MidnightBSD

Advisories for trustix

CVE-2000-0666 HIGH

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 6.4
debian debian_linux 2.2
conectiva linux 4.2
suse suse_linux 6.3
trustix secure_linux 1.0
suse suse_linux 7.0
redhat linux 6.1
conectiva linux 4.0
conectiva linux 4.0es
redhat linux 6.2
conectiva linux 5.0
conectiva linux 5.1
debian debian_linux 2.3
redhat linux 6.0
trustix secure_linux 1.1
conectiva linux 4.1
CVE-2000-0791 MEDIUM

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trustix secure_linux 1.1
CVE-2000-0844 HIGH

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
debian debian_linux 2.2
suse suse_linux 6.3
trustix secure_linux 1.0
turbolinux turbolinux 6.0.3
sgi irix 6.5.1
redhat linux 6.1
ibm aix 4.2.1
conectiva linux 4.0
conectiva linux 5.0
conectiva linux 5.1
ibm aix 4.3.2
sun sunos 5.4
debian debian_linux 2.0
turbolinux turbolinux 6.0.2
sgi irix 6.5.2m
conectiva linux 4.1
ibm aix 4.1.1
suse suse_linux 6.4
sgi irix 6.5.8
ibm aix 3.2.4
sun sunos 5.2
sgi irix 6.5.3f
turbolinux turbolinux 6.0.1
sun sunos 5.1
suse suse_linux 7.0
conectiva linux 4.0es
ibm aix 3.2.5
sun sunos 5.5
sgi irix 6.5.4
sun solaris 2.6
sgi irix 6.5.6
debian debian_linux 2.3
mandrakesoft mandrake_linux 7.1
sgi irix 6.3
redhat linux 6.0
trustix secure_linux 1.1
sun sunos 5.3
ibm aix 4.1.2
sgi irix 6.5.3m
sgi irix 6.5
caldera openlinux_ebuilder 3.0
ibm aix 4.1.3
redhat linux 5.0
ibm aix 4.1.5
suse suse_linux 6.1
sgi irix 6.5.3
redhat linux 6.2
ibm aix 4.1.4
ibm aix 4.2
mandrakesoft mandrake_linux 7.0
sgi irix 6.5.7
ibm aix 4.1
turbolinux turbolinux 6.0
caldera openlinux *
ibm aix 4.3.1
suse suse_linux 6.2
ibm aix 4.0
turbolinux turbolinux 6.0.4
slackware slackware_linux 7.1
slackware slackware_linux 7.0
ibm aix 3.2
caldera openlinux_eserver 2.3
sgi irix 6.2
conectiva linux 4.2
sgi irix 6.4
redhat linux 5.2
redhat linux 5.1
debian debian_linux 2.1
sun sunos 5.7
sun sunos 5.8
ibm aix 4.3
immunix immunix 6.2
sun sunos 5.5.1
sun sunos 5.0
CVE-2000-0867 HIGH

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 2.1
redhat linux 6.2
debian debian_linux 2.2
mandrakesoft mandrake_linux 7.0
slackware slackware_linux *
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 6.1
redhat linux 5.2
trustix secure_linux 1.1
mandrakesoft mandrake_linux 6.0
CVE-2000-0917 HIGH

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
caldera openlinux_eserver 2.3
caldera openlinux_ebuilder 3.0
caldera openlinux_edesktop 2.4
trustix secure_linux 1.0
trustix secure_linux 1.1
caldera openlinux *
CVE-2000-1009 HIGH

dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.2
trustix secure_linux 1.1
CVE-2001-0117 LOW

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux_corporate_server 1.0.1
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 6.1
trustix secure_linux 1.1
mandrakesoft mandrake_linux 6.0
trustix secure_linux 1.2
CVE-2001-0142 LOW

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 6.1
trustix secure_linux 1.1
mandrakesoft mandrake_linux 6.0
trustix secure_linux 1.2
national_science_foundation squid_web_proxy 2.3_stable4
CVE-2001-0169 LOW

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
turbolinux turbolinux *
turbolinux turbolinux 6.1
redhat linux 6.1
trustix secure_linux 1.2
redhat linux 6.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 6.1
redhat linux 6.0
trustix secure_linux 1.1
mandrakesoft mandrake_linux 6.0
CVE-2001-1030 HIGH

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_single_network_firewall 7.2
squid squid_web_proxy 2.3stable4
caldera openlinux_server 3.1
immunix immunix 7.0
trustix secure_linux 1.2
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux_corporate_server 1.0.1
trustix secure_linux 1.01
mandrakesoft mandrake_linux 7.2
immunix immunix 6.2
mandrakesoft mandrake_linux 7.1
squid squid_web_proxy 2.3stable3
trustix secure_linux 1.1
mandrakesoft mandrake_linux 8.0
CVE-2002-0083 HIGH

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
redhat linux 7.1
conectiva linux 6.0
conectiva linux ecommerce
suse suse_linux 7.1
conectiva linux 7.0
redhat linux 7.0
conectiva linux graficas
conectiva linux 5.0
conectiva linux 5.1
mandrakesoft mandrake_linux_corporate_server 1.0.1
mandrakesoft mandrake_linux 7.2
engardelinux secure_linux 1.0.1
suse suse_linux 6.4
mandrakesoft mandrake_single_network_firewall 7.2
immunix immunix 7.0
suse suse_linux 7.0
suse suse_linux 7.3
trustix secure_linux 1.2
trustix secure_linux 1.5
openbsd openssh *
redhat linux 7.2
mandrakesoft mandrake_linux 7.1
suse suse_linux 7.2
trustix secure_linux 1.1
mandrakesoft mandrake_linux 8.1
openpkg openpkg 1.0
mandrakesoft mandrake_linux 8.0
CVE-2002-1319 LOW

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.14
linux linux_kernel 2.2.16
linux linux_kernel 2.4.10
linux linux_kernel 2.2.19
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
linux linux_kernel 2.4.1
linux linux_kernel 2.2.20
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.2.17
linux linux_kernel 2.4.12
linux linux_kernel 2.4.3
linux linux_kernel 2.2.13
linux linux_kernel 2.2.14
linux linux_kernel 2.4.8
linux linux_kernel 2.2.18
linux linux_kernel 2.4.6
linux linux_kernel 2.4.16
trustix secure_linux 1.2
trustix secure_linux 1.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.5
linux linux_kernel 2.4.7
linux linux_kernel 2.4.18
linux linux_kernel 2.2.15
linux linux_kernel 2.2.21
linux linux_kernel 2.4.15
trustix secure_linux 1.1
linux linux_kernel 2.4.19
linux linux_kernel 2.4.17
CVE-2004-0077 HIGH

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.2
linux linux_kernel 2.2.6
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat bigmem_kernel 2.4.20-8
linux linux_kernel 2.2.20
redhat kernel_source 2.4.20-8
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.2.22
linux linux_kernel 2.4.12
linux linux_kernel 2.4.23
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.2.10
linux linux_kernel 2.2.15_pre20
linux linux_kernel 2.2.13
linux linux_kernel 2.2.14
netwosix netwosix_linux 1.0
linux linux_kernel 2.6.1
linux linux_kernel 2.4.6
linux linux_kernel 2.2.7
linux linux_kernel 2.2.2
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
linux linux_kernel 2.2.21
linux linux_kernel 2.4.15
redhat kernel 2.4.20-8
linux linux_kernel 2.2.8
linux linux_kernel 2.4.19
linux linux_kernel 2.4.14
linux linux_kernel 2.2.16
linux linux_kernel 2.4.10
linux linux_kernel 2.2.19
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat kernel_doc 2.4.20-8
linux linux_kernel 2.2.3
trustix secure_linux 2.0
linux linux_kernel 2.4.24
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.2.4
linux linux_kernel 2.6.0
linux linux_kernel 2.2.17
linux linux_kernel 2.2.11
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.2.0
linux linux_kernel 2.4.8
linux linux_kernel 2.2.1
linux linux_kernel 2.2.12
linux linux_kernel 2.2.18
linux linux_kernel 2.2.9
linux linux_kernel 2.4.16
trustix secure_linux 1.5
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
linux linux_kernel 2.2.15
linux linux_kernel 2.2.5
linux linux_kernel 2.2.24
linux linux_kernel 2.2.23
linux linux_kernel 2.4.17
CVE-2004-0415 LOW

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.14
linux linux_kernel 2.6.6
linux linux_kernel 2.4.10
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat fedora_core core_1.0
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
linux linux_kernel 2.4.24
linux linux_kernel 2.4.2
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.4
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.4.25
linux linux_kernel 2.6.5
linux linux_kernel 2.4.8
linux linux_kernel 2.6.1
linux linux_kernel 2.4.6
linux linux_kernel 2.4.16
linux linux_kernel 2.6.7
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.11
linux linux_kernel 2.4.5
linux linux_kernel 2.4.7
linux linux_kernel 2.4.18
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.17
CVE-2004-0421 MEDIUM

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 3.0
libpng libpng 1.0.9
libpng libpng 1.2.4
openpkg openpkg 2.0
trustix secure_linux 2.0
redhat libpng 1.2.2-20
redhat enterprise_linux 2.1
libpng libpng 1.0.0
libpng libpng 1.0.10
libpng libpng 1.2.3
libpng libpng 1.0.8
libpng libpng 1.0.11
redhat libpng 1.2.2-16
libpng libpng 1.2.5
openpkg openpkg 1.3
libpng libpng 1.0.7
libpng libpng 1.0.14
libpng libpng 1.2.0
libpng libpng 1.0.6
libpng libpng 1.0.12
libpng libpng 1.0.5
libpng libpng 1.2.2
redhat enterprise_linux 3.0
libpng libpng 1.0.13
libpng libpng 1.2.1
trustix secure_linux 2.1
CVE-2004-0432 HIGH

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux 0.5
gentoo linux 1.2
gentoo linux 1.1a
proftpd_project proftpd 1.2.9
gentoo linux 0.7
gentoo linux 1.4
trustix secure_linux 2.0
trustix secure_linux 2.1
CVE-2004-0493 MEDIUM

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.48
avaya s8300 r2.0.0
gentoo linux 1.4
trustix secure_linux 2.0
ibm http_server 2.0.47
avaya s8500 r2.0.0
trustix secure_linux 1.5
apache http_server 2.0.47
avaya s8700 r2.0.0
avaya converged_communications_server 2.0
ibm http_server 2.0.42.2
ibm http_server 2.0.47.1
ibm http_server 2.0.42.1
apache http_server 2.0.49
trustix secure_linux 2.1
ibm http_server 2.0.42
CVE-2004-0497 LOW

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 9.1
suse suse_linux 9.1
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
trustix secure_linux 2
redhat enterprise_linux 2.1
suse suse_linux 8.0
conectiva linux 10
suse suse_linux 8.2
gentoo linux *
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 9.2
redhat enterprise_linux 3.0
suse suse_linux 9.0
mandrakesoft mandrake_multi_network_firewall 8.2
linux linux_kernel 2.0
suse suse_linux 8.1
trustix secure_linux 2.1
CVE-2004-0565 LOW

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
mandrakesoft mandrake_linux 9.1
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 9.2
linux linux_kernel 2.4.0
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
trustix secure_linux 2
mandrakesoft mandrake_multi_network_firewall 8.2
trustix secure_linux 2.1
CVE-2004-0594 MEDIUM

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
openpkg openpkg 2.0
openpkg openpkg 2.1
trustix secure_linux 2.0
hp hp-ux b.11.23
php php *
trustix secure_linux 1.5
hp hp-ux b.11.00
debian debian_linux 3.0
avaya converged_communications_server 2.0
php php 5.0.0
trustix secure_linux 2.1
hp hp-ux b.11.22
CVE-2004-0595 MEDIUM

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php php 4.2.0
avaya s8700 r2.0.1
php php 4.3.1
php php 4.2.2
redhat fedora_core core_1.0
php php 4.3.3
avaya integrated_management *
trustix secure_linux 2.0
php php 4.1.1
avaya s8500 r2.0.0
redhat fedora_core core_2.0
php php 4.2.1
php php 4.0.2
php php 4.2.3
php php 4.1.2
php php 4.3.7
php php 4.0.7
php php 4.3.2
php php 4.0.6
php php 4.3.0
php php 4.3.6
avaya s8300 r2.0.0
avaya s8300 r2.0.1
php php 4.0.3
php php 4.0.5
php php 5.0
trustix secure_linux 1.5
php php 4.3.5
php php 4.1.0
avaya s8700 r2.0.0
avaya s8500 r2.0.1
php php 4.0.1
avaya converged_communications_server 2.0
php php 4.0.4
trustix secure_linux 2.1
php php 4.0
CVE-2004-0600 HIGH

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trustix secure_linux 1.5
samba samba 3.0.2a
samba samba 3.0.2
samba samba 3.0.4
trustix secure_linux 2.0
samba samba 3.0.3
trustix secure_linux 2.1
CVE-2004-0685 MEDIUM

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.5.17
linux linux_kernel 2.2.6
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
linux linux_kernel 2.5.55
linux linux_kernel 2.5.11
linux linux_kernel 2.5.58
linux linux_kernel 2.6.8
linux linux_kernel 2.3.0
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.5.2
linux linux_kernel 2.4.3
linux linux_kernel 2.5.54
linux linux_kernel 2.5.1
linux linux_kernel 2.5.39
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
linux linux_kernel 2.2.15_pre20
linux linux_kernel 2.2.14
linux linux_kernel 2.6.1
linux linux_kernel 2.5.3
linux linux_kernel 2.4.6
linux linux_kernel 2.5.23
linux linux_kernel 2.6.7
linux linux_kernel 2.2.7
linux linux_kernel 2.5.27
linux linux_kernel 2.2.2
linux linux_kernel 2.4.11
linux linux_kernel 2.2.21
linux linux_kernel 2.4.15
linux linux_kernel 2.5.4
linux linux_kernel 2.2.8
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
linux linux_kernel 2.5.9
linux linux_kernel 2.5.33
linux linux_kernel 2.5.63
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.2.19
linux linux_kernel 2.5.50
linux linux_kernel 2.5.47
trustix secure_linux 2.0
linux linux_kernel 2.4.24
linux linux_kernel 2.5.28
linux linux_kernel 2.5.22
linux linux_kernel 2.5.56
linux linux_kernel 2.2.17
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.5.57
linux linux_kernel 2.5.60
linux linux_kernel 2.4.25
linux linux_kernel 2.5.49
linux linux_kernel 2.2.25
linux linux_kernel 2.5.12
linux linux_kernel 2.5.61
linux linux_kernel 2.5.18
linux linux_kernel 2.2.1
linux linux_kernel 2.5.67
linux linux_kernel 2.2.18
linux linux_kernel 2.5.25
linux linux_kernel 2.5.40
linux linux_kernel 2.4.16
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.5.29
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
linux linux_kernel 2.5.42
linux linux_kernel 2.2.15
linux linux_kernel 2.5.51
linux linux_kernel 2.2.24
linux linux_kernel 2.5.31
linux linux_kernel 2.5.19
linux linux_kernel 2.5.66
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
linux linux_kernel 2.5.53
linux linux_kernel 2.5.5
linux linux_kernel 2.2.20
linux linux_kernel 2.5.8
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.2.22
linux linux_kernel 2.5.48
linux linux_kernel 2.5.21
linux linux_kernel 2.5.6
linux linux_kernel 2.5.68
linux linux_kernel 2.6.3
linux linux_kernel 2.5.34
linux linux_kernel 2.5.59
linux linux_kernel 2.5.64
linux linux_kernel 2.2.10
linux linux_kernel 2.5.52
linux linux_kernel 2.5.13
linux linux_kernel 2.2.13
linux linux_kernel 2.5.69
linux linux_kernel 2.5.26
linux linux_kernel 2.5.65
linux linux_kernel 2.5.16
linux linux_kernel 2.5.45
linux linux_kernel 2.4.7
linux linux_kernel 2.5.15
redhat enterprise_linux 3.0
linux linux_kernel 2.5.44
linux linux_kernel 2.2.16
linux linux_kernel 2.4.10
linux linux_kernel 2.5.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
linux linux_kernel 2.5.38
linux linux_kernel 2.2.3
linux linux_kernel 2.4.26
linux linux_kernel 2.5.37
linux linux_kernel 2.5.14
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.2.4
linux linux_kernel 2.5.24
linux linux_kernel 2.6.0
linux linux_kernel 2.5.20
linux linux_kernel 2.5.46
linux linux_kernel 2.2.11
linux linux_kernel 2.5.41
linux linux_kernel 2.5.30
linux linux_kernel 2.5.32
linux linux_kernel 2.4.27
linux linux_kernel 2.5.35
linux linux_kernel 2.2.0
linux linux_kernel 2.4.8
linux linux_kernel 2.2.12
linux linux_kernel 2.2.9
linux linux_kernel 2.5.0
linux linux_kernel 2.5.36
linux linux_kernel 2.3.99
linux linux_kernel 2.5.43
linux linux_kernel 2.5.7
linux linux_kernel 2.2.5
linux linux_kernel 2.2.23
linux linux_kernel 2.4.17
linux linux_kernel 2.5.62
CVE-2004-0686 MEDIUM

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trustix secure_linux 1.5
samba samba *
trustix secure_linux 2.0
trustix secure_linux 2.1
CVE-2004-0801 HIGH

Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 9.0
linuxprinting.org foomatic-filters 3.0
conectiva linux 10.0
linuxprinting.org foomatic-filters 3.0.1
sun java_desktop_system 2.0
trustix secure_linux 2.0
linuxprinting.org foomatic-filters 3.0.2
trustix secure_linux 2.1
sun java_desktop_system 2003
linuxprinting.org foomatic-filters 3.1
CVE-2004-0803 HIGH

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x_server 10.3.3
apple mac_os_x 10.3
libtiff libtiff 3.5.5
redhat fedora_core core_2.0
libtiff libtiff 3.4
libtiff libtiff 3.5.2
apple mac_os_x 10.3.1
apple mac_os_x 10.3.4
apple mac_os_x 10.3.5
apple mac_os_x 10.2.1
suse suse_linux 9.1
apple mac_os_x 10.2.4
apple mac_os_x 10.2.7
apple mac_os_x_server 10.3
apple mac_os_x 10.3.2
apple mac_os_x 10.2.5
apple mac_os_x 10.2.3
kde kde 3.2.2
libtiff libtiff 3.6.0
apple mac_os_x_server 10.3.5
redhat enterprise_linux 3.0
suse suse_linux 9.0
trustix secure_linux 2.1
apple mac_os_x 10.2.6
pdflib pdf_library 5.0.2
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
libtiff libtiff 3.5.4
libtiff libtiff 3.6.1
apple mac_os_x_server 10.3.6
libtiff libtiff 3.5.3
apple mac_os_x_server 10.2.2
redhat linux_advanced_workstation 2.1
kde kde 3.3
apple mac_os_x_server 10.2.1
kde kde 3.2.3
apple mac_os_x_server 10.3.2
trustix secure_linux 2.0
apple mac_os_x 10.3.3
redhat enterprise_linux 2.1
apple mac_os_x_server 10.2.7
wxgtk2 wxgtk2 2.5_.0
apple mac_os_x 10.2.2
mandrakesoft mandrake_linux 10.0
libtiff libtiff 3.5.1
apple mac_os_x_server 10.2
apple mac_os_x_server 10.2.6
kde kde 3.3.1
apple mac_os_x 10.3.6
apple mac_os_x_server 10.3.1
suse suse_linux 1.0
apple mac_os_x 10.2.8
apple mac_os_x_server 10.3.4
libtiff libtiff 3.5.7
apple mac_os_x_server 10.2.8
apple mac_os_x 10.2
apple mac_os_x_server 10.2.5
trustix secure_linux 1.5
suse suse_linux 8.2
kde kde 3.2
apple mac_os_x_server 10.2.3
apple mac_os_x_server 10.2.4
suse suse_linux 8.1
kde kde 3.2.1
CVE-2004-0809 MEDIUM

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 3.0
hp secure_web_server_for_tru64 5.8.2
hp secure_web_server_for_tru64 4.0_f
apache http_server *
hp secure_web_server_for_tru64 5.0_a
hp hp-ux 11.22
gentoo linux 1.4
trustix secure_linux 2.0
hp hp-ux 11.00
turbolinux turbolinux_home *
hp hp-ux 11.23
hp secure_web_server_for_tru64 5.1
hp secure_web_server_for_tru64 4.0_g
hp secure_web_server_for_tru64 5.8.1
hp secure_web_server_for_tru64 6.3.0
mandrakesoft mandrake_linux 10.0
hp hp-ux 11.11
mandrakesoft mandrake_linux 9.2
hp secure_web_server_for_tru64 5.9.2
hp secure_web_server_for_tru64 5.1_a
hp secure_web_server_for_tru64 5.9.1
turbolinux turbolinux_desktop 10.0
debian debian_linux 3.0
redhat enterprise_linux 3.0
trustix secure_linux 2.1
turbolinux turbolinux_server 10.0
CVE-2004-0883 MEDIUM

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
redhat fedora_core core_3.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat fedora_core core_2.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
suse suse_linux 9.2
suse suse_linux 9.1
linux linux_kernel 2.6.1
trustix secure_linux 2.2
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 3.0
suse suse_linux 9.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat linux_advanced_workstation 2.1
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.24
redhat enterprise_linux 2.1
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
suse suse_linux 1.0
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
trustix secure_linux 1.5
suse suse_linux 8.2
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
suse suse_linux 8.1
linux linux_kernel 2.4.17
CVE-2004-0886 MEDIUM

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
wxgtk2 wxgtk2 *
apple mac_os_x_server 10.3.3
apple mac_os_x 10.3
libtiff libtiff 3.5.5
redhat fedora_core core_2.0
libtiff libtiff 3.4
libtiff libtiff 3.5.2
apple mac_os_x 10.3.1
apple mac_os_x 10.3.4
apple mac_os_x 10.3.5
apple mac_os_x 10.2.1
suse suse_linux 9.1
apple mac_os_x 10.2.4
apple mac_os_x 10.2.7
apple mac_os_x_server 10.3
apple mac_os_x 10.3.2
apple mac_os_x 10.2.5
apple mac_os_x 10.2.3
kde kde 3.2.2
libtiff libtiff 3.6.0
apple mac_os_x_server 10.3.5
redhat enterprise_linux 3.0
suse suse_linux 9.0
trustix secure_linux 2.1
apple mac_os_x 10.2.6
pdflib pdf_library 5.0.2
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
libtiff libtiff 3.5.4
libtiff libtiff 3.6.1
apple mac_os_x_server 10.3.6
libtiff libtiff 3.5.3
apple mac_os_x_server 10.2.2
redhat linux_advanced_workstation 2.1
kde kde 3.3
apple mac_os_x_server 10.2.1
kde kde 3.2.3
apple mac_os_x_server 10.3.2
trustix secure_linux 2.0
apple mac_os_x 10.3.3
redhat enterprise_linux 2.1
apple mac_os_x_server 10.2.7
wxgtk2 wxgtk2 2.5_.0
apple mac_os_x 10.2.2
mandrakesoft mandrake_linux 10.0
libtiff libtiff 3.5.1
apple mac_os_x_server 10.2
apple mac_os_x_server 10.2.6
kde kde 3.3.1
apple mac_os_x 10.3.6
apple mac_os_x_server 10.3.1
suse suse_linux 1.0
apple mac_os_x 10.2.8
apple mac_os_x_server 10.3.4
libtiff libtiff 3.5.7
apple mac_os_x_server 10.2.8
apple mac_os_x 10.2
apple mac_os_x_server 10.2.5
trustix secure_linux 1.5
suse suse_linux 8.2
kde kde 3.2
apple mac_os_x_server 10.2.3
apple mac_os_x_server 10.2.4
suse suse_linux 8.1
kde kde 3.2.1
CVE-2004-0918 MEDIUM

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
squid squid 2.4
squid squid 3.0_pre3
squid squid 2.0_patch2
openpkg openpkg 2.2
squid squid 2.5_.stable6
trustix secure_linux 2.0
squid squid 2.4_.stable7
redhat fedora_core core_2.0
squid squid 3.0_pre2
gentoo linux *
squid squid 2.5_.stable3
squid squid 2.4_.stable6
squid squid 2.5_.stable1
squid squid 2.5_.stable5
squid squid 2.3_.stable4
squid squid 3.0_pre1
openpkg openpkg 2.1
squid squid 2.3_.stable5
squid squid 2.4_.stable2
trustix secure_linux 1.5
ubuntu ubuntu_linux 4.1
openpkg openpkg current
squid squid 2.1_patch2
squid squid 2.5_.stable4
trustix secure_linux 2.1
CVE-2004-0940 MEDIUM

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,

Products Affected

Vendor Product Version
suse suse_linux 9.2
hp hp-ux 11.20
suse suse_linux 9.1
slackware slackware_linux 8.1
slackware slackware_linux 9.1
apache http_server *
openpkg openpkg 2.0
openpkg openpkg 2.2
slackware slackware_linux current
hp hp-ux 11.22
openpkg openpkg 2.1
suse suse_linux 8.0
hp hp-ux 11.00
trustix secure_linux 1.5
suse suse_linux 8.2
slackware slackware_linux 8.0
hp hp-ux 11.11
suse suse_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 9.0
suse suse_linux 8.1
CVE-2004-0941 HIGH

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gd_graphics_library gdlib 2.0.28
trustix secure_linux 2.0
trustix secure_linux 2.2
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.27
gd_graphics_library gdlib 2.0.26
trustix secure_linux 1.5
gd_graphics_library gdlib 1.8.4
gd_graphics_library gdlib 2.0.33
gd_graphics_library gdlib 2.0.22
gd_graphics_library gdlib 2.0.1
gd_graphics_library gdlib 2.0.21
trustix secure_linux 2.1
gd_graphics_library gdlib 2.0.20
CVE-2004-0949 MEDIUM

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
redhat fedora_core core_3.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat fedora_core core_2.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
suse suse_linux 9.2
suse suse_linux 9.1
linux linux_kernel 2.6.1
trustix secure_linux 2.2
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 3.0
suse suse_linux 9.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat linux_advanced_workstation 2.1
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.24
redhat enterprise_linux 2.1
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
suse suse_linux 1.0
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
trustix secure_linux 1.5
suse suse_linux 8.2
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
suse suse_linux 8.1
linux linux_kernel 2.4.17
CVE-2004-0957 MEDIUM

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql 3.23.34
oracle mysql 3.23.42
oracle mysql 4.0.13
oracle mysql 3.23.30
oracle mysql 4.0.1
oracle mysql 4.0.2
oracle mysql 3.23.9
oracle mysql 3.22.29
oracle mysql 3.23.45
oracle mysql 4.0.5a
oracle mysql 3.23.49
suse suse_linux 8.0
oracle mysql 3.23.29
oracle mysql 3.23.5
oracle mysql 3.23.22
oracle mysql 3.23.26
oracle mysql 3.23.54
oracle mysql 3.23.48
oracle mysql 3.23.54a
oracle mysql 3.23.23
oracle mysql 3.23.28
oracle mysql 4.0.14
oracle mysql 3.23.53a
oracle mysql 3.23.41
oracle mysql 4.0.15
suse suse_linux 9.2
oracle mysql 3.23.50
oracle mysql 3.22.26
oracle mysql 3.23.43
suse suse_linux 9.1
oracle mysql 3.23.10
oracle mysql 3.23.25
oracle mysql 3.20.32a
ubuntu ubuntu_linux 4.1
oracle mysql 4.0.10
oracle mysql 3.22.27
oracle mysql 3.23.37
oracle mysql 3.23
redhat enterprise_linux 3.0
suse suse_linux 9.0
oracle mysql 4.0.0
trustix secure_linux 2.1
oracle mysql 3.23.3
oracle mysql 3.23.33
oracle mysql 3.23.38
oracle mysql 4.0.8
redhat enterprise_linux_desktop 3.0
oracle mysql 3.23.39
oracle mysql 3.23.36
oracle mysql 3.23.53
oracle mysql 3.20
oracle mysql 3.23.44
oracle mysql 4.0.4
openpkg openpkg 2.2
oracle mysql 3.23.27
oracle mysql 4.0.11
trustix secure_linux 2.0
oracle mysql 4.0.7
oracle mysql 3.23.59
oracle mysql 4.0.9
oracle mysql 4.0.5
oracle mysql 3.23.47
oracle mysql 3.22.30
oracle mysql 3.23.31
oracle mysql 3.23.24
oracle mysql 3.22.28
oracle mysql 3.23.8
oracle mysql 3.23.4
oracle mysql 3.23.51
oracle mysql 3.23.52
oracle mysql 3.23.55
oracle mysql 3.23.56
oracle mysql 3.21
oracle mysql 4.0.12
oracle mysql 4.0.20
openpkg openpkg 2.1
oracle mysql 4.0.3
oracle mysql 4.0.6
oracle mysql 3.22.32
oracle mysql 3.22
oracle mysql 3.23.2
oracle mysql 3.23.46
trustix secure_linux 1.5
suse suse_linux 8.2
oracle mysql 3.23.40
oracle mysql 3.23.32
openpkg openpkg current
oracle mysql 3.23.58
suse suse_linux 8.1
oracle mysql 4.0.18
CVE-2004-0977 LOW

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 3.0
postgresql postgresql *
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 9.2
redhat enterprise_linux 3.0
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
trustix secure_linux 2.1
mandrakesoft mandrake_linux 10.1
CVE-2004-0989 HIGH

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xmlsoft libxml2 2.5.11
xmlsoft libxml2 2.6.9
xmlsoft libxml2 2.6.12
xmlsoft libxml2 2.6.6
xmlsoft libxml2 2.6.13
trustix secure_linux 2.0
xmlsoft libxml2 2.6.14
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
xmlsoft libxml2 2.6.8
xmlstarlet command_line_xml_toolkit 0.9.1
xmlsoft libxml 1.8.17
xmlsoft libxml2 2.6.7
xmlsoft libxml2 2.6.11
trustix secure_linux 2.1
CVE-2004-0990 HIGH

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gd_graphics_library gdlib 2.0.15
openpkg openpkg 2.2
trustix secure_linux 2.0
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.27
suse suse_linux 8.0
gentoo linux *
gd_graphics_library gdlib 2.0.20
suse suse_linux 9.2
suse suse_linux 9.1
gd_graphics_library gdlib 2.0.28
openpkg openpkg 2.1
trustix secure_linux 2.2
gd_graphics_library gdlib 2.0.26
trustix secure_linux 1.5
gd_graphics_library gdlib 1.8.4
suse suse_linux 8.2
gd_graphics_library gdlib 2.0.22
gd_graphics_library gdlib 2.0.1
openpkg openpkg current
suse suse_linux 9.0
gd_graphics_library gdlib 2.0.21
suse suse_linux 8.1
trustix secure_linux 2.1
CVE-2004-1011 HIGH

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
conectiva linux 9.0
carnegie_mellon_university cyrus_imap_server 2.1.9
conectiva linux 10.0
redhat fedora_core core_3.0
trustix secure_linux 2.0
trustix secure_linux 2.2
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.2.5
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.7
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.4
carnegie_mellon_university cyrus_imap_server 2.1.7
carnegie_mellon_university cyrus_imap_server 2.2.6
openpkg openpkg current
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.2.8
trustix secure_linux 2.1
CVE-2004-1012 HIGH

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
conectiva linux 9.0
carnegie_mellon_university cyrus_imap_server 2.1.9
conectiva linux 10.0
redhat fedora_core core_3.0
trustix secure_linux 2.0
trustix secure_linux 2.2
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.2.5
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.7
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.4
carnegie_mellon_university cyrus_imap_server 2.1.7
carnegie_mellon_university cyrus_imap_server 2.2.6
openpkg openpkg current
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.2.8
trustix secure_linux 2.1
CVE-2004-1013 HIGH

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
conectiva linux 9.0
carnegie_mellon_university cyrus_imap_server 2.1.9
conectiva linux 10.0
redhat fedora_core core_3.0
trustix secure_linux 2.0
trustix secure_linux 2.2
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.2.5
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.7
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.4
carnegie_mellon_university cyrus_imap_server 2.1.7
carnegie_mellon_university cyrus_imap_server 2.2.6
openpkg openpkg current
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.2.8
trustix secure_linux 2.1
CVE-2004-1019 HIGH

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
php php 3.0.10
php php 4.2.2
php php 5.0.2
php php 4.2.1
php php 3.0
php php 4.2
php php 4.2.3
php php 3.0.2
php php 3.0.12
php php 3.0.13
php php 4.1.2
php php 4.3.7
php php 4.3.2
php php 4.0.6
php php 4.3.6
php php 3.0.1
trustix secure_linux 2.2
php php 4.3.9
php php 5.0
ubuntu ubuntu_linux 4.1
php php 4.3.5
trustix secure_linux 2.1
php php 3.0.3
php php 4.0
php php 4.2.0
php php 3.0.5
php php 4.3.1
php php 3.0.16
openpkg openpkg 2.2
php php 4.3.3
php php 3.0.14
php php 4.3.8
trustix secure_linux 2.0
php php 4.1.1
php php 3.0.7
php php 5.0.1
php php 3.0.6
php php 4.0.2
php php 3.0.18
php php 3.0.11
php php 4.0.7
php php 4.3.0
php php 4.3.4
php php 3.0.4
php php 3.0.8
openpkg openpkg 2.1
php php 4.0.3
php php 4.0.5
php php 3.0.17
php php 4.1.0
openpkg openpkg current
php php 4.0.1
php php 5.0.0
php php 3.0.9
php php 3.0.15
php php 4.0.4
CVE-2004-1051 HIGH

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
todd_miller sudo 1.6.5_p1
todd_miller sudo 1.6.3_p7
todd_miller sudo 1.6.3
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
todd_miller sudo 1.6.3_p2
todd_miller sudo 1.6.3_p1
todd_miller sudo 1.6.7
todd_miller sudo 1.6.3_p3
mandrakesoft mandrake_linux 10.0
todd_miller sudo 1.6
todd_miller sudo 1.6.2
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_multi_network_firewall 8.2
mandrakesoft mandrake_linux 10.1
todd_miller sudo 1.6.4
todd_miller sudo 1.6.8_p1
todd_miller sudo 1.6.5
todd_miller sudo 1.6.4_p2
todd_miller sudo 1.5.7
trustix secure_linux 2.2
todd_miller sudo 1.5.8
todd_miller sudo 1.5.6
todd_miller sudo 1.5.9
todd_miller sudo 1.6.6
trustix secure_linux 1.5
ubuntu ubuntu_linux 4.1
todd_miller sudo 1.6.1
todd_miller sudo 1.6.3_p4
todd_miller sudo 1.6.4_p1
todd_miller sudo 1.6.8
debian debian_linux 3.0
todd_miller sudo 1.6.3_p6
todd_miller sudo 1.6.5_p2
trustix secure_linux 2.1
todd_miller sudo 1.6.3_p5
CVE-2004-1065 HIGH

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php php 3.0.10
php php 4.2.2
php php 5.0.2
php php 4.2.1
php php 3.0
php php 4.2
php php 4.2.3
php php 3.0.2
php php 3.0.12
php php 3.0.13
php php 4.1.2
php php 4.3.7
php php 4.3.2
php php 4.0.6
php php 4.3.6
php php 3.0.1
trustix secure_linux 2.2
php php 4.3.9
php php 5.0
ubuntu ubuntu_linux 4.1
php php 4.3.5
trustix secure_linux 2.1
php php 3.0.3
php php 4.0
php php 4.2.0
php php 3.0.5
php php 4.3.1
php php 3.0.16
openpkg openpkg 2.2
php php 4.3.3
php php 3.0.14
php php 4.3.8
trustix secure_linux 2.0
php php 4.1.1
php php 3.0.7
php php 5.0.1
php php 3.0.6
php php 4.0.2
php php 3.0.18
php php 3.0.11
php php 4.0.7
php php 4.3.0
php php 4.3.4
php php 3.0.4
php php 3.0.8
openpkg openpkg 2.1
php php 4.0.3
php php 4.0.5
php php 3.0.17
php php 4.1.0
openpkg openpkg current
php php 4.0.1
php php 5.0.0
php php 3.0.9
php php 3.0.15
php php 4.0.4
CVE-2004-1070 HIGH

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
redhat fedora_core core_3.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat fedora_core core_2.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
suse suse_linux 9.2
suse suse_linux 9.1
linux linux_kernel 2.6.1
trustix secure_linux 2.2
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 3.0
suse suse_linux 9.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat linux_advanced_workstation 2.1
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.24
redhat enterprise_linux 2.1
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
suse suse_linux 1.0
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
trustix secure_linux 1.5
suse suse_linux 8.2
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
suse suse_linux 8.1
turbolinux turbolinux_server 10.0
linux linux_kernel 2.4.17
CVE-2004-1071 HIGH

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
redhat fedora_core core_3.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat fedora_core core_2.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
suse suse_linux 9.2
suse suse_linux 9.1
linux linux_kernel 2.6.1
trustix secure_linux 2.2
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 3.0
suse suse_linux 9.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat linux_advanced_workstation 2.1
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.24
redhat enterprise_linux 2.1
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
suse suse_linux 1.0
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
trustix secure_linux 1.5
suse suse_linux 8.2
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
suse suse_linux 8.1
turbolinux turbolinux_server 10.0
linux linux_kernel 2.4.17
CVE-2004-1072 HIGH

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
redhat fedora_core core_3.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat fedora_core core_2.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
suse suse_linux 9.2
suse suse_linux 9.1
linux linux_kernel 2.6.1
trustix secure_linux 2.2
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 3.0
suse suse_linux 9.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat linux_advanced_workstation 2.1
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.24
redhat enterprise_linux 2.1
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
suse suse_linux 1.0
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
trustix secure_linux 1.5
suse suse_linux 8.2
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
suse suse_linux 8.1
turbolinux turbolinux_server 10.0
linux linux_kernel 2.4.17
CVE-2004-1073 LOW

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
redhat fedora_core core_3.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
redhat fedora_core core_2.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
suse suse_linux 9.2
suse suse_linux 9.1
linux linux_kernel 2.6.1
trustix secure_linux 2.2
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 3.0
suse suse_linux 9.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
suse suse_linux 8
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
redhat linux_advanced_workstation 2.1
linux linux_kernel 2.4.26
trustix secure_linux 2.0
linux linux_kernel 2.4.24
redhat enterprise_linux 2.1
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
suse suse_linux 1.0
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
trustix secure_linux 1.5
suse suse_linux 8.2
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.5
linux linux_kernel 2.4.18
suse suse_linux 8.1
turbolinux turbolinux_server 10.0
linux linux_kernel 2.4.17
CVE-2004-1154 HIGH

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.0
samba samba 3.0.1
samba samba 2.2a
redhat fedora_core core_3.0
samba samba 2.2.5
redhat fedora_core core_2.0
samba samba 3.0.0
samba samba 2.0.2
samba samba 2.2.1a
suse suse_linux 9.2
suse suse_linux 9.1
samba samba 2.0.6
samba samba 2.2.7
samba samba 3.0.2
samba samba 2.2.8
samba samba 2.2.12
trustix secure_linux 2.2
samba samba 2.0.7
samba samba 2.2.0a
samba samba 2.2.0
samba samba 2.2.3a
samba samba 2.0.1
samba samba 3.0.9
samba samba 2.0.8
suse suse_linux 9.0
samba samba 2.2.4
trustix secure_linux 2.1
samba samba 3.0.6
samba samba 2.2.11
samba samba 2.2.9
samba samba 2.2.3
trustix secure_linux 2.0
samba samba 2.0.10
samba samba 2.0.4
samba samba 3.0.5
samba samba 2.2.2
samba samba 3.0.7
samba samba 3.0.2a
samba samba 2.0.9
samba samba 3.0.3
samba samba 2.2.6
samba samba 2.2.7a
suse suse_linux 1.0
samba samba 2.2.8a
samba samba 2.0.3
suse suse_linux 8.2
samba samba 2.0.5
samba samba 3.0.8
samba samba 3.0.4
suse suse_linux 8.1
CVE-2004-1304 HIGH

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
file file 4.3
file file 4.6
file file 4.1
file file 4.5
file file 4.9
trustix secure_linux 2.0
trustix secure_linux 2.2
file file 4.2
file file 4.8
file file 4.11
gentoo linux *
file file 4.4
file file 4.10
file file 4.0
file file 4.7
trustix secure_linux 2.1
CVE-2004-2044 HIGH

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
francisco_burzi php-nuke 5.5
francisco_burzi php-nuke 7.0_final
francisco_burzi php-nuke 5.0
francisco_burzi php-nuke 7.0
francisco_burzi php-nuke 5.1
francisco_burzi php-nuke 6.7
trustix secure_linux 2.0
francisco_burzi php-nuke 6.9
francisco_burzi php-nuke 6.6
oscommerce osc2nuke 7x_1.0
francisco_burzi php-nuke 7.3
francisco_burzi php-nuke 5.2
francisco_burzi php-nuke 5.0.1
francisco_burzi php-nuke 5.4
francisco_burzi php-nuke 7.1
francisco_burzi php-nuke 6.5_beta1
francisco_burzi php-nuke 6.5_rc2
francisco_burzi php-nuke 5.2a
francisco_burzi php-nuke 5.3.1
francisco_burzi php-nuke 5.6
francisco_burzi php-nuke 7.2
paul_laudanski betanc_php-nuke bundle
francisco_burzi php-nuke 6.5
francisco_burzi php-nuke 6.5_final
francisco_burzi php-nuke 6.5_rc3
francisco_burzi php-nuke 6.0
francisco_burzi php-nuke 6.5_rc1
trustix secure_linux 2.1
CVE-2004-2546 MEDIUM

Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.0
samba samba 3.0.1
samba samba 2.0.5a
samba samba 2.2.11
samba samba 2.2.9
samba samba 2.2a
trustix secure_linux 2.0
samba samba 3.0.5
samba samba 1.9.17
samba samba 3.0.0
samba samba 3.0.2a
samba samba 3.0.3
samba samba 2.2.7a
samba samba 2.2.1a
samba samba 2.2.10
samba samba 3.0.2
samba samba 1.9.18
samba samba 2.0
samba samba 2.2.8a
samba samba 2.2.12
samba samba 2.2.3a
samba samba 3.0.4
samba samba 2.2.1
trustix secure_linux 2.1
CVE-2005-0001 MEDIUM

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.6
linux linux_kernel 2.6.2
linux linux_kernel 2.6.4
linux linux_kernel 2.4.1
linux linux_kernel 2.4.21
linux linux_kernel 2.4.2
linux linux_kernel 2.4.4
linux linux_kernel 2.6.8
linux linux_kernel 2.4.28
linux linux_kernel 2.4.12
linux linux_kernel 2.4.23
linux linux_kernel 2.6.3
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.6.5
linux linux_kernel 2.6.10
linux linux_kernel 2.6.1
trustix secure_linux 2.2
redhat enterprise_linux_desktop 4.0
linux linux_kernel 2.4.6
linux linux_kernel 2.6.7
linux linux_kernel 2.2.7
linux linux_kernel 2.4.11
linux linux_kernel 2.4.7
redhat enterprise_linux 4.0
redhat enterprise_linux 3.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
trustix secure_linux 2.1
linux linux_kernel 2.4.14
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.4.10
linux linux_kernel 2.4.9
linux linux_kernel 2.4.13
linux linux_kernel 2.4.26
trustix secure_linux 2
linux linux_kernel 2.4.24
linux linux_kernel 2.6.0
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.25
linux linux_kernel 2.4.27
linux linux_kernel 2.4.8
linux linux_kernel 2.4.16
linux linux_kernel 2.4.5
linux linux_kernel 2.4.29
linux linux_kernel 2.4.18
linux linux_kernel 2.4.17
CVE-2005-0156 LOW

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 3.0
redhat fedora_core core_3.0
trustix secure_linux 2.0
suse suse_linux 8.0
larry_wall perl 5.8.3
larry_wall perl 5.8.4.3
ibm aix 5.2
suse suse_linux 9.2
larry_wall perl 5.8.4.1
suse suse_linux 9.1
larry_wall perl 5.8.4.2.3
larry_wall perl 5.8.1
larry_wall perl 5.8.4.2
trustix secure_linux 2.2
larry_wall perl 5.8.4.4
trustix secure_linux 1.5
ubuntu ubuntu_linux 4.1
larry_wall perl 5.8.4.5
suse suse_linux 8.2
larry_wall perl 5.8.0
sgi propack 3.0
larry_wall perl 5.8.4
redhat enterprise_linux 3.0
ibm aix 5.3
suse suse_linux 9.0
suse suse_linux 8.1
trustix secure_linux 2.1
CVE-2005-0384 MEDIUM

Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 4.10
suse suse_linux 8.2
suse suse_linux 9.2
suse suse_linux 9.1
suse suse_linux 9.0
trustix secure_linux 2
trustix secure_linux 2.2
redhat enterprise_linux 2.1
trustix secure_linux 2.1
CVE-2005-0988 LOW

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 4.6
freebsd freebsd 4.6.2
redhat enterprise_linux_desktop 3.0
freebsd freebsd 4.11
freebsd freebsd 5.4
redhat linux_advanced_workstation 2.1
trustix secure_linux 2.0
redhat enterprise_linux 2.1
freebsd freebsd 5.0
freebsd freebsd 5.3
turbolinux turbolinux_server 8.0
freebsd freebsd 4.9
turbolinux turbolinux_appliance_server 1.0_workgroup
gentoo linux *
turbolinux turbolinux_home *
turbolinux turbolinux_workstation 8.0
freebsd freebsd 5.2
freebsd freebsd 4.8
freebsd freebsd 4.0
freebsd freebsd 4.7
turbolinux turbolinux_appliance_server 1.0_hosting
gnu gzip 1.3.3
freebsd freebsd 4.1.1
turbolinux turbolinux_workstation 7.0
freebsd freebsd 4.4
turbolinux turbolinux_desktop 10.0
trustix secure_linux 2.2
redhat enterprise_linux_desktop 4.0
freebsd freebsd 4.5
ubuntu ubuntu_linux 4.1
gnu gzip 1.2.4
freebsd freebsd 5.1
turbolinux turbolinux_server 7.0
freebsd freebsd 4.3
redhat enterprise_linux 4.0
freebsd freebsd 4.1
ubuntu ubuntu_linux 5.04
redhat enterprise_linux 3.0
freebsd freebsd 4.10
gnu gzip 1.2.4a
trustix secure_linux 2.1
turbolinux turbolinux_server 10.0
freebsd freebsd 5.2.1
CVE-2005-1267 MEDIUM

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lbl tcpdump 3.8.1
lbl tcpdump 3.9
lbl tcpdump 3.6.2
redhat fedora_core core_4.0
lbl tcpdump 3.5
lbl tcpdump 3.7.2
lbl tcpdump 3.9.1
redhat fedora_core core_3.0
lbl tcpdump 3.6.3
trustix secure_linux 2.0
trustix secure_linux 2.2
lbl tcpdump 3.4
lbl tcpdump 3.8.3
mandrakesoft mandrake_linux 10.2
gentoo linux *
lbl tcpdump 3.4a6
lbl tcpdump 3.7.1
lbl tcpdump 3.5.2
lbl tcpdump 3.8.2
lbl tcpdump 3.5_alpha
trustix secure_linux 2.1
mandrakesoft mandrake_linux 10.1
lbl tcpdump 3.7
CVE-2005-1410 LOW

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
postgresql postgresql 8.0.1
postgresql postgresql 7.4.5
postgresql postgresql 8.0
postgresql postgresql 7.4.3
postgresql postgresql 7.4.7
trustix secure_linux 2.0
postgresql postgresql 7.4
postgresql postgresql 7.4.6
postgresql postgresql 8.0.2
CVE-2005-3233 MEDIUM

Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trustix antivirus *
CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
kde kword 1.4.2
turbolinux turbolinux_multimedia *
tetex tetex 2.0.2
kde kdegraphics 3.2
easy_software_products cups 1.1.22_rc1
conectiva linux 10.0
redhat fedora_core core_3.0
libextractor libextractor *
redhat fedora_core core_2.0
turbolinux turbolinux_server 8.0
turbolinux turbolinux_server 10.0_x86
easy_software_products cups 1.1.22
suse suse_linux 10.0
trustix secure_linux 3.0
mandrakesoft mandrake_linux_corporate_server 3.0
kde koffice 1.4.2
turbolinux turbolinux_personal *
suse suse_linux 9.2
tetex tetex 3.0
easy_software_products cups 1.1.23
turbolinux turbolinux 10
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
suse suse_linux 9.1
poppler poppler 0.4.2
easy_software_products cups 1.1.23_rc1
tetex tetex 1.0.7
redhat linux 9.0
xpdf xpdf 3.0
trustix secure_linux 2.2
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
ubuntu ubuntu_linux 4.1
turbolinux turbolinux fuji
sgi propack 3.0
debian debian_linux 3.0
redhat enterprise_linux 4.0
debian debian_linux 3.1
redhat enterprise_linux 3.0
suse suse_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 10.1
sco openserver 5.0.7
redhat enterprise_linux_desktop 3.0
kde koffice 1.4
slackware slackware_linux 9.1
redhat linux_advanced_workstation 2.1
redhat fedora_core core_1.0
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
redhat enterprise_linux 2.1
mandrakesoft mandrake_linux 10.2
gentoo linux *
turbolinux turbolinux_home *
turbolinux turbolinux_workstation 8.0
slackware slackware_linux 10.2
tetex tetex 2.0.1
slackware slackware_linux 9.0
mandrakesoft mandrake_linux 10.1
redhat linux 7.3
redhat fedora_core core_4.0
suse suse_linux 1.0
sco openserver 6.0
mandrakesoft mandrake_linux 2006
ubuntu ubuntu_linux 5.10
turbolinux turbolinux_desktop 10.0
kde koffice 1.4.1
kde kpdf 3.4.3
suse suse_linux 9.3
ubuntu ubuntu_linux 5.04
kde kpdf 3.2
kde kdegraphics 3.4.3
tetex tetex 2.0
turbolinux turbolinux_server 10.0
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
kde kword 1.4.2
turbolinux turbolinux_multimedia *
tetex tetex 2.0.2
kde kdegraphics 3.2
easy_software_products cups 1.1.22_rc1
conectiva linux 10.0
redhat fedora_core core_3.0
libextractor libextractor *
redhat fedora_core core_2.0
turbolinux turbolinux_server 8.0
turbolinux turbolinux_server 10.0_x86
easy_software_products cups 1.1.22
suse suse_linux 10.0
trustix secure_linux 3.0
mandrakesoft mandrake_linux_corporate_server 3.0
kde koffice 1.4.2
turbolinux turbolinux_personal *
suse suse_linux 9.2
tetex tetex 3.0
easy_software_products cups 1.1.23
turbolinux turbolinux 10
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
suse suse_linux 9.1
poppler poppler 0.4.2
easy_software_products cups 1.1.23_rc1
tetex tetex 1.0.7
redhat linux 9.0
xpdf xpdf 3.0
trustix secure_linux 2.2
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
ubuntu ubuntu_linux 4.1
turbolinux turbolinux fuji
sgi propack 3.0
debian debian_linux 3.0
redhat enterprise_linux 4.0
debian debian_linux 3.1
redhat enterprise_linux 3.0
suse suse_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 10.1
sco openserver 5.0.7
redhat enterprise_linux_desktop 3.0
kde koffice 1.4
slackware slackware_linux 9.1
redhat linux_advanced_workstation 2.1
redhat fedora_core core_1.0
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
redhat enterprise_linux 2.1
mandrakesoft mandrake_linux 10.2
gentoo linux *
turbolinux turbolinux_home *
turbolinux turbolinux_workstation 8.0
slackware slackware_linux 10.2
tetex tetex 2.0.1
slackware slackware_linux 9.0
mandrakesoft mandrake_linux 10.1
redhat linux 7.3
redhat fedora_core core_4.0
suse suse_linux 1.0
sco openserver 6.0
mandrakesoft mandrake_linux 2006
ubuntu ubuntu_linux 5.10
turbolinux turbolinux_desktop 10.0
kde koffice 1.4.1
kde kpdf 3.4.3
suse suse_linux 9.3
ubuntu ubuntu_linux 5.04
kde kpdf 3.2
kde kdegraphics 3.4.3
tetex tetex 2.0
turbolinux turbolinux_server 10.0
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
kde kword 1.4.2
turbolinux turbolinux_multimedia *
tetex tetex 2.0.2
kde kdegraphics 3.2
easy_software_products cups 1.1.22_rc1
conectiva linux 10.0
redhat fedora_core core_3.0
libextractor libextractor *
redhat fedora_core core_2.0
turbolinux turbolinux_server 8.0
turbolinux turbolinux_server 10.0_x86
easy_software_products cups 1.1.22
suse suse_linux 10.0
trustix secure_linux 3.0
mandrakesoft mandrake_linux_corporate_server 3.0
kde koffice 1.4.2
turbolinux turbolinux_personal *
suse suse_linux 9.2
tetex tetex 3.0
easy_software_products cups 1.1.23
turbolinux turbolinux 10
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
suse suse_linux 9.1
poppler poppler 0.4.2
easy_software_products cups 1.1.23_rc1
tetex tetex 1.0.7
redhat linux 9.0
xpdf xpdf 3.0
trustix secure_linux 2.2
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
ubuntu ubuntu_linux 4.1
turbolinux turbolinux fuji
sgi propack 3.0
debian debian_linux 3.0
redhat enterprise_linux 4.0
debian debian_linux 3.1
redhat enterprise_linux 3.0
suse suse_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 10.1
sco openserver 5.0.7
redhat enterprise_linux_desktop 3.0
kde koffice 1.4
slackware slackware_linux 9.1
redhat linux_advanced_workstation 2.1
redhat fedora_core core_1.0
mandrakesoft mandrake_linux_corporate_server 2.1
trustix secure_linux 2.0
redhat enterprise_linux 2.1
mandrakesoft mandrake_linux 10.2
gentoo linux *
turbolinux turbolinux_home *
turbolinux turbolinux_workstation 8.0
slackware slackware_linux 10.2
tetex tetex 2.0.1
slackware slackware_linux 9.0
mandrakesoft mandrake_linux 10.1
redhat linux 7.3
redhat fedora_core core_4.0
suse suse_linux 1.0
sco openserver 6.0
mandrakesoft mandrake_linux 2006
ubuntu ubuntu_linux 5.10
turbolinux turbolinux_desktop 10.0
kde koffice 1.4.1
kde kpdf 3.4.3
suse suse_linux 9.3
ubuntu ubuntu_linux 5.04
kde kpdf 3.2
kde kdegraphics 3.4.3
tetex tetex 2.0
turbolinux turbolinux_server 10.0