From schaefer at alphanet.ch  Mon Oct  2 12:18:08 2006
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Mon, 2 Oct 2006 12:18:08 +0200
Subject: [gull-annonces] [CH-FSFE] Day Against
	=?iso-8859-1?q?DRM=3A_DRM=2Einfo_action_in_?=
	=?iso-8859-1?q?Z=FCrich?=
Message-ID: <20061002101808.GA7797@alphanet.ch>

Depuis que le pr?sident de la FSFE a ?migr? ? Z?rich (d'Allemagne), les choses
chauffent :)

Profitons de rappeler que switzerland at fsfeurope.org est une mailing-list
de la FSFE visant ? des activit?s en Suisse, voire un chapter, ? terme
de la FSFE. C'est aussi une plateforme de collaboration entre
associations suisses.

PS: pas de soutien direct ou indirect officiel du GULL, car cela n'a pas
?t? discut? au sein du comit? -- information seulement.

----- Forwarded message from "Georg C. F. Greve" <greve at fsfeurope.org> -----

From: "Georg C. F. Greve" <greve at fsfeurope.org>
To: switzerland at fsfeurope.org
Organisation: Free Software Foundation Europe
Subject: [CH-FSFE] Day Against DRM: DRM.info action in
	Z?rich
Hi all,

Digital Restrictions Management (DRM) is a technology that affects all
users of computers, media players, mobile phones and other devices: It
imposes third-party restrictions on the users of a computer or other
device, with or without the users consent.

All of this happens without public discussion or awareness.

We thing that should change, which is why tomorrow, 3 October, is the
Day Against DRM. On this day, people in many cities around the world
will be making their concerns seen and heard, and we want to do the
same near Z?rich's central station.

We ask you to invest tomorrow's lunch break into creating awareness
for a problem that many people have yet to realise exists. Here are
the coordinates:

    TUESDAY 3 OCTOBER 2006 from 11:30 until maximum 13:00

    NEXT to Z?RICH HAUPTBAHNHOF -- near the Dataquest store

Meeting point: central station "Bahnhofquai" exit from 11:00.

FSFE's Z?rich office Team will be supplying some signs and leaflets,
so all we need is your participation. Join us for a little more than
an hour and raise the flag for Digital Respect for the Masses!

Regards,
Georg

-- 
Georg C. F. Greve                                 <greve at fsfeurope.org>
Free Software Foundation Europe	                 (http://fsfeurope.org)
Join the Fellowship and protect your freedom!     (http://www.fsfe.org)



From inscridb at alphanet.ch  Wed Oct  4 00:07:02 2006
From: inscridb at alphanet.ch (inscridb at alphanet.ch)
Date: Wed,  4 Oct 2006 00:07:02 +0200 (CEST)
Subject: [gull-annonces] =?iso-8859-1?q?COURS-MYSQL-001_le_2006-10-07_=E0?=
	=?iso-8859-1?q?_Grenier_Bernois=2C_Morges?=
Message-ID: <20061003220702.D38A558B00A@shakotay.alphanet.ch>

COURS-MYSQL-001
   Description: 
                http://www.linux-gull.ch/gull/cours/prochaincours/gull/cours/prochaincours/coursmysql/document_view 
   Le: 2006-10-07 
   Lieu: Grenier Bernois, Morges 
   Inscription: http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl?next_action=events_inscrire&next_action_param=COURS-MYSQL-001
   INSCRIPTION OBLIGATOIRE


Pour vous inscrire, connectez-vous sur
   http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl
et cr?ez-vous tout d'abord un compte (soit en utilisant les donn?es de la
BD du GULL, soit en cr?ant un compte local si vous n'?tes pas membre),
ou utilisez le lien direct figurant dans chaque ?v?nement ci-dessus.



From inscridb at alphanet.ch  Thu Oct  5 00:07:02 2006
From: inscridb at alphanet.ch (inscridb at alphanet.ch)
Date: Thu,  5 Oct 2006 00:07:02 +0200 (CEST)
Subject: [gull-annonces] =?iso-8859-1?q?COURS-MYSQL-001_le_2006-11-07_=E0?=
	=?iso-8859-1?q?_Grenier_Bernois=2C_Morges?=
Message-ID: <20061004220702.45DDE58B012@shakotay.alphanet.ch>

COURS-MYSQL-001
   Description: 
                http://www.linux-gull.ch/gull/cours/prochaincours/gull/cours/prochaincours/coursmysql/document_view 
   Le: 2006-11-07 
   Lieu: Grenier Bernois, Morges 
   Inscription: http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl?next_action=events_inscrire&next_action_param=COURS-MYSQL-001
   INSCRIPTION OBLIGATOIRE


Pour vous inscrire, connectez-vous sur
   http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl
et cr?ez-vous tout d'abord un compte (soit en utilisant les donn?es de la
BD du GULL, soit en cr?ant un compte local si vous n'?tes pas membre),
ou utilisez le lien direct figurant dans chaque ?v?nement ci-dessus.



From inscridb at alphanet.ch  Tue Oct 17 00:07:03 2006
From: inscridb at alphanet.ch (inscridb at alphanet.ch)
Date: Tue, 17 Oct 2006 00:07:03 +0200 (CEST)
Subject: [gull-annonces] =?iso-8859-1?q?EVENTS=3A_Rappel=3A_=E9v=E9nement?=
	=?iso-8859-1?q?=28s=29_=E0_venir?=
Message-ID: <20061016220703.531EF58B00A@shakotay.alphanet.ch>

COURS-MYSQL-001
   Description: 
                http://www.linux-gull.ch/gull/cours/prochaincours/gull/cours/prochaincours/coursmysql/document_view 
   Le: 2006-11-07 
   Lieu: Grenier Bernois, Morges 
   Inscription: http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl?next_action=events_inscrire&next_action_param=COURS-MYSQL-001
   INSCRIPTION OBLIGATOIRE


Pour vous inscrire, connectez-vous sur
   http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl
et cr?ez-vous tout d'abord un compte (soit en utilisant les donn?es de la
BD du GULL, soit en cr?ant un compte local si vous n'?tes pas membre),
ou utilisez le lien direct figurant dans chaque ?v?nement ci-dessus.



From schaefer at alphanet.ch  Fri Oct 20 17:50:25 2006
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Fri, 20 Oct 2006 17:50:25 +0200
Subject: [gull-annonces] [/ch/open] 2006-11-20: projet GNU/Linux de Munich
Message-ID: <20061020155025.GB5483@alphanet.ch>

Bonjour,

une annonce -- en allemand et ? Z?rich -- qui pourrait int?resser certains.

Les membres du GULL ont des conditions favorables via ICTswitzerland.

From: Ursula Burri <uburri at ch-open.ch>
Organization: Swiss Open Systems User Group

Wir m?chten Sie einladen, an unserem n?chsten Event teilzunehmen:
20.11.06, Technopark Z?rich, Raum Pascal
17.30 - ca. 18.45 Uhr:
<http://www.ch-open.ch/events/2006/limux.html>
Anschliessend an den Vortrag sind Sie zu einem Ap?ro eingeladen.

*LiMux - freie Software f?r M?nchen*
====================================

Referent:
---------
Florian Schie?l, LiMux M?nchen

Abstract:
---------
Im Rahmen des Projektes LiMux setzt die Landeshauptstadt M?nchen 
verst?rkt auf freie Software f?r die 14'000 Arbeitsplatzrechner der 
Verwaltung. Dabei sind die Einf?hrung des debianbasierten LiMux 
Basisclients, die Verf?gbarkeit der ca. 300 Fachverfahren, der Umstieg 
auf OpenOffice.org und die Akzeptanz bei den Mitarbeiterinnen und 
Mitarbeitern im Vordergrund der Planungen.

Der Vortrag richtet sich an LiMux-Interessierte mit und ohne technischem 
Vorwissen. Er gibt einen kurzen ?berblick zum Projekthintergrund und zum 
aktuellen Projektstand und stellt gleichzeitig die technischen L?sungen 
zur Softwareverteilung (FAI, freie Software), zum System- und 
Konfigurationsmanagement (GOsa, freie Software) sowie den 
Entwicklungsstand des Basisclients (Debian GNU/Linux) vor.

Bio:
----
Florian Schie?l (28) ist seit 2003 bei der LiMux-Projektleitung und 
dabei f?r die ?ffentlichkeits- und Communityarbeit zust?ndig. Weiterhin 
stellt er als stellvertretender Leiter des Linux Client Teams die 
Ablauff?higkeit des Basisclients und die Koordinierung der 
Officeumstellung sicher.

Privat widmet er sich unterschiedlichen kleineren Open Source Projekten, 
wie z.B. dem <http://debianhowto.de>. Linux ist sein st?ndiger Begleiter 
seit 1998.

Wir freuen uns ?ber Ihre Anmeldung unter 
<http://www.ch-open.ch/events/2006/limux.html>.



From Jose.DeAbreuNunes at ieug.unige.ch  Tue Oct 24 17:40:42 2006
From: Jose.DeAbreuNunes at ieug.unige.ch (JM Nunes)
Date: Tue, 24 Oct 2006 17:40:42 +0200
Subject: [gull-annonces] 28 octobre Ecole-club Migros
Message-ID: <453E33FA.6070000@ieug.unige.ch>

Comme vous le savez peut-?tre, les ?cole-club de la Migros du Valais, de 
Neuch?tel, de Fribourg, de Vaud et de Gen?ve organisent ce samedi un 
linux OpenDay, qui servira aussi ? pr?senter leur offre en termes de 
formation linux (y compris pr?paration ? la certification lpi).

Pour participer ? OpenDay, et pour toute autre information, voir le site 
web de l'?cole-club Migros de votre canton (http://www.ecole-club.ch).




From schaefer at alphanet.ch  Wed Oct 25 10:23:24 2006
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Wed, 25 Oct 2006 10:23:24 +0200
Subject: [gull-annonces] Rencontre mensuelle linux-neuchatel
Message-ID: <20061025082324.GA7987@alphanet.ch>

Bonjour,

la premi?re rencontre mensuelle du groupe informel linux-neuchatel aura
lieu le mercredi 1er novembre 2006 ? 19:15 au caf? Au 21.

Il a ?t? propos? que les rencontres aient lieu le premier mercredi du
mois 19:15, mois impairs au 21 ? Neuch?tel, mois pairs ? l'Espacit? ?
La Chaux-de-Fonds.

   Date:         mercredi 2006-11-01
   D?but:        19h15
   Lieu:         Caf? Au 21, fbg du Lac 43, Neuch?tel
   Informations: Plan
   Th?me:        Rencontre mensuelle linux-neuch?tel: s'il n'y a rien ? dire, je
                 montrerai TWiki (?vt. dans le but de g?rer linux-neuchatel
                 avec, et l'on parlera logiciel de comptabilit? selon requ?te)
   Public:       Personnes int?ress?es
   Responsable:  Marc SCHAEFER
   Entr?e:       Libre (consommation)

Rappelons que linux-neuchatel (http://linux-neuchatel.he-arc.ch/) est
un groupe informel sans structures lourdes qui recommande l'adh?sion
au GULL pour ses membres.

D'autres manifestations des mois de novembre et d?cembre dans la
r?gion Neuch?tel-Bienne Seeland sont annonc?es ici:

   http://linux-neuchatel.he-arc.ch/agenda.html

Si vous d?sirez intervenir, veuillez vous abonner ? la mailing-list
linux-neuchatel:

   http://lists.alphanet.ch/mailman/listinfo/linux-neuchatel

Une version PDF de cette invitation est disponible, et pourrait
?tre placard?e dans des lieux strat?giques (p.ex. Hautes Ecoles)
avec autorisations ad-hoc.

   http://linux-neuchatel.he-arc.ch/agenda_print.pdf

-- 
Je lis les messages bien format?s. N'abusez pas du Cc:. Texte == efficace.
Citer n'est pas concat?ner. Editez vos messages, ?a gagne du temps.
Marc se met au blog `-o ro': http://www.alphanet.ch/schaefer_chronique.html


From anne.possoz at epfl.ch  Thu Oct 26 10:08:39 2006
From: anne.possoz at epfl.ch (Anne Possoz)
Date: Thu, 26 Oct 2006 10:08:39 +0200
Subject: [gull-annonces] ATTENTION changement de date cours MySQL: 9 novembre
Message-ID: <200610260808.k9Q88dBn007700@slpc7.epfl.ch>

Bonjour,

IMPORTANT
Suite ? un contretemps de salle de cours, le cours est d?plac? du
7 au 9 novembre.



COURS-MYSQL-001
   Description: 
                http://www.linux-gull.ch/gull/cours/prochaincours/gull/cours/p
rochaincours/coursmysql/document_view
   Le: 2006-11-09
   Lieu: Grenier Bernois, Morges 
   Inscription: http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl?next_a
ction=events_inscrire&next_action_param=COURS-MYSQL-001
   INSCRIPTION OBLIGATOIRE

Pour vous inscrire, connectez-vous sur
   http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl
et cr?ez-vous tout d'abord un compte (soit en utilisant les donn?es de la
BD du GULL, soit en cr?ant un compte local si vous n'?tes pas membre),
ou utilisez le lien direct figurant dans chaque ?v?nement ci-dessus.


					Anne
					cours at linux-gull.ch



From inscridb at alphanet.ch  Fri Oct 27 00:07:03 2006
From: inscridb at alphanet.ch (inscridb at alphanet.ch)
Date: Fri, 27 Oct 2006 00:07:03 +0200 (CEST)
Subject: [gull-annonces] =?iso-8859-1?q?COURS-MYSQL-001_le_2006-11-09_=E0?=
	=?iso-8859-1?q?_Grenier_Bernois=2C_Morges?=
Message-ID: <20061026220703.1B05458B00D@shakotay.alphanet.ch>

COURS-MYSQL-001
   Description: 
                http://www.linux-gull.ch/gull/cours/prochaincours/gull/cours/prochaincours/coursmysql/document_view 
   Le: 2006-11-09 
   Lieu: Grenier Bernois, Morges 
   Inscription: http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl?next_action=events_inscrire&next_action_param=COURS-MYSQL-001
   INSCRIPTION OBLIGATOIRE


Pour vous inscrire, connectez-vous sur
   http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl
et cr?ez-vous tout d'abord un compte (soit en utilisant les donn?es de la
BD du GULL, soit en cr?ant un compte local si vous n'?tes pas membre),
ou utilisez le lien direct figurant dans chaque ?v?nement ci-dessus.



From schaefer at alphanet.ch  Sun Oct 29 19:08:47 2006
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Sun, 29 Oct 2006 19:08:47 +0100
Subject: [gull-annonces] Resume SecurityFocus Newsletter #369-373
Message-ID: <20061029180847.GA7609@alphanet.ch>

AWSTATS AWSTATS.PL MULTIPLE CROSS-SITE SCRIPTING VULNERABILITIES
BugTraq ID: 17621
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17621
Summary:
  AWStats is prone to multiple cross-site scripting vulnerabilities.
  These issues are due to a failure in the application to properly
  sanitize user-supplied input.

  An attacker may leverage these issues to have arbitrary script code
  executed in the browser of an unsuspecting user in the context of
  the affected site. This may help the attacker steal cookie-based
  authentication credentials and launch other attacks.

  AWStats version 6.5 (build 1.857) and prior are vulnerable to
  these issues.

APACHE HTTP SERVER ARBITRARY HTTP REQUEST HEADERS SECURITY WEAKNESS
BugTraq ID: 19661
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19661
Summary:
  Apache HTTP server is prone to an HTTP request header security
  weakness.

  An attacker may exploit this issue to steal cookie-based
  authentication credentials and launch other attacks.

APACHE MOD_IMAP REFERER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15834
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
  Apache's mod_imap module is prone to a cross-site scripting
  vulnerability. This issue is due to the module's failure to properly
  sanitize user-supplied input.

  An attacker may leverage this issue to have arbitrary script code
  executed in the browser of an unsuspecting user in the context of
  the affected site. This may facilitate the theft of cookie-based
  authentication credentials as well as other attacks.

APACHE MOD_REWRITE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19204
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
  Apache mod_rewrite is prone to an off-by-one buffer-overflow
  condition.

  The vulnerability arising in the mod_rewrite module's ldap scheme
  handling allows for potential memory corruption when an attacker
  exploits certain rewrite rules.

  An attacker may exploit this issue to trigger a denial-of-
  service condition. Reportedly, arbitrary code execution may be
  possible as well.

APACHE MOD_SSL CUSTOM ERROR DOCUMENT REMOTE DENIAL OF SERVICE
BugTraq ID: 16152
Last Updated: 2006-10-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16152
Summary:
  Apache's mod_ssl module is susceptible to a remote denial-of-service
  vulnerability. A flaw in the module results in a NULL-pointer
  dereference that causes the server to crash. This issue is present
  only when virtual hosts are configured with a custom 'ErrorDocument'
  statement for '400' errors or 'SSLEngine optional'.

  Depending on the configuration of Apache, attackers may crash the
  entire webserver or individual child processes. Repeated attacks are
  required to deny service to legitimate users when Apache is
  configured for multiple child processes to handle connections.

  This issue affects Apache 2.x versions.

APACHE MOD_TCL REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 20527
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20527
Summary:
  Apache mod_tcl is prone to a remote format-string vulnerability
  because the application fails to properly sanitize user-supplied
  input before including it in the format-specifier argument of a formatted-
  printing function.

  Successfully exploiting this issue allows remote attackers to
  execute arbitrary machine code in the context of webserver processes
  running the affected Apache module. This facilitates the remote
  compromise of affected computers.

  Apache mod_tcl version 1.0 is vulnerable to this issue.

APACHE MOD_PHP MODULE FILE DESCRIPTOR LEAKAGE VULNERABILITY
BugTraq ID: 9302
Last Updated: 2006-10-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9302
Summary:
  Reportedly, the Apache mod_php module may be prone to a
  vulnerability that may allow a local attacker to gain access to
  privileged file descriptors. As a result, the attacker may pose as a
  legitimate server and possibly steal or manipulate sensitive
  information.

CAPI4HYLAFAX REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 19801
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19801
Summary:
  CAP4Hylafax is prone to an arbitrary command-execution
  vulnerability.

  An attacker can exploit this vulnerability to execute arbitrary
  commands in the context of the affected application.

CISCO VPN 3000 CONCENTRATOR FTP ARBITRARY FILE ACCESS VULNERABILITY
BugTraq ID: 19680
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19680
Summary:
  The Cisco VPN 3000 series concentrators are prone to an arbitrary
  file-access vulnerability.

  An attacker can exploit this issue to rename and delete arbitrary
  files on the affected device in the context of the FTP server
  process. This may facilitate further attacks.

[ firmware ]

CLAM ANTI-VIRUS CHM UNPACKER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20537
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
  ClamAV is prone to a denial-of-service vulnerability because of an
  unspecified failure in the CHM unpacker.

  Exploitation could cause the application to crash, resulting in a
  denial of service.

CLAM ANTI-VIRUS PE REBUILDING HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20535
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20535
Summary:
  ClamAV is prone to a heap-based buffer-overflow vulnerability
  because it fails to properly bounds-check user-supplied data before
  copying it to an insufficiently sized memory buffer.

  Exploiting this issue could allow attacker-supplied machine code to
  execute in the context of the affected application. The issue would
  occur when the malformed file is scanned manually or automatically
  in deployments such as email gateways.

  ClamAV version 0.88.4 is vulnerable to this issue.

CYRUS SASL REMOTE DIGEST-MD5 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17446
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17446
Summary:
  Cyrus SASL is affected by a remote denial-of-service vulnerability.
  This issue occurs before successful authentication, allowing
  anonymous remote attackers to trigger it.

  This vulnerability allows remote attackers to crash services using
  the affected SASL library, denying service to legitimate users.

  This issue reportedly affects version 2.1.18 of Cyrus SASL; other
  versions may also be affected.

ELOG LOG ENTRY HTML INJECTION VULNERABILITY
BugTraq ID: 20181
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20181
Summary:
  ELOG is prone to an HTML-injection vulnerability because it fails to
  sufficiently sanitize user-supplied input data.

  Exploiting this issue may allow an attacker to execute HTML and
  script code in the context of the affected site, to steal cookie-
  based authentication credentials, or to control how the site is
  rendered to the user; other attacks are also possible.

  Version 2.6.1 is vulnerable; other versions may also be affected.

[ mini weblog, stand alone ]

FFMPEG IMAGE FILE MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20009
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
  FFmpeg is prone to multiple remote buffer-overflow vulnerabilities
  because the application using this library fails to properly bounds-
  check user-supplied input before copying it to an insufficiently
  sized memory buffer.

  These issues allow attackers to execute arbitrary machine code
  within the context of the affected application.

  Versions prior to 0.4.9_p20060530 are vulnerable to this issue.

FREEBSD CRYPTO LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20713
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20713
Summary:
  FreeBSD is prone to a local denial-of-service vulnerability because
  it fails to handle exceptional conditions.

  An attacker may leverage this issue to crash the affected computer,
  denying service to legitimate users. Under certain conditions,
  successful exploits may also corrupt the filesystem.

  FreeBSD version 6.1 is vulnerable to this issue; other versions may
  also be affected. The reporter of this issue states that OpenBSD may
  also be affected.

FREEBSD I386_SET_LDT() MULTIPLE LOCAL DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 20158
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20158
Summary:
  FreeBSD is prone to multiple local denial-of-service
  vulnerabilities. These issues occur because of input-validation
  flaws related to the handling of integers.

  An attacker may leverage these issues to cause the affected computer
  to crash, denying service to legitimate users.

  Versions 5.2 through 5.5 are vulnerable to these issues; other
  versions may also be affected.

GDB DWARF MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19802
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
  GDB is prone to multiple buffer-overflow vulnerabilities because of
  insufficient bounds checking when handling DWARF and DWARF2 data.

  Attackers could leverage this issue to run arbitrary code outside of
  a restricted environment; this may lead to privilege escalation.

GDB MULTIPLE VULNERABILITIES
BugTraq ID: 13697
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
  GDB is reportedly affected by multiple vulnerabilities. These issues
  can allow an attacker to execute arbitrary code and commands on an
  affected computer. A successful attack may allow the attacker to
  gain elevated privileges or unauthorized access.

  The following specific issues were identified:

  - a remote heap-overflow vulnerability when loading malformed
    object files.
  - a local privilege-escalation vulnerability.

  GDB 6.3 is reportedly affected by these issues; other versions are
  likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected
  by the heap-overflow issue as well.

GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
  The gzip utility is prone to multiple remote buffer-overflow and denial-of-
  service vulnerabilities when handling malicious archive files.

  Successful exploits may allow a remote attacker to corrupt process
  memory by triggering an overflow condition. This may lead to
  arbitrary code execution in the context of an affected user and may
  facilitate a remote compromise. Attackers may also trigger denial-of-
  service conditions by crashing or hanging the application.

  Specific information regarding affected versions of gzip is
  currently unavailable. This BID will be updated as more information
  is released.

GNUTLS PKCS RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 20027
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20027
Summary:
  GnuTLS is prone to a vulnerability that may allow an attacker to
  forge an RSA signature. The attacker may be able to forge a PKCS #1
  v1.5 signature when verifying a X.509 certificate.

  An attacker may exploit this issue to sign digital certificates or
  RSA keys and take advantage of trust relationships that depend on
  these credentials, possibly posing as a trusted party and signing a
  certificate or key.

  This vulnerability is a variant of the issue discussed in BID 19849
  (OpenSSL PKCS Padding RSA Signature Forgery Vulnerability) and
  affects GnuTLS versions prior to version 1.4.3.

GNUPG PARSE_COMMENT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19110
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19110
Summary:
  GnuPG is prone to a remote buffer-overflow vulnerability because it
  fails to properly bounds-check user-supplied input before copying it
  to an insufficiently sized memory buffer.

  This issue may allow remote attackers to execute arbitrary machine
  code in the context of the affected application, but this has not
  been confirmed.

  GnuPG version 1.4.4 is vulnerable to this issue; previous versions
  may also be affected.

IMAGEMAGICK SGI IMAGE FILE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19507
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19507
Summary:
  ImageMagick is prone to a remote heap buffer-overflow vulnerability
  because the application fails to properly bounds-check user-supplied
  input before copying it to an insufficiently sized memory buffer.

  This issue allows attackers to execute arbitrary machine code in the
  context of applications that use the ImageMagick library.

  ImageMagick versions in the 6.x series, up to version 6.2.8, are
  vulnerable to this issue.

IMAGEMAGICK SUN BITMAP IMAGE FILE REMOTE UNSPECIFIED BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19699
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19699
Summary:
  ImageMagick is prone to an unspecified remote buffer-overflow
  vulnerability because the application fails to properly bounds-check
  user-supplied input before copying it to an insufficiently sized
  memory buffer.

  This issue allows attackers to execute arbitrary machine code in the
  context of applications that use the ImageMagick library.

  This BID will be updated as further information is disclosed.

  Versions of ImageMagick prior to 6.2.9-2 are vulnerable to
  this issue.

IMAGEMAGICK XCF IMAGE FILE REMOTE UNSPECIFIED BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19697
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19697
Summary:
  ImageMagick is prone to an unspecified remote buffer-overflow
  vulnerability because the application fails to properly bounds-check
  user-supplied input before copying it to an insufficiently sized
  memory buffer.

  This issue allows attackers to execute arbitrary machine code in the
  context of applications that use the ImageMagick library.

  This BID will be updated as further information is disclosed.

  Versions of ImageMagick prior to 6.2.9-2 are vulnerable to
  this issue.

KDE KDM SESSION TYPE SYMBOLIC LINK VULNERABILITY
BugTraq ID: 18431
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18431
Summary:
  KDM is prone to a vulnerability that may permit symbolic-link
  attacks when processing the user's session type.

  An attacker with local access could potentially exploit this issue
  to view files and obtain privileged information.

  A successful attack would most likely result in the loss of
  confidentiality and the theft of privileged information.

KMAIL HTML ELEMENT HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20539
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20539
Summary:
  KMail is prone to an unspecified denial-of-service vulnerability.

  An attacker can exploit this issue to crash the affected
  application, denying service to legitimate users.

  KMail 1.9.1 and prior versions are vulnerable to this issue.

KMAIL HTML MAIL HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20369
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20369
Summary:
  KMail is prone to an unspecified denial-of-service vulnerability.

  An attacker can exploit this issue to crash the affected
  application, denying service to legitimate users.

  KMail 1.9.1 and prior versions are vulnerable to this issue.

LIBTIFF ESTIMATESTRIPBYTECOUNTS() DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19284
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19284
Summary:
  LibTIFF is affected by a denial-of-service vulnerability.

  An attacker can exploit this vulnerability to cause a denial of
  service in applications using the affected library.

LIBTIFF LIBRARY ANONYMOUS FIELD MERGING DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19287
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19287
Summary:
  The libTIFF library is prone to a denial-of-service vulnerability.

  An attacker can exploit this issue by submitting malformed
  image files.

  When the libTIFF library routines process a malicious TIFF file,
  this could result in abnormal behavior, cause the application to
  become unresponsive, or possibly allow malicious code to execute.

LIBTIFF NEXT RLE DECODER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19282
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19282
Summary:
  The Next RLE Decoder for libTIFF is prone to a remote heap buffer-
  overflow vulnerability.

  This issue occurs because the application fails to check boundary
  conditions on certain RLE decoding operations.

  This issue may allow attackers to execute arbitrary machine code
  within the context of the vulnerable application or to cause a
  denial of service.

LIBTIFF PIXARLOG DECODER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19290
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19290
Summary:
  The PixarLog Decoder for libTIFF is prone to a remote heap buffer-
  overflow vulnerability.

  This issue may allow attackers to execute arbitrary machine code
  within the context of the vulnerable application or to cause a
  denial-of-service.

LIBTIFF SANITY CHECKS MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 19286
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19286
Summary:
  LibTIFF is affected by multiple denial-of-service vulnerabilities.

  An attacker can exploit these vulnerabilities to cause a denial of
  service in applications using the affected library.

LIBTIFF TIFFFETCHSHORTPAIR REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19283
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19283
Summary:
  LibTIFF is prone to a buffer-overflow vulnerability because the
  library fails to do proper boundary checks before copying user-
  supplied data into a finite-sized buffer.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of appications using the affected library. Failed
  exploit attempts will likely crash the application, denying service
  to legitimate users.

LIBTIFF TIFFSCANLINESIZE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19288
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19288
Summary:
  LibTIFF is prone to a buffer-overflow vulnerability because the
  library fails to do proper boundary checks before copying user-
  supplied data into a finite-sized buffer.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of applications using the affected library. Failed
  exploit attempts will likely crash the application, denying service
  to legitimate users.

LIBKSBA SIGNATURE VERIFICATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20565
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20565
Summary:
  The libksba library is prone to a denial-of-service vulnerability
  because it crashes when verifying a signature with a malformed X.509
  certificate.

  Attackers can exploit this issue to crash the KSBA library, and in
  turn cause various programs that depend on the library to cease
  functioning, effectively denying service.

  The following versions are affected:

  - SUSE Linux's version 0.9.12
  - Ubuntu libksba8 version 0.9.9-2ubuntu0.5.04.

  Other individual implementations may also be vulnerable.

LIBMUSICBRAINZ MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19508
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19508
Summary:
  The libmusicbrainz library is prone to multiple buffer-overflow
  vulnerabilities because the application fails to check the size
  of the data before copying it into a finite-sized internal
  memory buffer.

  An attacker can exploit these issues to execute arbitrary code
  within the context of the application or to cause a denial-of-
  service condition.

  Versions 2.1.2, SVN 8406, and prior are vulnerable to this issue;
  other versions may also be affected.

LINKSYS WRT54GX V2.0 WAN PORT UPNP VULNERABILITY
BugTraq ID: 20415
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20415
Summary:
  Linksys WRT54GX V2.0 is prone to a design vulnerability. Reportedly,
  the device offers Universal Plug and Play (UPnP) capabilities on
  both the LAN interface and the WAN Interface when UPnP is enabled.

  The design problem manifests itself as a security issue since
  enabled UPnP services on a WAN interface allow a remote user to
  issue an 'AddPortMapping' command to the device. An attacker can
  exploit this vulnerability to establish arbitrary ingress port
  mappings to devices normally protected by the routing device.

  This issue is reported to affect firmware version 2.00.05; other
  firmware versions may also be affected.

[ firmware ]

LINUX KERNEL 2.6.16.13 MULTIPLE SCTP REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 17955
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
  The Linux kernel SCTP module is susceptible to remote denial-of-
  service vulnerabilities. These issues are triggered when the kernel
  handles unexpected SCTP packets.

  These issues allow remote attackers to trigger kernel deadlock and
  infinite recursion, denying further service to legitimate users.

  The Linux kernel version 2.6.16 is vulnerable to these issues; prior
  versions may also be affected.

LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2006-10-03
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
  The Linux kernel is prone to a local buffer-overflow vulnerability
  because it fails to properly bounds-check user-supplied input before
  using it in a memory copy operation.

  This issue allows local attackers to overwrite kernel memory with
  arbitrary data, potentially allowing them to execute malicious
  machine code in the context of affected kernels. This vulnerability
  facilitates the complete compromise of affected computers.

  Linux kernel version 2.6.17.3 and prior are affected by this issue.

LINUX KERNEL CHOOSE_NEW_PARENT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18099
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18099
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the
  'choose_new_parent' function.

  This vulnerability allows local users to cause a kernel panic,
  denying further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.11.12.

LINUX KERNEL DIRECT-IO.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19665
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19665
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the direct
  IO driver.

  This vulnerability allows local users to cause a kernel panic,
  denying further service to legitimate users.

  This issue affects the Linux kernel 2.6 series prior to 2.6.10.

LINUX KERNEL IBM S/390 STRNLEN_USER LOCAL VULNERABILITY
BugTraq ID: 18687
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18687
Summary:
  The Linux kernel on IBM S/390 platforms is prone to a local
  vulnerability. This issue is due to a flaw in the 'strnlen_user()'
  kernel function.

  The direct impact of exploiting this issue is currently unknown, but
  local users may potentially exploit this issue to cause denial-of-
  service conditions or possibly gain access to potentially sensitive
  information.

  This BID will be updated as more information is disclosed.

  This issue affects Linux kernel versions prior to 2.6.16 running on
  the IBM S/390 platform.

LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
  The Linux kernel is prone to a remote information-disclosure
  weakness. This issue is due to an implementation flaw of a zero
  'ip_id' information-disclosure countermeasure.

  This issue allows remote attackers to use affected computers in
  stealth network port and trust scans.

  The Linux kernel 2.6 series, as well as some kernels in the 2.4
  series, are affected by this weakness.

LINUX KERNEL ITANIUM PERFMONCTL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20361
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20361
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability.

  An attacker can exploit this issue to crash the kernel, denying
  further service to legitimate users.

  This issue is exploitable only on the Itanium architecture running
  Linux kernel versions prior to 2.6.18.

LINUX KERNEL LSM READV/WRITEV SECURITY RESTRICTION BYPASS
VULNERABILITY
BugTraq ID: 18105
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18105
Summary:
  The Linux kernel is susceptible to a security-restriction-bypass
  vulnerability. This issue is due to the kernel's failure to properly
  enforce Linux Security Module security checks.

  This issue allows local attackers to bypass security restrictions,
  allowing them to read and write to files they do not have
  permissions to access. This may aid them in further attacks.

  This issue occurs during read and write calls that occur after
  files have been opened. During the open process, proper security
  checks are enforced. This means that this issue is exploitable only
  when access to files is revoked after they have already been opened
  by an attacker.

  Linux kernel versions prior to 2.6.16.12 are vulnerable to
  this issue.

LINUX KERNEL NFS ACL ACCESS CONTROL BYPASS VULNERABILITY
BugTraq ID: 16570
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
  The Linux kernel's NFS implementation is prone to a remote access-control-
  bypass vulnerability. The software fails to validate the privileges
  of remote users before setting ACLs.

  This issue allows remote attackers to improperly alter ACLs on NFS
  filesystems, allowing them to bypass access controls. Disclosure of
  sensitive information, modification of arbitrary files, and other
  attacks are possible.

  Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are
  vulnerable to this issue.

LINUX KERNEL NFS READLINK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20186
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20186
Summary:
  The Linux kernel is susceptible to a remote denial-of-service
  vulnerability because the NFS client code fails to properly handle
  unexpected conditions.

  Attackers controlling malicious NFS servers, or attackers that can
  perform man-in-the-middle attacks between NFS client and server
  computers may cause vulnerable NFS client computers to crash.

  Linux kernel versions 2.4 through 2.4.31 are vulnerable to
  this issue.

LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE
BugTraq ID: 19396
Last Updated: 2006-09-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
  The Linux kernel is susceptible to a remote denial-of-service
  vulnerability because the EXT3 filesystem code fails to properly
  handle unexpected conditions.

  Remote attackers may trigger this issue by sending crafted UDP
  datagrams to affected computers that are configured as NFS servers,
  causing filesystem errors. Depending on the mount-time options of
  affected filesystems, this may result in remounting filesystems as
  read-only or cause a kernel panic.

  Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are
  vulnerable to this issue; other versions in the 2.6 series are also
  likely affected.

LINUX KERNEL NETFILTER CONNTRACK_PROTO_SCTP.C DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18755
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18755
Summary:
  The Linux kernel 'netfilter' module is prone to a denial-of-service
  vulnerability.

  Successful exploits of this vulnerability will cause the kernel to
  crash, effectively denying service to legitimate users.

LINUX KERNEL NETFILTER DO_REPLACE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17178
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
  The Linux kernel is prone to a local buffer-overflow vulnerability
  because the kernel fails to properly bounds-check user-supplied
  input before using it in a memory copy operation.

  Exploiting this issue allows local attackers to overwrite kernel
  memory with arbitrary data, potentially allowing them to execute
  malicious machine code in the context of affected kernels. This
  vulnerability facilitates the complete compromise of affected
  computers.

  This issue is exploitable only by local users who have superuser
  privileges or have the CAP_NET_ADMIN capability. This issue is
  therefore a security concern only if computers run virtualization
  software that allows users to have superuser access to guest
  operating systems or if the CAP_NET_ADMIN capability is given to
  untrusted users.

  Linux kernel versions prior to 2.6.16 in the 2.6 series are affected
  by this issue.

LINUX KERNEL PPC970 SYSTEMS LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19615
Last Updated: 2006-09-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19615
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability.

  An attacker can exploit this issue to crash the kernel, denying
  further service to legitimate users.

LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
  The Linux kernel SCTP module is prone to remote denial-of-service
  vulnerabilities. These issues are triggered when the kernel handles
  unexpected SCTP packets.

  These issues allow remote attackers to trigger kernel panics,
  denying further service to legitimate users.

  The Linux kernel version 2.6.16 is vulnerable to these issues; prior
  versions may also be affected.

LINUX KERNEL SCTP SO_LINGER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20087
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20087
Summary:
  The Linux kernel SCTP module is prone to a local denial-of-service
  vulnerability.

  This issue allows local attackers to cause kernel crashes, denying
  service to legitimate users.

  Specific information regarding affected versions of the Linux kernel
  is currently unavailable. This BID will be updated as further
  information is disclosed.

LINUX KERNEL SCTP_MAKE_ABORT_USER FUNCTION BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19666
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19666
Summary:
  The Linux kernel is prone to a buffer-overflow vulnerability because
  it fails to properly bounds-check user-supplied data before copying
  it to an insufficiently sized memory buffer.

  A local attacker can exploit this issue to execute arbitrary code
  and potentially compromise the affected computer.

LINUX KERNEL SELINUX_PTRACE LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17830
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17830
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error when SELinux is
  enabled and ptrace is used.

  This vulnerability allows local users to panic the kernel, denying
  further service to legitimate users.

LINUX KERNEL SG DRIVER DIRECT IO LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18101
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18101
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the SG driver.

  This vulnerability allows local users to cause a kernel panic,
  denying further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.13.

LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18081
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
  The Linux SNMP NAT helper is susceptible to a remote denial-of-
  service vulnerability.

  This issue allows remote attackers to potentially corrupt memory and
  ultimately trigger a denial of service for legitimate users.

  Kernel versions prior to 2.6.16.18 are vulnerable to this issue.

LINUX KERNEL SECURITY KEY FUNCTIONS LOCAL COPY_TO_USER RACE
VULNERABILITY
BugTraq ID: 17084
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
  The Linux kernel is susceptible to a local race-condition
  vulnerability in its security-key functionality. This issue is due
  to a race condition that allows attackers to modify an argument of a
  copy operation after is has been validated, but before it is used.

  This vulnerability allows local attackers to crash the kernel,
  denying service to legitimate users. It may also allow attackers to
  read portions of kernel memory, and thus gain access to potentially
  sensitive information. This may aid them in further attacks.

LINUX KERNEL SIGNAL_32.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18616
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18616
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in 'signal_32.c'.

  This vulnerability allows local users to panic the kernel, denying
  further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.16.21.

LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE
VULNERABILITIES
BugTraq ID: 17203
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
  The Linux kernel is affected by local memory-disclosure
  vulnerabilities. These issues are due to the kernel's failure to
  properly clear previously used kernel memory before returning it to
  local users.

  These issues allow an attacker to read kernel memory and potentially
  gather information to use in further attacks.

LINUX KERNEL UDF DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19562
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19562
Summary:
  The Linux kernel UDF file module is prone to a denial-of-service
  vulnerability.

  An attacker can exploit this issue to crash the kernel, denying
  further service to legitimate users.

LINUX KERNEL ULE PACKET HANDLING REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19939
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19939
Summary:
  The Linux kernel is prone to a remote denial-of-service
  vulnerability.

  This issue is triggered when the kernel handles a specially crafted
  ULE packet.

  This issue allows remote attackers to trigger a denial of service
  for legitimate users.

  Kernel version 2.6.17.8 is reported vulnerable to this issue; other
  versions may be affected as well.

LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2006-10-03
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the USB FTDI
  SIO driver.

  This vulnerability allows local users to consume all available
  memory resources, denying further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.16.27.

LINUX KERNEL USB SUBSYSTEM LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14955
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
  A local denial-of-service vulnerability affects the Linux kernel's
  USB subsystem. This issue is due to the kernel's failure to
  properly handle unexpected conditions when trying to handle URBs
  (USB Request Blocks).

  Local attackers may exploit this vulnerability to trigger a kernel
  'oops' on computers where the vulnerable USB subsystem is enabled.
  This would deny service to legitimate users.

LINUX KERNEL UNSPECIFIED SOCKET BUFFER HANDLING REMOTE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 19475
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19475
Summary:
  The Linux kernel is prone to an unspecified remote denial-of-service
  vulnerability.

  This issue allows remote attackers to cause kernel panics, denying
  service to legitimate users.

  No further information is currently available. This BID will be
  updated as more information is released.

  Specific version information is currently unavailable. Kernel
  versions in the 2.6 series are currently considered vulnerable.

LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16993
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the
  'die_if_kernel()' function.

  This vulnerability allows local users to panic the kernel, denying
  further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.15.6 running
  on Itanium systems.

LINUX-HA HEARTBEAT INSECURE DEFAULT PERMISSIONS ON SHARED MEMORY
BugTraq ID: 19186
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19186
Summary:
  Since Linux-HA Heartbeat has insecure default permissions set
  on shared memory, local attackers may be able to cause a denial
  of service.

  Exploitation would most likely result in a system crash, loss of
  data, and resource exhaustion, leading to a denial of service if
  critical files are accessed improperly or overwritten in the attack.
  Other attacks may be possible as well.

LINUX-HA HEARTBEAT REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19516
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19516
Summary:
  Linux-HA Heartbeat is prone to a remote denial-of-service
  vulnerability.

  By successfully exploiting this issue, attackers can crash the
  master control process. This may result in the failure of services
  that depend on the application's functionality.

MIT KERBEROS 5 KRB5_RECVAUTH REMOTE PRE-AUTHENTICATION DOUBLE-FREE
VULNERABILITY
BugTraq ID: 14239
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14239
Summary:
  MIT Kerberos 5 is prone to a remote double-free vulnerability.
  Remote attackers can trigger this issue prior to any
  authentication whatsoever. The issue exists in the
  'revcauth_common()' helper function.

  Because of the code path taken in the vulnerable function,
  exploitation may be hindered. However, attackers may presumably
  leverage this issue to execute arbitrary code in the context of the
  affected service.

  Note that successful exploitation of this issue on a Kerberos Key
  Distribution Center (KDC) computer may result in the compromise of
  an entire Kerberos realm.

MIT KERBEROS 5 MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 19427
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19427
Summary:
  MIT Kerberos 5 is prone to multiple local privilege-escalation
  vulnerabilities because it fails to properly implement privilege-
  dropping functionality when used in conjunction with Linux 2.6
  kernels or with AIX operating systems.

  This issue allows local attackers to gain superuser privileges,
  facilitating the complete compromise of affected computers.

MONO SYSTEM.CODEDOM.COMPILER CLASS INSECURE TEMPORARY FILE CREATION
BugTraq ID: 20340
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20340
Summary:
  The Mono 'System.CodeDom.Compiler' class creates temporary files in
  an insecure manner.

  An attacker with local access could potentially exploit this issue
  to perform symlink attacks, overwriting arbitrary files in the
  context of the affected application.

  Successfully exploiting a symlink attack may allow an attacker to
  overwrite or corrupt sensitive files. This may result in a denial of
  service; other attacks may also be possible.

  Versions 1.0 and 2.0 are vulnerable; other versions may also
  be affected.

MOTOROLA SB4200 REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20309
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20309
Summary:
  Motorola SB4200 is prone to a remote denial-of-service
  vulnerability.

  This may permit an attacker to crash affected devices, denying
  further network services to legitimate users.

[ firmware ]

MOZILLA BUGZILLA MULTIPLE INPUT VALIDATION AND INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 20538
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20538
Summary:
  Bugzilla is affected by multiple input-validation and information-
  disclosure vulnerabilities because the application fails to properly
  sanitize user-supplied input and to protect sensitive information
  from unauthorized users.

  An attacker can leverage these issues to access attachment and
  deadline information that are marked private or are otherwise
  protected and to conduct cross-site scripting and HTML-injection
  attacks. Exploiting these input-validation issues may allow
  attackers to steal cookie-based authentication credentials and to
  launch other attacks.

  Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these
  vulnerabilities.

MOZILLA FIREFOX JAVASCRIPT HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19488
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19488
Summary:
  Mozilla Firefox is prone to a remote memory-corruption
  vulnerability. This issue is due to a race condition that may result
  in double-free or other memory-corruption issues.

  Attackers may likely exploit this issue to execute arbitrary machine
  code in the context of the vulnerable application, but this has not
  been confirmed. Failed exploit attempts will likely crash the
  application.

  Mozilla Firefox is vulnerable to this issue. Due to code reuse,
  other Mozilla products are also likely affected.

MOZILLA FIREFOX JAVASCRIPT NAVIGATOR OBJECT REMOTE CODE EXECUTION
BugTraq ID: 19192
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19192
Summary:
  Mozilla Firefox is prone to a remote code-execution vulnerability
  because the application fails to properly sanitize user-supplied
  input before using it to create new JavaScript objects.

  Successful exploits may allow an attacker to crash the application
  or execute arbitrary machine code in the context of the affected
  application.

  This issue was previously discussed in BID 19181 (Mozilla Multiple
  Products Remote Vulnerabilities). It has been assigned a separate
  BID because new information has become available.

MOZILLA FIREFOX UNSPECIFIED JAVASCRIPT REMOTE CODE EXECUTION
BugTraq ID: 20282
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20282
Summary:
  Mozilla Firefox is prone to a remote code-execution vulnerability
  because the application fails to properly sanitize user-supplied
  input before using it to create new JavaScript objects.

  Successful exploits may allow an attacker to crash the application
  or execute arbitrary machine code in the context of the affected
  application.

  Details regarding this vulnerability are not currently available;
  this BID will be updated when more information becomes available.

MOZILLA FIREFOX XML HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19534
Last Updated: 2006-09-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19534
Summary:
  Mozilla Firefox is prone to a remote memory-corruption vulnerability
  because of a race condition that may result in double-free or other
  memory-corruption issues.

  Attackers may likely exploit this issue to execute arbitrary machine
  code in the context of the vulnerable application, but this has not
  been confirmed. Failed exploit attempts will likely crash the
  application.

  Mozilla Firefox is vulnerable to this issue. Due to code-reuse,
  other Mozilla products are also likely affected.

  The Flock browser version 0.7.4.1 and the K-Meleon browser version
  1.0.1 are also reported vulnerable.

MOZILLA FIREFOX, SEAMONKEY, CAMINO, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 18228
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
  The Mozilla Foundation has released thirteen security advisories
  specifying security vulnerabilities in Mozilla Firefox, SeaMonkey,
  Camino, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - run JavaScript code with elevated privileges, potentially allowing
    the remote execution of machine code
  - gain access to potentially sensitive information.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as
  further information becomes available.

  These issues are fixed in:
  - Mozilla Firefox version 1.5.0.4
  - Mozilla Thunderbird version 1.5.0.4
  - Mozilla SeaMonkey version 1.0.2
  - Mozilla Camino 1.0.2

MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20042
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
  The Mozilla Foundation has released six security advisories
  specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
  Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary code
  - perform cross-site scripting attacks
  - supply malicious data through updates
  - inject arbitrary content
  - execute arbitrary JavaScript
  - crash affected applications and potentially execute
    arbitrary code.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as more
  information becomes available.

  These issues are fixed in:

  - Mozilla Firefox version 1.5.0.7
  - Mozilla Thunderbird version 1.5.0.7
  - Mozilla SeaMonkey version 1.0.5

MOZILLA FOUNDATION PRODUCTS XPCOM MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 19197
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19197
Summary:
  Various Mozilla Foundation products are prone to a memory-corruption
  vulnerability.

  This issue occurs because the applications fail to handle
  simultaneous XPCOM events that would cause the deletion of the
  timer object.

  An attacker can exploit this issue to execute arbitrary code.

  This issue was previously discussed in BID 19181 (Mozilla Multiple
  Products Remote Vulnerabilities). It has been assigned a separate
  BID because new information has become available.

MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
  The Mozilla Foundation has released thirteen security advisories
  specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
  Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - run arbitrary script code with elevated privileges
  - gain access to potentially sensitive information
  - carry out cross-domain scripting attacks.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as more
  information becomes available.

  These issues are fixed in:

  - Mozilla Firefox version 1.5.0.5
  - Mozilla Thunderbird version 1.5.0.5
  - Mozilla SeaMonkey version 1.0.3

MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
  Multiple vendors' operating systems are prone to a local information-
  disclosure vulnerability. This issue is due to a flaw in the
  operating systems that fail to properly use AMD CPUs.

  Local attackers may exploit this vulnerability to gain access to
  potentially sensitive information regarding other processes
  executing on affected computers. This may aid attackers in
  retrieving information regarding cryptographic keys or other
  sensitive information.

  This issue affects Linux and FreeBSD operating systems that use
  generations 7 and 8 AMD CPUs.

MULTIPLE VENDOR TCP PACKET FRAGMENTATION HANDLING DENIAL OF SERVICE
BugTraq ID: 11258
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
  Multiple vendor implementations of the TCP stack are reported prone
  to a remote denial-of-service vulnerability.

  The issue is reported to present itself due to inefficiencies
  present when handling fragmented TCP packets.

  The discoverer of this issue has dubbed the attack style the "New
  Dawn attack"; it is a variation of a previously reported attack that
  was named the "Rose Attack".

  A remote attacker may exploit this vulnerability to deny service to
  an affected computer.

  Microsoft Windows 2000/XP, Linux kernel 2.4 tree, and undisclosed
  Cisco systems are reported prone to this vulnerability; other
  products may also be affected.

[ disable fragments, use PMTU DISC ]

MULTIPLE VENDOR TCP SEQUENCE NUMBER APPROXIMATION VULNERABILITY
BugTraq ID: 10183
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/10183
Summary:
  A vulnerability in TCP implementations may permit unauthorized
  remote users to reset TCP sessions. This issue affects products
  released by multiple vendors. Exploiting this issue may permit
  remote attackers to more easily approximate TCP sequence numbers.

  The problem is that affected implementations will accept TCP
  sequence numbers within a certain range of the expected sequence
  number for a packet in the session. This will permit a remote
  attacker to inject a SYN or RST packet into the session, causing it
  to be reset and effectively allowing denial-of-service attacks. An
  attacker would exploit this issue by sending a packet to a receiving
  implementation with an approximated sequence number and a forged
  source IP and TCP port.

  Few factors may present viable target implementations, such as
  imlementations that:

  - depend on long-lived TCP connections
  - have known or easily guessed IP address endpoints
  - have known or easily guessed TCP source ports.

  Note that Border Gateway Protocol (BGP) is reported to be
  particularly vulnerable to this type of attack. As a result, this
  issue is likely to affect a number of routing platforms.

  Note also that while a number of vendors have confirmed this issue
  in various products, investigations are ongoing and it is likely
  that many other vendors and products will turn out to be vulnerable
  as the issue is investigated further.

  Other consequences may also result from this issue, such as
  injecting specific data in TCP sessions, but this has not been
  confirmed.

  **Update: Microsoft platforms are also reported prone to this
  vulnerability. Vendor reports indicate that an attacker will require
  knowledge of the IP address and port numbers of the source and
  destination of an existent legitimate TCP connection in order to
  exploit this vulnerability on Microsoft platforms. Connections that
  involve persistent sessions, for example Border Gateway Protocol
  sessions, may be more exposed to this vulnerability than other
  TCP/IP sessions.

MULTIPLE VENDOR TCP/IP IMPLEMENTATION ICMP REMOTE DENIAL OF SERVICE
BugTraq ID: 13124
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
  Multiple vendor implementations of TCP/IP Internet Control
  Message Protocol (ICMP) are reported prone to several denial-of-
  service attacks.

  ICMP is employed by network nodes to determine certain
  automatic actions to take based on network failures reported by
  an ICMP message.

  Reportedly, the RFC doesn't recommend security checks for ICMP error
  messages. As long as an ICMP message contains a valid source and
  destination IP address and port pair, it will be accepted for an
  associated connection.

  The following individual attacks are reported:

  - A blind connection-reset attack. This attack takes advantage of
    the specification that describes that on receiving a 'hard' ICMP
    error, the corresponding connection should be aborted. The Mitre
    ID CAN-2004-0790 is assigned to this issue.

  A remote attacker may exploit this issue to terminate target TCP
  connections and deny service for legitimate users.

  - An ICMP Source Quench attack. This attack takes advantage of the
    specification that a host must react to receive ICMP Source Quench
    messages by slowing transmission on the associated connection. The
    Mitre ID CAN-2004-0791 is assigned to this issue.

  A remote attacker may exploit this issue to degrade the performance
  of TCP connections and partially deny service for legitimate users.

  - An attack against ICMP PMTUD is reported to affect multiple
    vendors when they are configured to employ PMTUD. By sending a
    suitable forged ICMP message to a target host, an attacker may
    reduce the MTU for a given connection. The Mitre ID CAN-2004-1060
    is assigned to this issue.

  A remote attacker may exploit this issue to degrade the performance
  of TCP connections and partially deny service for legitimate users.

  **Update: Microsoft platforms are also reported prone to these
  issues.

MULTIPLE VENDOR GETHOSTBYNAME() BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 6853
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/6853
Summary:
  A vulnerability has been discovered in multiple vendor
  implementations of the 'gethostbyname()' library function, which is
  used to resolve network addresses.

  The 'gethostbyname()' function fails to implement sufficient bounds
  checking on data copied into local memory buffers.

  Under some circumstances, attackers may exploit this issue to
  overwrite sensitive locations in memory and may leverage the issue
  to execute arbitrary commands with the privileges of the vulnerable
  application. This issue may be local or remote, depending on the
  particular applications that use the function on vulnerable systems.

  Several applications may implement the 'gethostbyname()' function,
  thus exposing them to this vulnerability. Applications known to
  implement 'gethostbyname()' include various implementations of
  'ping', 'ftp', and 'tftp'. Other applications may also be
  vulnerable.

MULTIPLE X.ORG PRODUCTS SETUID LOCAL PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 19742
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19742
Summary:
  Multiple X.org products are prone to a local privilege-escalation
  vulnerability.

  A local attacker can exploit this issue to gain superuser
  privileges. A successful exploit would lead to the complete
  compromise of the affected computer.

OPENLDAP SLAPD ACCESS CONTROL CIRCUMVENTION VULNERABILITY
BugTraq ID: 19832
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
  OpenLDAP slapd is prone to a vulnerability that allows attackers to
  circumvent access controls.

  An attacker may be able to modify any domain name regardless of
  the owner.

  Versions prior to 2.3.25 are vulnerable.

OPENOFFICE ARBITRARY MACRO EXECUTION VULNERABILITY
BugTraq ID: 18738
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18738
Summary:
  OpenOffice is prone to a vulnerability that allows attackers to gain
  unauthorized access to a vulnerable computer.

  The vendor has reported that this vulnerability allows malicious
  macros to gain read/write privileges to local files on a
  vulnerable computer.

OPENOFFICE JAVA APPLET SYSTEM ACCESS VULNERABILITY
BugTraq ID: 18737
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18737
Summary:
  OpenOffice is prone to a vulnerability that allows attackers to gain
  unauthorized access to a vulnerable computer.

  The vendor has reported that this vulnerability allows malicious
  Java applets to gain read/write privileges to local files on a
  vulnerable computer.

OPENOFFICE XML FILE FORMAT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18739
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18739
Summary:
  OpenOffice is prone to a vulnerability that allows attackers to gain
  unauthorized access to a vulnerable computer.

  The vendor has reported that this vulnerability allows malicious XML
  documents to cause a buffer overflow leading to read/write
  privileges to local files on a vulnerable computer.

OPENSLP MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 12792
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12792
Summary:
  OpenSLP is prone to multiple unspecified buffer-overflow
  vulnerabilities that may be triggered by malformed SLP (Service
  Location Protocol) packets.

  If successfully exploited, these issues could allow remote code
  execution in the context of the software.

OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
  OpenSSH is prone to a remote denial-of-service vulnerability because
  it fails to properly handle incoming duplicate blocks.

  Remote attackers may exploit this issue to consume excessive CPU
  resources, potentially denying service to legitimate users.

  This issue occurs only when OpenSSH is configured to accept SSH
  Version One traffic.

OPENSSH REVERSE DNS LOOKUP ACCESS CONTROL BYPASS VULNERABILITY
BugTraq ID: 7831
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7831
Summary:
  A vulnerability has been reported for OpenSSH that may allow
  unauthorized access to an OpenSSH server's login mechanism.

  The vulnerability occurs because of the way OpenSSH restricts
  access. It's possible to configure OpenSSH to restrict access based
  on certain patterns. When a numeric IP address is provided as the
  host that is attempting a connection, an attacker can trick the
  OpenSSH server to allow access.

OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
  OpenSSH is prone to an SCP shell command-execution vulnerability
  because the application fails to properly sanitize user-supplied
  input before using it in a 'system()' function call.

  This issue allows attackers to execute arbitrary shell commands with
  the privileges of users executing a vulnerable version of SCP.

  This issue reportedly affects version 4.2 of OpenSSH. Other versions
  may also be affected.

OPENSSH-PORTABLE EXISTING PASSWORD REMOTE INFORMATION DISCLOSURE
BugTraq ID: 20418
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20418
Summary:
  It is reported that OpenSSH contains an information disclosure
  weakness. This issue exists in the portable version of OpenSSH. The
  portable version is the version that is distributed for operating
  systems other than its native OpenBSD platform.

  This issue has been confirmed as not deriving from either the
  Pluggable Authentication Module (PAM) issue disclosed in BID
  11781 in 2004, or the more recent Generic Security Services
  Application Programming Interface (GSSAPI) based information leak
  outlined in BID

OPENSSH-PORTABLE GSSAPI AUTHENTICATION ABORT INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 20245
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
  OpenSSH-Portable is prone to an information-disclosure weakness. The
  issue stems from a GSSAPI authentication abort.

  Reportedly, attackers may leverage a GSSAPI authentication abort to
  determine the presence and validity of usernames on unspecified
  platforms.

  This issue occurs when OpenSSH-Portable is configured to accept
  GSSAPI authentication.

  OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.

OPENSSL ASN.1 STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20248
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
  OpenSSL is prone to a denial-of-service vulnerability.

  An attacker may exploit this issue to cause applications that use
  the vulnerable library to consume excessive CPU and memory resources
  and crash, denying further service to legitimate users.

OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
  OpenSSL is prone to a vulnerability that may allow an attacker to
  forge an RSA signature. The attacker may be able to forge a PKCS #1
  v1.5 signature when an RSA key with exponent 3 is used.

  An attacker may exploit this issue to sign digital certificates or
  RSA keys and take advantage of trust relationships that depend on
  these credentials, possibly posing as a trusted party and signing a
  certificate or key.

  All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
  affected by this vulnerability. Updates are available.

OPENSSL PUBLIC KEY PROCESSING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20247
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
  OpenSSL is prone to a denial-of-service vulnerability because it
  fails to validate the lengths of public keys being used.

  An attacker can exploit this issue to crash an affected server
  using OpenSSL.

OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
  OpenSSL is prone to a buffer-overflow vulnerability because the
  library fails to properly bounds-check user-supplied input before
  copying it to an insufficiently sized memory buffer.

  Successfully exploiting this issue may result in the execution of
  arbitrary machine code in the context of applications that use the
  affected library. Failed exploit attempts may crash applications,
  denying service to legitimate users.

OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
  OpenSSL is prone to a denial-of-service vulnerability.

  A malicious server could cause a vulnerable client application to
  crash, effectively denying service.

PPPD WINBIND PLUGIN LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18849
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18849
Summary:
  The 'winbind' plugin of 'pppd' can allow local attackers to gain
  elevated privileges, which may lead to a complete compromise.

  Version 2.4.3 of 'pppd' is reported vulnerable. Other versions may
  be affected as well.

PERL PERL_SV_VCATPVFN FORMAT STRING INTEGER WRAP VULNERABILITY
BugTraq ID: 15629
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
  Perl is susceptible to a format-string vulnerability. This issue is
  due to the programming language's failure to properly handle format
  specifiers in formatted-printing functions.

  An attacker may leverage this issue to write to arbitrary process
  memory, facilitating code execution in the context of the Perl
  interpreter process. This can result in unauthorized remote access.

  Developers should treat the formatted printing functions in Perl as
  equivalently vulnerable to exploitation as the C library versions,
  and should properly sanitize all data passed in the format-
  specifier argument.

  All applications that use formatted-printing functions in an unsafe
  manner should be considered exploitable.

PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
  Portable OpenSSH is prone to a remote code-execution
  vulnerability. The issue derives from a race condition in a
  vulnerable signal handler.

  Reportedly, under specific conditions, it is theoretically possible
  to execute code remotely prior to authentication when GSSAPI
  authentication is enabled. This has not been confirmed; the chance
  of a successful exploit of this nature is considered minimal.

  On non-Portable OpenSSH implementations, this same race condition
  can be exploited to cause a pre-authentication denial of service.

  This issue occurs when OpenSSH and Portable OpenSSH are configured
  to accept GSSAPI authentication.

PYTHON REPR() FUNCTION REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20376
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20376
Summary:
  Python is prone to a remote code-execution vulnerability because the
  application fails to properly handle UTF-32/UCS-4 strings.

  Exploiting this issue allows remote attackers to execute arbitrary
  machine code with the privileges of the Python application.

SENDMAIL LONG HEADER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19714
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19714
Summary:
  Sendmail is prone to a denial-of-service vulnerability.

  An attacker can exploit this issue to crash the Sendmail process,
  causing a denial of service.

SUDO PERL ENVIRONMENT VARIABLE HANDLING SECURITY BYPASS VULNERABILITY
BugTraq ID: 15394
Last Updated: 2006-10-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15394
Summary:
  Sudo is prone to a security-bypass vulnerability that could lead to
  arbitrary code execution. This issue is due to an error in the
  application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT'
  environment variables when tainting is ignored.

  An attacker can exploit this vulnerability to bypass security
  restrictions and include arbitrary library files.

  To exploit this vulnerability, an attacker must be able to run Perl
  scripts through Sudo.

SUDO PYTHON ENVIRONMENT VARIABLE HANDLING SECURITY BYPASS
VULNERABILITY
BugTraq ID: 16184
Last Updated: 2006-10-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16184
Summary:
  Sudo is prone to a security-bypass vulnerability that could lead to
  arbitrary code execution. This issue is due to an error in the
  application when handling environment variables.

  A local attacker with the ability to run Python scripts can exploit
  this vulnerability to gain access to an interactive Python prompt.
  That attacker may then execute arbitrary code with elevated
  privileges, facilitating the complete compromise of affected
  computers.

  An attacker must have the ability to run Python scripts through Sudo
  to exploit this vulnerability.

  This issue is similar to BID 15394 (Sudo Perl Environment Variable
  Handling Security Bypass Vulnerability).

TROLLTECH QT PIXMAP IMAGES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 20599
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20599
Summary:
  Qt is prone to an integer-overflow vulnerability because the library
  fails to do proper bounds checking on user-supplied data.

  An attacker can exploit this vulnerability to execute arbitrary code
  in the context of the application using the vulnerable library.
  Failed exploit attempts will likely cause denial-of-service
  conditions.

VIEWVC UTF-7 CHARSET UNSPECIFIED HTML INJECTION VULNERABILITY
BugTraq ID: 20543
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20543
Summary:
  ViewVC is prone to a HTML-injection vulnerability because of it
  fails to specify a charset in the HTML body or the HTTP header.

  Exploiting this issue could allow an attacker to execute attacker-
  supplied script code in the browser of an unsuspecting user in the
  context of the affected site. This may help the attacker steal cookie-
  based authentication credentials and launch other attacks.

  ViewVC 1.0.2 and prior versions are vulnerable; other versions may
  also be affected.

[ cvsweb r??crit en Python ]

VIXIE CRON PAM_LIMITS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18108
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18108
Summary:
  Vixie cron is susceptible to a local privilege-escalation
  vulnerability. This issue is due to the application's failure to
  properly drop superuser privileges in certain circumstances when
  executing jobs.

  This issue allows local attackers that have been authorized to
  execute cron jobs to execute arbitrary commands with superuser
  privileges. This facilitates the complete compromise of affected
  computers.

  Vixie cron version 4.1 is vulnerable to this issue when used in
  conjunction with pam_limits. Other versions may also be affected.

WEBMIN AND USERMIN HTML INJECTION AND INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 19820
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19820
Summary:
  Webmin and Usermin are prone to an HTML-injection issue and an information-
  disclosure issue.

  Attacker-supplied HTML and script code would execute in the context
  of the affected website, potentially allowing an attacker to steal
  cookie-based authentication credentials and to control how the site
  is rendered to the user and gain sensitive information.

  Usermin versions prior to 1.226 and Webmin versions prior to 1.296
  are vulnerable to this issue.

WEBMIN/USERMIN UNSPECIFED INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18744
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18744
Summary:
  Webmin and Usermin are prone to an unspecified information-
  disclosure vulnerability. This issue is due to a failure in the
  applications to properly sanitize user-supplied input.

  An attacker can exploit this issue to retrieve potentially sensitive
  information.

  This issue affects Webmin versions prior to 1.290 and Usermin
  versions prior to 1.220.

  Unconfirmed reports suggest that this issue is the same as the one
  discussed in BID 18613 (Webmin Remote Directory Traversal
  Vulnerability). However, the fixes associated with that issue did
  not completely solve the vulnerability.

WIRESHARK MULTIPLE VULNERABILITIES
BugTraq ID: 19690
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19690
Summary:
Wireshark is prone to multiple vulnerabilities:

  - Multiple denial-of-service vulnerabilities.
  - Multiple off-by-one vulnerabilities.

  These may permit attackers to execute arbitrary code, which can
  facilitate a compromise of an affected computer or cause a denial-of-
  service condition to legitimate users of the application.

WIRESHARK PROTOCOL DISSECTORS MULTIPLE VULNERABILITIES
BugTraq ID: 19051
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:

  - A format-string vulnerability.
  - An off-by-one vulnerability.
  - An infinite-loop vulnerability.
  - A memory-allocation vulnerability.

  These may permit attackers to execute arbitrary code, which can
  facilitate a compromise of an affected computer or cause a denial-of-
  service condition to legitimate users of the application.

[ ex- ethereal ]

X.ORG LIBXFONT CID FONT FILE MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 19974
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19974
Summary:
  The libXfont library is prone to multiple integer-overflow
  vulnerabilities.

  Attackers can exploit this issue to execute arbitrary code with
  superuser privileges. A successful exploit will result in the
  complete compromise of affected computers. Failed exploit attempts
  will result in a denial of service.

X.ORG XDM XSESSION SCRIPT RACE CONDITION VULNERABILITY
BugTraq ID: 20400
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20400
Summary:
  The X.org XDM XSession script is prone to a race-condition
  vulnerability.

  Local unprivileged attackers can exploit this issue to gain access
  to the primary or alternate 'xdm' error log files. A successful
  exploit will result in the unintended disclosure of sensitive
  information.

XEROX WORKCENTRE / COPYCENTRE MULTIPLE VULNERABILITIES
BugTraq ID: 17014
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17014
Summary:
  Xerox WorkCentre / CopyCentre are prone to multiple vulnerabilities.

  Exploiting these issues can allow remote attackers to trigger a denial-of-
  service condition in a device. Some of these issues may allow for
  arbitrary code execution as well, but this is unconfirmed.

  These software versions are vulnerable:

  - 1.001.02.073 or prior
  - Versions greater than 1.001.02.074 but less than 1.001.02.715.

[ firmware ]

YUKIHIRO MATSUMOTO RUBY MULTIPLE SAFE LEVEL RESTRICTION BYPASS
VULNERABILITIES
BugTraq ID: 18944
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18944
Summary:
  Ruby is prone to multiple vulnerabilities that let attackers bypass
  SAFE-level restrictions.

  These issues allow attackers to bypass the expected SAFE-level
  restrictions, possibly allowing them to execute unauthorized script
  code in the context of affected applications. The specific impact of
  these issues depends on the implementation of scripts that use SAFE-
  level security checks.