Abyss

Abyss Web Server X1

An input validation vulnerability exists, which could allow a remote
malicious user to crash the target service. It is reported that a remote
user can submit an HTTP request for a URL containing a MS-DOS device name
(e.g., CON, PRN, AUX) in the 'cgi-bin' directory to cause the web service
to crash.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Akella

Age of Sail II 1.04.151 and prior versions

A buffer overflow vulnerability may permit a remote malicious user to
execute arbitrary code on the target system. A remote user can join a game
server and supply a specially crafted nickname to trigger a buffer
overflow.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Altiris

Altiris Carbon Copy Solution 6.0.5257

A vulnerability exists which can be exploited by local malicious users
to gain escalated privileges. The vulnerability is caused due to the
"CCW32.exe" process invoking the help functionality with SYSTEM
privileges. Certain prior versions reportedly also ran the Carbon Copy
Scheduler with SYSTEM privileges.

No workaround or patch available at time of publishing.

There is no exploit required.

Altiris

Altiris Deployment Server 5.x, 6.x; 6.1sp1 and prior versions

An authentication vulnerability was reported in the Altiris Deployment
Server which could allow a remote malicious user to obtain full control of
all target clients. The 'AClient.exe' client process does not authenticate
the Deployment Server when connecting.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Best Software

SalesLogix 6

Multiple vulnerabilities were reported in which a remote malicious user
can gain administrative access on the application. A remote malicious user
can inject SQL commands, determine the installation path, determine
passwords, and upload arbitrary files.

The vendor has issued a fix, available at: href="http://support.saleslogix.com/">http://support.saleslogix.com/

Proof of Concept exploit script has been
published.

SecurityTracker Alert ID, 1011769, October 18, 2004

SecurityFocus, October 18, 2004

Code-Crafters

Ability (Mail and FTP) Server 2.3.4

A buffer overflow vulnerability was reported in the Ability Server in
the FTP service which could allow a remote authenticated malicious user to
execute arbitrary code on the target system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

Secunia Advisory ID, SA12941, October 25, 2004

SecurityFocus, Bugtraq ID 11508, October 22, 2004

Distinct Web Creations

Dwc_Articles 1.6 and prior versions

A vulnerability was reported in Dwc_Articles in which a remote
malicious user can inject SQL commands. Nearly all of the scripts do not
properly validate user-supplied input.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

ElektroPost Stockholm AB

EPiServer

A vulnerability was reported in EPiServer in which a remote malicious
user may be able to view files on the target system, obtain sensitive
information, and cause Denial of Service conditions.

The vendor has reportedly issued a fix for sensitive information issue
in version 4.20. There is no solution for the other vulnerabilities at
this time.

A Proof of Concept exploit has been published.

FIL Security Laboratory

Twister Anti-TrojanVirus 5.5

A vulnerability exists that could permit a remote malicious user to
create a file that will not be detected by the application. A file or
directory name that contains certain character strings related to MS-DOS
device names (e.g., COM1, LPT1, AUX, CON, PRN) will not be scanned by the
anti-virus system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

H+BEDV

AntiVir DOS 6.28 .00.03, AntiVir Windows Server NT/2000/2003
6.28.01.03, AntiVir Windows Workstation 6.28 .00.01

A vulnerability exists that could permit a remote malicious user to
create a file that will not be detected by the application. A file or
directory name that contains certain character strings related to MS-DOS
device names (e.g., COM1, LPT1, AUX, CON, PRN) will not be scanned by the
anti-virus system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Hummingbird

Hummingbird Connectivity 7.1 and 9.0

Two vulnerabilities have been reported in which can be exploited to
gain escalated privileges or cause a Denial of Service. The Inetd32
administration tool makes it possible for malicious, local users to
configure services including changing the executables that are executed,
when a connection is received. A boundary error in the FTP service when
handling "XCWD" FTP commands can be exploited by malicious users to crash
the service by passing an overly long directory name.

The vendor has issued patches: href="http://connectivity.hummingbird.com/support/nc/request.html">http://connectivity.hummingbird.com/
support/nc/request.html

We are not aware of any exploits for this vulnerability.

LANDesk Software

LANDesk 8

A vulnerability exists that could allow a remote malicious user to
connect to the remote desktop port (port 3389) on a target system that is
being managed by LANDesk to cause the target system to crash and reboot.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Mavel d.o.o. Software Company

ShixxNote 6.net

A buffer overflow vulnerability exists that could permit a remote
malicious user to execute arbitrary code on the target system. It is
reported that a remote user can supply a specially crafted value for the
field that specifies the font.

No workaround or patch available at time of publishing.

Exploit script has been published.

SecurityTracker Alert ID, 1011672, October 14, 2004

PacketStorm, October 23, 2004

Microsoft

Internet Explorer 6

Two vulnerabilities exist in Internet Explorer, which can be exploited
by malicious users to compromise a user's system, link to local resources,
and bypass a security feature in Microsoft Windows XP SP2.The two
vulnerabilities in combination with actions in the ActiveX Data Object
(ADO) model can write arbitrary files can be exploited to compromise a
user's system.

Microsoft advises customers who have applied the latest Internet
Explorer update, MS04-038, to set the "Drag and Drop or copy and paste
files" option in the Internet and Intranet zone to "Disable" or "Prompt."
No patch is currently available.

A Proof of Concept exploit has been published.

Secunia Advisory ID: SA12889, October 20, 2004

US-CERT Vulnerability Note #630720, October 22, 2004

US-CERT Vulnerability Note #207264, October 19, 2004

Microsoft

Outlook

A vulnerability was reported in Microsoft Outlook. The e-mail client
may display images even when configured to view messages in plain
text.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition,
Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000
Server, Windows Server 2003 Datacenter Edition, Windows Server 2003
Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server
2003 Web Edition, Exchange 2000 Server, Exchange Server 2003

A remote code execution vulnerability exists within the Network News
Transfer Protocol (NNTP) component of the affected operating systems,
which could let a remote malicious user execute arbitrary code. This
vulnerability could potentially affect systems that do not use NNTP.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx

We are not aware of any exploits for this vulnerability.

Microsoft

Windows XP Explorer SP1

A vulnerability was reported in Microsoft Windows XP Explorer in the
processing of WAV files. A remote malicious user can create a WAV file
that, when loaded by the target user, will consume all available CPU
resources on the target system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows
2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows
XP Professional, Windows Server 2003 Datacenter Edition, Windows Server
2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows
Server 2003 Web Edition, Internet Information Services 5.0, Internet
Information Services 5.1, Internet Information Services 6.0;

Avaya
DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS)
1.1, (MSS) 2.0,
S3400 Message Application Server,
S8100 Media
Servers

A Denial of Service vulnerability exists that could allow a malicious
user to send a specially crafted WebDAV request to a server that is
running IIS and WebDAV. A malicious user could cause WebDAV to consume all
available memory and CPU time on an affected server. The IIS service would
have to be restarted to restore functionality.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx

An exploit script has been published.

Microsoft

Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise
Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web
Edition, Exchange Server 2003;

Avaya DefinityOne Media Servers,
IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0,
S3400
Message Application Server,
S8100 Media Servers

A remote code execution vulnerability exists in the Windows Server 2003
SMTP component because of the way that it handles Domain Name System (DNS)
lookups. A malicious user could exploit the vulnerability by causing the
server to process a particular DNS response that could potentially allow
remote code execution. The vulnerability also exists in the Microsoft
Exchange Server 2003 Routing Engine component when installed on Microsoft
Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack
4.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx

We are not aware of any exploits for this vulnerability.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition,
Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced
Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows
2000 Server, Windows XP Home Edition, Windows XP Professional, Windows
Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition,
Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition,
Windows 98, Windows 98 SE, Windows ME

Avaya DefinityOne Media Servers, IP600 Media Servers, Modular
Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server
Avaya
S8100 Media Servers

Multiple vulnerabilities are corrected with Microsoft Security Update
MS04-032. These vulnerabilities include: Window Management Vulnerability,
Virtual DOS Machine Vulnerability, Graphics Rendering Engine
Vulnerability, Windows Kernel Vulnerability. These vulnerabilities could
permit elevation of privilege, remote code execution, and Denial of
Service.

A vulnerability exists in the Windows SetWindowLong and
SetWindowLongPtr API function calls. In some cases this can be exploited
to gain execution control.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx">http://www.microsoft.com/technet/
security/bulletin/MS04-032.mspx

Avaya: Customers are advised to follow Microsoft's guidance for
applying patches. Advisories are located at the following locations:

href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?
temp.groupID=128450&temp.selectedFamily=
128451&temp.selectedProduct=154235&temp.selectedBucket=
126655&temp.feedbackState=askForFeedback&temp.documentID=
203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()

href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID
=128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()

Exploit script has been published.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise
Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000
Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server,
Windows 2000 Professional, Windows XP Home Edition, Windows XP
Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003
Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003
Datacenter Edition, Windows 98, Windows 98 SE, Windows ME

A Shell vulnerability and Program Group vulnerability exists in
Microsoft Windows. These vulnerabilities could allow remote code
execution.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx

Bulletin updated to reduce the scope of a documented workaround
to only support Windows XP, Windows XP Service Pack 1, and Windows Server
2003.

We are not aware of any exploits for these vulnerabilities.

Microsoft

Windows XP Home Edition, XP Professional, Windows Server 2003
Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server
2003 Standard Edition, Windows Server 2003 Web Edition

Avaya DefinityOne Media Servers; IP600 Media Servers; Modular
Messaging (MSS) 1.1, 2.0; S3400 Message Application Server; S8100 Media
Servers

A remote code execution vulnerability exists in Compressed (zipped)
Folders because of an unchecked buffer in the way that it handles
specially crafted compressed files. A malicious user could exploit the
vulnerability by constructing a malicious compressed file that could
potentially allow remote code execution if a user visited a malicious web
site.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx">http://www.microsoft.com/technet/
security/bulletin/MS04-034.mspx

We are not aware of any exploits for this vulnerability.

Avaya customers are advised to follow Microsoft's guidance for
applying patches. Please see the referenced Avaya advisory at the
following location for further details:

href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID=
128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()

Mozilla.org

Mozilla Firefox

When attempting to render a large binary file as HTML, the browser will
consume all available memory on the target system and hang. Files larger
than 5 MB will trigger the flaw. A remote user can cause a Denial of
Service.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Multiple Browser Vendors

Maxthon (MyIE2) 1.1.039

Avant Browser 9.02 build 101 and 10.0 build 029

stilesoft Netcaptor 7.5.2

Flashpeak Slim Browser 4.x

Two vulnerabilities exist which can be exploited by malicious web sites
to obtain sensitive information and spoof dialog boxes. Inactive tabs can
launch dialog boxes so they appear to be displayed by a web site in
another tab and inactive tabs can gain focus from form fields on web sites
in another tab. Successful exploitation would normally require that a user
is tricked into opening a link from a malicious web site to a trusted web
site in a new tab.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Secunia Advisory ID: SA12731, October 20, 2004

Secunia Advisory ID: SA12717, October 20, 2004

Secunia Advisory ID: SA12966, October 25, 2004

Secunia Advisory ID: SA12983, October 26, 2004

Multiple Vendors

Altnet ADM;
Grokster Grokster 1.3, 1.3.3, 2.6; KaZaA KaZaA Media
Desktop 1.3-1.3.2, 1.6.1, 2.0, 2.0.2, 2.6.4

A buffer overflow vulnerability exists in Altnet Download Manager in
the 'IsValidFile()' method, which could let a remote malicious user
execute arbitrary code.

Upgrade available at: href="http://www.altnet.com/install/upgrade.asp">http://www.altnet.com/install/upgrade.asp

A Proof of Concept exploit has been published.

SecurityFocus, September 3, 2004

SecurityFocus, October 22, 2004

Nortel

Nortel Contivity Multi-OS VPN Client 4.91

A vulnerability exists in Nortel Contivity VPN Client, potentially
allowing malicious users to open a VPN tunnel to the client. When the
Contivity VPN Client establishes a connection to a gateway, the gateway
certificate isn't checked before the user answers a dialog box. While the
dialog box is displayed to the user, the VPN tunnel remains open allowing
the gateway network access to the client system.

There is no solution at this time. Reportedly, this will be fixed in
version 5.1.

We are not aware of any exploits for this vulnerability.

Novell

Novell ZENworks for Desktops 4.0.1

A vulnerability has been reported in Novell ZENworks for Desktops,
which can be exploited by malicious, local users to gain escalated
privileges. The vulnerability is caused due to the Remote Management Agent
invoking the ZENworks Remote Control Help functionality with SYSTEM
privileges. This can be exploited to execute arbitrary programs with
escalated privileges.

The vulnerability has been fixed in version 4 SP1b/4.0.1
Interim
Release 5: href="http://support.novell.com/servlet/filedownload/sec/pub/zfd401_ir5.exe">http://support.novell.com/servlet/
filedownload/sec/pub/zfd401_ir5.exe

We are not aware of any exploits for this vulnerability.

Proland Software

Protector Plus

A vulnerability exists that could permit a remote malicious user to
create a file that will not be detected by the application. A file or
directory name that contains certain character strings related to MS-DOS
device names (e.g., COM1, LPT1, AUX, CON, PRN) will not be scanned by the
anti-virus system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Vypress

Vypress Tonecast version 1.3 and prior

A vulnerability exists due to the software not properly processing
malformed media streams. A remote malicious user can send specially
crafted data to a target system or to all systems on a subnet to cause the
application to crash.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

XPA Systems

pGina 1.7.6

Solution: The administrator should disable the shutdown and restart
options via the pGina configuration utility.

A Proof of Concept exploit has been published.

Aladdin Enterprises

Ghostscript 4.3, 4.3.2, 5.10 cl, 5.10.10 -1 mdk, 5.10.10 -1, 5.10.10
mdk, 5.10.10, 5.10.12 cl, 5.10.15, 5.10.16, 5.50, 5.50.8 _7, 5.50.8, 6.51,
6.52, 6.53, 7.0 4-7.07

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-18.xml">http://security.gentoo.org/glsa/glsa-200410-18.xml

here is no exploit code required.

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200410-18, October 20,
2004

Apache Software Foundation

Apache 2.0.35-2.0.52

A vulnerability exists when the 'SSLCipherSuite' directive is used in a
directory or location context to require a restricted set of cipher
suites, which could let a remote malicious user bypass security policies
and obtain sensitive information.

OpenPKG: href="ftp://ftp.openpkg.org/release/">ftp://ftp.openpkg.org/release/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-21.xml">http://security.gentoo.org/glsa/glsa-200410-21.xml

Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/

There is no exploit code required.

OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004

Gentoo Linux Security Advisory, GLSA 200410-21, October 22,
2004

Slackware Security Advisory, SSA:2004-299-01, October 26, 2004

Apache Software Foundation

Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11,
1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31

A buffer overflow vulnerability exists in the 'get_tag()' function,
which could let a malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Exploit scripts have been published.

Apple

Safari 1.2.3

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit
has been published.

Concurrent Versions Systems (CVS) 1.11

A vulnerability exists in Concurrent Versions System (CVS) in which a
malicious user can exploit to determine the existence and permissions of
arbitrary files and directories. The problem is caused due to an
undocumented switch to the "history" command implemented in
"src/history.c". Using the "-X" switch and supplying an arbitrary
filename, CVS will try to access the specified file and returns various
information depending on whether the file exists and can be accessed.

Upgrade to version 1.11.17 or 1.12.9 available at: href="https://www.cvshome.org/">
https://www.cvshome.org/

FreeBSD: href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/
SA-04:14/cvs.patch

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

A Proof of Concept exploit has been published.

iDEFENSE Security Advisory 08.16.04

FreeBSD Security Advisory, FreeBSD-SA-04:14, September 20, 2004

Fedora Legacy Update Advisory, FLSA:1735, October 7, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004, October 20,
2004

cPanel, Inc.

cPanel 9.4.1-RELEASE-64; 9.9.1-RELEASE-3

The vendor has released fixes dealing with this issue. Users
are advised to update to the latest Edge or Current version of cPanel.
This update can be uploaded from WHM under 'Update to Latest Version' if
the update preferences are set to 'Edge' or 'Current'.

Proofs of Concept exploits have been published.

SecurityTracker Alert ID, 1011762, October 18, 2004

SecurityFocus, October 20, 2004

cPanel, Inc.

cPanel 9.4.1-STABLE 65

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

dadaIMC

dadaimc 0.95-0.98.2

No workaround or patch available at time of
publishing.

There is no exploit code required.

Debian

telnetd 0.17 -25, 0.17 -18

Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet/">http://security.debian.org/pool/updates/main/n/netkit-telnet/

Debian: href="http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl">http://security.debian.org/pool/updates/main
/n/netkit-telnet-ssl

We are not aware of any exploits for this vulnerability.

Debian Security Advisory, DSA 556-1, October 3, 2004

Debian Security Advisory DSA 569-1, October 18, 2004

Gaim

  Gentoo

Multiple vulnerabilities were reported in Gaim in the
processing of the MSN protocol. A remote user may be able to execute
arbitrary code on the target system. Several remotely exploitable buffer
overflows were reported in the MSN protocol parsing functions.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-12.xml">http://security.gentoo.org/glsa/glsa-200408-12.xml

SuSE: href="http://www.suse.de/de/security/2004_25_gaim.html">http://www.suse.de/de/security/2004_25_gaim.html

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Rob Flynn:
href="http://sourceforge.net/project/showfiles.php?group_id=235&package_id=253&release_id=263425 ">http://sourceforge.net/project/showfiles.php?group_id=
235&package_id=253&release_id=263425

Slackware:
href="ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-0.82-i486-1.tgz">ftp://ftp.slackware.com/pub/slackware/slackware-9.1/
patches/packages/gaim-0.82-i486-1.tgz

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

We are not aware of any exploits for this
vulnerability.

Gaim Buffer Overflows in Processing MSN
Protocol

CVE Name:
href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-0500">CAN-2004-0500

SecurityTracker, 1010872, August 5, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:081,
August 13, 2004

Slackware Security Advisory, SSA:2004-239-01, August
26, 2004

Fedora Legacy Update Advisory, FLSA:1237,
October 16, 2004

Gerhard Rieger

socat 1.0 .x, 1.1 .x, 1.2 .x, 1.3 .x, 1.4 .0.2, 1.4 .0.1, 1.4
.0.0

Socat:
href="http://www.dest-unreach.org/socat/download/socat-1.4.0.3.tar.gz">http://www.dest-unreach.org/socat/download/socat-1.4.0.3.tar.gz

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-26.xml">http://security.gentoo.org/glsa/glsa-200410-26.xml

An exploit script has been published.

socat Security Advisory 1, October 22,2 004

Gentoo Linux Security Advisory, GLSA 200410-26, October 25, 2004

GNU

glibc 2.0-2.0.6, 2.1, 2.1.1 -6, 2.1.1, 2.1.2, 2.1.3 -10, 2.1.3, 2.1.9
& greater, 2.2-2.2.5, 2.3-2.3.4, 2.3.10

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-19.xml">http://security.gentoo.org/glsa/glsa-200410-19.xml

There is no exploit code required.

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200410-19, October 21,
2004

Heiko Stamer

OpenSkat 1.1-1.9

Several security issues related to the non-interactive zero knowledge
protocols exist. The impact was not specified.

Upgrades available at:
href="http://freshmeat.net/redir/openskat/36295/url_tgz/openSkat-2.0.tar.gz ">http://freshmeat.net/redir/openskat/36295/url_tgz/openSkat-2.0.tar.gz

We are not aware of any exploits for this vulnerability.

Hewlett Packard Company

Cluster Object Manager B.03.00.01, B.03.00.00, B.02.02.02, B.02.02.00,
B.02.01.02, B.01.04, A.01.03, Serviceguard A.11.16.00, A.11.15.00,
A.11.14, A.11.13, Serviceguard for Linux A.11.15.04, A.11.14.04

A vulnerability exists which could let a remote malicious user obtain
root privileges.

Patches available at: href=" http://itrc.hp.com">http://itrc.hp.com

We are not aware of any exploits for this vulnerability.

Hewlett Packard Company

HP-UX B.11.23, B.11.22, B.11.11, B.11.00

A vulnerability exists in 'stmkfont' due to the way paths to external
executables are handled, which could let a malicious user execute
arbitrary code.

Patches available at: href="http://itrc.hp.com/">http://itrc.hp.com/

There is no exploit code required.

Hewlett Packard Company

Tru64 4.0 G PK4, 4.0 F PK8, 5.1 B-2 PK4 (BL25),
4 5.1 B-1 PK3
(BL24), 5.1 A PK6

A file permissions and a buffer overflow vulnerability exists in the X
Window System, which could let a malicious user obtain elevated
privileges.

Patches available at:
href="http://www.itrc.hp.com/service/patch/ ">http://www.itrc.hp.com/service/patch/

We are not aware of any exploits for this vulnerability.

KDE.org

Konqueror 3.2.2 -6

A cross-domain dialog vulnerability exists because inactive tabs can
launch dialog boxes so they appear to be displayed by a web site in
another tab, which could let a remote malicious user spoof an interface of
a trusted web site.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit
has been published.

libtiff.org

LibTIFF 3.6.1

Debian:
href="http://security.debian.org/pool/updates/main/t/tiff/">http://security.debian.org/pool/updates/main/t/tiff/

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200410-11.xml">http://security.gentoo.org/glsa/glsa-200410-11.xml

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/
linux/core/updates/2/

OpenPKG:
href="ftp://ftp.openpkg.org/release/">ftp://ftp.openpkg.org/release/

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-577.html">http://rhn.redhat.com/errata/RHSA-2004-577.html

Proofs of Concept exploits have been published.

Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004

Fedora Update Notification,
FEDORA-2004-334, October 14, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004

Debian Security Advisory, DSA 567-1, October 15, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15,
2004

Mandrakelinux Security Update Advisory, MDKSA-2004:109 &
MDKSA-2004:111, October 20 & 21, 2004

SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004

RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004

mpg123.de

mpg123 pre0.59s, 0.59r

A buffer overflow vulnerability exists in the 'getauthfromURL()'
function due to a boundary error, which could let a remote malicious user
execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Multiple Vendors

FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG
Current, 2.0, 2.1;
zlib 1.2.1

A remote Denial of Service vulnerability during the decompression
process due to a failure to handle malformed input.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-26.xml">http://security.gentoo.org/glsa/glsa-200408-26.xml

FileZilla: href="http://sourceforge.net/project/showfiles.php?group_id=21558">http://sourceforge.net/project/showfiles.
php?group_id=21558

OpenBSD:
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch">ftp://ftp.openbsd.org/pub/OpenBSD/patches/
3.5/common/017_libz.patch

OpenPKG: ftp ftp.openpkg.org

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/ ">ftp://ftp.trustix.org/pub/trustix/updates/

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

SCO: href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17">ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17

We are not aware of any exploits for this vulnerability.

SecurityFocus, August 25, 2004

SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8,
2004

Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004

US-CERT Vulnerability Note VU#238678, October 1, 2004

SCO Security Advisory, SCOSA-2004.17, October 19, 2004

Multiple Vendors

Gaim version 0.75 & prior

Multiple buffer overflow vulnerabilities exist due to boundary errors
in the YMSG protocol handler, the oscar protocol handler, various utility
functions, and the HTTP proxy connection handling, which could let a
remote malicious user execute arbitrary code.

Upgrade available at:
href="http://prdownloads.sourceforge.net/ultramagnetic/ultramagnetic-0.81.tar.bz2?download">http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81.tar.bz2?download

Debian:
href="http://security.debian.org/pool/updates/main/g/gaim/">http://security.debian.org/pool/updates/main/g/gaim/

Mandrake: href="http://www.mandrakesecure.net/en/advisories/">http://www.mandrakesecure.net/en/advisories/

RedHat: href="ftp://updates.redhat.com/">ftp://updates.redhat.com/

Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/

SuSE: href="ftp://ftp.suse.com/pub/suse/i386/update/">ftp://ftp.suse.com/pub/suse/i386/update/

Conectiva: href="ftp://atualizacoes.cbronectiva.com./">ftp://atualizacoes.cbronectiva.com./

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

SGI:
href="ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/">ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

We are not aware of any exploits for this vulnerability.

Red Hat Security Advisory, RHSA-2004:032-01, January 26, 2004

Slackware Security Advisory, SSA:2004-026-01, January 27, 2004

SuSE Security Announcement, SuSE-SA:2004:004, January 29, 2004

Mandrake Linux Security Update Advisory, MDKSA-2004:006-1, January 30,
2004

Debian Security Advisory, DSA 434-1, February 5, 2004

Conectiva Linux Security Announcement, CLA-2004:813, February 10,
2004

SGI Security Advisory, 20040201-01-U, February 11, 1004

Fedora Update Notification, FEDORA-2004-070, February 16, 2004

US-CERT Vulnerability Notes, VU#197142, VU#779614, VU#444158,
VU#871838, VU#527142, VU#297198, VU#371382, VU#503030, VU#190366,
VU#226974,
VU#655974, VU#404470, May 2004

Fedora Legacy Update Advisory, FLSA:1237, October 16, 2004

Multiple Vendors

Apple Mac OS X 10.2-10.2.8, 10.3 -10.3.5, OS X Server 10.2-10.2.8, 10.3
-10.3.5; Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1,
1.1.4-5,
1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.21

A vulnerability exists in 'error_log' when certain methods of remote
printing are carried out by an authenticated malicious user, which could
disclose user passwords.

Update available at: href="http://www.cups.org/software.php">http://www.cups.org/software.php

Apple:

href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04829&platform=osx&method=sa/SecUpd2004-09-30Jag.dmg ">http://wsidecar.apple.com/cgi-bin/nph-
reg3rdpty1.pl/product=04829&platform=osx&
method=sa/SecUpd2004-09-30Jag.dmg


href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04830&platform=osx&method=sa/SecUpd2004-09-30Pan.dmg ">http://wsidecar.apple.com/cgi-bin/nph-
reg3rdpty1.pl/product=04830&platform=osx&
method=sa/SecUpd2004-09-30Pan.dmg

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"
target=_blank>http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-06.xml">http://security.gentoo.org/glsa/glsa-200410-06.xml

Debian: href="http://security.debian.org/pool/updates/main/c/cupsys/">http://security.debian.org/pool/updates/main/c/cupsys/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-543.html">http://rhn.redhat.com/errata/RHSA-2004-543.html

There is no exploit code required.

Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004

Fedora Update Notification,
FEDORA-2004-331, October 5, 2004

Gentoo Linux Security Advisory, GLSA 200410-06, October 9, 2004

Debian Security Advisory, DSA 566-1, October 14, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:116, October
21, 2004

RedHat Security Advisory, RHSA-2004:543-15, October 22, 2004

Multiple Vendors

Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32,
hppa, arm, alpha;
Ecartis Ecartis 0.129 a, 1.0 .0 snapshot 20030417,
20030416, 20030404, 20030318, 20030312, 20030309, 20030303, 20030227,
20021013, 20020514, 20020427, 20020125, 20020121

A vulnerability exists in 'src/modules/lsg2/lsg2-main.c,' which could
let a remote malicious user obtain administrator privileges and modify
list settings.

Debian: href="http://security.debian.org/pool/updates/main/e/ecartis/">http://security.debian.org/pool/updates/main/e/ecartis/

We are not aware of any exploits for this vulnerability.

Ecartis Remote Administrator Privileges

CVE Name:
href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-0913">CAN-2004-0913

Multiple Vendors

Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32,
hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1,
1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;

Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1,
kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32,
Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0

Debian:
href="http://security.debian.org/pool/updates/main/c/cupsys/ ">http://security.debian.org/pool/updates/main/c/cupsys/

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ ">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-20.xml">http://security.gentoo.org/glsa/glsa-200410-20.xml

KDE:
href="ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.1-kdegraphics.diff ">ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.1-kdegraphics.diff

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/">http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/

We are not aware of any exploits for this vulnerability.

Multiple Vendors

Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32,
hppa, arm, alpha; libpng libpng 1.0, 1.0.5-1.0.17, ibpng3 1.2 .0-1.2.6;
SuSE Linux 9.; Ubuntu ubuntu 4.1 ppc, 4.1 ia64, 4.1 ia32

Debian:
href="http://security.debian.org/pool/updates/main/libp/libpng/">http://security.debian.org/pool/updates/main/libp/libpng/

SuSE:
href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/">http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/

We are not aware of any exploits for this vulnerability.

Debian Security Advisories, DSA 570-1 & 571-1, October 20, 2004

SuSE Security Announcement, SUSE-SA:2004:037, October 20, 2004

Ubuntu Security Notice 1-1, October 22, 2004

lmlib: href="http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/">http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/

ImageMagick: href="http://www.imagemagick.org/www/download.html ">http://www.imagemagick.org/www/download.html

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-12.xml">http://security.gentoo.org/glsa/glsa-200409-12.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/

Debian: href="http://security.debian.org/pool/updates/main/i/imagemagick/">http://security.debian.org/pool/updates/main/i/imagemagick/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-465.html">http://rhn.redhat.com/errata/RHSA-2004-465.html

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

TurboLinux: href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/">ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1&searchclause=">http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57648-1&searchclause=

href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1&searchclause=">http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57645-1&searchclause=

TurboLinux: href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-480.html">http://rhn.redhat.com/errata/RHSA-2004-480.html

We are not aware of any exploits for this vulnerability.

IMLib/IMLib2 Multiple BMP Image
Decoding Buffer
Overflows

CVE Names:
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817">CAN-2004-0817
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0802">CAN-2004-0802

SecurityFocus, September 1, 2004

Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8,
2004

Fedora Update Notifications,
FEDORA-2004-300 &301, September 9,
2004

Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004

RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004

Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004

Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004

Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004

Turbolinux Security Announcement, October 5, 2004

RedHat Security Update, RHSA-2004:480-05, October 20, 2004

Multiple Vendors

FreeBSD 4.8-4.10, 5.1, 5.2, 5.2.1-RELEASE;
Thomas Graf bmon 1.2.1

A vulnerability exists in bmon, which could let a malicious user
execute arbitrary code.

FreeBSD has updated their port system to remove the setuid bit from the
bmon package. Users of affected packages should upgrade to version 1.2.1_2
or greater of the port.

A Proof of Concept exploit script has been published.

Multiple Vendors

Gentoo Linux 1.4;
RedHat Advanced Workstation for the Itanium
Processor 2.1 IA64, 2.1, Desktop 3.0, t Enterprise Linux WS 3, WS 2.1
IA64, WS 2.1, ES 3, 2.1 IA64, 2.1, AS 3, AS 2.1 IA64, AS 2.1'
Trolltech
Qt 3.0, 3.0.5, 3.1, 3.1.1, 3.1.2, 3.2.1, 3.2.3, 3.3 .0, 3.3.1, 3.3.2;
Avaya Intuity LX, MN100, Modular Messaging (MSS) 1.1,
2.0

Multiple vulnerabilities exist: a buffer overflow vulnerability exists
in the 'read_dib()' function when handling 8-bit RLE encoded BMP files,
which could let a malicious user execute arbitrary code; and buffer
overflow vulnerabilities exist in the in the XPM, GIF, and JPEG image file
handlers, which could let a remote malicious user execute arbitrary code.

Debian: href="http://security.debian.org/pool/updates/main/q/qt-copy/ ">http://security.debian.org/pool/updates/main/q/qt-copy/

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-20.xml">http://security.gentoo.org/glsa/glsa-200408-20.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Slackware: href="ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz">ftp://ftp.slackware.com/pub/slackware/
slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz

SuSE: href="ftp://ftp.suse.com/pub/suse/i386/update">ftp://ftp.suse.com/pub/suse/i386/update

Trolltech Upgrade: href="http://www.trolltech.com/download/index.html">http://www.trolltech.com/download/index.html

TurboLinux: href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/ ">ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57637-1&searchclause=security">http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57637-1&searchclause=security

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-478.html">http://rhn.redhat.com/errata/RHSA-2004-478.html
href="http://rhn.redhat.com/errata/RHSA-2004-479.html">http://rhn.redhat.com/errata/RHSA-2004-479.html href="http://rhn.redhat.com/errata/RHSA-2004-478.html">

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Avaya: href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203389&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple
?temp.groupID=128450&temp.selectedFamily=128451
&temp.selectedProduct=154235&temp.selectedBucket
=126655&temp.feedbackState=askForFeedback&temp.
documentID=203389&
PAGE=avaya.css.CSSLvl1Detail
&executeTransaction=avaya.css.UsageUpdate()

Proof of Concept exploit has been published.

Secunia Advisory, SA12325, August 10, 2004

Sun Alert ID: 57637, September 3, 2004

Conectiva Linux Security Announcement, CLA-2004:866, September 22, 2004

RedHat Security Advisories, RHSA-2004:478-13 & RHSA-2004:479-05,
October 4 & 6, 2004

SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004

SecurityFocus, October 18, 2004

Multiple Vendors

Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78,
0.82, 0.82.1, 1.0, 1.0.1; Slackware Linux -current, 9.0, 9.1, 10.0

A buffer overflow vulnerability exists in the processing of MSNSLP
messages due to insufficient verification, which could let a remote
malicious user execute arbitrary code.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-23.xml">http://security.gentoo.org/glsa/glsa-200410-23.xml

Rob Flynn:
href="http://prdownloads.sourceforge.net/gaim/gaim-1.0.2.tar.gz?download">http://prdownloads.sourceforge.net/gaim/gaim-1.0.2.tar.gz?download

RedHat: href=" ftp://updates.redhat.com">ftp://updates.redhat.com

Slackware:
href="ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-1.0.2-i486-1.tgz ">ftp://ftp.slackware.com/pub/slackware/slackware-10.0/
patches/packages/gaim-1.0.2-i486-1.tgz

We are not aware of any exploits for this vulnerability.

Gentoo Linux Security Advisory, GLSA 200410-23, October 25, 2004

RedHat Security Advisory, RHSA-2004:604-01, October 20, 2004

Slackware Security Advisory, SSA:2004-296-01, October 22, 2004

Multiple Vendors

GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64,
ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+
2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2,
amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium
Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS
2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat
Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop
1.0, Enterprise Server 9, 8

Multiple vulnerabilities exist: a vulnerability exists when decoding
BMP images, which could let a remote malicious user cause a Denial of
Service; a vulnerability exists when decoding XPM images, which could let
a remote malicious user cause a Denial of Service or execute arbitrary
code; and a vulnerability exists when attempting to decode ICO images,
which could let a remote malicious user cause a Denial of Service.

Debian:
href="http://security.debian.org/pool/updates/main/g/gdk-pixbuf/">http://security.debian.org/pool/updates/main/g/gdk-pixbuf/

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

RedHat: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/

SuSE: href=" ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200409-28.xml">http://security.gentoo.org/glsa/glsa-200409-28.xml

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

We are not aware of any exploits for this vulnerability.

SecurityTracker Alert ID, 1011285, September 17, 2004

Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004

US-CERT Vulnerability Notes VU#577654, VU#369358, VU#729894, VU#825374,
October 1, 2004

Conectiva Linux Security Announcement, CLA-2004:875, October
18, 2004

Multiple Vendors

Linux kernel 2.6 -test1-test11, 2.6-l 2.6.8; SuSE Linux 9.1

Update available at: href=" http://kernel.org/">http://kernel.org/

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

We are not aware of any exploits for this vulnerability.

Multiple Vendors

Linux kernel kernel 2.2- 2.2.25, 2.4 .0-test1-test11, 2.4-2.4.27, 2.6
-2.6.8

Two vulnerabilities exist: a vulnerability exists in the terminal
subsystem due to a race condition, which could let a malicious user cause
a Denial of Service or obtain sensitive information; and a vulnerability
exists in the PPP dial-up-port due to a race conditions, which could let a
malicious user cause a Denial of Service.

Upgrades available at:
href="http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.9.tar.bz2 ">http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.9.tar.bz2

We are not aware of any exploits for this vulnerability.

Multiple Vendors

Luke Mewburn lukemftp 1.5, TNFTPD 20031217; NetBSD Current, 1.3-1.3.3,
1.4 x86, 1.4, SPARC, arm32, Alpha, 1.4.1 x86, 1.4.1, SPARC, sh3, arm32,
Alpha, 1.4.2 x86, 1,4.2, SPARC, arm32, Alpha, 1.4.3, 1.5 x86, 1.5, sh3,
1.5.1-1.5.3, 1.6, beta, 1.6-1.6.2, 2.0

Luke Mewburn Upgrade:
href="ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftpd-20040810.tar.gz ">ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftpd-20040810.tar.gz

Apple: href="http://wsidecar.apple.com/cgi-bin/ ">http://wsidecar.apple.com/cgi-bin/

Debian: href="http://security.debian.org/pool/updates/main/l/lukemftpd/">http://security.debian.org/pool/updates/main/l/lukemftpd/

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200409-19.xml">http://security.gentoo.org/glsa/glsa-200409-19.xml

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57655-1&searchclause=">http://sunsolve.sun.com/search/document.do
?assetkey=1-26-57655-1&searchclause=

We are not aware of any exploits for this vulnerability.

NetBSD Security Advisory 2004-009, August 17, 2004

Apple Security Update, APPLE-SA-2004-09-07, September 7, 2004

Debian Security Advisory DSA 551-1, September 21, 2004

Gentoo Linux Security Advisory, GLSA 200409-19, September 16, 2004

Sun(sm) Alert Notification, 57655, October 15, 2004

Multiple Vendors

OpenBSD 3.4, 3.5; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux
Enterprise Server 9, 8;
X.org X11R6 6.7.0, 6.8;
XFree86 X11R6
3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0,
4.2.1, Errata, 4.3.0; Avaya Intuity LX, MN100, Modular Messaging
(MSS) 1.1, 2.0

Multiple vulnerabilities exist: a stack overflow vulnerability exists
in 'xpmParseColors()' in 'parse.c' when a specially crafted XPMv1 and
XPMv2/3 file is submitted, which could let a remote malicious user execute
arbitrary code; a stack overflow vulnerability exists in the
'ParseAndPutPixels()' function in -create.c' when reading pixel values,
which could let a remote malicious user execute arbitrary code; and an
integer overflow vulnerability exists in the colorTable allocation in
'xpmParseColors()' in 'parse.c,' which could let a remote malicious user
execute arbitrary code.

Debian: href="http://security.debian.org/pool/updates/main/i/imlib/">http://security.debian.org/pool/updates/main/i/imlib/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php"
target=_blank>http://www.mandrakesecure.net/en/ftp.php

OpenBSD:
href="ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/">ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

X.org: http://x.org/X11R6.8.1/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-34.xml">http://security.gentoo.org/glsa/glsa-200409-34.xml

IBM: href="http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp">http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-478.html">http://rhn.redhat.com/errata/RHSA-2004-478.html

Avaya: href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203389&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?
temp.groupID=128450&temp.selectedFamily=128451
&temp.selectedProduct=154235&temp.selectedBucket
=126655&temp.feedbackState=askForFeedback&temp.
documentID=203389&
PAGE=avaya.css.CSSLvl1Detail
&executeTransaction=avaya.css.UsageUpdate()

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57652-1&searchclause=">http://sunsolve.sun.com/search/document.do
?assetkey=1-26-57652-1&searchclause=

Proofs of Concept exploits have been published.

X.Org Foundation Security Advisory, September 16, 2004

US-CERT Vulnerability Notes, VU#537878 & VU#882750, September 30,
2004

SecurityFocus, October 4, 2004

SecurityFocus, October 18, 2004

Sun(sm) Alert Notification, 5765, October 18, 2004

MySQL AB

MySQL 3.23.49, 4.0.20

A vulnerability exists in the 'mysqlhotcopy' script due to predictable
files names of temporary files, which could let a malicious user obtain
elevated privileges.

Debian: href="http://security.debian.org/pool/updates/main/m/">http://security.debian.org/pool/updates/main/m/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-02.xml">http://security.gentoo.org/glsa/glsa-200409-02.xml

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-569.html">http://rhn.redhat.com/errata/RHSA-2004-569.html

There is no exploit code required.

Debian Security Advisory, DSA 540-1, August 18, 2004

Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004

SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004

RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004

Netbilling, Inc.

nbmember.cgi

A vulnerability exists in the 'nbmember.cgi' script, which could let a
remote malicious user obtain sensitive information.

No workaround or patch available at time of
publishing.

There is no exploit code required; however, a Proof of Concept exploit
script has been published.

OpenOffice

OpenOffice 1.1.2,
Sun StarOffice 7.0

A vulnerability exists in the '/tmp' folder due to insecure
permissions, which could let a malicious user obtain sensitive
information.

Upgrades available at: href="http://sunsolve.sun.com/search/">http://sunsolve.sun.com/search/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-446.html">http://rhn.redhat.com/errata/RHSA-2004-446.html

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-17.xml">http://security.gentoo.org/glsa/glsa-200410-17.xml

There is no exploit code required.

Secunia Advisory, SA12302, September 13, 2004

RedHat Security Bulletin, RHSA-2004:446-08, September 15, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:103, September 28,
2004

Gentoo Linux Security Advisory, GLSA 200410-17, October 20,
2004

PostgreSQL

PostgreSQL 7.4.5

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-16.xml">http://security.gentoo.org/glsa/glsa-200410-16.xml

There is no exploit code required.

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200410-16, October 18,
2004

ProFTPd.net

ProFTPd 1.2.8, 1.2.10; possibly other versions

A vulnerability exists due to a time delay difference in the
login
process for existing and non-existing usernames, which could let
a remote malicious user obtain sensitive information.

No workaround or patch available at time of
publishing.

Another Proof of Concept exploit script has been published.

LSS Security Team Advisory, October 14, 2004

PacketStorm, October 26, 2004

Rob Flynn

Gaim 0.50-0.75, 0.82, 0.82.1, 1.0, 1.0.1

Upgrades available at:
href="http://prdownloads.sourceforge.net/gaim/gaim-1.0.2.tar.gz?download">http://prdownloads.sourceforge.net/gaim/gaim-1.0.2.tar.gz?download

There is no exploit code required.

Rob Flynn

Gaim 0.10 x, 0.10.3, 0.50-0.75

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-27.xml">http://security.gentoo.org/glsa/glsa-200408-27.xml

Rob Flynn:
href="http://sourceforge.net/project/showfiles.php?group_id=235&package_id=253&release_id=263425">http://sourceforge.net/project/showfiles.php?
group_id=235&package_id=253&release_id=263425

Slackware: href="ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.82-i486-1.tgz ">ftp://ftp.slackware.com/pub/slackware/slackware-10.0/
patches/packages/gaim-0.82-i486-1.tgz

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

We are not aware of any exploits for this vulnerability.

SecurityFocus, August 26, 2004

Fedora Legacy Update Advisory, FLSA:1237, October 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:110, October
21, 2004

rssh

rssh 2.2.1 & prior

A vulnerability exists in 'log.c' due to a format string error, which
could let a remote malicious user execute arbitrary code.

Update available at: href=" http://www.pizzashack.org/rssh/downloads.shtml">http://www.pizzashack.org/rssh/downloads.shtml

We are not aware of any exploits for this vulnerability.

SCO OpenServer 5.x

Updates available at: href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7/">ftp://ftp.sco.com/pub/updates/OpenServer/
SCOSA-2004.7/

An exploit script has been published.

Deprotect Security Advisory 20040206, July 2, 2004

PacketStorm October 26, 2004

Speedtouch

USB Driver 1.0, 1.1, 1.2 , beta1-beta3, 1.3

Upgrades available at:
href="http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734">http://sourceforge.net/project/showfiles.php?group
_id=32758&package_id=28264&release_id=271734

We are not aware of any exploits for this vulnerability.

splitbrain.org

DokuWiki 2004-09-30, 2004-09-25, 2004-09-12, 2004-08-22, 2004-08-15a,
2004-08-15, 2004-08-08, 2004-07-25, 2004-07-21

A vulnerability exists due to improper enforcement of the the access
control list, which could let a remote malicious user access some
functions without authorization. Affected functions include recent
changes, feed, search, and mediaselectiondialog.

Updates available at:
href="http://freshmeat.net/redir/dokuwiki/51558/url_tgz/dokuwiki-2004-10-19.tgz ">http://freshmeat.net/redir/dokuwiki/51558/url_tgz/dokuwiki-2004-10-19.tgz

There is no exploit code required.

Squid-cache.org

Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support

A remote Denial of Service vulnerability exists in the
'asn_parse_header()' function in 'snmplib/asn1.c' due to an input
validation error when handling certain negative length fields.

Updates available at: href=" http://www.squid-cache.org/">http://www.squid-cache.org/

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-15.xml">http://security.gentoo.org/glsa/glsa-200410-15.xml

Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-591.html">http://rhn.redhat.com/errata/RHSA-2004-591.html

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

We are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory, October 11, 2004

Fedora Update Notification,
FEDORA-2004-338, October 13, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15,
2004

Gentoo Linux Security Advisory, GLSA 200410-15, October 18, 2004

RedHat Security Advisory, RHSA-2004:591-04, October 20, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:112, October
21, 2004

Sun Microsystems, Inc.

Solaris 8.0, 8.0 _x86, 9.0, 9.0 _x86

A vulnerability exists in 'ldap(1)' when used with Role Based Access
Control (RBAC), which could let a malicious user execute arbitrary
commands with root privileges.

Update available at: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57657-1">http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57657-1

We are not aware of any exploits for this vulnerability.

SuSE

Linux Enterprise Server for S/390, 9.0

Upgrade available at: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

We are not aware of any exploits for this vulnerability.

SuSE

LibTIFF LibTIFF 3.6.1;
SuSE. Linux 8.1, 8.2, 9.0, 9.1Linux Desktop
1.0, Linux Enterprise Server 9, 8

Upgrades and patches available at:
href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

We are not aware of any exploits for this vulnerability.

Twibright Labs

Links 0.91-0.99

A remote Denial of Service vulnerability exists when handling HTML
tables of excessive size.

No workaround or patch available at time of
publishing.

Proofs of Concept exploits have been published.

University of Kansas

Lynx 2.7, 2.8-2.8.5, 2.8.5 dev2-5, dev8

A remote Denial of Service vulnerability exists when handling malformed
HTML tag sequences and formatting.

No workaround or patch available at time of
publishing.

Proofs of Concept exploits have been published.

America OnLine

America Online Webmail

A Cross-Site Scripting vulnerability exists in the 'msglist.adp' script
due to insufficient input validation, which could let a remote malicious
user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

America OnLine

AOL

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

brooky.com

CubeCart 2.0.1

The vendor has recommended the following fix:
INSERT
if
(!is_numeric($cat_id))
unset($cat_id);

BEFORE
include("header.inc.php");

IN
index.php

There is no exploit code required; however, a Proof of Concept exploit
has been published.

Secunia Advisory, SA12764, October 8, 2004

SecurityFocus, October 22, 2004

Cisco Systems

IOS R12.x, 12.x

Potential workarounds available at: href="http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml">
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml

We are not aware of any exploits for this vulnerability.

Cisco Security Advisory, cisco-sa-20040827, August 27, 2004

US-CERT Vulnerability Note VU#384230

Cisco Security Advisory, 61671 Rev 2.2, October 20, 2004

Google

Google

A Cross-Site Scripting vulnerability exists in the 'custom' script due
to insufficient input validation, which could let a remote malicious user
execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability has appeared in the press and other public media.

A Proof of Concept exploit has been published.

Gregory DEMAR

Coppermine Photo Gallery 1.0-1.3.2

A vulnerability exists due to a design error that may allow remote
malicious users to cast multiple votes for an image.

No workaround or patch available at time of
publishing.

There is no exploit code required.

IBM

Lotus Domino 6.0-6.0.3, 6.5.0-6.5.2

Two vulnerabilities exist: a Cross-Site Scripting vulnerability exists
due to an input validation error in the native Lotus Notes HTML encoding
for computed values, which could let a remote malicious user execute
arbitrary HTML and script code; and a vulnerability exists which could let
a remote malicious user inject malicious HTML and script code into the
application.

No workaround or patch available at time of
publishing.

A Proof of Concept exploit has been published.

Infopop

UBB.threads 3.4, 3.5

No workaround or patch available at time of
publishing.

A Proof of Concept exploit has been published.

moinmoin.wikiwikiweb.de

MoniWiki 1.0.8 & prior

A Cross-Site Scripting vulnerability exists in 'wiki.php' due to
insufficient input validation, which could let a remote malicious user
execute arbitrary HTML and script code.

Update available at: href=" http://kldp.net/project/showfiles.php?group_id=210&release_id=954">http://kldp.net/project/showfiles.php?group
_id=210&release_id=954

A Proof of Concept exploit has been published.

Mozilla 1.6 & prior; Netscape 7.0, 7.1, and prior

Upgrade to Mozilla 1.7.1 available at: href="http://www.mozilla.org/products/mozilla1.x/">http://www.mozilla.org/products/mozilla1.x/

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

We are not aware of any exploits for this vulnerability.

Bugzilla Bug 236618

SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004

Conectiva Linux Security Announcement, CLA-2004:877, October
22, 2004

Mozilla 1.6;
Mozilla 1.7.x;
Mozilla Firefox 0.x

Workaround: Check the certificate store and delete untrusted
certificates if an error message is displayed with error code -8182
("certificate presented by [domain] is invalid or corrupt") when
attempting to access a SSL-based website.

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

Currently, we are not aware of any exploits for this vulnerability.

Secunia Advisory, SA12076, July 16, 2004
Bugzilla Bug 24900, July
14, 2004

SUSE Security Announcement, SUSE-SA:2004:036, October 6, 2004

Conectiva Linux Security Announcement, CLA-2004:877, October
22, 2004

name=mozilla-firefox>Mozilla.org
  Mandrakesoft
  Slackware

Mozilla 1.7 and prior;
Firefox 0.9 and prior;

Thunderbird 0.7 and prior

Multiple vulnerabilities exist in Mozilla, Firefox, and
Thunderbird that could allow a malicious user to conduct spoofing attacks,
compromise a vulnerable system, or cause a Denial of Service. These
vulnerabilities include buffer overflow, input verification, insecure
certificate name matching, and out-of-bounds reads.

Upgrade to the latest version of Mozilla, Firefox, or
Thunderbird available at: href="http://www.mozilla.org/download.html">http://www.mozilla.org/download.html

Slackware: href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659">http://www.slackware.com/security/viewer.php?l=
slackware-security&y=2004&m=slackware-security.667659

Mandrakesoft: href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082">http://www.mandrakesoft.com/security/advisories?
name=MDKSA-2004:082

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-421.html">http://rhn.redhat.com/errata/RHSA-2004-421.html

SGI: href="ftp://patches.sgi.com/support/free/security/patches/ProPack/3">ftp://patches.sgi.com/support/free/security/
patches/ProPack/3/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-26.xml">http://security.gentoo.org/glsa/glsa-200409-26.xml

HP: href="http://h30097.www3.hp.com/internet/download.htm">http://h30097.www3.hp.com/internet/download.htm

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

We are not aware of any exploits for this
vulnerability.

Secunia, SA10856, August 4, 2004

US-CERT Vulnerability Note VU#561022

RedHat Security Advisory, RHSA-2004:421-17, August 4,
2004

SGI Security Advisory, 20040802-01-U, August 14, 2004

Gentoo Linux Security Advisory, GLSA 200409-26,
September 20, 2004

HP Security Bulletin, HPSBTU01081, October 5, 2004

SUSE Security Announcement, SUSE-SA:2004:036, October
6, 2004

Conectiva Linux Security Announcement,
CLA-2004:877, October 22, 2004

Mozilla.org

Mozilla 0.x, 1.0-1.7.x, Firefox 0.x, Thunderbird 0.x; Netscape
Navigator 7.0, 7.0.2, 7.1, 7.2

Multiple vulnerabilities exist: buffer overflow vulnerabilities exist
in 'nsMsgCompUtils.cpp' when a specially crafted e-mail is forwarded,
which could let a remote malicious user execute arbitrary code; a
vulnerability exists due to insufficient restrictions on script generated
events, which could let a remote malicious user obtain sensitive
information; a buffer overflow vulnerability exists in the
'nsVCardObj.cpp' file due to insufficient boundary checks, which could let
a remote malicious user execute arbitrary code; a buffer overflow
vulnerability exists in 'nsPop3Protocol.cpp' due to boundary errors, which
could let a remote malicious user execute arbitrary code; a heap overflow
vulnerability exists when handling non-ASCII characters in URLs, which
could let a remote malicious user execute arbitrary code; multiple integer
overflow vulnerabilities exist in the image parsing routines due to
insufficient boundary checks, which could let a remote malicious user
execute arbitrary code; a cross-domain scripting vulnerability exists
because URI links dragged from one browser window and dropped into another
browser window will bypass same-origin policy security checks, which could
let a remote malicious user execute arbitrary code; and a vulnerability
exists because unsafe scripting operations are permitted, which could let
a remote malicious user manipulate information displayed in the security
dialog.

Updates available at: link="#999999"> href=" http://www.mozilla.org/">http://www.mozilla.org/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-26.xml">http://security.gentoo.org/glsa/glsa-200409-26.xml

HP: href="http://h30097.www3.hp.com/internet/download.htm">http://h30097.www3.hp.com/internet/download.htm

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-486.html">http://rhn.redhat.com/errata/RHSA-2004-486.html

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

Proofs of Concept exploits have been published.

Technical Cyber Security Alert TA04-261A, September 17, 2004

US-CERT Vulnerability Notes VU#414240, VU#847200, VU#808216, VU#125776,
VU#327560, VU#651928, VU#460528, VU#113192, September 17, 2004

Gentoo Linux Security Advisory, GLSA 200409-26, September 20, 2004

RedHat Security Bulletin, RHSA-2004:486-18, September 30, 2004

HP Security Bulletin, HPSBTU01081, October 5, 2004

SUSE Security Announcement, SUSE-SA:2004:036,
October 6, 2004

Conectiva Linux Security Announcement,
CLA-2004:877, October 22, 2004

Mozilla.org

Mozilla Browser 1.0, RC1&2, 1.0.1, 1.0.2, 1.1 Beta, 1.1 Alpha, 1.1,
1.2 Beta, 1.2 Alpha, 1.2, 1.2.1, 1.3, 1.3.1, 1.4 b, 1.4 a, 1.4, 1.4.1,
1.4.2. 1.5, 1.6, 1.7 rc3, 1.7-1.7.3, 1.8 Alpha 2

Multiple memory corruption vulnerabilities exist because certain HTML
tag sequences and formatting may cause a remote Denial of Service and
possibly execution of arbitrary code; and a remote Denial of Service
vulnerability exists when an invalid pointer is dereferenced.

No workaround or patch available at time of
publishing.

Proofs of Concept exploits have been published.

name=mozillaonunload>Mozilla.org

Mozilla Firefox 0.9.2 and Mozilla 1.7.1 on Windows


Mozilla Firefox 0.9.2 on Linux

A spoofing vulnerability exists that could allow malicious
sites to abuse SSL certificates of other sites. An attacker could make the
browser load a valid certificate from a trusted website by using a
specially crafted "onunload" event. The problem is that Mozilla loads the
certificate from a trusted website and shows the "secure padlock" while
actually displaying the content of the malicious website. The URL shown in
the address bar correctly reads that of the malicious website.

An additional cause has been noted due to Mozilla not
restricting websites from including arbitrary, remote XUL (XML User
Interface Language) files.

Workaround: Do not follow links from untrusted websites
and verify the correct URL in the address bar with the one in the SSL
certificate.

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

A Proof of Concept exploit has been published.

Cipher.org, July 25, 2004

Secunia, SA12160, July
26, 2004; SA12180, July 30, 2004

SUSE Security Announcement, SUSE-SA:2004:036, October 6,
2004

Conectiva Linux Security Announcement,
CLA-2004:877, October 22, 2004

Multiple Vendors

Mozilla Browser 1.7.2, 1.7.3, Camino 0.8, Firefox 0.10.1; Netscape
Navigator 7.2

Several vulnerabilities exist: a vulnerability exists when multiple
tabs are open, which could let a remote malicious user spoof functions on
the web site in the active tab; and a vulnerability exists because a web
form field in an inactive tab can gain focus, which could let a remote
malicious user obtain sensitive information.

No workaround or patch available at time of
publishing.

Vulnerability has appeared in the press and other public media.

There is no exploit code required; however, Proof of Concept exploit
has been published.

Multiple Vendors

Linux Kernel USB Driver prior to 2.4.27

A vulnerability exists in certain USB drivers because uninitialized
structures are used and then 'copy_to_user(...)' kernel calls are made
from these structures, which could let a malicious user obtain obtain
uninitialized kernel memory contents.

Update available at: href=" http://kernel.org/">http://kernel.org/

Gentoo: href="http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml">http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml

We are not aware of any exploits for this vulnerability.

Netscape

Netscape Web Mail

A Cross-Site Scripting vulnerability exists in the 'msglist.adp' script
due to insufficient input validation, which could let a remote malicious
user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Opera Software

Opera Web Browser 6.0 win32, 6.0 6, 6.0.6win32, 6.0, 6.0.1-6.0.5 win32,
6.0.1-6.0.3 linux, 6.10 linux, 7.0 win32 Beta 1&2,
7.0 -7.0.3
win32, 7.10, 7.11 j, 7.11 b, 7.11, 7.20 Beta 1 build 2981, 7.20-7.23,
7.50-7.54

A memory corruption vulnerability vulnerability exists in the 'TBODY'
tag when an excessive 'COL SPAN' is specified, which could let a remote
malicious user cause a Denial of Service and possibly execute arbitrary
code.

No workaround or patch available at time of
publishing.

Proofs of Concept exploits have been published.

Opera Software

Opera Web Browser 7.54

No workaround or patch available at time of publishing.

Vulnerability has appeared in the press and other public media.

There is no exploit code required; however, a Proof of Concept exploit
has been published.

PBLang-Team

PBLang 4.x

Update available at: href=" https://sourceforge.net/project/showfiles.php?group_id=62953">https://sourceforge.net/project/showfiles.php?group_id=62953

We are not aware of any exploits for these vulnerabilities.

S9Y

Serendipity 0.3, 0.4, 0.5, -pl, 0.6, rc1&rc2, pl1-pl3, 0.7
-beta1-beta4

Upgrades available at:
href="http://prdownloads.sourceforge.net/php-blog/serendipity-0.7-rc1.tar.gz?download ">http://prdownloads.sourceforge.net/php-blog/
serendipity-0.7-rc1.tar.gz?download

A Proof of Concept exploit has been published.

Singapore

Singapore prior to 0.9.10

A vulnerability exists in 'thumb.php' due to insufficient validation of
user-supplied input, which could let a remote malicious user view files
that are not image files on the target system (however, the vendor did not
confirm the impact.)

Update available at: href=" http://singapore.sourceforge.net/?page=download">http://singapore.sourceforge.net/?page=download

We are not aware of any exploits for this vulnerability.

Stuart Caie

cabextract 0.6, 1.0

A Directory Traversal vulnerability exists in the
'create_output_name()' function in 'cabextract.c' due to insufficient
input validation, which could let a remote malicious user create or
overwrite files.

Update available at: href=" http://www.kyz.uklinux.net/downloads/cabextract-1.1.tar.gz">http://www.kyz.uklinux.net/downloads/
cabextract-1.1.tar.gz

There is no exploit code required.

Secunia Advisory,
SA12882, October 19, 2004

Sun Microsystems, Inc.

Java 2 Micro Edition (J2ME)

A vulnerability exists in the Connected Limited Device Configuration
(CLDC) implementation in the K Virtual Machine (KVM) bytecode verifier,
which could let a remote malicious user bypass Java security mechanisms.

No workaround or patch available at time of publishing.

Exploit information has been published.

Symantec

Clientless VPN Gateway Version 5.0, Model 4000

Hotfix available at:
href="ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt">ftp://ftp.symantec.com/public/english_us_canada/products/sym
_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt

We are not aware of any exploits for this vulnerability.

Symantec

Firewall/VPN Appliance 100, 200, 200R, Gateway Security 320, 360, 360R

The vendor has released a fixed firmware version (1.63) available at:
href="ftp://ftp.symantec.com/public/updates/">ftp://ftp.symantec.com/public/updates/

There is no exploit code required.

Rigel Kent Security & Advisory Services Inc. Advisory, RK-001-04,
September 22, 20024

US-CERT Vulnerability Notes VU#329230, VU#441078, &
VU#173910, October 20, 2004

Tripwire, Inc.
Gentoo
Mandrake

Tripwire 2.2.1, 2.3.0, 2.3.1 -2, 2.3.1, 2.4 .0, 2.4.2, 3.0 1, 3.0, 4.0,
4.0.1, 4.1, 4.2, Tripwire Open Source 2.3.0, 2.3.1

Patch available at: href="http://securityfocus.com/bid/10454/solution/">http://securityfocus.com/bid/10454/solution/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200406.02.xml">http://security.gentoo.org/glsa/glsa-200406.02.xml

Mandrake: href="http://www.mandrakesoft.com/security/advisories">http://www.mandrakesoft.com/security/advisories

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this vulnerability.

SecurityFocus, June 5, 2004

Gentoo Linux Security Advisory, GLSA 200406-02, June 4, 2004

] Mandrakelinux Security Update Advisory, MDKSA-2004:057, June 8,
2004

Fedora Legacy Update Advisory, FLSA:1719, October 23, 2004

Veritas Software

NetBackup BusinesServer 3.4, 3.4.1, 4.5, NetBackup DataCenter 3.4,
3.4.1, 4.5, NetBackup Enterprise Server 5.1, NetBackup Server 5.0,
5.1

A input validation vulnerability exists in the 'bpjava-susvc' process
used for administration, which could let a remote authenticated malicious
user execute commands with root privileges.

The vendor has described a configuration workaround available at: href="http://support.veritas.com/docs/271727">http://support.veritas.com/docs/271727

We are not aware of any exploits for this vulnerability.

winkled.
sourceforge.net

MediaWiki prior to 1.3.7

A Cross-Site Scripting vulnerability exists 'n 'Title.php' due to
insufficient filtering of HTML code from user-supplied input in
'DefaultSettings.php' and 'Title.php,' which could let a remote malicious
user execute arbitrary HTML and script code.

Updates available at: href=" http://sourceforge.net/project/showfiles.php?group_id=34373"> class=bodytext>
href="http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.7.tar.gz?download ">http://prdownloads.sourceforge.net/
wikipedia/mediawiki-1.3.7.tar.gz?download

There is no exploit code required.

yahoopops.sourceforge.net

YPOPs! 0.x

Several buffer overflow vulnerabilities exist in the POP3 and SMTP
services, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of
publishing.

Another exploit script has been published.

Hat-Squad Advisory, September 27, 2004

SecurityFocus, October 18, 2004