[gull-annonces] Resume SecurityFocus Newsletter #369-373
Marc SCHAEFER
schaefer at alphanet.ch
Sun Oct 29 19:08:47 CET 2006
AWSTATS AWSTATS.PL MULTIPLE CROSS-SITE SCRIPTING VULNERABILITIES
BugTraq ID: 17621
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17621
Summary:
AWStats is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly
sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
AWStats version 6.5 (build 1.857) and prior are vulnerable to
these issues.
APACHE HTTP SERVER ARBITRARY HTTP REQUEST HEADERS SECURITY WEAKNESS
BugTraq ID: 19661
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19661
Summary:
Apache HTTP server is prone to an HTTP request header security
weakness.
An attacker may exploit this issue to steal cookie-based
authentication credentials and launch other attacks.
APACHE MOD_IMAP REFERER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15834
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting
vulnerability. This issue is due to the module's failure to properly
sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
APACHE MOD_REWRITE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19204
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow
condition.
The vulnerability arising in the mod_rewrite module's ldap scheme
handling allows for potential memory corruption when an attacker
exploits certain rewrite rules.
An attacker may exploit this issue to trigger a denial-of-
service condition. Reportedly, arbitrary code execution may be
possible as well.
APACHE MOD_SSL CUSTOM ERROR DOCUMENT REMOTE DENIAL OF SERVICE
BugTraq ID: 16152
Last Updated: 2006-10-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16152
Summary:
Apache's mod_ssl module is susceptible to a remote denial-of-service
vulnerability. A flaw in the module results in a NULL-pointer
dereference that causes the server to crash. This issue is present
only when virtual hosts are configured with a custom 'ErrorDocument'
statement for '400' errors or 'SSLEngine optional'.
Depending on the configuration of Apache, attackers may crash the
entire webserver or individual child processes. Repeated attacks are
required to deny service to legitimate users when Apache is
configured for multiple child processes to handle connections.
This issue affects Apache 2.x versions.
APACHE MOD_TCL REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 20527
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20527
Summary:
Apache mod_tcl is prone to a remote format-string vulnerability
because the application fails to properly sanitize user-supplied
input before including it in the format-specifier argument of a formatted-
printing function.
Successfully exploiting this issue allows remote attackers to
execute arbitrary machine code in the context of webserver processes
running the affected Apache module. This facilitates the remote
compromise of affected computers.
Apache mod_tcl version 1.0 is vulnerable to this issue.
APACHE MOD_PHP MODULE FILE DESCRIPTOR LEAKAGE VULNERABILITY
BugTraq ID: 9302
Last Updated: 2006-10-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9302
Summary:
Reportedly, the Apache mod_php module may be prone to a
vulnerability that may allow a local attacker to gain access to
privileged file descriptors. As a result, the attacker may pose as a
legitimate server and possibly steal or manipulate sensitive
information.
CAPI4HYLAFAX REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 19801
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19801
Summary:
CAP4Hylafax is prone to an arbitrary command-execution
vulnerability.
An attacker can exploit this vulnerability to execute arbitrary
commands in the context of the affected application.
CISCO VPN 3000 CONCENTRATOR FTP ARBITRARY FILE ACCESS VULNERABILITY
BugTraq ID: 19680
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19680
Summary:
The Cisco VPN 3000 series concentrators are prone to an arbitrary
file-access vulnerability.
An attacker can exploit this issue to rename and delete arbitrary
files on the affected device in the context of the FTP server
process. This may facilitate further attacks.
[ firmware ]
CLAM ANTI-VIRUS CHM UNPACKER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20537
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
ClamAV is prone to a denial-of-service vulnerability because of an
unspecified failure in the CHM unpacker.
Exploitation could cause the application to crash, resulting in a
denial of service.
CLAM ANTI-VIRUS PE REBUILDING HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20535
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20535
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied data before
copying it to an insufficiently sized memory buffer.
Exploiting this issue could allow attacker-supplied machine code to
execute in the context of the affected application. The issue would
occur when the malformed file is scanned manually or automatically
in deployments such as email gateways.
ClamAV version 0.88.4 is vulnerable to this issue.
CYRUS SASL REMOTE DIGEST-MD5 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17446
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17446
Summary:
Cyrus SASL is affected by a remote denial-of-service vulnerability.
This issue occurs before successful authentication, allowing
anonymous remote attackers to trigger it.
This vulnerability allows remote attackers to crash services using
the affected SASL library, denying service to legitimate users.
This issue reportedly affects version 2.1.18 of Cyrus SASL; other
versions may also be affected.
ELOG LOG ENTRY HTML INJECTION VULNERABILITY
BugTraq ID: 20181
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20181
Summary:
ELOG is prone to an HTML-injection vulnerability because it fails to
sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and
script code in the context of the affected site, to steal cookie-
based authentication credentials, or to control how the site is
rendered to the user; other attacks are also possible.
Version 2.6.1 is vulnerable; other versions may also be affected.
[ mini weblog, stand alone ]
FFMPEG IMAGE FILE MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20009
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
FFmpeg is prone to multiple remote buffer-overflow vulnerabilities
because the application using this library fails to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
These issues allow attackers to execute arbitrary machine code
within the context of the affected application.
Versions prior to 0.4.9_p20060530 are vulnerable to this issue.
FREEBSD CRYPTO LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20713
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20713
Summary:
FreeBSD is prone to a local denial-of-service vulnerability because
it fails to handle exceptional conditions.
An attacker may leverage this issue to crash the affected computer,
denying service to legitimate users. Under certain conditions,
successful exploits may also corrupt the filesystem.
FreeBSD version 6.1 is vulnerable to this issue; other versions may
also be affected. The reporter of this issue states that OpenBSD may
also be affected.
FREEBSD I386_SET_LDT() MULTIPLE LOCAL DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 20158
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20158
Summary:
FreeBSD is prone to multiple local denial-of-service
vulnerabilities. These issues occur because of input-validation
flaws related to the handling of integers.
An attacker may leverage these issues to cause the affected computer
to crash, denying service to legitimate users.
Versions 5.2 through 5.5 are vulnerable to these issues; other
versions may also be affected.
GDB DWARF MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19802
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of
insufficient bounds checking when handling DWARF and DWARF2 data.
Attackers could leverage this issue to run arbitrary code outside of
a restricted environment; this may lead to privilege escalation.
GDB MULTIPLE VULNERABILITIES
BugTraq ID: 13697
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues
can allow an attacker to execute arbitrary code and commands on an
affected computer. A successful attack may allow the attacker to
gain elevated privileges or unauthorized access.
The following specific issues were identified:
- a remote heap-overflow vulnerability when loading malformed
object files.
- a local privilege-escalation vulnerability.
GDB 6.3 is reportedly affected by these issues; other versions are
likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected
by the heap-overflow issue as well.
GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-
service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process
memory by triggering an overflow condition. This may lead to
arbitrary code execution in the context of an affected user and may
facilitate a remote compromise. Attackers may also trigger denial-of-
service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is
currently unavailable. This BID will be updated as more information
is released.
GNUTLS PKCS RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 20027
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20027
Summary:
GnuTLS is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when verifying a X.509 certificate.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
This vulnerability is a variant of the issue discussed in BID 19849
(OpenSSL PKCS Padding RSA Signature Forgery Vulnerability) and
affects GnuTLS versions prior to version 1.4.3.
GNUPG PARSE_COMMENT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19110
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19110
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG version 1.4.4 is vulnerable to this issue; previous versions
may also be affected.
IMAGEMAGICK SGI IMAGE FILE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19507
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19507
Summary:
ImageMagick is prone to a remote heap buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
input before copying it to an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the ImageMagick library.
ImageMagick versions in the 6.x series, up to version 6.2.8, are
vulnerable to this issue.
IMAGEMAGICK SUN BITMAP IMAGE FILE REMOTE UNSPECIFIED BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19699
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19699
Summary:
ImageMagick is prone to an unspecified remote buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the ImageMagick library.
This BID will be updated as further information is disclosed.
Versions of ImageMagick prior to 6.2.9-2 are vulnerable to
this issue.
IMAGEMAGICK XCF IMAGE FILE REMOTE UNSPECIFIED BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19697
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19697
Summary:
ImageMagick is prone to an unspecified remote buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the ImageMagick library.
This BID will be updated as further information is disclosed.
Versions of ImageMagick prior to 6.2.9-2 are vulnerable to
this issue.
KDE KDM SESSION TYPE SYMBOLIC LINK VULNERABILITY
BugTraq ID: 18431
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18431
Summary:
KDM is prone to a vulnerability that may permit symbolic-link
attacks when processing the user's session type.
An attacker with local access could potentially exploit this issue
to view files and obtain privileged information.
A successful attack would most likely result in the loss of
confidentiality and the theft of privileged information.
KMAIL HTML ELEMENT HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20539
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20539
Summary:
KMail is prone to an unspecified denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
KMail 1.9.1 and prior versions are vulnerable to this issue.
KMAIL HTML MAIL HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20369
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20369
Summary:
KMail is prone to an unspecified denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
KMail 1.9.1 and prior versions are vulnerable to this issue.
LIBTIFF ESTIMATESTRIPBYTECOUNTS() DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19284
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19284
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial of
service in applications using the affected library.
LIBTIFF LIBRARY ANONYMOUS FIELD MERGING DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19287
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19287
Summary:
The libTIFF library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by submitting malformed
image files.
When the libTIFF library routines process a malicious TIFF file,
this could result in abnormal behavior, cause the application to
become unresponsive, or possibly allow malicious code to execute.
LIBTIFF NEXT RLE DECODER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19282
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19282
Summary:
The Next RLE Decoder for libTIFF is prone to a remote heap buffer-
overflow vulnerability.
This issue occurs because the application fails to check boundary
conditions on certain RLE decoding operations.
This issue may allow attackers to execute arbitrary machine code
within the context of the vulnerable application or to cause a
denial of service.
LIBTIFF PIXARLOG DECODER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19290
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19290
Summary:
The PixarLog Decoder for libTIFF is prone to a remote heap buffer-
overflow vulnerability.
This issue may allow attackers to execute arbitrary machine code
within the context of the vulnerable application or to cause a
denial-of-service.
LIBTIFF SANITY CHECKS MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 19286
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19286
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to cause a denial of
service in applications using the affected library.
LIBTIFF TIFFFETCHSHORTPAIR REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19283
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19283
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the
library fails to do proper boundary checks before copying user-
supplied data into a finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of appications using the affected library. Failed
exploit attempts will likely crash the application, denying service
to legitimate users.
LIBTIFF TIFFSCANLINESIZE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19288
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19288
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the
library fails to do proper boundary checks before copying user-
supplied data into a finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications using the affected library. Failed
exploit attempts will likely crash the application, denying service
to legitimate users.
LIBKSBA SIGNATURE VERIFICATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20565
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20565
Summary:
The libksba library is prone to a denial-of-service vulnerability
because it crashes when verifying a signature with a malformed X.509
certificate.
Attackers can exploit this issue to crash the KSBA library, and in
turn cause various programs that depend on the library to cease
functioning, effectively denying service.
The following versions are affected:
- SUSE Linux's version 0.9.12
- Ubuntu libksba8 version 0.9.9-2ubuntu0.5.04.
Other individual implementations may also be vulnerable.
LIBMUSICBRAINZ MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19508
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19508
Summary:
The libmusicbrainz library is prone to multiple buffer-overflow
vulnerabilities because the application fails to check the size
of the data before copying it into a finite-sized internal
memory buffer.
An attacker can exploit these issues to execute arbitrary code
within the context of the application or to cause a denial-of-
service condition.
Versions 2.1.2, SVN 8406, and prior are vulnerable to this issue;
other versions may also be affected.
LINKSYS WRT54GX V2.0 WAN PORT UPNP VULNERABILITY
BugTraq ID: 20415
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20415
Summary:
Linksys WRT54GX V2.0 is prone to a design vulnerability. Reportedly,
the device offers Universal Plug and Play (UPnP) capabilities on
both the LAN interface and the WAN Interface when UPnP is enabled.
The design problem manifests itself as a security issue since
enabled UPnP services on a WAN interface allow a remote user to
issue an 'AddPortMapping' command to the device. An attacker can
exploit this vulnerability to establish arbitrary ingress port
mappings to devices normally protected by the routing device.
This issue is reported to affect firmware version 2.00.05; other
firmware versions may also be affected.
[ firmware ]
LINUX KERNEL 2.6.16.13 MULTIPLE SCTP REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 17955
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel deadlock and
infinite recursion, denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2006-10-03
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. This vulnerability
facilitates the complete compromise of affected computers.
Linux kernel version 2.6.17.3 and prior are affected by this issue.
LINUX KERNEL CHOOSE_NEW_PARENT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18099
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18099
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'choose_new_parent' function.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.11.12.
LINUX KERNEL DIRECT-IO.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19665
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19665
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the direct
IO driver.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects the Linux kernel 2.6 series prior to 2.6.10.
LINUX KERNEL IBM S/390 STRNLEN_USER LOCAL VULNERABILITY
BugTraq ID: 18687
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18687
Summary:
The Linux kernel on IBM S/390 platforms is prone to a local
vulnerability. This issue is due to a flaw in the 'strnlen_user()'
kernel function.
The direct impact of exploiting this issue is currently unknown, but
local users may potentially exploit this issue to cause denial-of-
service conditions or possibly gain access to potentially sensitive
information.
This BID will be updated as more information is disclosed.
This issue affects Linux kernel versions prior to 2.6.16 running on
the IBM S/390 platform.
LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is prone to a remote information-disclosure
weakness. This issue is due to an implementation flaw of a zero
'ip_id' information-disclosure countermeasure.
This issue allows remote attackers to use affected computers in
stealth network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4
series, are affected by this weakness.
LINUX KERNEL ITANIUM PERFMONCTL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20361
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20361
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to crash the kernel, denying
further service to legitimate users.
This issue is exploitable only on the Itanium architecture running
Linux kernel versions prior to 2.6.18.
LINUX KERNEL LSM READV/WRITEV SECURITY RESTRICTION BYPASS
VULNERABILITY
BugTraq ID: 18105
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18105
Summary:
The Linux kernel is susceptible to a security-restriction-bypass
vulnerability. This issue is due to the kernel's failure to properly
enforce Linux Security Module security checks.
This issue allows local attackers to bypass security restrictions,
allowing them to read and write to files they do not have
permissions to access. This may aid them in further attacks.
This issue occurs during read and write calls that occur after
files have been opened. During the open process, proper security
checks are enforced. This means that this issue is exploitable only
when access to files is revoked after they have already been opened
by an attacker.
Linux kernel versions prior to 2.6.16.12 are vulnerable to
this issue.
LINUX KERNEL NFS ACL ACCESS CONTROL BYPASS VULNERABILITY
BugTraq ID: 16570
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is prone to a remote access-control-
bypass vulnerability. The software fails to validate the privileges
of remote users before setting ACLs.
This issue allows remote attackers to improperly alter ACLs on NFS
filesystems, allowing them to bypass access controls. Disclosure of
sensitive information, modification of arbitrary files, and other
attacks are possible.
Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are
vulnerable to this issue.
LINUX KERNEL NFS READLINK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20186
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20186
Summary:
The Linux kernel is susceptible to a remote denial-of-service
vulnerability because the NFS client code fails to properly handle
unexpected conditions.
Attackers controlling malicious NFS servers, or attackers that can
perform man-in-the-middle attacks between NFS client and server
computers may cause vulnerable NFS client computers to crash.
Linux kernel versions 2.4 through 2.4.31 are vulnerable to
this issue.
LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE
BugTraq ID: 19396
Last Updated: 2006-09-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service
vulnerability because the EXT3 filesystem code fails to properly
handle unexpected conditions.
Remote attackers may trigger this issue by sending crafted UDP
datagrams to affected computers that are configured as NFS servers,
causing filesystem errors. Depending on the mount-time options of
affected filesystems, this may result in remounting filesystems as
read-only or cause a kernel panic.
Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are
vulnerable to this issue; other versions in the 2.6 series are also
likely affected.
LINUX KERNEL NETFILTER CONNTRACK_PROTO_SCTP.C DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18755
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18755
Summary:
The Linux kernel 'netfilter' module is prone to a denial-of-service
vulnerability.
Successful exploits of this vulnerability will cause the kernel to
crash, effectively denying service to legitimate users.
LINUX KERNEL NETFILTER DO_REPLACE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17178
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because the kernel fails to properly bounds-check user-supplied
input before using it in a memory copy operation.
Exploiting this issue allows local attackers to overwrite kernel
memory with arbitrary data, potentially allowing them to execute
malicious machine code in the context of affected kernels. This
vulnerability facilitates the complete compromise of affected
computers.
This issue is exploitable only by local users who have superuser
privileges or have the CAP_NET_ADMIN capability. This issue is
therefore a security concern only if computers run virtualization
software that allows users to have superuser access to guest
operating systems or if the CAP_NET_ADMIN capability is given to
untrusted users.
Linux kernel versions prior to 2.6.16 in the 2.6 series are affected
by this issue.
LINUX KERNEL PPC970 SYSTEMS LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19615
Last Updated: 2006-09-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19615
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
The Linux kernel SCTP module is prone to remote denial-of-service
vulnerabilities. These issues are triggered when the kernel handles
unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL SCTP SO_LINGER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20087
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20087
Summary:
The Linux kernel SCTP module is prone to a local denial-of-service
vulnerability.
This issue allows local attackers to cause kernel crashes, denying
service to legitimate users.
Specific information regarding affected versions of the Linux kernel
is currently unavailable. This BID will be updated as further
information is disclosed.
LINUX KERNEL SCTP_MAKE_ABORT_USER FUNCTION BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19666
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19666
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
A local attacker can exploit this issue to execute arbitrary code
and potentially compromise the affected computer.
LINUX KERNEL SELINUX_PTRACE LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17830
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17830
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error when SELinux is
enabled and ptrace is used.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
LINUX KERNEL SG DRIVER DIRECT IO LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18101
Last Updated: 2006-09-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18101
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the SG driver.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.13.
LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18081
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
The Linux SNMP NAT helper is susceptible to a remote denial-of-
service vulnerability.
This issue allows remote attackers to potentially corrupt memory and
ultimately trigger a denial of service for legitimate users.
Kernel versions prior to 2.6.16.18 are vulnerable to this issue.
LINUX KERNEL SECURITY KEY FUNCTIONS LOCAL COPY_TO_USER RACE
VULNERABILITY
BugTraq ID: 17084
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition
vulnerability in its security-key functionality. This issue is due
to a race condition that allows attackers to modify an argument of a
copy operation after is has been validated, but before it is used.
This vulnerability allows local attackers to crash the kernel,
denying service to legitimate users. It may also allow attackers to
read portions of kernel memory, and thus gain access to potentially
sensitive information. This may aid them in further attacks.
LINUX KERNEL SIGNAL_32.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18616
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18616
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in 'signal_32.c'.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.21.
LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE
VULNERABILITIES
BugTraq ID: 17203
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
The Linux kernel is affected by local memory-disclosure
vulnerabilities. These issues are due to the kernel's failure to
properly clear previously used kernel memory before returning it to
local users.
These issues allow an attacker to read kernel memory and potentially
gather information to use in further attacks.
LINUX KERNEL UDF DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19562
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19562
Summary:
The Linux kernel UDF file module is prone to a denial-of-service
vulnerability.
An attacker can exploit this issue to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL ULE PACKET HANDLING REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19939
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19939
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This issue is triggered when the kernel handles a specially crafted
ULE packet.
This issue allows remote attackers to trigger a denial of service
for legitimate users.
Kernel version 2.6.17.8 is reported vulnerable to this issue; other
versions may be affected as well.
LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2006-10-03
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the USB FTDI
SIO driver.
This vulnerability allows local users to consume all available
memory resources, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.27.
LINUX KERNEL USB SUBSYSTEM LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14955
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
A local denial-of-service vulnerability affects the Linux kernel's
USB subsystem. This issue is due to the kernel's failure to
properly handle unexpected conditions when trying to handle URBs
(USB Request Blocks).
Local attackers may exploit this vulnerability to trigger a kernel
'oops' on computers where the vulnerable USB subsystem is enabled.
This would deny service to legitimate users.
LINUX KERNEL UNSPECIFIED SOCKET BUFFER HANDLING REMOTE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 19475
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19475
Summary:
The Linux kernel is prone to an unspecified remote denial-of-service
vulnerability.
This issue allows remote attackers to cause kernel panics, denying
service to legitimate users.
No further information is currently available. This BID will be
updated as more information is released.
Specific version information is currently unavailable. Kernel
versions in the 2.6 series are currently considered vulnerable.
LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16993
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'die_if_kernel()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.6 running
on Itanium systems.
LINUX-HA HEARTBEAT INSECURE DEFAULT PERMISSIONS ON SHARED MEMORY
BugTraq ID: 19186
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19186
Summary:
Since Linux-HA Heartbeat has insecure default permissions set
on shared memory, local attackers may be able to cause a denial
of service.
Exploitation would most likely result in a system crash, loss of
data, and resource exhaustion, leading to a denial of service if
critical files are accessed improperly or overwritten in the attack.
Other attacks may be possible as well.
LINUX-HA HEARTBEAT REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19516
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19516
Summary:
Linux-HA Heartbeat is prone to a remote denial-of-service
vulnerability.
By successfully exploiting this issue, attackers can crash the
master control process. This may result in the failure of services
that depend on the application's functionality.
MIT KERBEROS 5 KRB5_RECVAUTH REMOTE PRE-AUTHENTICATION DOUBLE-FREE
VULNERABILITY
BugTraq ID: 14239
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14239
Summary:
MIT Kerberos 5 is prone to a remote double-free vulnerability.
Remote attackers can trigger this issue prior to any
authentication whatsoever. The issue exists in the
'revcauth_common()' helper function.
Because of the code path taken in the vulnerable function,
exploitation may be hindered. However, attackers may presumably
leverage this issue to execute arbitrary code in the context of the
affected service.
Note that successful exploitation of this issue on a Kerberos Key
Distribution Center (KDC) computer may result in the compromise of
an entire Kerberos realm.
MIT KERBEROS 5 MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 19427
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19427
Summary:
MIT Kerberos 5 is prone to multiple local privilege-escalation
vulnerabilities because it fails to properly implement privilege-
dropping functionality when used in conjunction with Linux 2.6
kernels or with AIX operating systems.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
MONO SYSTEM.CODEDOM.COMPILER CLASS INSECURE TEMPORARY FILE CREATION
BugTraq ID: 20340
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20340
Summary:
The Mono 'System.CodeDom.Compiler' class creates temporary files in
an insecure manner.
An attacker with local access could potentially exploit this issue
to perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to
overwrite or corrupt sensitive files. This may result in a denial of
service; other attacks may also be possible.
Versions 1.0 and 2.0 are vulnerable; other versions may also
be affected.
MOTOROLA SB4200 REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20309
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20309
Summary:
Motorola SB4200 is prone to a remote denial-of-service
vulnerability.
This may permit an attacker to crash affected devices, denying
further network services to legitimate users.
[ firmware ]
MOZILLA BUGZILLA MULTIPLE INPUT VALIDATION AND INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 20538
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20538
Summary:
Bugzilla is affected by multiple input-validation and information-
disclosure vulnerabilities because the application fails to properly
sanitize user-supplied input and to protect sensitive information
from unauthorized users.
An attacker can leverage these issues to access attachment and
deadline information that are marked private or are otherwise
protected and to conduct cross-site scripting and HTML-injection
attacks. Exploiting these input-validation issues may allow
attackers to steal cookie-based authentication credentials and to
launch other attacks.
Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these
vulnerabilities.
MOZILLA FIREFOX JAVASCRIPT HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19488
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19488
Summary:
Mozilla Firefox is prone to a remote memory-corruption
vulnerability. This issue is due to a race condition that may result
in double-free or other memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code reuse,
other Mozilla products are also likely affected.
MOZILLA FIREFOX JAVASCRIPT NAVIGATOR OBJECT REMOTE CODE EXECUTION
BugTraq ID: 19192
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19192
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it to create new JavaScript objects.
Successful exploits may allow an attacker to crash the application
or execute arbitrary machine code in the context of the affected
application.
This issue was previously discussed in BID 19181 (Mozilla Multiple
Products Remote Vulnerabilities). It has been assigned a separate
BID because new information has become available.
MOZILLA FIREFOX UNSPECIFIED JAVASCRIPT REMOTE CODE EXECUTION
BugTraq ID: 20282
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20282
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it to create new JavaScript objects.
Successful exploits may allow an attacker to crash the application
or execute arbitrary machine code in the context of the affected
application.
Details regarding this vulnerability are not currently available;
this BID will be updated when more information becomes available.
MOZILLA FIREFOX XML HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19534
Last Updated: 2006-09-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19534
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability
because of a race condition that may result in double-free or other
memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code-reuse,
other Mozilla products are also likely affected.
The Flock browser version 0.7.4.1 and the K-Meleon browser version
1.0.1 are also reported vulnerable.
MOZILLA FIREFOX, SEAMONKEY, CAMINO, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 18228
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying security vulnerabilities in Mozilla Firefox, SeaMonkey,
Camino, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing
the remote execution of machine code
- gain access to potentially sensitive information.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2
MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20042
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5
MOZILLA FOUNDATION PRODUCTS XPCOM MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 19197
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19197
Summary:
Various Mozilla Foundation products are prone to a memory-corruption
vulnerability.
This issue occurs because the applications fail to handle
simultaneous XPCOM events that would cause the deletion of the
timer object.
An attacker can exploit this issue to execute arbitrary code.
This issue was previously discussed in BID 19181 (Mozilla Multiple
Products Remote Vulnerabilities). It has been assigned a separate
BID because new information has become available.
MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run arbitrary script code with elevated privileges
- gain access to potentially sensitive information
- carry out cross-domain scripting attacks.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3
MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-
disclosure vulnerability. This issue is due to a flaw in the
operating systems that fail to properly use AMD CPUs.
Local attackers may exploit this vulnerability to gain access to
potentially sensitive information regarding other processes
executing on affected computers. This may aid attackers in
retrieving information regarding cryptographic keys or other
sensitive information.
This issue affects Linux and FreeBSD operating systems that use
generations 7 and 8 AMD CPUs.
MULTIPLE VENDOR TCP PACKET FRAGMENTATION HANDLING DENIAL OF SERVICE
BugTraq ID: 11258
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone
to a remote denial-of-service vulnerability.
The issue is reported to present itself due to inefficiencies
present when handling fragmented TCP packets.
The discoverer of this issue has dubbed the attack style the "New
Dawn attack"; it is a variation of a previously reported attack that
was named the "Rose Attack".
A remote attacker may exploit this vulnerability to deny service to
an affected computer.
Microsoft Windows 2000/XP, Linux kernel 2.4 tree, and undisclosed
Cisco systems are reported prone to this vulnerability; other
products may also be affected.
[ disable fragments, use PMTU DISC ]
MULTIPLE VENDOR TCP SEQUENCE NUMBER APPROXIMATION VULNERABILITY
BugTraq ID: 10183
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/10183
Summary:
A vulnerability in TCP implementations may permit unauthorized
remote users to reset TCP sessions. This issue affects products
released by multiple vendors. Exploiting this issue may permit
remote attackers to more easily approximate TCP sequence numbers.
The problem is that affected implementations will accept TCP
sequence numbers within a certain range of the expected sequence
number for a packet in the session. This will permit a remote
attacker to inject a SYN or RST packet into the session, causing it
to be reset and effectively allowing denial-of-service attacks. An
attacker would exploit this issue by sending a packet to a receiving
implementation with an approximated sequence number and a forged
source IP and TCP port.
Few factors may present viable target implementations, such as
imlementations that:
- depend on long-lived TCP connections
- have known or easily guessed IP address endpoints
- have known or easily guessed TCP source ports.
Note that Border Gateway Protocol (BGP) is reported to be
particularly vulnerable to this type of attack. As a result, this
issue is likely to affect a number of routing platforms.
Note also that while a number of vendors have confirmed this issue
in various products, investigations are ongoing and it is likely
that many other vendors and products will turn out to be vulnerable
as the issue is investigated further.
Other consequences may also result from this issue, such as
injecting specific data in TCP sessions, but this has not been
confirmed.
**Update: Microsoft platforms are also reported prone to this
vulnerability. Vendor reports indicate that an attacker will require
knowledge of the IP address and port numbers of the source and
destination of an existent legitimate TCP connection in order to
exploit this vulnerability on Microsoft platforms. Connections that
involve persistent sessions, for example Border Gateway Protocol
sessions, may be more exposed to this vulnerability than other
TCP/IP sessions.
MULTIPLE VENDOR TCP/IP IMPLEMENTATION ICMP REMOTE DENIAL OF SERVICE
BugTraq ID: 13124
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
Multiple vendor implementations of TCP/IP Internet Control
Message Protocol (ICMP) are reported prone to several denial-of-
service attacks.
ICMP is employed by network nodes to determine certain
automatic actions to take based on network failures reported by
an ICMP message.
Reportedly, the RFC doesn't recommend security checks for ICMP error
messages. As long as an ICMP message contains a valid source and
destination IP address and port pair, it will be accepted for an
associated connection.
The following individual attacks are reported:
- A blind connection-reset attack. This attack takes advantage of
the specification that describes that on receiving a 'hard' ICMP
error, the corresponding connection should be aborted. The Mitre
ID CAN-2004-0790 is assigned to this issue.
A remote attacker may exploit this issue to terminate target TCP
connections and deny service for legitimate users.
- An ICMP Source Quench attack. This attack takes advantage of the
specification that a host must react to receive ICMP Source Quench
messages by slowing transmission on the associated connection. The
Mitre ID CAN-2004-0791 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance
of TCP connections and partially deny service for legitimate users.
- An attack against ICMP PMTUD is reported to affect multiple
vendors when they are configured to employ PMTUD. By sending a
suitable forged ICMP message to a target host, an attacker may
reduce the MTU for a given connection. The Mitre ID CAN-2004-1060
is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance
of TCP connections and partially deny service for legitimate users.
**Update: Microsoft platforms are also reported prone to these
issues.
MULTIPLE VENDOR GETHOSTBYNAME() BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 6853
Last Updated: 2006-10-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/6853
Summary:
A vulnerability has been discovered in multiple vendor
implementations of the 'gethostbyname()' library function, which is
used to resolve network addresses.
The 'gethostbyname()' function fails to implement sufficient bounds
checking on data copied into local memory buffers.
Under some circumstances, attackers may exploit this issue to
overwrite sensitive locations in memory and may leverage the issue
to execute arbitrary commands with the privileges of the vulnerable
application. This issue may be local or remote, depending on the
particular applications that use the function on vulnerable systems.
Several applications may implement the 'gethostbyname()' function,
thus exposing them to this vulnerability. Applications known to
implement 'gethostbyname()' include various implementations of
'ping', 'ftp', and 'tftp'. Other applications may also be
vulnerable.
MULTIPLE X.ORG PRODUCTS SETUID LOCAL PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 19742
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19742
Summary:
Multiple X.org products are prone to a local privilege-escalation
vulnerability.
A local attacker can exploit this issue to gain superuser
privileges. A successful exploit would lead to the complete
compromise of the affected computer.
OPENLDAP SLAPD ACCESS CONTROL CIRCUMVENTION VULNERABILITY
BugTraq ID: 19832
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
OpenLDAP slapd is prone to a vulnerability that allows attackers to
circumvent access controls.
An attacker may be able to modify any domain name regardless of
the owner.
Versions prior to 2.3.25 are vulnerable.
OPENOFFICE ARBITRARY MACRO EXECUTION VULNERABILITY
BugTraq ID: 18738
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18738
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
macros to gain read/write privileges to local files on a
vulnerable computer.
OPENOFFICE JAVA APPLET SYSTEM ACCESS VULNERABILITY
BugTraq ID: 18737
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18737
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
Java applets to gain read/write privileges to local files on a
vulnerable computer.
OPENOFFICE XML FILE FORMAT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18739
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18739
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious XML
documents to cause a buffer overflow leading to read/write
privileges to local files on a vulnerable computer.
OPENSLP MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 12792
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12792
Summary:
OpenSLP is prone to multiple unspecified buffer-overflow
vulnerabilities that may be triggered by malformed SLP (Service
Location Protocol) packets.
If successfully exploited, these issues could allow remote code
execution in the context of the software.
OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because
it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH
Version One traffic.
OPENSSH REVERSE DNS LOOKUP ACCESS CONTROL BYPASS VULNERABILITY
BugTraq ID: 7831
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7831
Summary:
A vulnerability has been reported for OpenSSH that may allow
unauthorized access to an OpenSSH server's login mechanism.
The vulnerability occurs because of the way OpenSSH restricts
access. It's possible to configure OpenSSH to restrict access based
on certain patterns. When a numeric IP address is provided as the
host that is attempting a connection, an attacker can trick the
OpenSSH server to allow access.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-10-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
OPENSSH-PORTABLE EXISTING PASSWORD REMOTE INFORMATION DISCLOSURE
BugTraq ID: 20418
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20418
Summary:
It is reported that OpenSSH contains an information disclosure
weakness. This issue exists in the portable version of OpenSSH. The
portable version is the version that is distributed for operating
systems other than its native OpenBSD platform.
This issue has been confirmed as not deriving from either the
Pluggable Authentication Module (PAM) issue disclosed in BID
11781 in 2004, or the more recent Generic Security Services
Application Programming Interface (GSSAPI) based information leak
outlined in BID
OPENSSH-PORTABLE GSSAPI AUTHENTICATION ABORT INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 20245
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
OpenSSH-Portable is prone to an information-disclosure weakness. The
issue stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to
determine the presence and validity of usernames on unspecified
platforms.
This issue occurs when OpenSSH-Portable is configured to accept
GSSAPI authentication.
OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.
OPENSSL ASN.1 STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20248
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause applications that use
the vulnerable library to consume excessive CPU and memory resources
and crash, denying further service to legitimate users.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
OPENSSL PUBLIC KEY PROCESSING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20247
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability because it
fails to validate the lengths of public keys being used.
An attacker can exploit this issue to crash an affected server
using OpenSSL.
OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the
library fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to
crash, effectively denying service.
PPPD WINBIND PLUGIN LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18849
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18849
Summary:
The 'winbind' plugin of 'pppd' can allow local attackers to gain
elevated privileges, which may lead to a complete compromise.
Version 2.4.3 of 'pppd' is reported vulnerable. Other versions may
be affected as well.
PERL PERL_SV_VCATPVFN FORMAT STRING INTEGER WRAP VULNERABILITY
BugTraq ID: 15629
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format-string vulnerability. This issue is
due to the programming language's failure to properly handle format
specifiers in formatted-printing functions.
An attacker may leverage this issue to write to arbitrary process
memory, facilitating code execution in the context of the Perl
interpreter process. This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as
equivalently vulnerable to exploitation as the C library versions,
and should properly sanitize all data passed in the format-
specifier argument.
All applications that use formatted-printing functions in an unsafe
manner should be considered exploitable.
PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2006-10-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution
vulnerability. The issue derives from a race condition in a
vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible
to execute code remotely prior to authentication when GSSAPI
authentication is enabled. This has not been confirmed; the chance
of a successful exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition
can be exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured
to accept GSSAPI authentication.
PYTHON REPR() FUNCTION REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20376
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20376
Summary:
Python is prone to a remote code-execution vulnerability because the
application fails to properly handle UTF-32/UCS-4 strings.
Exploiting this issue allows remote attackers to execute arbitrary
machine code with the privileges of the Python application.
SENDMAIL LONG HEADER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19714
Last Updated: 2006-10-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19714
Summary:
Sendmail is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the Sendmail process,
causing a denial of service.
SUDO PERL ENVIRONMENT VARIABLE HANDLING SECURITY BYPASS VULNERABILITY
BugTraq ID: 15394
Last Updated: 2006-10-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15394
Summary:
Sudo is prone to a security-bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the
application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT'
environment variables when tainting is ignored.
An attacker can exploit this vulnerability to bypass security
restrictions and include arbitrary library files.
To exploit this vulnerability, an attacker must be able to run Perl
scripts through Sudo.
SUDO PYTHON ENVIRONMENT VARIABLE HANDLING SECURITY BYPASS
VULNERABILITY
BugTraq ID: 16184
Last Updated: 2006-10-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16184
Summary:
Sudo is prone to a security-bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the
application when handling environment variables.
A local attacker with the ability to run Python scripts can exploit
this vulnerability to gain access to an interactive Python prompt.
That attacker may then execute arbitrary code with elevated
privileges, facilitating the complete compromise of affected
computers.
An attacker must have the ability to run Python scripts through Sudo
to exploit this vulnerability.
This issue is similar to BID 15394 (Sudo Perl Environment Variable
Handling Security Bypass Vulnerability).
TROLLTECH QT PIXMAP IMAGES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 20599
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20599
Summary:
Qt is prone to an integer-overflow vulnerability because the library
fails to do proper bounds checking on user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code
in the context of the application using the vulnerable library.
Failed exploit attempts will likely cause denial-of-service
conditions.
VIEWVC UTF-7 CHARSET UNSPECIFIED HTML INJECTION VULNERABILITY
BugTraq ID: 20543
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20543
Summary:
ViewVC is prone to a HTML-injection vulnerability because of it
fails to specify a charset in the HTML body or the HTTP header.
Exploiting this issue could allow an attacker to execute attacker-
supplied script code in the browser of an unsuspecting user in the
context of the affected site. This may help the attacker steal cookie-
based authentication credentials and launch other attacks.
ViewVC 1.0.2 and prior versions are vulnerable; other versions may
also be affected.
[ cvsweb réécrit en Python ]
VIXIE CRON PAM_LIMITS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18108
Last Updated: 2006-10-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18108
Summary:
Vixie cron is susceptible to a local privilege-escalation
vulnerability. This issue is due to the application's failure to
properly drop superuser privileges in certain circumstances when
executing jobs.
This issue allows local attackers that have been authorized to
execute cron jobs to execute arbitrary commands with superuser
privileges. This facilitates the complete compromise of affected
computers.
Vixie cron version 4.1 is vulnerable to this issue when used in
conjunction with pam_limits. Other versions may also be affected.
WEBMIN AND USERMIN HTML INJECTION AND INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 19820
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19820
Summary:
Webmin and Usermin are prone to an HTML-injection issue and an information-
disclosure issue.
Attacker-supplied HTML and script code would execute in the context
of the affected website, potentially allowing an attacker to steal
cookie-based authentication credentials and to control how the site
is rendered to the user and gain sensitive information.
Usermin versions prior to 1.226 and Webmin versions prior to 1.296
are vulnerable to this issue.
WEBMIN/USERMIN UNSPECIFED INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18744
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18744
Summary:
Webmin and Usermin are prone to an unspecified information-
disclosure vulnerability. This issue is due to a failure in the
applications to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve potentially sensitive
information.
This issue affects Webmin versions prior to 1.290 and Usermin
versions prior to 1.220.
Unconfirmed reports suggest that this issue is the same as the one
discussed in BID 18613 (Webmin Remote Directory Traversal
Vulnerability). However, the fixes associated with that issue did
not completely solve the vulnerability.
WIRESHARK MULTIPLE VULNERABILITIES
BugTraq ID: 19690
Last Updated: 2006-10-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19690
Summary:
Wireshark is prone to multiple vulnerabilities:
- Multiple denial-of-service vulnerabilities.
- Multiple off-by-one vulnerabilities.
These may permit attackers to execute arbitrary code, which can
facilitate a compromise of an affected computer or cause a denial-of-
service condition to legitimate users of the application.
WIRESHARK PROTOCOL DISSECTORS MULTIPLE VULNERABILITIES
BugTraq ID: 19051
Last Updated: 2006-09-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:
- A format-string vulnerability.
- An off-by-one vulnerability.
- An infinite-loop vulnerability.
- A memory-allocation vulnerability.
These may permit attackers to execute arbitrary code, which can
facilitate a compromise of an affected computer or cause a denial-of-
service condition to legitimate users of the application.
[ ex- ethereal ]
X.ORG LIBXFONT CID FONT FILE MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 19974
Last Updated: 2006-10-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19974
Summary:
The libXfont library is prone to multiple integer-overflow
vulnerabilities.
Attackers can exploit this issue to execute arbitrary code with
superuser privileges. A successful exploit will result in the
complete compromise of affected computers. Failed exploit attempts
will result in a denial of service.
X.ORG XDM XSESSION SCRIPT RACE CONDITION VULNERABILITY
BugTraq ID: 20400
Last Updated: 2006-10-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20400
Summary:
The X.org XDM XSession script is prone to a race-condition
vulnerability.
Local unprivileged attackers can exploit this issue to gain access
to the primary or alternate 'xdm' error log files. A successful
exploit will result in the unintended disclosure of sensitive
information.
XEROX WORKCENTRE / COPYCENTRE MULTIPLE VULNERABILITIES
BugTraq ID: 17014
Last Updated: 2006-10-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17014
Summary:
Xerox WorkCentre / CopyCentre are prone to multiple vulnerabilities.
Exploiting these issues can allow remote attackers to trigger a denial-of-
service condition in a device. Some of these issues may allow for
arbitrary code execution as well, but this is unconfirmed.
These software versions are vulnerable:
- 1.001.02.073 or prior
- Versions greater than 1.001.02.074 but less than 1.001.02.715.
[ firmware ]
YUKIHIRO MATSUMOTO RUBY MULTIPLE SAFE LEVEL RESTRICTION BYPASS
VULNERABILITIES
BugTraq ID: 18944
Last Updated: 2006-10-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18944
Summary:
Ruby is prone to multiple vulnerabilities that let attackers bypass
SAFE-level restrictions.
These issues allow attackers to bypass the expected SAFE-level
restrictions, possibly allowing them to execute unauthorized script
code in the context of affected applications. The specific impact of
these issues depends on the implementation of scripts that use SAFE-
level security checks.
More information about the gull-annonces
mailing list