159
 

Votes:

   ACCEPT(3) Williams, Baker, Armstrong
   NOOP(3) Wall, Cole, Cox

 Williams> http://phpgedview.sourceforge.net/

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040105 Multiple Vulnerabilities in Phorum 3.4.5
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340481804110&w=2
Reference: CONFIRM:http://phorum.org/
Reference: BID:9361
Reference: URL:http://www.securityfocus.com/bid/9361
Reference: OSVDB:3434
Reference: URL:http://www.osvdb.org/3434
Reference: OSVDB:3506
Reference: URL:http://www.osvdb.org/3506
Reference: OSVDB:3510
Reference: URL:http://www.osvdb.org/3510
Reference: SECTRACK:1008633
Reference: URL:http://www.securitytracker.com/id?1008633
Reference: SECUNIA:10567
Reference: URL:http://secunia.com/advisories/10567
Reference: XF:phorum-common-xss(14145)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14145
 

Votes:

   ACCEPT(4) Williams, Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040105 FirstClass Client 7.1: Command Execution via Email Web Link
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340950611167&w=2
Reference: BID:9370
Reference: URL:http://www.securityfocus.com/bid/9370
Reference: OSVDB:3442
Reference: URL:http://www.osvdb.org/3442
Reference: SECTRACK:1008609
Reference: URL:http://www.securitytracker.com/id?1008609
Reference: SECUNIA:10556
Reference: URL:http://secunia.com/advisories/10556
Reference: XF:firstclassclient-execute-code(14151)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14151
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(4) Williams, Wall, Cole, Cox

 Williams> insufficient data.

Description:
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.

Status: Candidate
Phase: Assigned (20040107)
Reference: ISS:20040510 McAfee ePolicy Orchestrator Remote Compromise Vulnerability
Reference: URL:http://xforce.iss.net/xforce/alerts/id/173
Reference: CONFIRM:http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt
Reference: MISC:http://www.osvdb.org/5626
Reference: XF:epolicy-execute-commands(14166)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14166
Reference: BID:10200
Reference: URL:http://www.securityfocus.com/bid/10200
 

Votes:

Description:
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

Status: Candidate
Phase: Modified (20050818)
Reference: ISS:20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Reference: URL:http://xforce.iss.net/xforce/alerts/id/162
Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/security_server.html
Reference: CERT:TA04-036A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-036A.html
Reference: CERT-VN:VU#790771
Reference: URL:http://www.kb.cert.org/vuls/id/790771
Reference: CIAC:O-072
Reference: URL:http://www.ciac.org/ciac/bulletins/o-072.shtml
Reference: XF:fw1-format-string(14149)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14149
Reference: BID:9581
Reference: URL:http://www.securityfocus.com/bid/9581
 

Votes:

   ACCEPT(4) Wall, Baker, Cole, Armstrong
   NOOP(1) Cox

Description:
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.

Status: Candidate
Phase: Assigned (20040107)
Reference: DEBIAN:DSA-421
Reference: URL:http://www.debian.org/security/2004/dsa-421
Reference: BID:9404
Reference: URL:http://www.securityfocus.com/bid/9404
Reference: OSVDB:3454
Reference: URL:http://www.osvdb.org/3454
Reference: SECTRACK:1008675
Reference: URL:http://www.securitytracker.com/id?1008675
Reference: SECUNIA:10612
Reference: URL:http://secunia.com/advisories/10612
 

Votes:

Description:
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.

Status: Candidate
Phase: Modified (20050526)
Reference: SECTRACK:1008628
Reference: URL:http://securitytracker.com/id?1008628
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(3) Williams, Wall, Cole
   REJECT(1) Cox

 Williams> insufficient data.
 CHANGE> [Cox changed vote from REVIEWING to REJECT]
 Cox> Expected behaviour.  By source code analysis the difference in
   behaviour mentioned in the report only occurs when an administrator has
   configured the server with an explicit userlist - either to allow or deny
   all users in the userlist.  The vsftpd manual page states that if a
   userlist is used then the user will be denied access before they are asked
   for a password to help prevent cleartext passwords being transmitted.  
   Administrators who don't want this behaviour do not need to configure an
   optional userlist.

Description:
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107357996802255&w=2
Reference: FULLDISC:20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html
Reference: BID:9383
Reference: URL:http://www.securityfocus.com/bid/9383
Reference: OSVDB:3437
Reference: URL:http://www.osvdb.org/3437
Reference: SECTRACK:1008651
Reference: URL:http://www.securitytracker.com/id?1008651
Reference: SECUNIA:10573
Reference: URL:http://secunia.com/advisories/10573
Reference: XF:yahoo-messenger-filename-bo(14171)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14171
 

Votes:

   ACCEPT(3) Williams, Baker, Armstrong
   NOOP(2) Cole, Cox
   REVIEWING(1) Wall

 Williams> http://lists.netsys.com/pipermail/full-disclosure/2004-January/015355.html
   http://www.packetstormsecurity.nl/0401-advisories/yahooIM.txt

Description:
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.

Status: Candidate
Phase: Modified (20050430)
Reference: BUGTRAQ:20040106 SnapStream PVS LITE Cross Site Scripting Vulnerabillity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107350313917867&w=2
Reference: BID:9375
Reference: URL:http://www.securityfocus.com/bid/9375
Reference: OSVDB:3440
Reference: URL:http://www.osvdb.org/3440
Reference: SECTRACK:1008646
Reference: URL:http://securitytracker.com/id?1008646
Reference: SECUNIA:10575
Reference: URL:http://secunia.com/advisories/10575
Reference: XF:snapstream-quotation-xss(14164)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14164
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(4) Williams, Wall, Cole, Cox

 Williams> insufficient data.

Description:
Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges.

Status: Candidate
Phase: Modified (20071113)
Reference: DEBIAN:DSA-430
Reference: URL:http://www.debian.org/security/2004/dsa-430
Reference: BID:9520
Reference: URL:http://www.securityfocus.com/bid/9520
Reference: OSVDB:3747
Reference: URL:http://www.osvdb.org/3747
Reference: SECTRACK:1008875
Reference: URL:http://www.securitytracker.com/id?1008875
Reference: SECUNIA:10744
Reference: URL:http://secunia.com/advisories/10744/
Reference: SECUNIA:10745
Reference: URL:http://secunia.com/advisories/10745
Reference: XF:trr19-gain-privileges(14975)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14975
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040113)
 

Votes:

Description:
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.

Status: Candidate
Phase: Assigned (20040114)
Reference: BUGTRAQ:20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108377388114888&w=2
Reference: VULNWATCH:20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html
Reference: FULLDISC:20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020952.html
Reference: XF:ultraseek-error-path-disclosure(16066)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16066
 

Votes:

Description:
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients.

Status: Candidate
Phase: Assigned (20040114)
Reference: BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109517788100063&w=2
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
Reference: XF:mime-contenttransfer-filter-bypass(17337)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17337
 

Votes:

Description:
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.

Status: Candidate
Phase: Assigned (20040114)
Reference: BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME separator issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109517669115891&w=2
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
Reference: XF:mime-separator-filtering-bypass(17334)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17334
 

Votes:

Description:
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.

Status: Candidate
Phase: Assigned (20040114)
Reference: BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109520704408739&w=2
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
Reference: XF:mime-rfc2047-filtering-bypass(17331)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17331
 

Votes:

Description:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Status: Candidate
Phase: Modified (20071113)
Reference: CISCO:20040113 Vulnerabilities in H.323 Message Processing
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342
Reference: BID:9406
Reference: URL:http://www.securityfocus.com/bid/9406
Reference: SECTRACK:1008685
Reference: URL:http://www.securitytracker.com/id?1008685
 

Votes:

   ACCEPT(5) Green, Wall, Baker, Cole, Armstrong
   NOOP(1) Cox

Description:
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.

Status: Candidate
Phase: Modified (20071129)
Reference: MLIST:[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
Reference: URL:http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: CONECTIVA:CLSA-2003:832
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832
Reference: FEDORA:FLSA:1222
Reference: URL:http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html
Reference: REDHAT:RHSA-2004:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html
Reference: DEBIAN:DSA-425
Reference: URL:http://www.debian.org/security/2004/dsa-425
Reference: MANDRAKE:MDKSA-2004:008
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2
Reference: SGI:20040202-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Reference: CERT-VN:VU#955526
Reference: URL:http://www.kb.cert.org/vuls/id/955526
Reference: BID:7090
Reference: URL:http://www.securityfocus.com/bid/7090
Reference: OVAL:oval:org.mitre.oval:def:850
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:850
Reference: OVAL:oval:org.mitre.oval:def:853
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:853
Reference: SECTRACK:1008735
Reference: URL:http://www.securitytracker.com/id?1008735
 

Votes:

   ACCEPT(6) Williams, Wall, Baker, Cole, Armstrong, Cox
   NOOP(1) Christey

 Cox> ADDREF: REDHAT:RHSA-2004:007
 Williams> http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-isakmp.c
 Christey> SCO:SCOSA-2004.9
   URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt

Description:
Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Status: Candidate
Phase: Modified (20071113)
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342
Reference: BID:9406
Reference: URL:http://www.securityfocus.com/bid/9406
Reference: SECTRACK:1008687
Reference: URL:http://www.securitytracker.com/id?1008687
 

Votes:

   ACCEPT(3) Green, Baker, Armstrong
   NOOP(3) Wall, Cole, Cox

Description:
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

Status: Candidate
Phase: Modified (20071113)
Reference: MLIST:[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
Reference: URL:http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: FEDORA:FLSA:1222
Reference: URL:http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html
Reference: REDHAT:RHSA-2004:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-007.html
Reference: REDHAT:RHSA-2004:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html
Reference: DEBIAN:DSA-425
Reference: URL:http://www.debian.org/security/2004/dsa-425
Reference: MANDRAKE:MDKSA-2004:008
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2
Reference: SGI:20040202-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Reference: CERT-VN:VU#174086
Reference: URL:http://www.kb.cert.org/vuls/id/174086
Reference: BID:9423
Reference: URL:http://www.securityfocus.com/bid/9423
Reference: OVAL:oval:org.mitre.oval:def:851
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:851
Reference: OVAL:oval:org.mitre.oval:def:854
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:854
Reference: SECTRACK:1008716
Reference: URL:http://www.securitytracker.com/id?1008716
Reference: SECUNIA:10636
Reference: URL:http://secunia.com/advisories/10636
Reference: XF:tcpdump-rawprint-isakmp-dos(14837)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14837
 

Votes:

   ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Cox
   NOOP(1) Christey

 Christey> SCO:SCOSA-2004.9
   URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt

Description:
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040113 symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107402026023763&w=2
Reference: OSVDB:3496
Reference: URL:http://www.osvdb.org/3496
Reference: SECTRACK:1008702
Reference: URL:http://www.securitytracker.com/id?1008702
Reference: SECUNIA:10620
Reference: URL:http://secunia.com/advisories/10620
Reference: XF:antivir-tmpfile-insecure(14214)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14214
 

Votes:

   ACCEPT(1) Baker
   NOOP(4) Wall, Cole, Armstrong, Cox
   REVIEWING(1) Green

Description:
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2
Reference: SECTRACK:1008779
Reference: URL:http://www.securitytracker.com/id?1008779
 

Votes:

   ACCEPT(2) Baker, Cole
   NOOP(3) Wall, Armstrong, Cox

Description:
WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2
Reference: SECTRACK:1008779
Reference: URL:http://www.securitytracker.com/id?1008779
 

Votes:

   ACCEPT(2) Green, Baker
   NOOP(4) Wall, Cole, Armstrong, Cox

 Green> Acknowledged in 2.46 release notes

Description:
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2
Reference: SECTRACK:1008779
Reference: URL:http://www.securitytracker.com/id?1008779
 

Votes:

   ACCEPT(2) Green, Baker
   NOOP(4) Wall, Cole, Armstrong, Cox

 Green> Ack'ed in 2.46 release notes

Description:
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040114 FishCart Integer Overflow / Rounding Error
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411850203994&w=2
Reference: SECTRACK:1008731
Reference: URL:http://www.securitytracker.com/id?1008731
 

Votes:

   ACCEPT(1) Baker
   NOOP(4) Wall, Cole, Armstrong, Cox

Description:
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040113 SuSE linux 9.0 YaST config Skribt [exploit]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107402658600437&w=2
Reference: BID:9411
Reference: URL:http://www.securityfocus.com/bid/9411
Reference: OSVDB:3460
Reference: URL:http://www.osvdb.org/3460
Reference: SECTRACK:1008703
Reference: URL:http://www.securitytracker.com/id?1008703
Reference: SECUNIA:10623
Reference: URL:http://secunia.com/advisories/10623
 

Votes:

   ACCEPT(2) Baker, Cole
   NOOP(3) Wall, Armstrong, Cox

Description:
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040112 More phpGedView Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2
Reference: BID:11910
Reference: URL:http://www.securityfocus.com/bid/11910
Reference: BID:11925
Reference: URL:http://www.securityfocus.com/bid/11925
 

Votes:

   ACCEPT(4) Williams, Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

 Williams> http://sourceforge.net/project/showfiles.php?group_id=55456

Description:
phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040112 More phpGedView Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2
Reference: OSVDB:3464
Reference: URL:http://www.osvdb.org/3464
Reference: XF:phpgedview-path-disclosure(14215)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14215
 

Votes:

   ACCEPT(3) Williams, Baker, Armstrong
   NOOP(3) Wall, Cole, Cox

 Williams> http://sourceforge.net/project/showfiles.php?group_id=55456

Description:
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040112 More phpGedView Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2
Reference: BUGTRAQ:20070827 PhpGedView login page multiple XSS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/477881/100/0/threaded
Reference: BID:11868
Reference: URL:http://www.securityfocus.com/bid/11868
Reference: BID:11880
Reference: URL:http://www.securityfocus.com/bid/11880
Reference: BID:11882
Reference: URL:http://www.securityfocus.com/bid/11882
Reference: BID:11888
Reference: URL:http://www.securityfocus.com/bid/11888
Reference: BID:11890
Reference: URL:http://www.securityfocus.com/bid/11890
Reference: BID:11891
Reference: URL:http://www.securityfocus.com/bid/11891
Reference: BID:11894
Reference: URL:http://www.securityfocus.com/bid/11894
Reference: BID:11903
Reference: URL:http://www.securityfocus.com/bid/11903
Reference: BID:11904
Reference: URL:http://www.securityfocus.com/bid/11904
Reference: BID:11905
Reference: URL:http://www.securityfocus.com/bid/11905
Reference: BID:11906
Reference: URL:http://www.securityfocus.com/bid/11906
Reference: BID:11907
Reference: URL:http://www.securityfocus.com/bid/11907
Reference: FRSIRT:ADV-2007-2995
Reference: URL:http://www.frsirt.com/english/advisories/2007/2995
Reference: OSVDB:3473
Reference: URL:http://www.osvdb.org/3473
Reference: OSVDB:3474
Reference: URL:http://www.osvdb.org/3474
Reference: OSVDB:3475
Reference: URL:http://www.osvdb.org/3475
Reference: OSVDB:3476
Reference: URL:http://www.osvdb.org/3476
Reference: OSVDB:3477
Reference: URL:http://www.osvdb.org/3477
Reference: OSVDB:3478
Reference: URL:http://www.osvdb.org/3478
Reference: SECTRACK:1018613
Reference: URL:http://securitytracker.com/id?1018613
Reference: SECUNIA:26628
Reference: URL:http://secunia.com/advisories/26628
Reference: XF:phpgedview-login-xss(36285)
Reference: URL:http://xforce.iss.net/xforce/xfdb/36285
Reference: XF:phpgedview-multiple-xss(14212)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14212
 

Votes:

   ACCEPT(3) Williams, Baker, Armstrong
   NOOP(3) Wall, Cole, Cox

 Williams> http://sourceforge.net/project/showfiles.php?group_id=55456

Description:
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040108 Windows FTP Server Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107367110805273&w=2
Reference: BUGTRAQ:20040113 exploit for HD Soft Windows FTP Server 1.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107401398014761&w=2
Reference: BID:9385
Reference: URL:http://www.securityfocus.com/bid/9385
Reference: SECTRACK:1008658
Reference: URL:http://www.securitytracker.com/id?1008658
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(3) Williams, Cole, Cox
   REVIEWING(1) Wall

 Williams> insufficient data.
 Armstrong> Add reference: http://www.securiteam.com/exploits/5TP0C1FBPS.html

Description:
Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040110 PHP Manpage lookup directory transversal / file disclosing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392764118403&w=2
Reference: BID:9395
Reference: URL:http://www.securityfocus.com/bid/9395
Reference: SECTRACK:1008689
Reference: URL:http://www.securitytracker.com/id?1008689
Reference: XF:manpagelookup-directory-traversal(14203)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14203
 

Votes:

   ACCEPT(2) Baker, Armstrong
   MODIFY(1) Williams
   NOOP(3) Wall, Cole, Cox

 Williams> contacted vendor.  affects v1.2.0.  fixed in v1.3.0.
   http://php.amnuts.com/index.php?do=fdload&id=1&file=class.manpagelookup.php
   http://php.amnuts.com/forums/viewtopic.php?t=70

Description:
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040109 Directory Traversal in Accipiter Direct Server 6.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392576215418&w=2
Reference: FULLDISC:20040109 Directory Traversal in Accipiter Direct Server 6.0
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0274.html
Reference: OSVDB:3433
Reference: URL:http://www.osvdb.org/3433
Reference: SECUNIA:10600
Reference: URL:http://secunia.com/advisories/10600
Reference: XF:accipterdirectserver-directory-traversal(14198)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14198
Reference: BID:9389
Reference: URL:http://www.securityfocus.com/bid/9389
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(4) Williams, Wall, Cole, Cox

 Williams> insufficient data.

Description:
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.

Status: Candidate
Phase: Modified (20060907)
Reference: BUGTRAQ:20040102 include() vuln in EasyDynamicPages v.2.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107307457327707&w=2
Reference: BID:9338
Reference: URL:http://www.securityfocus.com/bid/9338
Reference: OSVDB:3318
Reference: URL:http://www.osvdb.org/3318
Reference: OSVDB:3408
Reference: URL:http://www.osvdb.org/3408
Reference: SECTRACK:1008584
Reference: URL:http://securitytracker.com/id?1008584
Reference: SECUNIA:10535
Reference: URL:http://secunia.com/advisories/10535
Reference: XF:easydynamicpages-php-file-include(14136)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14136
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(4) Williams, Wall, Cole, Cox

 Williams> insufficient data.

Description:
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.

Status: Candidate
Phase: Proposed (20040318)
Reference: BUGTRAQ:20040102 xsok local games exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107307407027259&w=2
Reference: BUGTRAQ:20040103 xsok local games exploit (2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332542918529&w=2
Reference: BID:9352
Reference: URL:http://www.securityfocus.com/bid/9352
Reference: BID:9341
Reference: URL:http://www.securityfocus.com/bid/9341
Reference: XF:xsok-lang-bo(14910)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14910
Reference: XF:xsok-long-xsokdir-bo(14906)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14906
 

Votes:

   ACCEPT(3) Williams, Baker, Armstrong
   NOOP(3) Wall, Cole, Cox

 Williams> DSA-405-1

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was removed from consideration by its Candidate Numbering Authority. Notes: none.

Status: Candidate
Phase: Assigned (20040119)
 

Votes:

Description:
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Status: Candidate
Phase: Assigned (20040119)
Reference: BUGTRAQ:20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107953412903636&w=2
Reference: CONFIRM:http://www.openssl.org/news/secadv_20040317.txt
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/224012/index.htm
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm
Reference: CISCO:20040317 Cisco OpenSSL Implementation Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
Reference: APPLE:APPLE-SA-2005-08-15
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
Reference: APPLE:APPLE-SA-2005-08-17
Reference: URL:http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
Reference: CONECTIVA:CLA-2004:834
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
Reference: DEBIAN:DSA-465
Reference: URL:http://www.debian.org/security/2004/dsa-465
Reference: ENGARDE:ESA-20040317-003
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
Reference: FEDORA:FEDORA-2004-095
Reference: URL:http://fedoranews.org/updates/FEDORA-2004-095.shtml
Reference: FEDORA:FEDORA-2005-1042
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
Reference: FREEBSD:FreeBSD-SA-04:05
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc
Reference: GENTOO:GLSA-200403-03
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-03.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108403806509920&w=2
Reference: MANDRAKE:MDKSA-2004:023
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:023
Reference: NETBSD:NetBSD-SA2004-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
Reference: REDHAT:RHSA-2004:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-120.html
Reference: REDHAT:RHSA-2004:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-121.html
Reference: REDHAT:RHSA-2004:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-139.html
Reference: REDHAT:RHSA-2005:830
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-830.html
Reference: REDHAT:RHSA-2005:829
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-829.html
Reference: SCO:SCOSA-2004.10
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
Reference: SLACKWARE:SSA:2004-077
Reference: URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
Reference: SUSE:SuSE-SA:2004:007
Reference: URL:http://www.novell.com/linux/security/advisories/2004_07_openssl.html
Reference: SUNALERT:57524
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
Reference: TRUSTIX:2004-0012
Reference: URL:http://www.trustix.org/errata/2004/0012
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html
Reference: CERT:TA04-078A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-078A.html
Reference: CERT-VN:VU#288574
Reference: URL:http://www.kb.cert.org/vuls/id/288574
Reference: CIAC:O-101
Reference: URL:http://www.ciac.org/ciac/bulletins/o-101.shtml
Reference: BID:9899
Reference: URL:http://www.securityfocus.com/bid/9899
Reference: OVAL:oval:org.mitre.oval:def:2621
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2621
Reference: OVAL:oval:org.mitre.oval:def:870
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:870
Reference: OVAL:oval:org.mitre.oval:def:975
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:975
Reference: SECUNIA:11139
Reference: URL:http://secunia.com/advisories/11139
Reference: SECUNIA:17401
Reference: URL:http://secunia.com/advisories/17401
Reference: SECUNIA:17381
Reference: URL:http://secunia.com/advisories/17381
Reference: SECUNIA:17398
Reference: URL:http://secunia.com/advisories/17398
Reference: SECUNIA:18247
Reference: URL:http://secunia.com/advisories/18247
Reference: XF:openssl-dochangecipherspec-dos(15505)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15505
 

Votes:

Description:
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Status: Candidate
Phase: Assigned (20040119)
Reference: BUGTRAQ:20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107955049331965&w=2
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/224012/index.htm
Reference: CISCO:20040317 Cisco OpenSSL Implementation Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
Reference: CONECTIVA:CLA-2004:834
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
Reference: DEBIAN:DSA-465
Reference: URL:http://www.debian.org/security/2004/dsa-465
Reference: ENGARDE:ESA-20040317-003
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
Reference: FEDORA:FEDORA-2004-095
Reference: URL:http://fedoranews.org/updates/FEDORA-2004-095.shtml
Reference: GENTOO:GLSA-200403-03
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-03.xml
Reference: REDHAT:RHSA-2004:119
Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-119.html
Reference: REDHAT:RHSA-2004:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-120.html
Reference: REDHAT:RHSA-2004:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-121.html
Reference: REDHAT:RHSA-2004:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-139.html
Reference: SCO:SCOSA-2004.10
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
Reference: SGI:20040304-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
Reference: SUNALERT:57524
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
Reference: TRUSTIX:2004-0012
Reference: URL:http://www.trustix.org/errata/2004/0012
Reference: BUGTRAQ:20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108403850228012&w=2
Reference: CERT:TA04-078A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-078A.html
Reference: CERT-VN:VU#465542
Reference: URL:http://www.kb.cert.org/vuls/id/465542
Reference: BID:9899
Reference: URL:http://www.securityfocus.com/bid/9899
Reference: OVAL:oval:org.mitre.oval:def:871
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:871
Reference: OVAL:oval:org.mitre.oval:def:902
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:902
Reference: SECUNIA:11139
Reference: URL:http://secunia.com/advisories/11139
Reference: XF:openssl-tls-dos(15509)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15509
 

Votes:

Description:
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107644835523678&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=72
Reference: BUGTRAQ:20040211 XFree86 vulnerability exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107653324115914&w=2
Reference: CONFIRM:http://www.xfree86.org/cvs/changes
Reference: CONECTIVA:CLA-2004:821
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: FEDORA:FLSA:2314
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2
Reference: REDHAT:RHSA-2004:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html
Reference: REDHAT:RHSA-2004:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html
Reference: REDHAT:RHSA-2004:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: SUNALERT:57768
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Reference: SUSE:SuSE-SA:2004:006
Reference: URL:http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Reference: MANDRAKE:MDKSA-2004:012
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Reference: GENTOO:GLSA-200402-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-02.xml
Reference: CERT-VN:VU#820006
Reference: URL:http://www.kb.cert.org/vuls/id/820006
Reference: BID:9636
Reference: URL:http://www.securityfocus.com/bid/9636
Reference: OVAL:oval:org.mitre.oval:def:806
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:806
Reference: OVAL:oval:org.mitre.oval:def:830
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:830
Reference: XF:xfree86-fontalias-bo(15130)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15130
 

Votes:

   ACCEPT(5) Wall, Baker, Cole, Armstrong, Cox
   NOOP(1) Christey

 Christey> CIAC:O-081
   URL:http://www.ciac.org/ciac/bulletins/o-081.shtml
   IMMUNIX:IMNX-2004-73-002-01
   URL:http://www.securityfocus.com/advisories/6328
   BID:9636
   URL:http://www.securityfocus.com/bid/9636
 Christey> Normalize Gentoo reference
 Christey> SCO:SCOSA-2004.2
   URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.2/SCOSA-2004.2.txt
   SCO:SCOSA-2004.3
   URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.3/SCOSA-2004.3.txt

Description:
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107662833512775&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=73
Reference: CONECTIVA:CLA-2004:821
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: FEDORA:FLSA:2314
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2
Reference: REDHAT:RHSA-2004:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html
Reference: REDHAT:RHSA-2004:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html
Reference: REDHAT:RHSA-2004:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: SUNALERT:57768
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Reference: SUSE:SuSE-SA:2004:006
Reference: URL:http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Reference: MANDRAKE:MDKSA-2004:012
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Reference: CERT-VN:VU#667502
Reference: URL:http://www.kb.cert.org/vuls/id/667502
Reference: BID:9652
Reference: URL:http://www.securityfocus.com/bid/9652
Reference: OVAL:oval:org.mitre.oval:def:807
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:807
Reference: OVAL:oval:org.mitre.oval:def:831
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:831
Reference: XF:xfree86-copyisolatin1lLowered-bo(15200)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15200
 

Votes:

   ACCEPT(3) Baker, Armstrong, Cox
   NOOP(2) Christey, Cole
   REVIEWING(1) Wall

 Christey> CIAC:O-081
   URL:http://www.ciac.org/ciac/bulletins/o-081.shtml
   IMMUNIX:IMNX-2004-73-002-01
   URL:http://www.securityfocus.com/advisories/6328
   BID:9652
   URL:http://www.securityfocus.com/bid/9652
 Christey> SCO:SCOSA-2004.2
   URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.2/SCOSA-2004.2.txt
   SCO:SCOSA-2004.3
   URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.3/SCOSA-2004.3.txt

Description:
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.

Status: Candidate
Phase: Modified (20050813)
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: BID:9504
Reference: URL:http://www.securityfocus.com/bid/9504
Reference: XF:macosx-mail-undisclosed(14992)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14992
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.

Status: Candidate
Phase: Modified (20050813)
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: BID:9504
Reference: URL:http://www.securityfocus.com/bid/9504
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.

Status: Candidate
Phase: Modified (20071113)
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: BID:9504
Reference: URL:http://www.securityfocus.com/bid/9504
Reference: OSVDB:6819
Reference: URL:http://www.osvdb.org/6819
Reference: XF:macosx-configd-file-manipulation(14997)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14997
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.

Status: Candidate
Phase: Modified (20071113)
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: BID:9504
Reference: URL:http://www.securityfocus.com/bid/9504
Reference: OSVDB:6820
Reference: URL:http://www.osvdb.org/6820
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.

Status: Candidate
Phase: Assigned (20040120)
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: AUSCERT:ESB-2004.0072
Reference: URL:http://www.auscert.org.au/render.html?it=3791&cid=1
Reference: BID:9504
Reference: URL:http://www.securityfocus.com/bid/9504
Reference: SECUNIA:10723
Reference: URL:http://secunia.com/advisories/10723/
 

Votes:

Description:
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."

Status: Candidate
Phase: Modified (20051208)
Reference: BUGTRAQ:20040120 vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107462349324945&w=2
Reference: VULN-DEV:20040120 vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107462499927040&w=2
Reference: VULN-DEV:20040120 Re: vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107478592401619&w=2
Reference: VULN-DEV:20040123 RE: vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107488880317647&w=2
Reference: SECTRACK:1008780
Reference: URL:http://securitytracker.com/id?1008780
 

Votes:

   NOOP(4) Wall, Cole, Armstrong, Cox
   REVIEWING(1) Green

Description:
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

Status: Candidate
Phase: Modified (20040812)
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: BID:9504
Reference: URL:http://www.securityfocus.com/bid/9504
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Status: Candidate
Phase: Modified (20071113)
Reference: DEBIAN:DSA-448
Reference: URL:http://www.debian.org/security/2004/dsa-448
Reference: REDHAT:RHSA-2004:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-047.html
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342
Reference: BID:9406
Reference: URL:http://www.securityfocus.com/bid/9406
Reference: XF:pwlib-message-dos(15202)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15202
Reference: OVAL:oval:org.mitre.oval:def:803
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:803
Reference: OVAL:oval:org.mitre.oval:def:826
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:826
 

Votes:

   ACCEPT(4) Wall, Baker, Cole, Armstrong
   MODIFY(1) Cox
   NOOP(1) Christey

 Cox> Addref: REDHAT:RHSA-2004:048
   Be useful to mention OpenH323 and/or H.323 in this text to aid
   searching on this issue
 Christey> BUGTRAQ:20040409 [ GLSA 200404-11 ] Multiple Vulnerabilities in pwlib

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040128)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040129)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040129)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040129)
 

Votes:

Description:
crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow.

Status: Candidate
Phase: Modified (20050808)
Reference: DEBIAN:DSA-432
Reference: URL:http://www.debian.org/security/2004/dsa-432
Reference: BID:9566
Reference: URL:http://www.securityfocus.com/bid/9566
Reference: SECUNIA:10788
Reference: URL:http://secunia.com/advisories/10788/
Reference: XF:crawl-long-environment-bo(15032)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15032
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Status: Candidate
Phase: Modified (20050808)
Reference: BUGTRAQ:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429&w=2
Reference: VULNWATCH:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html
Reference: DEBIAN:DSA-449
Reference: URL:http://www.debian.org/security/2004/dsa-449
Reference: MANDRAKE:MDKSA-2004:014
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:014
Reference: REDHAT:RHSA-2004:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-073.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
Reference: CERT-VN:VU#518518
Reference: URL:http://www.kb.cert.org/vuls/id/518518
Reference: CIAC:O-083
Reference: URL:http://www.ciac.org/ciac/bulletins/o-083.shtml
Reference: BID:9692
Reference: URL:http://www.securityfocus.com/bid/9692
Reference: SECUNIA:10908
Reference: URL:http://secunia.com/advisories/10908
Reference: XF:metamail-contenttype-format-string(15245)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15245
Reference: XF:metamail-printheader-format-string(15259)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15259
 

Votes:

   ACCEPT(5) Wall, Baker, Cole, Armstrong, Cox

Description:
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Status: Candidate
Phase: Modified (20050808)
Reference: BUGTRAQ:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429&w=2
Reference: VULNWATCH:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html
Reference: DEBIAN:DSA-449
Reference: URL:http://www.debian.org/security/2004/dsa-449
Reference: MANDRAKE:MDKSA-2004:014
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:014
Reference: REDHAT:RHSA-2004:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-073.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
Reference: CERT-VN:VU#513062
Reference: URL:http://www.kb.cert.org/vuls/id/513062
Reference: CIAC:O-083
Reference: URL:http://www.ciac.org/ciac/bulletins/o-083.shtml
Reference: BID:9692
Reference: URL:http://www.securityfocus.com/bid/9692
Reference: SECUNIA:10908
Reference: URL:http://secunia.com/advisories/10908
Reference: XF:metamail-printheader-nonascii-bo(15247)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15247
Reference: XF:metamail-splitmail-subject-bo(15258)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15258
 

Votes:

   ACCEPT(5) Wall, Baker, Cole, Armstrong, Cox

Description:
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

Status: Candidate
Phase: Modified (20061101)
Reference: CONECTIVA:CLA-2004:821
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: FEDORA:FLSA:2314
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2
Reference: REDHAT:RHSA-2004:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html
Reference: REDHAT:RHSA-2004:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html
Reference: REDHAT:RHSA-2004:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: SUSE:SuSE-SA:2004:006
Reference: URL:http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Reference: MANDRAKE:MDKSA-2004:012
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Reference: XF:xfree86-multiple-font-improper-handling(15206)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15206
Reference: OVAL:oval:org.mitre.oval:def:809
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:809
Reference: OVAL:oval:org.mitre.oval:def:832
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:832
 

Votes:

   ACCEPT(3) Baker, Armstrong, Cox
   NOOP(2) Christey, Cole
   REVIEWING(1) Wall

 Christey> CIAC:O-081
   URL:http://www.ciac.org/ciac/bulletins/o-081.shtml
   IMMUNIX:IMNX-2004-73-002-01
   URL:http://www.securityfocus.com/advisories/6328
   BID:9655
   URL:http://www.securityfocus.com/bid/9655
   TURBO:TLSA-2004-5
   URL:http://www.turbolinux.com/security/2004/TLSA-2004-5.txt
 Christey> SCO:SCOSA-2004.2
   URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.2/SCOSA-2004.2.txt
   SCO:SCOSA-2004.3
   URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.3/SCOSA-2004.3.txt

Description:
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

Status: Candidate
Phase: Modified (20061101)
Reference: REDHAT:RHSA-2004:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html
Reference: REDHAT:RHSA-2004:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-093.html
Reference: SGI:20040302-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc
Reference: CIAC:O-097
Reference: URL:http://www.ciac.org/ciac/bulletins/o-097.shtml
Reference: BID:9838
Reference: URL:http://www.securityfocus.com/bid/9838
Reference: OSVDB:6884
Reference: URL:http://www.osvdb.org/6884
Reference: OVAL:oval:org.mitre.oval:def:849
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:849
Reference: OVAL:oval:org.mitre.oval:def:862
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:862
Reference: XF:sysstat-post-trigger-symlink(15428)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15428
 

Votes:

   ACCEPT(4) Wall, Baker, Cole, Armstrong
   MODIFY(2) Frech, Cox
   NOOP(1) Christey

 Frech> XF:sysstat-post-trigger-symlink(15428)
   http://xforce.iss.net/xforce/xfdb/15428
 Cox> This issue is in the vendor packaging of sysstat, not sysstat itself,
   and does not apply to a particular version of upstream
   sysstat. Suggest "trigger scripts in various vendors packaging of
   syssstat allows local users..." or "in the Red Hat packaging of sysstat"
 Christey> CIAC:O-097
   URL:http://www.ciac.org/ciac/bulletins/o-097.shtml
   XF:sysstat-post-trigger-symlink(15428)
   URL:http://xforce.iss.net/xforce/xfdb/15428
   BID:9838
   URL:http://www.securityfocus.com/bid/9838
 Christey> FEDORA:FEDORA-2004-1372
   URL:https://bugzilla.fedora.us/show_bug.cgi?id=1372

Description:
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Status: Candidate
Phase: Assigned (20040202)
Reference: MISC:http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
Reference: CONECTIVA:CLA-2004:846
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Reference: DEBIAN:DSA-479
Reference: URL:http://www.debian.org/security/2004/dsa-479
Reference: DEBIAN:DSA-480
Reference: URL:http://www.debian.org/security/2004/dsa-480
Reference: DEBIAN:DSA-481
Reference: URL:http://www.debian.org/security/2004/dsa-481
Reference: DEBIAN:DSA-482
Reference: URL:http://www.debian.org/security/2004/dsa-482
Reference: DEBIAN:DSA-489
Reference: URL:http://www.debian.org/security/2004/dsa-489
Reference: DEBIAN:DSA-491
Reference: URL:http://www.debian.org/security/2004/dsa-491
Reference: DEBIAN:DSA-495
Reference: URL:http://www.debian.org/security/2004/dsa-495
Reference: ENGARDE:ESA-20040428-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:029
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Reference: REDHAT:RHSA-2004:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-105.html
Reference: REDHAT:RHSA-2004:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
Reference: REDHAT:RHSA-2004:166
Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-166.html
Reference: REDHAT:RHSA-2004:183
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-183.html
Reference: SGI:20040405-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
Reference: SGI:20040504-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
Reference: SUSE:SuSE-SA:2004:009
Reference: URL:http://www.novell.com/linux/security/advisories/2004_09_kernel.html
Reference: TRUSTIX:2004-0020
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
Reference: TURBO:TLSA-2004-14
Reference: URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
Reference: CIAC:O-121
Reference: URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
Reference: CIAC:O-127
Reference: URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
Reference: BID:10141
Reference: URL:http://www.securityfocus.com/bid/10141
Reference: OVAL:oval:org.mitre.oval:def:940
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:940
Reference: SECUNIA:11361
Reference: URL:http://secunia.com/advisories/11361
Reference: SECUNIA:11362
Reference: URL:http://secunia.com/advisories/11362
Reference: SECUNIA:11373
Reference: URL:http://secunia.com/advisories/11373
Reference: SECUNIA:11429
Reference: SECUNIA:11464
Reference: URL:http://secunia.com/advisories/11464
Reference: SECUNIA:11469
Reference: URL:http://secunia.com/advisories/11469
Reference: SECUNIA:11470
Reference: URL:http://secunia.com/advisories/11470
Reference: SECUNIA:11486
Reference: URL:http://secunia.com/advisories/11486
Reference: SECUNIA:11494
Reference: URL:http://secunia.com/advisories/11494
Reference: SECUNIA:11518
Reference: URL:http://secunia.com/advisories/11518
Reference: SECUNIA:11626
Reference: URL:http://secunia.com/advisories/11626
Reference: SECUNIA:11861
Reference: URL:http://secunia.com/advisories/11861
Reference: SECUNIA:11891
Reference: URL:http://secunia.com/advisories/11891
Reference: SECUNIA:11986
Reference: URL:http://secunia.com/advisories/11986
Reference: SECUNIA:12003
Reference: URL:http://secunia.com/advisories/12003
Reference: XF:linux-iso9660-bo(15866)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15866
 

Votes:

Description:
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

Status: Candidate
Phase: Modified (20070303)
Reference: CONFIRM:http://www.xmlsoft.org/news.html
Reference: DEBIAN:DSA-455
Reference: URL:http://www.debian.org/security/2004/dsa-455
Reference: GENTOO:GLSA-200403-01
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-01.xml
Reference: REDHAT:RHSA-2004:090
Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-090.html
Reference: REDHAT:RHSA-2004:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-091.html
Reference: BUGTRAQ:20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851606605420&w=2
Reference: BUGTRAQ:20040306 TSLSA-2004-0010 - libxml2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107860178228804&w=2
Reference: REDHAT:RHSA-2004:650
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-650.html
Reference: SUSE:SUSE-SR:2005:001
Reference: URL:http://www.novell.com/linux/security/advisories/2005_01_sr.html
Reference: CERT-VN:VU#493966
Reference: URL:http://www.kb.cert.org/vuls/id/493966
Reference: CIAC:O-086
Reference: URL:http://www.ciac.org/ciac/bulletins/o-086.shtml
Reference: BID:9718
Reference: URL:http://www.securityfocus.com/bid/9718
Reference: SECUNIA:10958
Reference: URL:http://secunia.com/advisories/10958/
Reference: OVAL:oval:org.mitre.oval:def:833
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:833
Reference: OVAL:oval:org.mitre.oval:def:875
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:875
Reference: XF:libxml2-nanohttp-bo(15301)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15301
Reference: XF:libxml2-nanoftp-bo(15302)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15302
 

Votes:

   ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Cox
   NOOP(1) Christey

 Christey> CONECTIVA:CLA-2004:836
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000836
 Christey> Add APPLE-SA-2004-04-05
   CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00047.html
 Green> VERIFIED-BY-SOMEONE-I-TRUST
 Christey> Normalize Trustix references
 Christey> FEDORA:FEDORA-2004-1324
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109035140702164&w=2

Description:
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Status: Candidate
Phase: Assigned (20040202)
Reference: BUGTRAQ:20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107953412903636&w=2
Reference: CONFIRM:http://www.openssl.org/news/secadv_20040317.txt
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/224012/index.htm
Reference: APPLE:APPLE-SA-2005-08-15
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
Reference: APPLE:APPLE-SA-2005-08-17
Reference: URL:http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
Reference: CISCO:20040317 Cisco OpenSSL Implementation Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
Reference: CONECTIVA:CLA-2004:834
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
Reference: GENTOO:GLSA-200403-03
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-03.xml
Reference: MANDRAKE:MDKSA-2004:023
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:023
Reference: NETBSD:NetBSD-SA2004-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
Reference: REDHAT:RHSA-2004:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-120.html
Reference: REDHAT:RHSA-2004:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-121.html
Reference: SCO:SCOSA-2004.10
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
Reference: SLACKWARE:SSA:2004-077
Reference: URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
Reference: SUSE:SuSE-SA:2004:007
Reference: URL:http://www.novell.com/linux/security/advisories/2004_07_openssl.html
Reference: SUNALERT:57524
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
Reference: TRUSTIX:2004-0012
Reference: URL:http://www.trustix.org/errata/2004/0012
Reference: HP:SSRT4717
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108403806509920&w=2
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html
Reference: CERT:TA04-078A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-078A.html
Reference: CERT-VN:VU#484726
Reference: URL:http://www.kb.cert.org/vuls/id/484726
Reference: CIAC:O-101
Reference: URL:http://www.ciac.org/ciac/bulletins/o-101.shtml
Reference: BID:9899
Reference: URL:http://www.securityfocus.com/bid/9899
Reference: OVAL:oval:org.mitre.oval:def:1049
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1049
Reference: OVAL:oval:org.mitre.oval:def:928
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:928
Reference: SECUNIA:11139
Reference: URL:http://secunia.com/advisories/11139
Reference: XF:openssl-kerberos-ciphersuites-dos(15508)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15508
 

Votes:

Description:
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.

Status: Candidate
Phase: Assigned (20040203)
Reference: EEYE:AD20040413A
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20040413A.html
Reference: MS:MS04-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-012.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#417052
Reference: URL:http://www.kb.cert.org/vuls/id/417052
Reference: CIAC:O-115
Reference: URL:http://www.ciac.org/ciac/bulletins/o-115.shtml
Reference: BID:10127
Reference: URL:http://www.securityfocus.com/bid/10127
Reference: OVAL:oval:org.mitre.oval:def:955
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:955
Reference: OVAL:oval:org.mitre.oval:def:957
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:957
Reference: OVAL:oval:org.mitre.oval:def:958
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:958
Reference: SECTRACK:1009758
Reference: URL:http://securitytracker.com/alerts/2004/Apr/1009758.html
Reference: SECUNIA:11065
Reference: URL:http://secunia.com/advisories/11065/
Reference: XF:win-rpcss-rpcmessage-dos(15708)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15708
 

Votes:

Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20040203)
Reference: MS:MS04-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#353956
Reference: URL:http://www.kb.cert.org/vuls/id/353956
Reference: CIAC:O-114
Reference: URL:http://www.ciac.org/ciac/bulletins/o-114.shtml
Reference: OVAL:oval:org.mitre.oval:def:907
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:907
Reference: OVAL:oval:org.mitre.oval:def:946
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:946
Reference: OVAL:oval:org.mitre.oval:def:964
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:964
Reference: XF:win-h323-bo(15710)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15710
 

Votes:

Description:
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.

Status: Candidate
Phase: Assigned (20040203)
Reference: FULLDISC:20040413 EEYE: Windows VDM TIB Local Privilege Escalation
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020070.html
Reference: EEYE:AD20040413E
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20040413E.html
Reference: MS:MS04-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#783748
Reference: URL:http://www.kb.cert.org/vuls/id/783748
Reference: CIAC:O-114
Reference: URL:http://www.ciac.org/ciac/bulletins/o-114.shtml
Reference: BID:10117
Reference: URL:http://www.securityfocus.com/bid/10117
Reference: OVAL:oval:org.mitre.oval:def:1512
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1512
Reference: OVAL:oval:org.mitre.oval:def:1718
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1718
Reference: XF:win-vdm-gain-privileges(15714)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15714
 

Votes:

Description:
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.

Status: Candidate
Phase: Assigned (20040203)
Reference: VULNWATCH:20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0081.html
Reference: MS:MS04-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#638548
Reference: URL:http://www.kb.cert.org/vuls/id/638548
Reference: CIAC:O-114
Reference: URL:http://www.ciac.org/ciac/bulletins/o-114.shtml
Reference: BID:10113
Reference: URL:http://www.securityfocus.com/bid/10113
Reference: OVAL:oval:org.mitre.oval:def:1808
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1808
Reference: OVAL:oval:org.mitre.oval:def:1962
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1962
Reference: OVAL:oval:org.mitre.oval:def:1997
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1997
Reference: XF:win-spp-bo(15715)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15715
 

Votes:

Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.

Status: Candidate
Phase: Assigned (20040203)
Reference: MS:MS04-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#150236
Reference: URL:http://www.kb.cert.org/vuls/id/150236
Reference: CIAC:O-114
Reference: URL:http://www.ciac.org/ciac/bulletins/o-114.shtml
Reference: BID:10115
Reference: URL:http://www.securityfocus.com/bid/10115
Reference: OVAL:oval:org.mitre.oval:def:885
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:885
Reference: OVAL:oval:org.mitre.oval:def:886
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:886
Reference: OVAL:oval:org.mitre.oval:def:892
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:892
Reference: XF:ssl-message-dos(15712)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15712
 

Votes:

Description:
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Status: Candidate
Phase: Assigned (20040203)
Reference: MS:MS04-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#255924
Reference: URL:http://www.kb.cert.org/vuls/id/255924
Reference: CIAC:O-114
Reference: URL:http://www.ciac.org/ciac/bulletins/o-114.shtml
Reference: BID:10118
Reference: URL:http://www.securityfocus.com/bid/10118
Reference: OVAL:oval:org.mitre.oval:def:1007
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1007
Reference: OVAL:oval:org.mitre.oval:def:1076
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1076
Reference: OVAL:oval:org.mitre.oval:def:924
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:924
Reference: XF:win-asn1-double-free(15713)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15713
 

Votes:

Description:
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."

Status: Candidate
Phase: Assigned (20040203)
Reference: MS:MS04-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-012.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#212892
Reference: URL:http://www.kb.cert.org/vuls/id/212892
Reference: CIAC:O-115
Reference: URL:http://www.ciac.org/ciac/bulletins/o-115.shtml
Reference: BID:10121
Reference: URL:http://www.securityfocus.com/bid/10121
Reference: OVAL:oval:org.mitre.oval:def:1041
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1041
Reference: OVAL:oval:org.mitre.oval:def:1062
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1062
Reference: OVAL:oval:org.mitre.oval:def:1066
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1066
Reference: OVAL:oval:org.mitre.oval:def:1072
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1072
Reference: SECUNIA:11065
Reference: URL:http://secunia.com/advisories/11065/
Reference: XF:win-objectidentifier-open-port(15711)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15711
 

Votes:

Description:
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.

Status: Candidate
Phase: Assigned (20040203)
Reference: FREEBSD:FreeBSD-SA-04:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc
Reference: BID:10485
Reference: URL:http://www.securityfocus.com/bid/10485
Reference: XF:freebsd-jailed-table-modify(16342)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16342
 

Votes:

Description:
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Reference: URL:http://www.securityfocus.com/archive/1/352355
Reference: BID:9529
Reference: URL:http://www.securityfocus.com/bid/9529
Reference: OSVDB:3768
Reference: URL:http://www.osvdb.org/displayvuln.php?osvdb_id=3768
Reference: SECTRACK:1008892
Reference: URL:http://www.securitytracker.com/id?1008892
Reference: SECUNIA:10753
Reference: URL:http://secunia.com/advisories/10753/
Reference: XF:phpgedview-editconfig-directory-traversal(15129)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15129
 

Votes:

   ACCEPT(2) Green, Baker
   NOOP(4) Wall, Cole, Armstrong, Cox

 Green> Vendor ack'ed and provides an update;
   http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?download

Description:
login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.

Status: Candidate
Phase: Modified (20071113)
Reference: MISC:http://www.netvigilance.com/advisory0001
Reference: MISC:http://www.securiteam.com/unixfocus/5NP0M1PBPQ.html
Reference: OSVDB:6886
Reference: URL:http://www.osvdb.org/6886
Reference: SECTRACK:1008844
Reference: URL:http://securitytracker.com/alerts/2004/Jan/1008844.html
Reference: XF:phpgedview-loginphp-path-disclosure(15128)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15128
 

Votes:

   ACCEPT(2) Green, Baker
   NOOP(4) Wall, Cole, Armstrong, Cox

 Green> Vendor acknowledges and supplies fix in version version 2.65.2

Description:
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.

Status: Candidate
Phase: Modified (20060907)
Reference: BUGTRAQ:20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651585921958&w=2
Reference: XF:ezcontents-multiple-file-include(15135)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15135
 

Votes:

   ACCEPT(2) Baker, Armstrong
   NOOP(3) Wall, Cole, Cox

Description:
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.

Status: Candidate
Phase: Assigned (20040211)
Reference: ENGARDE:ESA-20040428-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:029
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Reference: SGI:20040405-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
Reference: TRUSTIX:2004-0020
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
Reference: BID:10151
Reference: URL:http://www.securityfocus.com/bid/10151
Reference: SECUNIA:11362
Reference: URL:http://secunia.com/advisories/11362
Reference: XF:linux-xfs-info-disclosure(15901)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15901
 

Votes:

Description:
cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process.

Status: Candidate
Phase: Assigned (20040211)
Reference: SGI:20040507-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040507-01-P.asc
Reference: BID:10418
Reference: URL:http://www.securityfocus.com/bid/10418
Reference: XF:irix-cpr-gain-privileges(16259)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16259
 

Votes:

Description:
The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory.

Status: Candidate
Phase: Assigned (20040211)
Reference: SGI:20040601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
Reference: OSVDB:7122
Reference: URL:http://www.osvdb.org/7122
Reference: SECUNIA:11872
Reference: URL:http://secunia.com/advisories/11872
Reference: XF:irix-sgiioprobe-gain-privileges(16413)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16413
 

Votes:

Description:
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."

Status: Candidate
Phase: Assigned (20040211)
Reference: SGI:20040601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
Reference: OSVDB:7123
Reference: URL:http://www.osvdb.org/7123
Reference: SECUNIA:11872
Reference: URL:http://secunia.com/advisories/11872
Reference: XF:irix-mapelf32exec-dos(16416)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16416
Reference: BID:10547
Reference: URL:http://www.securityfocus.com/bid/10547
 

Votes:

Description:
Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues."

Status: Candidate
Phase: Assigned (20040211)
Reference: SGI:20040601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
Reference: OSVDB:7124
Reference: URL:http://www.osvdb.org/7124
Reference: SECUNIA:11872
Reference: URL:http://secunia.com/advisories/11872
Reference: XF:irix-page-dos(16417)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16417
Reference: BID:10549
Reference: URL:http://www.securityfocus.com/bid/10549
 

Votes:

Description:
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.

Status: Candidate
Phase: Assigned (20040211)
Reference: CONFIRM:http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg
Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: REDHAT:RHSA-2004:549
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
Reference: REDHAT:RHSA-2004:504
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-504.html
Reference: BID:18174
Reference: URL:http://www.securityfocus.com/bid/18174
Reference: SECUNIA:20162
Reference: URL:http://secunia.com/advisories/20162
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338
Reference: XF:linux-kernel-elfloader-dos(43124)
Reference: URL:http://xforce.iss.net/xforce/xfdb/43124
 

Votes:

Description:
Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.

Status: Candidate
Phase: Assigned (20040211)
Reference: SGI:20040905-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040905-01-P.asc
Reference: SECUNIA:12682
Reference: URL:http://secunia.com/advisories/12682
Reference: BID:11276
Reference: URL:http://www.securityfocus.com/bid/11276
Reference: XF:irix-bsda-kernel(17547)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17547
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040211)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040211)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040211)
 

Votes:

Description:
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.

Status: Candidate
Phase: Modified (20050518)
Reference: BUGTRAQ:20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634788029065&w=2
Reference: VULNWATCH:20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0034.html
Reference: MISC:http://www.pentest.co.uk/documents/ptl-2004-01.html
Reference: BID:9603
Reference: URL:http://www.securityfocus.com/bid/9603
Reference: XF:nokia-obex-dos(15107)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15107
 

Votes:

   ACCEPT(3) Cole, Armstrong, Cox
   NOOP(1) Wall

 Armstrong> I believe that Mobile phones, PDAs etc are all valid IT devices and should be included as part of the CVE.

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040212)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040212)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040212)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040212)
 

Votes:

Description:
Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges.

Status: Candidate
Phase: Assigned (20040213)
Reference: DEBIAN:DSA-451
Reference: URL:http://www.debian.org/security/2004/dsa-451
Reference: BID:9764
Reference: URL:http://www.securityfocus.com/bid/9764
Reference: XF:xboing-bo(15347)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15347
 

Votes:

Description:
Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands.

Status: Candidate
Phase: Assigned (20040213)
Reference: DEBIAN:DSA-462
Reference: URL:http://www.debian.org/security/2004/dsa-462
Reference: MISC:http://shellcode.org/Advisories/XITALK.txt
Reference: SECUNIA:11114
Reference: URL:http://secunia.com/advisories/11114/
Reference: BID:9851
Reference: URL:http://www.securityfocus.com/bid/9851
Reference: XF:xitalk-gain-privileges(15456)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15456
 

Votes:

Description:
Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames.

Status: Candidate
Phase: Assigned (20040213)
Reference: BUGTRAQ:20040325 Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108024939827236&w=2
Reference: DEBIAN:DSA-468
Reference: URL:http://www.debian.org/security/2004/dsa-468
Reference: SUSE:SuSE-SA:2004:008
Reference: XF:emil-email-bo(15601)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15601
 

Votes:

Description:
Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages.

Status: Candidate
Phase: Assigned (20040213)
Reference: BUGTRAQ:20040325 Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108024939827236&w=2
Reference: DEBIAN:DSA-468
Reference: URL:http://www.debian.org/security/2004/dsa-468
Reference: SUSE:SuSE-SA:2004:008
Reference: XF:emil-format-string(15602)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15602
 

Votes:

Description:
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.

Status: Candidate
Phase: Assigned (20040213)
Reference: REDHAT:RHSA-2004:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-072.html
Reference: TRUSTIX:2004-0009
Reference: URL:http://www.trustix.org/errata/misc/2004/TSL-2004-0009-nfs-utils.asc.txt
Reference: MISC:http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=114535
Reference: XF:nfs-utils-dns-dos(15418)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15418
Reference: BID:9813
Reference: URL:http://www.securityfocus.com/bid/9813
Reference: OVAL:oval:org.mitre.oval:def:861
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:861
 

Votes:

Description:
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.

Status: Candidate
Phase: Assigned (20040213)
Reference: BUGTRAQ:20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108136746911000&w=2
Reference: GENTOO:GLSA-200406-17
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml
Reference: MANDRAKE:MDKSA-2004:027
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:027
Reference: MANDRAKE:MDKSA-2004:069
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Reference: REDHAT:RHSA-2004:165
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-165.html
Reference: SCO:SCOSA-2005.10
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
Reference: CERT-VN:VU#552398
Reference: URL:http://www.kb.cert.org/vuls/id/552398
Reference: OVAL:oval:org.mitre.oval:def:945
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:945
Reference: SECUNIA:11328
Reference: URL:http://secunia.com/advisories/11328
 

Votes:

Description:
Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.

Status: Candidate
Phase: Assigned (20040213)
Reference: DEBIAN:DSA-485
Reference: URL:http://www.debian.org/security/2004/dsa-485
Reference: GENTOO:GLSA-200404-18
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-18.xml
Reference: BUGTRAQ:20040507 [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108403772130855&w=2
Reference: BID:10150
Reference: URL:http://www.securityfocus.com/bid/10150
Reference: OSVDB:5360
Reference: URL:http://www.osvdb.org/5360
Reference: OSVDB:5361
Reference: URL:http://www.osvdb.org/5361
Reference: SECTRACK:1009788
Reference: URL:http://securitytracker.com/id?1009788
Reference: SECUNIA:11378
Reference: URL:http://secunia.com/advisories/11378
Reference: SECUNIA:11384
Reference: URL:http://secunia.com/advisories/11384
Reference: SECUNIA:11485
Reference: URL:http://secunia.com/advisories/11485
Reference: SECUNIA:11571
Reference: URL:http://secunia.com/advisories/11571
Reference: XF:ssmtp-die-logevent-format-string(15872)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15872
 

Votes:

Description:
x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.

Status: Candidate
Phase: Assigned (20040213)
Reference: DEBIAN:DSA-484
Reference: URL:http://www.debian.org/security/2004/dsa-484
Reference: MISC:http://shellcode.org/Advisories/XONIX.txt
Reference: BID:10149
Reference: URL:http://www.securityfocus.com/bid/10149
Reference: OSVDB:5358
Reference: URL:http://www.osvdb.org/5358
Reference: SECTRACK:1009789
Reference: URL:http://securitytracker.com/id?1009789
Reference: SECUNIA:11382
Reference: URL:http://secunia.com/advisories/11382
Reference: XF:xonix-privilege-dropping(15873)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15873
 

Votes:

Description:
Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c.

Status: Candidate
Phase: Proposed (20040318)
Reference: BUGTRAQ:20040222 lbreakout2 < 2.4beta-2 local exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755821705356&w=2
Reference: DEBIAN:DSA-445
Reference: URL:http://www.debian.org/security/2004/dsa-445
Reference: CONFIRM:http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz
Reference: BID:9712
Reference: URL:http://www.securityfocus.com/bid/9712
Reference: XF:breakout2-home-bo(15229)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15229
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients.

Status: Candidate
Phase: Assigned (20040218)
Reference: BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109524928232568&w=2
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
Reference: XF:mime-tools-parameter-encoding(9274)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9274
 

Votes:

Description:
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients.

Status: Candidate
Phase: Assigned (20040218)
Reference: BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109517563513776&w=2
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
Reference: XF:mime-rfc822-filtering-bypass(17332)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17332
 

Votes:

Description:
Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session.

Status: Candidate
Phase: Assigned (20040218)
Reference: BUGTRAQ:20040810 Corsaire Security Advisory - Sygate Secure Enterprise replay issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109215685731675&w=2
Reference: MISC:http://www.corsaire.com/advisories/c031120-002.txt
Reference: XF:sse-replay-dos(16945)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16945
 

Votes:

Description:
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.

Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2
Reference: BUGTRAQ:20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: NETBSD:NetBSD-SA2004-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc
Reference: XF:openbsd-isakmp-initialcontact-delete-sa(14118)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14118
Reference: XF:openbsd-isakmp-invalidspi-delete-sa(14117)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14117
Reference: BID:9416
Reference: URL:http://www.securityfocus.com/bid/9416
Reference: BID:9417
Reference: URL:http://www.securityfocus.com/bid/9417
Reference: OVAL:oval:org.mitre.oval:def:947
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:947
 

Votes:

   ACCEPT(4) Baker, Cole, Armstrong, Cox
   NOOP(2) Christey, Wall

 CHANGE> [Cox changed vote from NOOP to ACCEPT]
 Christey> REDHAT:RHSA-2004:165
   URL:http://www.redhat.com/support/errata/RHSA-2004-165.html
 Christey> SCO:SCOSA-2005.10
   URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt

Description:
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."

Status: Candidate
Phase: Modified (20050510)
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: CERT-VN:VU#194238
Reference: URL:http://www.kb.cert.org/vuls/id/194238
Reference: SECUNIA:10959
Reference: URL:http://secunia.com/advisories/10959
Reference: XF:macosx-safari-unknown(14993)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14993
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."

Status: Candidate
Phase: Modified (20050808)
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: SECUNIA:10959
Reference: URL:http://secunia.com/advisories/10959/
Reference: XF:macos-corefoundation-unknown(15299)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15299
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040219)
 

Votes:

Description:
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.

Status: Candidate
Phase: Assigned (20040220)
Reference: FULLDISC:20031008 ltrace bug
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011600.html
Reference: FULLDISC:20031008 ltrace bug
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011610.html
Reference: BID:8790
Reference: URL:http://www.securityfocus.com/bid/8790
Reference: SECTRACK:1007896
Reference: URL:http://securitytracker.com/id?1007896
Reference: XF:ltrace-searchforcommand-bo(13389)
Reference: URL:http://xforce.iss.net/xforce/xfdb/13389
 

Votes:

Description:
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

Status: Candidate
Phase: Assigned (20040225)
Reference: BUGTRAQ:20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107973894328806&w=2
Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_1.3
Reference: SUNALERT:101555
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
Reference: TRUSTIX:2004-0017
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108066914830552&w=2
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: SUNALERT:57628
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:046
Reference: REDHAT:RHSA-2004:405
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-405.html
Reference: CERT-VN:VU#132110
Reference: URL:http://www.kb.cert.org/vuls/id/132110
Reference: OVAL:oval:org.mitre.oval:def:100110
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100110
Reference: SECUNIA:11170
Reference: URL:http://secunia.com/advisories/11170
Reference: BID:9921
Reference: URL:http://www.securityfocus.com/bid/9921
Reference: SECTRACK:1009495
Reference: URL:http://www.securitytracker.com/alerts/2004/Mar/1009495.html
Reference: OVAL:oval:org.mitre.oval:def:1982
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1982
Reference: XF:apache-socket-starvation-dos(15540)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15540
 

Votes:

Description:
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

Status: Candidate
Phase: Assigned (20040225)
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147
Reference: CONFIRM:http://www.juniper.net/support/security/alerts/adv59739.txt
Reference: CONECTIVA:CLSA-2004:831
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831
Reference: MANDRIVA:MDKSA-2005:100
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:100
Reference: MANDRIVA:MDVSA-2008:191
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:191
Reference: REDHAT:RHSA-2005:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-106.html
Reference: REDHAT:RHSA-2005:074
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-074.html
Reference: REDHAT:RHSA-2005:165
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-165.html
Reference: REDHAT:RHSA-2005:481
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-481.html
Reference: REDHAT:RHSA-2005:495
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-495.html
Reference: REDHAT:RHSA-2005:562
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-562.html
Reference: REDHAT:RHSA-2005:567
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-567.html
Reference: SCO:SCOSA-2006.11
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt
Reference: SUSE:SuSE-SA:2004:009
Reference: URL:http://www.novell.com/linux/security/advisories/2004_09_kernel.html
Reference: CIAC:O-212
Reference: URL:http://www.ciac.org/ciac/bulletins/o-212.shtml
Reference: BID:9986
Reference: URL:http://www.securityfocus.com/bid/9986
Reference: OSVDB:9550
Reference: URL:http://www.osvdb.org/9550
Reference: SECUNIA:19243
Reference: URL:http://secunia.com/advisories/19243
Reference: SECUNIA:17135
Reference: URL:http://secunia.com/advisories/17135
Reference: XF:openssh-scp-file-overwrite(16323)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16323
 

Votes:

Description:
Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

Status: Candidate
Phase: Assigned (20040225)
Reference: BUGTRAQ:20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108007072215742&w=2
Reference: MISC:http://security.e-matters.de/advisories/032004.html
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00013.html
Reference: DEBIAN:DSA-511
Reference: URL:http://www.debian.org/security/2004/dsa-511
Reference: BUGTRAQ:20040329 LNSA-#2004-0007: Multiple security problems in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108058005324316&w=2
Reference: GENTOO:GLSA-200403-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-07.xml
Reference: REDHAT:RHSA-2004:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-136.html
Reference: REDHAT:RHSA-2004:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-137.html
Reference: CONECTIVA:CLA-2004:835
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835
Reference: MANDRAKE:MDKSA-2004:024
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:024
Reference: BUGTRAQ:20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108213710306260&w=2
Reference: CERT-VN:VU#119876
Reference: URL:http://www.kb.cert.org/vuls/id/119876
Reference: CERT-VN:VU#125156
Reference: URL:http://www.kb.cert.org/vuls/id/125156
Reference: CERT-VN:VU#433596
Reference: URL:http://www.kb.cert.org/vuls/id/433596
Reference: CERT-VN:VU#591820
Reference: URL:http://www.kb.cert.org/vuls/id/591820
Reference: CERT-VN:VU#644886
Reference: URL:http://www.kb.cert.org/vuls/id/644886
Reference: CERT-VN:VU#659140
Reference: URL:http://www.kb.cert.org/vuls/id/659140
Reference: CERT-VN:VU#740188
Reference: URL:http://www.kb.cert.org/vuls/id/740188
Reference: CERT-VN:VU#864884
Reference: URL:http://www.kb.cert.org/vuls/id/864884
Reference: CERT-VN:VU#931588
Reference: URL:http://www.kb.cert.org/vuls/id/931588
Reference: OSVDB:6893
Reference: URL:http://www.osvdb.org/6893
Reference: OVAL:oval:org.mitre.oval:def:878
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:878
Reference: OVAL:oval:org.mitre.oval:def:887
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:887
Reference: SECUNIA:11185
Reference: URL:http://secunia.com/advisories/11185
Reference: XF:ethereal-multiple-dissectors-bo(15569)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15569
 

Votes:

Description:
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Status: Candidate
Phase: Assigned (20040225)
Reference: CONECTIVA:CLA-2004:846
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Reference: DEBIAN:DSA-479
Reference: URL:http://www.debian.org/security/2004/dsa-479
Reference: DEBIAN:DSA-480
Reference: URL:http://www.debian.org/security/2004/dsa-480
Reference: DEBIAN:DSA-481
Reference: URL:http://www.debian.org/security/2004/dsa-481
Reference: DEBIAN:DSA-482
Reference: URL:http://www.debian.org/security/2004/dsa-482
Reference: DEBIAN:DSA-489
Reference: URL:http://www.debian.org/security/2004/dsa-489
Reference: DEBIAN:DSA-491
Reference: URL:http://www.debian.org/security/2004/dsa-491
Reference: DEBIAN:DSA-495
Reference: URL:http://www.debian.org/security/2004/dsa-495
Reference: ENGARDE:ESA-20040428-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Reference: FEDORA:FLSA:2336
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:029
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Reference: REDHAT:RHSA-2004:166
Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-166.html
Reference: REDHAT:RHSA-2005:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
Reference: REDHAT:RHSA-2004:504
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-504.html
Reference: REDHAT:RHSA-2004:505
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-505.html
Reference: TRUSTIX:2004-0020
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
Reference: MISC:http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ
Reference: CIAC:O-121
Reference: URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
Reference: CIAC:O-126
Reference: URL:http://www.ciac.org/ciac/bulletins/o-126.shtml
Reference: CIAC:O-127
Reference: URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
Reference: BID:10152
Reference: URL:http://www.securityfocus.com/bid/10152
Reference: XF:linux-ext3-info-disclosure(15867)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15867
 

Votes:

Description:
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

Status: Candidate
Phase: Assigned (20040225)
Reference: CONECTIVA:CLA-2004:846
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Reference: DEBIAN:DSA-479
Reference: URL:http://www.debian.org/security/2004/dsa-479
Reference: DEBIAN:DSA-480
Reference: URL:http://www.debian.org/security/2004/dsa-480
Reference: DEBIAN:DSA-481
Reference: URL:http://www.debian.org/security/2004/dsa-481
Reference: DEBIAN:DSA-482
Reference: URL:http://www.debian.org/security/2004/dsa-482
Reference: DEBIAN:DSA-489
Reference: URL:http://www.debian.org/security/2004/dsa-489
Reference: DEBIAN:DSA-491
Reference: URL:http://www.debian.org/security/2004/dsa-491
Reference: DEBIAN:DSA-495
Reference: URL:http://www.debian.org/security/2004/dsa-495
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:029
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Reference: REDHAT:RHSA-2004:413
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
Reference: REDHAT:RHSA-2004:437
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-437.html
Reference: SGI:20040804-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
Reference: MISC:http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
Reference: CIAC:O-121
Reference: URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
Reference: CIAC:O-127
Reference: URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
Reference: CIAC:O-193
Reference: URL:http://www.ciac.org/ciac/bulletins/o-193.shtml
Reference: BID:9985
Reference: URL:http://www.securityfocus.com/bid/9985
Reference: XF:linux-sound-blaster-dos(15868)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15868
 

Votes:

Description:
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20040225)
Reference: BUGTRAQ:20040416 void.at - neon format string bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108214147022626&w=2
Reference: DEBIAN:DSA-487
Reference: URL:http://www.debian.org/security/2004/dsa-487
Reference: FEDORA:FEDORA-2004-1552
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=1552
Reference: REDHAT:RHSA-2004:157
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-157.html
Reference: REDHAT:RHSA-2004:158
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-158.html
Reference: REDHAT:RHSA-2004:159
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-159.html
Reference: REDHAT:RHSA-2004:160
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-160.html
Reference: SGI:20040404-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
Reference: SUSE:SuSE-SA:2004:008
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html
Reference: SUSE:SuSE-SA:2004:009
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html
Reference: BUGTRAQ:20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108213873203477&w=2
Reference: GENTOO:GLSA-200405-01
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-01.xml
Reference: GENTOO:GLSA-200405-04
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-04.xml
Reference: MANDRAKE:MDKSA-2004:032
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:032
Reference: BID:10136
Reference: URL:http://www.securityfocus.com/bid/10136
Reference: OSVDB:5365
Reference: URL:http://www.osvdb.org/5365
Reference: OVAL:oval:org.mitre.oval:def:1065
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1065
Reference: SECUNIA:11363
Reference: URL:http://secunia.com/advisories/11363
 

Votes:

Description:
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.

Status: Candidate
Phase: Assigned (20040225)
Reference: DEBIAN:DSA-486
Reference: URL:http://www.debian.org/security/2004/dsa-486
Reference: FEDORA:FEDORA-2004-1620
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108636445031613&w=2
Reference: FREEBSD:FreeBSD-SA-04:07
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
Reference: GENTOO:GLSA-200404-13
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-13.xml
Reference: MANDRAKE:MDKSA-2004:028
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:028
Reference: REDHAT:RHSA-2004:153
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-153.html
Reference: REDHAT:RHSA-2004:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-154.html
Reference: SGI:20040404-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
Reference: SLACKWARE:SSA:2004-108-02
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
Reference: SUSE:SuSE-SA:2004:008
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
Reference: OVAL:oval:org.mitre.oval:def:1042
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1042
Reference: SECUNIA:11368
Reference: URL:http://secunia.com/advisories/11368
Reference: SECUNIA:11371
Reference: URL:http://secunia.com/advisories/11371
Reference: SECUNIA:11374
Reference: URL:http://secunia.com/advisories/11374
Reference: SECUNIA:11375
Reference: URL:http://secunia.com/advisories/11375
Reference: SECUNIA:11377
Reference: URL:http://secunia.com/advisories/11377
Reference: SECUNIA:11380
Reference: URL:http://secunia.com/advisories/11380
Reference: SECUNIA:11391
Reference: URL:http://secunia.com/advisories/11391
Reference: SECUNIA:11400
Reference: URL:http://secunia.com/advisories/11400
Reference: SECUNIA:11405
Reference: URL:http://secunia.com/advisories/11405
Reference: SECUNIA:11548
Reference: URL:http://secunia.com/advisories/11548
Reference: XF:cvs-rcs-create-files(15864)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15864
 

Votes:

Description:
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.

Status: Candidate
Phase: Assigned (20040225)
Reference: ENGARDE:ESA-20040428-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:029
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Reference: REDHAT:RHSA-2005:663
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-663.html
Reference: REDHAT:RHSA-2004:504
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-504.html
Reference: TRUSTIX:2004-0020
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
Reference: TURBO:TLSA-2004-14
Reference: URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
Reference: BID:10143
Reference: URL:http://www.securityfocus.com/bid/10143
Reference: FRSIRT:ADV-2005-1878
Reference: URL:http://www.frsirt.com/english/advisories/2005/1878
Reference: SECUNIA:17002
Reference: URL:http://secunia.com/advisories/17002
Reference: XF:linux-jfs-info-disclosure(15902)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15902
 

Votes:

Description:
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.

Status: Candidate
Phase: Assigned (20040225)
Reference: REDHAT:RHSA-2004:156
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-156.html
Reference: SGI:20040404-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
 

Votes:

Description:
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040302)
Reference: BUGTRAQ:20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0017.html
Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt
Reference: DEBIAN:DSA-478
Reference: URL:http://www.debian.org/security/2004/dsa-478
Reference: FEDORA:FEDORA-2004-1468
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=1468
Reference: REDHAT:RHSA-2004:219
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-219.html
Reference: TRUSTIX:2004-0015
Reference: URL:http://www.trustix.org/errata/2004/0015
Reference: CERT-VN:VU#240790
Reference: URL:http://www.kb.cert.org/vuls/id/240790
Reference: BID:10003
Reference: URL:http://www.securityfocus.com/bid/10003
Reference: OVAL:oval:org.mitre.oval:def:972
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:972
Reference: SECTRACK:1009593
Reference: URL:http://securitytracker.com/id?1009593
Reference: SECUNIA:11258
Reference: URL:http://secunia.com/advisories/11258
Reference: SECUNIA:11320
Reference: URL:http://secunia.com/advisories/11320
Reference: XF:tcpdump-isakmp-delete-bo(15680)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15680
 

Votes:

Description:
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040302)
Reference: BUGTRAQ:20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0017.html
Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt
Reference: DEBIAN:DSA-478
Reference: URL:http://www.debian.org/security/2004/dsa-478
Reference: FEDORA:FEDORA-2004-1468
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=1468
Reference: REDHAT:RHSA-2004:219
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-219.html
Reference: TRUSTIX:2004-0015
Reference: URL:http://www.trustix.org/errata/2004/0015
Reference: CERT-VN:VU#492558
Reference: URL:http://www.kb.cert.org/vuls/id/492558
Reference: BID:10004
Reference: URL:http://www.securityfocus.com/bid/10004
Reference: OVAL:oval:org.mitre.oval:def:976
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:976
Reference: SECTRACK:1009593
Reference: URL:http://securitytracker.com/id?1009593
Reference: SECUNIA:11258
Reference: URL:http://secunia.com/advisories/11258
Reference: XF:tcpdump-isakmp-integer-underflow(15679)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15679
 

Votes:

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0185. Reason: This candidate is a reservation duplicate of CVE-2004-0185. Notes: All CVE users should reference CVE-2004-0185 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20040302)
 

Votes:

Description:
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.

Status: Candidate
Phase: Modified (20040813)
Reference: BUGTRAQ:20040227 Symantec Gateway Security Management Service Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107790684732458&w=2
Reference: BID:9755
Reference: URL:http://www.securityfocus.com/bid/9755
Reference: XF:symantecgateway-error-xss(15330)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15330
 

Votes:

   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(2) Wall, Cox

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040309)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040309)
 

Votes:

Description:
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-014.asp
Reference: CERT:TA04-104A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Reference: CERT-VN:VU#740716
Reference: URL:http://www.kb.cert.org/vuls/id/740716
Reference: BID:10112
Reference: URL:http://www.securityfocus.com/bid/10112
Reference: OVAL:oval:org.mitre.oval:def:968
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:968
Reference: XF:msjet-query-execute-code(15703)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15703
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040311)
 

Votes:

Description:
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20040512 MS04-015 - Windows Help Center - Dvdupgrade
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437759930820&w=2
Reference: FULLDISC:20040512 MS04-015 - Windows Help Center - Dvdupgrade
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=108430407801825&w=2
Reference: MISC:http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt
Reference: MS:MS04-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx
Reference: CERT-VN:VU#484814
Reference: URL:http://www.kb.cert.org/vuls/id/484814
Reference: XF:win-hcp-code-execution(16095)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16095
Reference: BID:10321
Reference: URL:http://www.securityfocus.com/bid/10321
Reference: OVAL:oval:org.mitre.oval:def:1008
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1008
Reference: OVAL:oval:org.mitre.oval:def:1032
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1032
 

Votes:

Description:
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109524346729948&w=2
Reference: MS:MS04-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-028.asp
Reference: CERT:TA04-260A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-260A.html
Reference: CERT-VN:VU#297462
Reference: URL:http://www.kb.cert.org/vuls/id/297462
Reference: OVAL:oval:org.mitre.oval:def:1105
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1105
Reference: OVAL:oval:org.mitre.oval:def:1721
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1721
Reference: OVAL:oval:org.mitre.oval:def:2706
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2706
Reference: OVAL:oval:org.mitre.oval:def:3038
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3038
Reference: OVAL:oval:org.mitre.oval:def:3082
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3082
Reference: OVAL:oval:org.mitre.oval:def:3320
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3320
Reference: OVAL:oval:org.mitre.oval:def:3810
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3810
Reference: OVAL:oval:org.mitre.oval:def:3881
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3881
Reference: OVAL:oval:org.mitre.oval:def:4003
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4003
Reference: OVAL:oval:org.mitre.oval:def:4216
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4216
Reference: OVAL:oval:org.mitre.oval:def:4307
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4307
Reference: XF:win-jpeg-bo(16304)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16304
 

Votes:

Description:
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

Status: Candidate
Phase: Assigned (20040311)
Reference: FULLDISC:20040714 HtmlHelp - .CHM File Heap Overflow
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023919.html
Reference: MS:MS04-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx
Reference: CERT:TA04-196A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Reference: CERT-VN:VU#920060
Reference: URL:http://www.kb.cert.org/vuls/id/920060
Reference: XF:win-htmlhelp-execute-code(16586)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16586
Reference: OVAL:oval:org.mitre.oval:def:1503
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1503
Reference: OVAL:oval:org.mitre.oval:def:1530
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1530
Reference: OVAL:oval:org.mitre.oval:def:2155
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2155
Reference: OVAL:oval:org.mitre.oval:def:3179
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3179
 

Votes:

Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-016.asp
Reference: BID:10487
Reference: URL:http://www.securityfocus.com/bid/10487
Reference: OSVDB:6742
Reference: URL:http://www.osvdb.org/6742
Reference: OVAL:oval:org.mitre.oval:def:1027
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1027
Reference: OVAL:oval:org.mitre.oval:def:2190
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2190
Reference: OVAL:oval:org.mitre.oval:def:2413
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2413
Reference: OVAL:oval:org.mitre.oval:def:2516
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2516
Reference: OVAL:oval:org.mitre.oval:def:2705
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2705
Reference: SECUNIA:11802
Reference: URL:http://secunia.com/advisories/11802
Reference: XF:ms-directx-directplay-dos(16306)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16306
 

Votes:

Description:
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-026.mspx
Reference: CERT-VN:VU#948750
Reference: URL:http://www.kb.cert.org/vuls/id/948750
Reference: OVAL:oval:org.mitre.oval:def:2016
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2016
Reference: XF:exchange-owa-execute-code(16583)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16583
 

Votes:

Description:
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20040502 Crystal Reports Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108360413811017&w=2
Reference: BUGTRAQ:20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108671836127360&w=2
Reference: CONFIRM:http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
Reference: MS:MS04-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-017.asp
Reference: BID:10260
Reference: URL:http://www.securityfocus.com/bid/10260
Reference: OSVDB:6748
Reference: URL:http://www.osvdb.org/6748
Reference: OVAL:oval:org.mitre.oval:def:1157
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1157
Reference: SECUNIA:11800
Reference: URL:http://secunia.com/advisories/11800
Reference: XF:crystalreports-file-deletion(16044)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16044
 

Votes:

Description:
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-021.asp
Reference: CERT:TA04-196A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Reference: CERT-VN:VU#717748
Reference: URL:http://www.kb.cert.org/vuls/id/717748
Reference: CIAC:O-179
Reference: URL:http://www.ciac.org/ciac/bulletins/o-179.shtml
Reference: BID:10706
Reference: URL:http://www.securityfocus.com/bid/10706
Reference: OSVDB:7799
Reference: URL:http://www.osvdb.org/7799
Reference: OVAL:oval:org.mitre.oval:def:2204
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2204
Reference: SECUNIA:12061
Reference: URL:http://secunia.com/advisories/12061
Reference: XF:iis-redirect-bo(16578)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16578
 

Votes:

Description:
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20041013 Microsoft Windows NetDDE Service Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109786703930674&w=2
Reference: MS:MS04-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-031.asp
Reference: CERT-VN:VU#640488
Reference: URL:http://www.kb.cert.org/vuls/id/640488
Reference: BID:11372
Reference: URL:http://www.securityfocus.com/bid/11372
Reference: OVAL:oval:org.mitre.oval:def:1852
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1852
Reference: OVAL:oval:org.mitre.oval:def:2394
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2394
Reference: OVAL:oval:org.mitre.oval:def:3120
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3120
Reference: OVAL:oval:org.mitre.oval:def:3242
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3242
Reference: OVAL:oval:org.mitre.oval:def:4592
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4592
Reference: OVAL:oval:org.mitre.oval:def:5074
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5074
Reference: OVAL:oval:org.mitre.oval:def:6788
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6788
Reference: XF:win-netdde-bo(16556)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16556
Reference: XF:win-ms04031-patch(17657)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17657
Reference: SECUNIA:12803
Reference: URL:http://secunia.com/advisories/12803/
 

Votes:

Description:
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20041013 SetWindowLong Shatter Attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109777417922695&w=2
Reference: MS:MS04-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-032.asp
Reference: XF:win-mngmt-api-gain-privileges(16579)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16579
Reference: XF:win-ms04032-patch(17658)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17658
Reference: CERT-VN:VU#218526
Reference: URL:http://www.kb.cert.org/vuls/id/218526
 

Votes:

Description:
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20041013 EEYE: Windows VDM #UD Local Privilege Escalation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109772135404427&w=2
Reference: MS:MS04-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-032.asp
Reference: OVAL:oval:org.mitre.oval:def:1751
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1751
Reference: OVAL:oval:org.mitre.oval:def:3161
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3161
Reference: OVAL:oval:org.mitre.oval:def:3953
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3953
Reference: OVAL:oval:org.mitre.oval:def:4316
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4316
Reference: OVAL:oval:org.mitre.oval:def:4762
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4762
Reference: XF:win-ms04032-patch(17658)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17658
Reference: XF:win-vdm-gain-privilege(16580)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16580
Reference: CERT-VN:VU#910998
Reference: URL:http://www.kb.cert.org/vuls/id/910998
 

Votes:

Description:
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-032.asp
Reference: BUGTRAQ:20041019 [EXPL] (MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109829067325779&w=2
Reference: BID:11375
Reference: URL:http://www.securityfocus.com/bid/11375
Reference: OVAL:oval:org.mitre.oval:def:1872
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1872
Reference: OVAL:oval:org.mitre.oval:def:2114
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2114
Reference: OVAL:oval:org.mitre.oval:def:2428
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2428
Reference: XF:win-emf-bo(16581)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16581
Reference: XF:win-ms04032-patch(17658)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17658
Reference: CERT-VN:VU#806278
Reference: URL:http://www.kb.cert.org/vuls/id/806278
 

Votes:

Description:
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-020.asp
Reference: CERT:TA04-196A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Reference: CERT-VN:VU#647436
Reference: URL:http://www.kb.cert.org/vuls/id/647436
Reference: XF:win-posix-bo(16590)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16590
Reference: OVAL:oval:org.mitre.oval:def:2166
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2166
Reference: OVAL:oval:org.mitre.oval:def:2847
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2847
 

Votes:

Description:
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-032.asp
Reference: OVAL:oval:org.mitre.oval:def:4893
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4893
Reference: XF:win2k3-kernel-cpu-dos(16582)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16582
Reference: XF:win-ms04032-patch(17658)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17658
Reference: CERT-VN:VU#119262
Reference: URL:http://www.kb.cert.org/vuls/id/119262
 

Votes:

Description:
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20040714 Microsoft Windows Task Scheduler '.job' Stack Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108981273009250&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/mstaskjob.txt
Reference: BUGTRAQ:20040714 Unchecked buffer in mstask.dll
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108981403025596&w=2
Reference: MS:MS04-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-022.asp
Reference: CERT:TA04-196A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Reference: CERT-VN:VU#228028
Reference: URL:http://www.kb.cert.org/vuls/id/228028
Reference: OVAL:oval:org.mitre.oval:def:1344
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1344
Reference: OVAL:oval:org.mitre.oval:def:1781
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1781
Reference: OVAL:oval:org.mitre.oval:def:1964
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1964
Reference: OVAL:oval:org.mitre.oval:def:3428
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3428
Reference: SECUNIA:12060
Reference: URL:http://secunia.com/advisories/12060
Reference: XF:win-taskscheduler-bo(16591)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16591
 

Votes:

Description:
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20040713 Microsoft Window Utility Manager Local Elevation of Privileges
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108975382413405&w=2
Reference: MS:MS04-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-019.asp
Reference: CERT:TA04-196A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Reference: CERT-VN:VU#868580
Reference: URL:http://www.kb.cert.org/vuls/id/868580
Reference: XF:win-utilitymanager-gain-privileges(16592)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16592
Reference: OVAL:oval:org.mitre.oval:def:2495
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2495
 

Votes:

Description:
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.
Reference: URL:http://seclists.org/lists/bugtraq/2004/Apr/0322.html
Reference: FULLDISC:20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.
Reference: URL:http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html
Reference: MS:MS04-037
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-037.mspx
Reference: MSKB:322857
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;en-us;322857
Reference: CERT-VN:VU#616200
Reference: URL:http://www.kb.cert.org/vuls/id/616200
Reference: MISC:http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html
Reference: BID:10213
Reference: URL:http://www.securityfocus.com/bid/10213
Reference: OSVDB:5687
Reference: URL:http://www.osvdb.org/5687
Reference: OVAL:oval:org.mitre.oval:def:1601
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1601
Reference: OVAL:oval:org.mitre.oval:def:1749
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1749
Reference: OVAL:oval:org.mitre.oval:def:2638
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2638
Reference: OVAL:oval:org.mitre.oval:def:4345
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4345
Reference: OVAL:oval:org.mitre.oval:def:5307
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5307
Reference: SECTRACK:1011647
Reference: URL:http://securitytracker.com/id?1011647
Reference: SECUNIA:11482
Reference: URL:http://secunia.com/advisories/11482/
Reference: XF:win-long-fileshare-bo(15956)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15956
Reference: XF:win-ms04037-patch(17662)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17662
 

Votes:

Description:
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.

Status: Candidate
Phase: Assigned (20040311)
Reference: MS:MS04-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-018.asp
Reference: CERT:TA04-196A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Reference: CERT-VN:VU#869640
Reference: URL:http://www.kb.cert.org/vuls/id/869640
Reference: XF:outlook-malformed-email-header-dos(16585)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16585
Reference: OVAL:oval:org.mitre.oval:def:1950
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1950
Reference: OVAL:oval:org.mitre.oval:def:2137
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2137
Reference: OVAL:oval:org.mitre.oval:def:2657
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2657
Reference: OVAL:oval:org.mitre.oval:def:3376
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3376
 

Votes:

Description:
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.

Status: Candidate
Phase: Assigned (20040311)
Reference: BUGTRAQ:20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109760693512754&w=2
Reference: BUGTRAQ:20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616383332055&w=2
Reference: NTBUGTRAQ:20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=110619893620517&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/msinsengfull.txt
Reference: MS:MS04-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-038.asp
Reference: CERT:TA04-293A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-293A.html
Reference: CERT-VN:VU#637760
Reference: URL:http://www.kb.cert.org/vuls/id/637760
Reference: OVAL:oval:org.mitre.oval:def:5316
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5316
Reference: OVAL:oval:org.mitre.oval:def:5329
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5329
Reference: OVAL:oval:org.mitre.oval:def:6100
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6100
Reference: OVAL:oval:org.mitre.oval:def:6600
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6600
Reference: OVAL:oval:org.mitre.oval:def:7717
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7717
Reference: OVAL:oval:org.mitre.oval:def:7865
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7865
Reference: XF:ie-installenginectl-setciffile-bo(17620)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17620
Reference: XF:ie-ms04038-patch(17651)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17651
 

Votes:

Description:
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

Status: Candidate
Phase: Proposed (20040318)
Reference: BUGTRAQ:20040216 Possible race condition in Symantec AntiVirus Scan Engine for Red
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694800908164&w=2
Reference: XF:symantec-scanengine-race-condition(15215)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15215
Reference: BID:9662
Reference: URL:http://www.securityfocus.com/bid/9662
 

Votes:

   ACCEPT(2) Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Cox
   REVIEWING(1) Wall

 Frech> XF:symantec-scanengine-race-condition(15215)
   http://xforce.iss.net/xforce/xfdb/15215

Description:
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040313)
Reference: BUGTRAQ:20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0018.html
Reference: OPENBSD:20040317 015: RELIABILITY FIX: March 17, 2004
Reference: URL:http://www.openbsd.org/errata.html
Reference: CERT-VN:VU#349113
Reference: URL:http://www.kb.cert.org/vuls/id/349113
Reference: BID:10028
Reference: URL:http://www.securityfocus.com/bid/10028
Reference: SECTRACK:1009468
Reference: URL:http://www.securitytracker.com/alerts/2004/Mar/1009468.html
Reference: SECUNIA:11156
Reference: URL:http://secunia.com/advisories/11156
Reference: XF:openbsd-isakmp-zerolength-dos(15518)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15518
 

Votes:

Description:
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040313)
Reference: BUGTRAQ:20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0018.html
Reference: OPENBSD:20040317 015: RELIABILITY FIX: March 17, 2004
Reference: URL:http://www.openbsd.org/errata.html
Reference: CERT-VN:VU#785945
Reference: URL:http://www.kb.cert.org/vuls/id/785945
Reference: BID:9907
Reference: URL:http://www.securityfocus.com/bid/9907
Reference: SECTRACK:1009468
Reference: URL:http://www.securitytracker.com/alerts/2004/Mar/1009468.html
Reference: XF:openbsd-isakmp-ipsec-dos(15628)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15628
 

Votes:

Description:
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via a an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040313)
Reference: BUGTRAQ:20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0018.html
Reference: OPENBSD:20040317 015: RELIABILITY FIX: March 17, 2004
Reference: URL:http://www.openbsd.org/errata.html
Reference: CERT-VN:VU#223273
Reference: URL:http://www.kb.cert.org/vuls/id/223273
Reference: BID:9907
Reference: URL:http://www.securityfocus.com/bid/9907
Reference: SECTRACK:1009468
Reference: URL:http://www.securitytracker.com/alerts/2004/Mar/1009468.html
Reference: XF:openbsd-isakmp-integer-underflow(15629)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15629
 

Votes:

Description:
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040313)
Reference: BUGTRAQ:20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0018.html
Reference: OPENBSD:20040317 015: RELIABILITY FIX: March 17, 2004
Reference: URL:http://www.openbsd.org/errata.html
Reference: CERT-VN:VU#524497
Reference: URL:http://www.kb.cert.org/vuls/id/524497
Reference: BID:9907
Reference: URL:http://www.securityfocus.com/bid/9907
Reference: SECTRACK:1009468
Reference: URL:http://www.securitytracker.com/alerts/2004/Mar/1009468.html
Reference: XF:openbsd-isakmp-delete-dos(15630)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15630
 

Votes:

Description:
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Status: Candidate
Phase: Assigned (20040313)
Reference: BUGTRAQ:20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0018.html
Reference: OPENBSD:20040317 015: RELIABILITY FIX: March 17, 2004
Reference: URL:http://www.openbsd.org/errata.html
Reference: CERT-VN:VU#996177
Reference: URL:http://www.kb.cert.org/vuls/id/996177
Reference: BID:10028
Reference: URL:http://www.securityfocus.com/bid/10032
Reference: SECTRACK:1009468
Reference: URL:http://www.securitytracker.com/alerts/2004/Mar/1009468.html
Reference: XF:openbsd-isakmp-memory-leak(15519)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15519
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040315)
 

Votes:

Description:
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

Status: Candidate
Phase: Modified (20050719)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=5767
Reference: SECUNIA:11087
Reference: URL:http://secunia.com/advisories/11087/
Reference: BID:9845
Reference: URL:http://www.securityfocus.com/bid/9845
Reference: XF:courier-codeset-converter-bo(15434)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15434
 

Votes:

   ACCEPT(4) Baker, Cole, Armstrong, Cox
   MODIFY(1) Frech
   NOOP(3) Green, Christey, Wall

 Frech> XF:courier-codeset-converter-bo(15434)
   http://xforce.iss.net/xforce/xfdb/15434
 Christey> BUGTRAQ:20040329 [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108058112903373&w=2
 Christey> BUGTRAQ:20040329 [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108058112903373&w=2
 Christey> MISC:http://www.debian.org/security/nonvulns-woody#CVE-2004-0075
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20040316)
 

Votes:

Description:
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Status: Candidate
Phase: Assigned (20040317)
Reference: DEBIAN:DSA-497
Reference: URL:http://www.debian.org/security/2004/dsa-497
Reference: MANDRAKE:MDKSA-2004:039
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:039
Reference: SUSE:SuSE-SA:2004:012
Reference: URL:http://www.novell.com/linux/security/advisories/2004_12_mc.html
Reference: REDHAT:RHSA-2004:172
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-172.html
Reference: GENTOO:GLSA-200405-21
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-21.xml
Reference: XF:midnight-commander-local-privileges(16016)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16016
 

Votes:

Description:
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.

Status: Candidate
Phase: Assigned (20040317)
Reference: CONFIRM:http://www.zoneminder.com/index.php?id=20&type=0&backPID=20&tt_news=29
Reference: XF:zoneminder-zms-bo(16136)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16136
Reference: BID:10340
Reference: URL:http://www.securityfocus.com/bid/10340
 

Votes:

Description:
Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20040317)
Reference: CONECTIVA:CLA-2004:852
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
Reference: FEDORA:FEDORA-2004-111
Reference: URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:050
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:050
Reference: SUSE:SuSE-SA:2004:010
Reference: URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
Reference: SECUNIA:11429
Reference: URL:http://secunia.com/advisories/11429
Reference: SECUNIA:11464
Reference: URL:http://secunia.com/advisories/11464
Reference: SECUNIA:11486
Reference: URL:http://secunia.com/advisories/11486
Reference: SECUNIA:11491
Reference: URL:http://secunia.com/advisories/11491
Reference: SECUNIA:11683
Reference: URL:http://secunia.com/advisories/11683
Reference: XF:linux-cpufreq-info-disclosure(15951)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15951
 

Votes:

Description:
The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.

Status: Candidate
Phase: Assigned (20040317)
Reference: CONECTIVA:CLA-2004:852
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
Reference: GENTOO:GLSA-200407-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
Reference: MANDRAKE:MDKSA-2004:037
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:037
Reference: SUSE:SuSE-SA:2004:010
Reference: URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
Reference: BID:10211
Reference: URL:http://www.securityfocus.com/bid/10211
Reference: XF:linux-framebuffer(15974)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15974
 

Votes:

Description:
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Status: Candidate
Phase: Assigned (20040317)
Reference: CISCO:20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
Reference: CONFIRM:http://www.juniper.net/support/alert.html
Reference: HP:SSRT4696
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108506952116653&w=2
Reference: HP:HPSBST02161
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded
Reference: HP:SSRT061264
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded
Reference: MS:MS05-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
Reference: MS:MS06-064
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx
Reference: NETBSD:NetBSD-SA2004-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
Reference: SCO:SCOSA-2005.3
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt
Reference: SCO:SCOSA-2005.9
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt
Reference: SCO:SCOSA-2005.14
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt
Reference: SGI:20040403-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc
Reference: CERT:TA04-111A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-111A.html
Reference: CERT-VN:VU#415294
Reference: URL:http://www.kb.cert.org/vuls/id/415294
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/236929/index.htm
Reference: BUGTRAQ:20040425 Perl code exploting TCP not checking RST ACK.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108302060014745&w=2
Reference: BID:10183
Reference: URL:http://www.securityfocus.com/bid/10183
Reference: FRSIRT:ADV-2006-3983
Reference: URL:http://www.frsirt.com/english/advisories/2006/3983
Reference: OSVDB:4030
Reference: URL:http://www.osvdb.org/4030
Reference: OVAL:oval:org.mitre.oval:def:4791
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4791
Reference: OVAL:oval:org.mitre.oval:def:2689
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2689
Reference: OVAL:oval:org.mitre.oval:def:3508
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3508
Reference: OVAL:oval:org.mitre.oval:def:270
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:270
Reference: SECUNIA:11440
Reference: URL:http://secunia.com/advisories/11440
Reference: SECUNIA:11458
Reference: URL:http://secunia.com/advisories/11458
Reference: SECUNIA:22341
Reference: URL:http://secunia.com/advisories/22341
Reference: XF:tcp-rst-dos(15886)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15886
 

Votes:

Description:
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

Status: Candidate
Phase: Assigned (20040317)
Reference: DEBIAN:DSA-497
Reference: URL:http://www.debian.org/security/2004/dsa-497
Reference: MANDRAKE:MDKSA-2004:039
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:039
Reference: SUSE:SuSE-SA:2004:012
Reference: URL:http://www.novell.com/linux/security/advisories/2004_12_mc.html
Reference: REDHAT:RHSA-2004:172
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-172.html
Reference: GENTOO:GLSA-200405-21
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-21.xml
Reference: XF:midnight-commander-insecure-files(16020)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16020
 

Votes:

Description:
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Status: Candidate
Phase: Assigned (20040317)
Reference: DEBIAN:DSA-497
Reference: URL:http://www.debian.org/security/2004/dsa-497
Reference: MANDRAKE:MDKSA-2004:039
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:039
Reference: SUSE:SuSE-SA:2004:012
Reference: URL:http://www.novell.com/linux/security/advisories/2004_12_mc.html
Reference: REDHAT:RHSA-2004:172
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-172.html
Reference: GENTOO:GLSA-200405-21
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-21.xml
Reference: XF:midnight-commander-format-string(16021)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16021
 

Votes:

Description:
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

Status: Candidate
Phase: Assigned (20040317)
Reference: MANDRAKE:MDKSA-2004:031
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:031
Reference: REDHAT:RHSA-2004:174
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-174.html
Reference: REDHAT:RHSA-2004:175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-175.html
Reference: SLACKWARE:SSA:2004-110
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389
Reference: GENTOO:GLSA-200405-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-05.xml
Reference: BID:10178
Reference: URL:http://www.securityfocus.com/bid/10178
Reference: XF:utemper-symlink(15904)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15904
Reference: OVAL:oval:org.mitre.oval:def:979
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:979