MidnightBSD

Advisories for astaro

CVE-2002-0029 HIGH

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.7
isc bind 4.9.9
isc bind 4.9.10
isc bind 4.9.5
isc bind 4.9.8
astaro security_linux 2.0.23
astaro security_linux 2.0.24
astaro security_linux 2.0.26
isc bind 4.9.3
astaro security_linux 2.0.27
isc bind 4.9.4
astaro security_linux 3.2.10
astaro security_linux 2.0.30
astaro security_linux 3.2.0
astaro security_linux 2.0.25
astaro security_linux 3.2.11
isc bind 4.9.2
isc bind 4.9.6
CVE-2002-1737 LOW

Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 2.01
CVE-2004-2251 MEDIUM

The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 4.017
astaro security_linux 4.018
astaro security_linux 4.019
astaro security_linux 4.020
astaro security_linux 4.023
astaro security_linux 4.021
astaro security_linux 4.022
CVE-2005-2729 HIGH

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 6.001
CVE-2005-2730 MEDIUM

The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 6.001
CVE-2005-2731 LOW

Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 6.001
CVE-2005-3100 MEDIUM

Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 4.027
CVE-2005-3985 HIGH

The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaro security_linux 6.001
astaro security_linux 6.002
astaro security_linux 6.101
CVE-2012-3238 MEDIUM

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos unified_threat_management_software *
astaro security_gateway_software *
sophos unified_threat_management 625
sophos unified_threat_management 110
sophos unified_threat_management 120
sophos unified_threat_management 525
sophos unified_threat_management 220
sophos unified_threat_management 320
sophos unified_threat_management 425
astaro security_gateway *