MidnightBSD

Advisories for roaring_penguin

CVE-2001-0026 MEDIUM

rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
roaring_penguin pppoe 2.1
roaring_penguin pppoe 2.2
roaring_penguin pppoe 2.3
roaring_penguin pppoe 2.0
roaring_penguin pppoe 2.4
CVE-2002-1121 HIGH

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trend_micro interscan_viruswall 3.51
roaring_penguin mimedefang 2.20
trend_micro interscan_viruswall 3.52
trend_micro interscan_viruswall 3.5
gfi mailsecurity 7.2
network_associates webshield_smtp 4.5.44
network_associates webshield_smtp 4.0.5
network_associates webshield_smtp 4.5.74.0
roaring_penguin canit 1.2
network_associates webshield_smtp 4.5
roaring_penguin mimedefang 2.14
CVE-2004-0564 LOW

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
roaring_penguin pppoe 3.5
debian debian_linux 3.0
roaring_penguin pppoe 3.0
roaring_penguin pppoe 3.3
CVE-2004-1098 HIGH

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
roaring_penguin mimedefang 2.43
roaring_penguin mimedefang 2.4
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.0
roaring_penguin mimedefang 2.21
roaring_penguin mimedefang 2.39
suse suse_linux 8.1
suse suse_linux 8.2
roaring_penguin mimedefang 2.20
suse suse_linux 9.2
roaring_penguin mimedefang 2.41
roaring_penguin mimedefang 2.44
mandrakesoft mandrake_linux 10.1
suse suse_linux 8.0
roaring_penguin mimedefang 2.38
roaring_penguin mimedefang 2.42
mandrakesoft mandrake_linux 9.2
suse suse_linux 9.1
suse suse_linux 9.0
roaring_penguin mimedefang 2.14
roaring_penguin mimedefang 2.45
roaring_penguin mimedefang 4.46
roaring_penguin mimedefang 4.47
CVE-2015-5957 HIGH

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
roaring_penguin remind *
opensuse opensuse 13.2
opensuse opensuse 13.1