diff options
| author | Baptiste Daroussin <bapt@FreeBSD.org> | 2021-01-21 13:18:49 +0000 |
|---|---|---|
| committer | Baptiste Daroussin <bapt@FreeBSD.org> | 2021-01-21 13:18:49 +0000 |
| commit | b91e44cfc66a6287c2e1b170d0a9f38ad8a235ea (patch) | |
| tree | 81b2adaa0557e96a4e0c4f2be100073dd0ea920d /security/vuxml/vuln-2009.xml | |
| parent | ec6c6eaa839dbaedc8366eb2d9fda3bcbaecae5f (diff) | |
| download | ports-b91e44cfc66a6287c2e1b170d0a9f38ad8a235ea.tar.gz ports-b91e44cfc66a6287c2e1b170d0a9f38ad8a235ea.zip | |
Split vuln.xml file [1/2]
The vuln.xml file has grown a lot since 2003. To avoid having to unlock
the svn size limitation, the file is now split into 1 file per year up
to the current year + previous one. The split is made based on the date
when the entry has been added.
In order to achieve the split without breaking any consumer we use a standard
XML mechanism via the definition of entities.
While here add a new target make vuln-flat.xml which will expand the entities
in order to be able to regenerate a one uniq file if needed. This useful to for
example allow to test with pkg audit directly given the XML parser used in pkg
does not support custom entities.
The vuxml web site generator has been modified to ensure the vuln.xml file it
provides is the expanded version, so for consumers it is still only one single
file to download.
Notes
Notes:
svn path=/head/; revision=562203
Diffstat (limited to 'security/vuxml/vuln-2009.xml')
| -rw-r--r-- | security/vuxml/vuln-2009.xml | 6943 |
1 files changed, 6943 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2009.xml b/security/vuxml/vuln-2009.xml new file mode 100644 index 000000000000..01376ce671bb --- /dev/null +++ b/security/vuxml/vuln-2009.xml @@ -0,0 +1,6943 @@ +<!-- +Copyright 2003-2021 Jacques Vidrine and contributors + +Redistribution and use in source (VuXML) and 'compiled' forms (SGML, +HTML, PDF, PostScript, RTF and so forth) with or without modification, +are permitted provided that the following conditions are met: +1. Redistributions of source code (VuXML) must retain the above + copyright notice, this list of conditions and the following + disclaimer as the first lines of this file unmodified. +2. Redistributions in compiled form (transformed to other DTDs, + published online in any format, converted to PDF, PostScript, + RTF and other formats) must reproduce the above copyright + notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + +THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT +OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + $FreeBSD$ +--> + + <vuln vid="751823d4-f189-11de-9344-00248c9b4be7"> + <topic>drupal -- multiple cross-site scripting</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.21</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Team reports:</p> + <blockquote cite="http://drupal.org/node/661586"> + <p>The Contact module does not correctly handle certain user input + when displaying category information. Users privileged to create + contact categories can insert arbitrary HTML and script code into the + contact module administration page. Such a cross-site scripting attack + may lead to the malicious user gaining administrative access.</p> + <p>The Menu module does not correctly handle certain user input when + displaying the menu administration overview. Users privileged to + create new menus can insert arbitrary HTML and script code into the + menu module administration page. Such a cross-site scripting attack + may lead to the malicious user gaining administrative access.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4370</cvename> + <url>http://drupal.org/node/661586</url> + </references> + <dates> + <discovery>2009-12-16</discovery> + <entry>2009-12-25</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="4d6076fe-ee7a-11de-9cd0-001a926c7637"> + <topic>fuser -- missing user's privileges check</topic> + <affects> + <package> + <name>fuser</name> + <range><lt>1142334561_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Denis Barov reports:</p> + <blockquote> + <p>sysutils/fuser allows user to send any signal to any process when + installed with suid bit.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/141852</freebsdpr> + </references> + <dates> + <discovery>2009-09-15</discovery> + <entry>2009-12-21</entry> + </dates> + </vuln> + + <vuln vid="4465c897-ee5c-11de-b6ef-00215c6a37bb"> + <topic>monkey -- improper input validation vulnerability</topic> + <affects> + <package> + <name>monkey</name> + <range><lt>0.9.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Census Labs reports:</p> + <blockquote cite="http://census-labs.com/news/2009/12/14/monkey-httpd/"> + <p>We have discovered a remotely exploitable + "improper input validation" vulnerability in the Monkey + web server that allows an attacker to perform denial of + service attacks by repeatedly crashing worker threads + that process HTTP requests.</p> + </blockquote> + </body> + </description> + <references> + <url>http://census-labs.com/news/2009/12/14/monkey-httpd/</url> + <url>http://groups.google.com/group/monkeyd/browse_thread/thread/055b4e9b83973861/</url> + </references> + <dates> + <discovery>2009-12-14</discovery> + <entry>2009-12-21</entry> + </dates> + </vuln> + + <vuln vid="39a25a63-eb5c-11de-b650-00215c6a37bb"> + <topic>php -- multiple vulnerabilities</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.2.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PHP developers reports:</p> + <blockquote cite="http://www.php.net/releases/5_2_12.php"> + <p>This release focuses on improving the stability of the + PHP 5.2.x branch with over 60 bug fixes, some of which + are security related. All users of PHP 5.2 are encouraged + to upgrade to this release.</p> + <p>Security Enhancements and Fixes in PHP 5.2.12:</p> + <ul> + <li>Fixed a safe_mode bypass in tempnam() identified by + Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)</li> + <li>Fixed a open_basedir bypass in posix_mkfifo() + identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)</li> + <li>Added "max_file_uploads" INI directive, which can + be set to limit the number of file uploads per-request + to 20 by default, to prevent possible DOS via temporary + file exhaustion, identified by Bogdan Calin. + (CVE-2009-4017, Ilia)</li> + <li>Added protection for $_SESSION from interrupt + corruption and improved "session.save_path" check, + identified by Stefan Esser. (CVE-2009-4143, Stas)</li> + <li>Fixed bug #49785 (insufficient input string + validation of htmlspecialchars()). (CVE-2009-4142, + Moriyoshi, hello at iwamot dot com)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3557</cvename> + <cvename>CVE-2009-3558</cvename> + <cvename>CVE-2009-4017</cvename> + <cvename>CVE-2009-4142</cvename> + <cvename>CVE-2009-4143</cvename> + <url>http://www.php.net/releases/5_2_12.php</url> + </references> + <dates> + <discovery>2009-12-17</discovery> + <entry>2009-12-17</entry> + </dates> + </vuln> + + <vuln vid="e7bc5600-eaa0-11de-bd9c-00215c6a37bb"> + <topic>postgresql -- multiple vulnerabilities</topic> + <affects> + <package> + <name>postgresql-client</name> + <name>postgresql-server</name> + <range><ge>7.4</ge><lt>7.4.27</lt></range> + <range><ge>8.0</ge><lt>8.0.23</lt></range> + <range><ge>8.1</ge><lt>8.1.19</lt></range> + <range><ge>8.2</ge><lt>8.2.15</lt></range> + <range><ge>8.3</ge><lt>8.3.9</lt></range> + <range><ge>8.4</ge><lt>8.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PostgreSQL project reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034"> + <p>PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, + 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, + and 8.4.x before 8.4.2 does not properly handle a '\0' character + in a domain name in the subject's Common Name (CN) field of an + X.509 certificate, which (1) allows man-in-the-middle attackers + to spoof arbitrary SSL-based PostgreSQL servers via a crafted + server certificate issued by a legitimate Certification Authority, + and (2) allows remote attackers to bypass intended client-hostname + restrictions via a crafted client certificate issued by a legitimate + Certification Authority, a related issue to CVE-2009-2408.</p> + </blockquote> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136"> + <p>PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, + 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, + and 8.4.x before 8.4.2 does not properly manage session-local + state during execution of an index function by a database + superuser, which allows remote authenticated users to gain + privileges via a table with crafted index functions, as + demonstrated by functions that modify (1) search_path or + (2) a prepared statement, a related issue to CVE-2007-6600 + and CVE-2009-3230.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4034</cvename> + <cvename>CVE-2009-4136</cvename> + </references> + <dates> + <discovery>2009-11-20</discovery> + <entry>2009-12-17</entry> + </dates> + </vuln> + + <vuln vid="5486669e-ea9f-11de-bd9c-00215c6a37bb"> + <topic>tptest -- pwd Remote Stack Buffer Overflow</topic> + <affects> + <package> + <name>tptest</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33785"> + <p>TPTEST is prone to a remote stack-based buffer-overflow + vulnerability. An attacker can exploit this issue to + execute arbitrary code within the context of the affected + application. Failed exploit attempts will result in a + denial-of-service condition.</p> + </blockquote> + </body> + </description> + <references> + <bid>33785</bid> + </references> + <dates> + <discovery>2009-02-16</discovery> + <entry>2009-12-17</entry> + </dates> + </vuln> + + <vuln vid="01c57d20-ea26-11de-bd39-00248c9b4be7"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>3.5.*,1</gt><lt>3.5.6,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.16,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>3.0.16,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.0.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><ge>3.0</ge><lt>3.0.1</lt></range> + </package> + + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>MFSA 2009-71 GeckoActiveXObject exception messages can be used to + enumerate installed COM objects</p> + <p>MFSA 2009-70 Privilege escalation via chrome window.opener</p> + <p>MFSA 2009-69 Location bar spoofing vulnerabilities</p> + <p>MFSA 2009-68 NTLM reflection vulnerability</p> + <p>MFSA 2009-67 Integer overflow, crash in libtheora video + library</p> + <p>MFSA 2009-66 Memory safety fixes in liboggplay media library</p> + <p>MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ + 1.9.0.16)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3388</cvename> + <cvename>CVE-2009-3389</cvename> + <cvename>CVE-2009-3979</cvename> + <cvename>CVE-2009-3980</cvename> + <cvename>CVE-2009-3981</cvename> + <cvename>CVE-2009-3982</cvename> + <cvename>CVE-2009-3983</cvename> + <cvename>CVE-2009-3984</cvename> + <cvename>CVE-2009-3985</cvename> + <cvename>CVE-2009-3986</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-71.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-70.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-69.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-68.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-67.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-66.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-65.html</url> + </references> + <dates> + <discovery>2009-12-16</discovery> + <entry>2009-12-16</entry> + <modified>2010-01-21</modified> + </dates> + </vuln> + + <vuln vid="1b3f854b-e4bd-11de-b276-000d8787e1be"> + <topic>freeradius -- remote packet of death vulnerability</topic> + <affects> + <package> + <name>freeradius</name> + <range><lt>1.1.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>freeRADIUS Vulnerability Notifications reports:</p> + <blockquote cite="http://freeradius.org/security.html"> + <p>2009.09.09 v1.1.7 - Anyone who can send packets to + the server can crash it by sending a Tunnel-Password + attribute in an Access-Request packet. This + vulnerability is not otherwise exploitable. We have + released 1.1.8 to correct this vulnerability.</p> + <p>This issue is similar to the previous Tunnel-Password + issue noted below. The vulnerable versions are 1.1.3 + through 1.1.7. Version 2.x is not affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3111</cvename> + <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111</url> + <url>http://freeradius.org/security.html</url> + <url>http://www.milw0rm.com/exploits/9642</url> + </references> + <dates> + <discovery>2009-09-09</discovery> + <entry>2009-12-14</entry> + <modified>2009-12-14</modified> + </dates> + </vuln> + + <vuln vid="bec38383-e6cb-11de-bdd4-000c2930e89b"> + <topic>pligg -- Cross-Site Scripting and Cross-Site Request Forgery</topic> + <affects> + <package> + <name>pligg</name> + <range><lt>1.0.3b</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37349"> + <p>Russ McRee has discovered some vulnerabilities in Pligg, which can + be exploited by malicious people to conduct cross-site scripting and + request forgery attacks.</p> + <p>Input passed via the "Referer" HTTP header to various scripts (e.g. + admin/admin_config.php, admin/admin_modules.php, delete.php, editlink.php, + submit.php, submit_groups.php, user_add_remove_links.php, and + user_settings.php) is not properly sanitised before being returned to + the user. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected site.</p> + <p>The application allows users to perform certain actions via HTTP + requests without performing any validity checks to verify the requests. + This can be exploited to e.g. create an arbitrary user with administrative + privileges if a logged-in administrative user visits a malicious web + site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4786</cvename> + <cvename>CVE-2009-4787</cvename> + <cvename>CVE-2009-4788</cvename> + <url>http://secunia.com/advisories/37349/</url> + <url>http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/</url> + </references> + <dates> + <discovery>2009-12-02</discovery> + <entry>2009-12-12</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="fcbf56dd-e667-11de-920a-00248c9b4be7"> + <topic>piwik -- php code execution</topic> + <affects> + <package> + <name>piwik</name> + <range><lt>0.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37649"> + <p>Stefan Esser has reported a vulnerability in Piwik, which can be + exploited by malicious people to compromise a vulnerable system.</p> + <p>The vulnerability is caused due to the core/Cookie.php script using + "unserialize()" with user controlled input. This can be exploited to + e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" + methods of a serialized object passed via an HTTP cookie.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4137</cvename> + <url>http://secunia.com/advisories/37649/</url> + <url>http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html</url> + <url>http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/</url> + </references> + <dates> + <discovery>2009-12-10</discovery> + <entry>2009-12-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="30211c45-e52a-11de-b5cd-00e0815b8da8"> + <topic>dovecot -- Insecure directory permissions</topic> + <affects> + <package> + <name>dovecot</name> + <range><ge>1.2.*</ge><lt>1.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dovecot author reports:</p> + <blockquote cite="http://www.dovecot.org/list/dovecot-news/2009-November/000143.html"> + <p>Dovecot v1.2.x had been creating base_dir (and its parents if + necessary) with 0777 permissions. The base_dir's permissions get + changed to 0755 automatically at startup, but you may need to + chmod the parent directories manually.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3897</cvename> + <bid>37084</bid> + <url>http://secunia.com/advisories/37443</url> + </references> + <dates> + <discovery>2009-11-20</discovery> + <entry>2009-12-10</entry> + </dates> + </vuln> + + <vuln vid="3c1a672e-e508-11de-9f4a-001b2134ef46"> + <topic>linux-flashplugin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>linux-flashplugin</name> + <range><lt>9.0r260</lt></range> + </package> + <package> + <name>linux-f8-flashplugin</name> + <name>linux-f10-flashplugin</name> + <range><lt>10.0r42</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Adobe Product Security Incident Response Team reports:</p> + <blockquote cite="http://www.adobe.com/support/security/bulletins/apsb09-19.html"> + <p>Critical vulnerabilities have been identified in Adobe + Flash Player version 10.0.32.18 and earlier. These + vulnerabilities could cause the application to crash and + could potentially allow an attacker to take control of the + affected system.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3794</cvename> + <cvename>CVE-2009-3796</cvename> + <cvename>CVE-2009-3797</cvename> + <cvename>CVE-2009-3798</cvename> + <cvename>CVE-2009-3799</cvename> + <cvename>CVE-2009-3800</cvename> + <cvename>CVE-2009-3951</cvename> + <url>http://www.zerodayinitiative.com/advisories/ZDI-09-092/</url> + <url>http://www.zerodayinitiative.com/advisories/ZDI-09-093/</url> + <url>http://www.adobe.com/support/security/bulletins/apsb09-19.html</url> + </references> + <dates> + <discovery>2009-07-14</discovery> + <entry>2009-12-09</entry> + </dates> + </vuln> + + <vuln vid="eab8c3bd-e50c-11de-9cd0-001a926c7637"> + <topic>ruby -- heap overflow vulnerability</topic> + <affects> + <package> + <name>ruby</name> + <range><ge>1.9.1,1</ge><lt>1.9.1.376,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The official ruby site reports:</p> + <blockquote cite="http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/"> + <p>There is a heap overflow vulnerability in String#ljust, + String#center and String#rjust. This has allowed an attacker to run + arbitrary code in some rare cases.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4124</cvename> + <url>http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/</url> + </references> + <dates> + <discovery>2009-11-30</discovery> + <entry>2009-12-09</entry> + </dates> + </vuln> + + <vuln vid="714c1406-e4cf-11de-883a-003048590f9e"> + <topic>rt -- Session fixation vulnerability</topic> + <affects> + <package> + <name>rt</name> + <range><lt>3.8.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37546"> + <p>A vulnerability has been reported in RT, which can be exploited by + malicious people to conduct session fixation attacks. + The vulnerability is caused due to an error in the handling of + sessions and can be exploited to hijack another user's session by + tricking the user into logging in after following a specially crafted + link.</p> + </blockquote> + </body> + </description> + <references> + <bid>37162</bid> + <cvename>CVE-2009-3585</cvename> + </references> + <dates> + <discovery>2009-12-01</discovery> + <entry>2009-12-09</entry> + </dates> + </vuln> + + <vuln vid="5f030587-e39a-11de-881e-001aa0166822"> + <topic>expat2 -- Parser crash with specially formatted UTF-8 sequences</topic> + <affects> + <package> + <name>expat2</name> + <name>linux-f10-expat</name> + <range><lt>2.0.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720"> + <p>The updatePosition function in lib/xmltok_impl.c in + libexpat in Expat 2.0.1, as used in Python, PyXML, + w3c-libwww, and other software, allows context-dependent + attackers to cause a denial of service (application crash) + via an XML document with crafted UTF-8 sequences that + trigger a buffer over-read.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3720</cvename> + </references> + <dates> + <discovery>2009-01-17</discovery> + <entry>2009-12-08</entry> + </dates> + </vuln> + + <vuln vid="e9fca207-e399-11de-881e-001aa0166822"> + <topic>expat2 -- buffer over-read and crash</topic> + <affects> + <package> + <name>expat2</name> + <range><lt>2.0.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560"> + <p>The big2_toUtf8 function in lib/xmltok.c in libexpat in + Expat 2.0.1, as used in the XML-Twig module for Perl, allows + context-dependent attackers to cause a denial of service + (application crash) via an XML document with malformed UTF-8 + sequences that trigger a buffer over-read, related to the + doProlog function in lib/xmlparse.c.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3560</cvename> + </references> + <dates> + <discovery>2009-10-05</discovery> + <entry>2009-12-08</entry> + </dates> + </vuln> + + <vuln vid="6431c4db-deb4-11de-9078-0030843d3802"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <range><lt>10.10.20091120</lt></range> + </package> + <package> + <name>linux-opera</name> + <range><lt>10.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/unix/1010/"> + <ul> + <li>Fixed a heap buffer overflow in string to number conversion</li> + <li>Fixed an issue where error messages could leak onto unrelated + sites</li> + <li>Fixed a moderately severe issue, as reported by Chris Evans of + the Google Security Team; details will be disclosed at a later + date.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0689</cvename> + <cvename>CVE-2009-4071</cvename> + <url>http://www.opera.com/support/kb/view/941/</url> + <url>http://www.opera.com/support/kb/view/942/</url> + </references> + <dates> + <discovery>2009-11-23</discovery> + <entry>2009-12-01</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="77c14729-dc5e-11de-92ae-02e0184b8d35"> + <topic>libtool -- Library Search Path Privilege Escalation Issue</topic> + <affects> + <package> + <name>libtool</name> + <range><lt>2.2.6b</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia.com</p> + <blockquote cite="http://secunia.com/advisories/37414/"> + <p>Do not attempt to load an unqualified module.la file from the + current directory (by default) since doing so is insecure and is + not compliant with the documentation.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3736</cvename> + <url>http://secunia.com/advisories/37414/</url> + <url>http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html</url> + </references> + <dates> + <discovery>2009-11-25</discovery> + <entry>2009-11-28</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="94edff42-d93d-11de-a434-0211d880e350"> + <topic>libvorbis -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libvorbis</name> + <range><lt>1.2.3_1,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Ubuntu security team reports:</p> + <blockquote cite="http://www.ubuntu.com/usn/usn-861-1"> + <p>It was discovered that libvorbis did not correctly + handle certain malformed vorbis files. If a user were + tricked into opening a specially crafted vorbis file + with an application that uses libvorbis, an attacker + could cause a denial of service or possibly execute + arbitrary code with the user's privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-1420</cvename> + <cvename>CVE-2009-3379</cvename> + </references> + <dates> + <discovery>2009-11-24</discovery> + <entry>2009-11-24</entry> + </dates> + </vuln> + + <vuln vid="92ca92c1-d859-11de-89f9-001517351c22"> + <topic>bugzilla -- information leak</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.1</gt><lt>3.4.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4.3/"> + <p>When a bug is in a group, none of its information + (other than its status and resolution) should be visible + to users outside that group. It was discovered that + as of 3.3.2, Bugzilla was showing the alias of the bug + (a very short string used as a shortcut for looking up + the bug) to users outside of the group, if the protected + bug ended up in the "Depends On" or "Blocks" list of any + other bug.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3386</cvename> + <url>http://www.bugzilla.org/security/3.4.3/</url> + </references> + <dates> + <discovery>2009-11-18</discovery> + <entry>2009-11-23</entry> + </dates> + </vuln> + + <vuln vid="04104985-d846-11de-84e4-00215af774f0"> + <topic>cacti -- cross-site scripting issues</topic> + <affects> + <package> + <name>cacti</name> + <range><lt>0.8.7e4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The cacti development team reports:</p> + <blockquote cite="http://docs.cacti.net/#cross-site_scripting_fixes"> + <p>The Cross-Site Scripting patch has been posted.</p> + <p>This patch addresses cross-site scripting issues reported + by Moritz Naumann.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4032</cvename> + <url>http://docs.cacti.net/#cross-site_scripting_fixes</url> + </references> + <dates> + <discovery>2009-11-21</discovery> + <entry>2009-11-23</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="0640198a-d117-11de-b667-0030843d3802"> + <topic>wordpress -- multiple vulnerabilities</topic> + <affects> + <package> + <name>wordpress</name> + <range><lt>2.8.6,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <range><lt>2.8.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37332/"> + <p>The security issue is caused due to the wp_check_filetype() + function in /wp-includes/functions.php improperly validating uploaded + files. This can be exploited to execute arbitrary PHP code by + uploading a malicious PHP script with multiple extensions.</p> + <p>Successful exploitation of this vulnerability requires that Apache + is not configured to handle the mime-type for media files with an e.g. + "gif", "jpg", "png", "tif", "wmv" extension.</p> + <p>Input passed via certain parameters to press-this.php is not + properly sanitised before being displayed to the user. This can be + exploited to insert arbitrary HTML and script code, which will be + executed in a user's browser session in context of an affected site + when the malicious data is being viewed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3890</cvename> + <cvename>CVE-2009-3891</cvename> + <url>http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/</url> + <url>http://secunia.com/advisories/37332/</url> + </references> + <dates> + <discovery>2009-11-12</discovery> + <entry>2009-11-14</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="68bda678-caab-11de-a97e-be89dfd1042e"> + <topic>p5-HTML-Parser -- denial of service</topic> + <affects> + <package> + <name>p5-HTML-Parser</name> + <range><lt>3.63</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627"> + <p>The decode_entities function in util.c in HTML-Parser before + 3.63 allows context-dependent attackers to cause a denial of service + (infinite loop) via an incomplete SGML numeric character reference, + which triggers generation of an invalid UTF-8 character.</p> + </blockquote> + </body> + </description> + <references> + <bid>36807</bid> + <cvename>CVE-2009-3627</cvename> + <url>http://secunia.com/advisories/37155</url> + </references> + <dates> + <discovery>2009-10-23</discovery> + <entry>2009-11-06</entry> + </dates> + </vuln> + + <vuln vid="4e8344a3-ca52-11de-8ee8-00215c6a37bb"> + <topic>gd -- '_gdGetColors' remote buffer overflow vulnerability</topic> + <affects> + <package> + <name>gd</name> + <range><lt>2.0.35_2,1</lt></range> + </package> + <package> + <name>php5-gd</name> + <range><lt>5.2.11_2</lt></range> + </package> + <package> + <name>php4-gd</name> + <range><lt>4.4.9_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546"> + <p>The _gdGetColors function in gd_gd.c in PHP 5.2.11 and + 5.3.0, and the GD Graphics Library 2.x, does not properly + verify a certain colorsTotal structure member, which might + allow remote attackers to conduct buffer overflow or buffer + over-read attacks via a crafted GD file, a different + vulnerability than CVE-2009-3293.</p> + </blockquote> + </body> + </description> + <references> + <bid>36712</bid> + <cvename>CVE-2009-3546</cvename> + <url>http://secunia.com/advisories/37069</url> + <url>http://secunia.com/advisories/37080</url> + </references> + <dates> + <discovery>2009-10-15</discovery> + <entry>2009-11-05</entry> + <modified>2010-06-17</modified> + </dates> + </vuln> + + <vuln vid="6693bad2-ca50-11de-8ee8-00215c6a37bb"> + <topic>typo3 -- multiple vulnerabilities in TYPO3 Core</topic> + <affects> + <package> + <name>typo3</name> + <range><lt>4.2.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>TYPO3 develop team reports:</p> + <blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"> + <p>Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 + and below, 4.2.9 and below, 4.3.0beta1 and below.</p> + <p>SQL injection, Cross-site scripting (XSS), Information + disclosure, Frame hijacking, Remote shell command execution + and Insecure Install Tool authentication/session handling.</p> + </blockquote> + </body> + </description> + <references> + <bid>36801</bid> + <cvename>CVE-2009-3628</cvename> + <cvename>CVE-2009-3629</cvename> + <cvename>CVE-2009-3630</cvename> + <cvename>CVE-2009-3631</cvename> + <cvename>CVE-2009-3632</cvename> + <cvename>CVE-2009-3633</cvename> + <cvename>CVE-2009-3634</cvename> + <cvename>CVE-2009-3635</cvename> + <cvename>CVE-2009-3636</cvename> + <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/</url> + <url>http://secunia.com/advisories/37122/</url> + </references> + <dates> + <discovery>2009-10-22</discovery> + <entry>2009-11-05</entry> + </dates> + </vuln> + + <vuln vid="3149ab1c-c8b9-11de-b87b-0011098ad87f"> + <topic>vlc -- stack overflow in MPA, AVI and ASF demuxer</topic> + <affects> + <package> + <name>vlc</name> + <range><ge>0.5.0</ge><lt>1.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>VideoLAN reports:</p> + <blockquote cite="http://www.videolan.org/security/sa0901.html"> + <p>When parsing a MP4, ASF or AVI file with an overly deep box + structure, a stack overflow might occur. It would overwrite the + return address and thus redirect the execution flow.</p> + <p>If successful, a malicious third party could trigger execution + of arbitrary code within the context of the VLC media player.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.videolan.org/security/sa0901.html</url> + </references> + <dates> + <discovery>2009-09-14</discovery> + <entry>2009-11-03</entry> + </dates> + </vuln> + + <vuln vid="6f358f5a-c7ea-11de-a9f3-0030843d3802"> + <topic>KDE -- multiple vulnerabilities</topic> + <affects> + <package> + <name>kdebase-runtime</name> + <range><ge>4.0.*</ge><lt>4.3.1_2</lt></range> + </package> + <package> + <name>kdelibs</name> + <range><ge>4.0.*</ge><lt>4.3.1_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>oCERT reports:</p> + <blockquote cite="http://www.ocert.org/advisories/ocert-2009-015.html"> + <p>Ark input sanitization errors: The KDE archiving tool, Ark, + performs insufficient validation which leads to specially crafted + archive files, using unknown MIME types, to be rendered using a KHTML + instance, this can trigger uncontrolled XMLHTTPRequests to remote + sites.</p> + <p>IO Slaves input sanitization errors: KDE protocol handlers perform + insufficient input validation, an attacker can craft malicious URI + that would trigger JavaScript execution. Additionally the 'help://' + protocol handler suffer from directory traversal. It should be noted + that the scope of this issue is limited as the malicious URIs cannot + be embedded in Internet hosted content.</p> + <p>KMail input sanitization errors: The KDE mail client, KMail, performs + insufficient validation which leads to specially crafted email + attachments, using unknown MIME types, to be rendered using a KHTML + instance, this can trigger uncontrolled XMLHTTPRequests to remote + sites.</p> + <p>The exploitation of these vulnerabilities is unlikely according to + Portcullis and KDE but the execution of active content is nonetheless + unexpected and might pose a threat.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.ocert.org/advisories/ocert-2009-015.html</url> + </references> + <dates> + <discovery>2009-10-30</discovery> + <entry>2009-11-02</entry> + </dates> + </vuln> + + <vuln vid="2fda6bd2-c53c-11de-b157-001999392805"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <range><lt>10.01.20091019</lt></range> + </package> + <package> + <name>linux-opera</name> + <range><lt>10.01</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team Reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/unix/1001/"> + <ul> + <li>Fixed an issue where certain domain names could allow execution + of arbitrary code, as reported by Chris Weber of Casaba Security</li> + <li>Fixed an issue where scripts can run on the feed subscription + page, as reported by Inferno</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3831</cvename> + <url>http://www.opera.com/support/kb/view/938/</url> + <url>http://www.opera.com/support/kb/view/939/</url> + </references> + <dates> + <discovery>2009-10-28</discovery> + <entry>2009-10-31</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="83d7d149-b965-11de-a515-0022156e8794"> + <topic>Enhanced cTorrent -- stack-based overflow</topic> + <affects> + <package> + <name>ctorrent</name> + <range><lt>3.3.2_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34584"> + <p>cTorrent and dTorrent are prone to a remote buffer-overflow + vulnerability because the software fails to properly + bounds-check user-supplied input before copying it to an + insufficiently sized memory buffer.</p> + <p>Successful exploits allow remote attackers to execute + arbitrary machine code in the context of a vulnerable + application. Failed exploit attempts will likely result in + denial-of-service conditions.</p> + </blockquote> + </body> + </description> + <references> + <bid>34584</bid> + <cvename>CVE-2009-1759</cvename> + <url>http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959</url> + </references> + <dates> + <discovery>2009-10-15</discovery> + <entry>2009-10-28</entry> + </dates> + </vuln> + + <vuln vid="c87aa2d2-c3c4-11de-ab08-000f20797ede"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>3.5.*,1</gt><lt>3.5.4,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.15,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>3.0.15</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-64 Crashes with evidence of memory + corruption (rv:1.9.1.4/ 1.9.0.15)</p> + <p>MFSA 2009-63 Upgrade media libraries to fix memory + safety bugs</p> + <p>MFSA 2009-62 Download filename spoofing with RTL + override</p> + <p>MFSA 2009-61 Cross-origin data theft through + document.getSelection()</p> + <p>MFSA 2009-59 Heap buffer overflow in string to + number conversion</p> + <p>MFSA 2009-57 Chrome privilege escalation in + XPCVariant::VariantDataToJS()</p> + <p>MFSA 2009-56 Heap buffer overflow in GIF color map + parser</p> + <p>MFSA 2009-55 Crash in proxy auto-configuration + regexp parsing</p> + <p>MFSA 2009-54 Crash with recursive web-worker calls</p> + <p>MFSA 2009-53 Local downloaded file tampering</p> + <p>MFSA 2009-52 Form history vulnerable to stealing</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3380</cvename> + <cvename>CVE-2009-3381</cvename> + <cvename>CVE-2009-3382</cvename> + <cvename>CVE-2009-3383</cvename> + <cvename>CVE-2009-3379</cvename> + <cvename>CVE-2009-3378</cvename> + <cvename>CVE-2009-3377</cvename> + <cvename>CVE-2009-3376</cvename> + <cvename>CVE-2009-3375</cvename> + <cvename>CVE-2009-1563</cvename> + <cvename>CVE-2009-3374</cvename> + <cvename>CVE-2009-3373</cvename> + <cvename>CVE-2009-3372</cvename> + <cvename>CVE-2009-3371</cvename> + <cvename>CVE-2009-3274</cvename> + <cvename>CVE-2009-3370</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-64.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-63.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-62.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-61.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-59.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-57.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-56.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-55.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-54.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-53.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-52.html</url> + </references> + <dates> + <discovery>2009-10-27</discovery> + <entry>2009-10-28</entry> + <modified>2009-12-14</modified> + </dates> + </vuln> + + <vuln vid="2544f543-c178-11de-b175-001cc0377035"> + <topic>elinks -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>elinks</name> + <range><lt>0.11.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/36574/discuss"> + <p>ELinks is prone to an off-by-one buffer-overflow vulnerability + because the application fails to accurately reference the last + element of a buffer.</p> + <p>Attackers may leverage this issue to execute arbitrary code in + the context of the application. Failed attacks will cause + denial-of-service conditions.</p> + </blockquote> + </body> + </description> + <references> + <bid>36574</bid> + <cvename>CVE-2008-7224</cvename> + <mlist msgid="20080204235429.GA28006@diku.dk">http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html</mlist> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347</url> + </references> + <dates> + <discovery>2006-07-29</discovery> + <entry>2009-10-25</entry> + </dates> + </vuln> + + <vuln vid="692ab645-bf5d-11de-849b-00151797c2d4"> + <topic>squidGuard -- multiple vulnerabilities</topic> + <affects> + <package> + <name>squidGuard</name> + <range><lt>1.4_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SquidGuard website reports:</p> + <blockquote cite="http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015"> + <p>Patch 20091015 fixes one buffer overflow problem + in sgLog.c when overlong URLs are requested. + SquidGuard will then go into emergency mode were + no blocking occurs. This is not required in this + situation.</p> + </blockquote> + <blockquote cite="http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"> + <p>Patch 20091019 fixes two bypass problems with URLs + which length is close to the limit defined by MAX_BUF + (default: 4096) in squidGuard and MAX_URL (default: + 4096 in squid 2.x and 8192 in squid 3.x) in squid. + For this kind of URLs the proxy request exceeds MAX_BUF + causing squidGuard to complain about not being able to + parse the squid request. Increasing the buffer limit + to be higher than the one defined in MAX_URL solves the + issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3700</cvename> + <cvename>CVE-2009-3826</cvename> + <url>http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015</url> + <url>http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019</url> + </references> + <dates> + <discovery>2009-10-15</discovery> + <entry>2009-10-22</entry> + <modified>2010-05-06</modified> + </dates> + </vuln> + + <vuln vid="8581189c-bd5f-11de-8709-0017a4cccfc6"> + <topic>Xpdf -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>xpdf</name> + <range><lt>3.02_11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/507261"> + <p>Some vulnerabilities have been reported in Xpdf, which can be + exploited by malicious people to potentially compromise a user's + system.</p> + <p>1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" + can be exploited to cause heap-based buffer overflows.</p> + <p>2) An integer overflow error in "ObjectStream::ObjectStream()" + can be exploited to cause a heap-based buffer overflow.</p> + <p>3) Multiple integer overflows in "Splash::drawImage()" can be + exploited to cause heap-based buffer overflows.</p> + <p>4) An integer overflow error in "PSOutputDev::doImageL1Sep()" + can be exploited to cause a heap-based buffer overflow when + converting a PDF document to a PS file.</p> + <p>Successful exploitation of the vulnerabilities may allow execution + of arbitrary code by tricking a user into opening a specially crafted + PDF file.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.securityfocus.com/archive/1/507261</url> + <url>http://secunia.com/advisories/37053/</url> + </references> + <dates> + <discovery>2009-10-14</discovery> + <entry>2009-10-20</entry> + </dates> + </vuln> + + <vuln vid="87917d6f-ba76-11de-bac2-001a4d563a0f"> + <topic>django -- denial-of-service attack</topic> + <affects> + <package> + <name>py23-django</name> + <name>py24-django</name> + <name>py25-django</name> + <name>py26-django</name> + <name>py30-django</name> + <name>py31-django</name> + <range><lt>1.1.1</lt></range> + </package> + <package> + <name>py23-django-devel</name> + <name>py24-django-devel</name> + <name>py25-django-devel</name> + <name>py26-django-devel</name> + <name>py30-django-devel</name> + <name>py31-django-devel</name> + <range><lt>11603,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django project reports:</p> + <blockquote cite="http://www.djangoproject.com/weblog/2009/oct/09/security/"> + <p>Django's forms library includes field types which perform + regular-expression-based validation of email addresses and + URLs. Certain addresses/URLs could trigger a pathological + performance case in these regular expression, resulting in + the server process/thread becoming unresponsive, and consuming + excessive CPU over an extended period of time. If deliberately + triggered, this could result in an effectively + denial-of-service attack.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3695</cvename> + <url>http://www.djangoproject.com/weblog/2009/oct/09/security/</url> + </references> + <dates> + <discovery>2009-10-09</discovery> + <entry>2009-10-16</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="4769914e-b844-11de-b159-0030843d3802"> + <topic>phpmyadmin -- XSS and SQL injection vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>3.2.2.1</lt></range> + </package> + <package> + <name>phpMyAdmin211</name> + <range><lt>2.11.9.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin Team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php"> + <p>Cross-site scripting (XSS) vulnerability allows remote attackers to + inject arbitrary web script or HTML via a crafted MySQL table name.</p> + <p>SQL injection vulnerability allows remote attackers to inject SQL via + various interface parameters of the PDF schema generator feature.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3696</cvename> + <cvename>CVE-2009-3697</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php</url> + </references> + <dates> + <discovery>2009-10-13</discovery> + <entry>2009-10-13</entry> + </dates> + </vuln> + + <vuln vid="437a68cf-b752-11de-b6eb-00e0815b8da8"> + <topic>php5 -- Multiple security issues</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.2.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Vendor reports</p> + <blockquote cite="http://www.php.net/releases/5_2_11.php"> + <p>Security Enhancements and Fixes in PHP 5.2.11: + Fixed certificate validation inside + php_openssl_apply_verification_policy. + Fixed sanity check for the color index in imagecolortransparent. + Added missing sanity checks around exif processing. + Fixed bug 44683 popen crashes when an invalid mode is passed.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.php.net/releases/5_2_11.php</url> + <cvename>CVE-2009-3291</cvename> + <cvename>CVE-2009-3292</cvename> + <cvename>CVE-2009-3293</cvename> + </references> + <dates> + <discovery>2009-09-17</discovery> + <entry>2009-10-12</entry> + </dates> + </vuln> + + <vuln vid="ebeed063-b328-11de-b6a5-0030843d3802"> + <topic>virtualbox -- privilege escalation</topic> + <affects> + <package> + <name>virtualbox</name> + <range><lt>3.0.51.r22902_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Sun reports:</p> + <blockquote cite="http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"> + <p>A security vulnerability in the VBoxNetAdpCtl configuration tool + for certain Sun VirtualBox 3.0 packages may allow local unprivileged + users who are authorized to run VirtualBox to execute arbitrary + commands with root privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3692</cvename> + <url>http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1</url> + <url>http://secunia.com/advisories/36929</url> + </references> + <dates> + <discovery>2009-10-07</discovery> + <entry>2009-10-07</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="50383bde-b25b-11de-8c83-02e0185f8d72"> + <topic>FreeBSD -- Devfs / VFS NULL pointer race condition</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_13</lt></range> + <range><ge>6.4</ge><lt>6.4_7</lt></range> + <range><ge>7.1</ge><lt>7.1_8</lt></range> + <range><ge>7.2</ge><lt>7.2_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Due to the interaction between devfs and VFS, a race condition + exists where the kernel might dereference a NULL pointer.</p> + <h1>Impact:</h1> + <p>Successful exploitation of the race condition can lead to local + kernel privilege escalation, kernel data corruption and/or + crash.</p> + <p>To exploit this vulnerability, an attacker must be able to run + code with user privileges on the target system.</p> + <h1>Workaround:</h1> + <p>An errata note, FreeBSD-EN-09:05.null has been released + simultaneously to this advisory, and contains a kernel patch + implementing a workaround for a more broad class of + vulnerabilities. However, prior to those changes, no workaround + is available.</p> + </body> + </description> + <references> + <freebsdsa>SA-09:14.devfs</freebsdsa> + </references> + <dates> + <discovery>2009-10-02</discovery> + <entry>2009-10-06</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="90d2e58f-b25a-11de-8c83-02e0185f8d72"> + <topic>FreeBSD -- kqueue pipe race conditions</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.4_7</lt></range> + <range><ge>6.4</ge><lt>6.3_13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>A race condition exists in the pipe close() code relating + to kqueues, causing use-after-free for kernel memory, which + may lead to an exploitable NULL pointer vulnerability in the + kernel, kernel memory corruption, and other unpredictable + results.</p> + <h1>Impact:</h1> + <p>Successful exploitation of the race condition can lead to + local kernel privilege escalation, kernel data corruption + and/or crash.</p> + <p>To exploit this vulnerability, an attacker must be able to + run code on the target system.</p> + <h1>Workaround</h1> + <p>An errata notice, FreeBSD-EN-09:05.null has been released + simultaneously to this advisory, and contains a kernel patch + implementing a workaround for a more broad class of + vulnerabilities. However, prior to those changes, no + workaround is available.</p> + </body> + </description> + <references> + <freebsdsa>SA-09:13.pipe</freebsdsa> + </references> + <dates> + <discovery>2009-10-02</discovery> + <entry>2009-10-06</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="beb6f4a8-add5-11de-8b55-0030843d3802"> + <topic>mybb -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mybb</name> + <range><lt>1.4.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>mybb team reports:</p> + <blockquote cite="http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/"> + <p>Input passed via avatar extensions is not properly sanitised before + being used in SQL queries. This can be exploited to manipulate SQL + queries by uploading specially named avatars.</p> + <p>The script allows to sign up with usernames containing zero width + space characters, which can be exploited to e.g. conduct spoofing + attacks.</p> + </blockquote> + </body> + </description> + <references> + <bid>36460</bid> + <url>http://dev.mybboard.net/issues/464</url> + <url>http://dev.mybboard.net/issues/418</url> + <url>http://secunia.com/advisories/36803</url> + <url>http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/</url> + </references> + <dates> + <discovery>2009-09-21</discovery> + <entry>2009-09-30</entry> + </dates> + </vuln> + + <vuln vid="bad1b090-a7ca-11de-873f-0030843d3802"> + <topic>drupal -- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.20</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Team reports:</p> + <blockquote cite="http://drupal.org/node/579482"> + <p>The core OpenID module does not correctly implement Form API for + the form that allows one to link user accounts with OpenID + identifiers. A malicious user is therefore able to use cross site + request forgeries to add attacker controlled OpenID identities to + existing accounts. These OpenID identities can then be used to gain + access to the affected accounts.</p> + <p>The OpenID module is not a compliant implementation of the OpenID + Authentication 2.0 specification. An implementation error allows a + user to access the account of another user when they share the same + OpenID 2.0 provider.</p> + <p>File uploads with certain extensions are not correctly processed by + the File API. This may lead to the creation of files that are + executable by Apache. The .htaccess that is saved into the files + directory by Drupal should normally prevent execution. The files are + only executable when the server is configured to ignore the directives + in the .htaccess file.</p> + <p>Drupal doesn't regenerate the session ID when an anonymous user + follows the one time login link used to confirm email addresses and + reset forgotten passwords. This enables a malicious user to fix and + reuse the session id of a victim under certain circumstances.</p> + </blockquote> + </body> + </description> + <references> + <url>http://drupal.org/node/579482</url> + <url>http://secunia.com/advisories/36787/</url> + <url>http://secunia.com/advisories/36786/</url> + <url>http://secunia.com/advisories/36781/</url> + <url>http://secunia.com/advisories/36776/</url> + <url>http://secunia.com/advisories/36785/</url> + </references> + <dates> + <discovery>2009-09-17</discovery> + <entry>2009-09-22</entry> + </dates> + </vuln> + + <vuln vid="113cd7e9-a4e2-11de-84af-001195e39404"> + <topic>fwbuilder -- security issue in temporary file handling</topic> + <affects> + <package> + <name>fwbuilder</name> + <range><lt>3.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Firewall Builder release notes reports:</p> + <blockquote cite="http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"> + <p>Vadim Kurland (vadim.kurland@fwbuilder.org) reports:</p> + <p>Fwbuilder and libfwbuilder 3.0.4 through to 3.0.6 generate + iptables scripts with a security issue when also used to + generate static routing configurations.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4664</cvename> + <url>http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7</url> + </references> + <dates> + <discovery>2009-09-18</discovery> + <entry>2009-09-18</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="b9ec7fe3-a38a-11de-9c6b-003048818f40"> + <topic>bugzilla -- two SQL injections, sensitive data exposure</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.1</gt><lt>3.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4/"> + <ul> + <li>It is possible to inject raw SQL into the Bugzilla + database via the "Bug.create" and "Bug.search" WebService + functions.</li> + <li>When a user would change his password, his new password would + be exposed in the URL field of the browser if he logged in right + after changing his password.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3125</cvename> + <cvename>CVE-2009-3165</cvename> + <cvename>CVE-2009-3166</cvename> + <url>http://www.bugzilla.org/security/3.0.8/</url> + </references> + <dates> + <discovery>2009-09-11</discovery> + <entry>2009-09-17</entry> + </dates> + </vuln> + + <vuln vid="ee23aa09-a175-11de-96c0-0011098ad87f"> + <topic>horde-base -- multiple vulnerabilities</topic> + <affects> + <package> + <name>horde-base</name> + <range><lt>3.3.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Horde team reports:</p> + <blockquote cite="http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559"> + <p>An error within the form library when handling image form fields can + be exploited to overwrite arbitrary local files.</p> + <p>An error exists within the MIME Viewer library when rendering unknown + text parts. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected site if + malicious data is viewed.</p> + <p>The preferences system does not properly sanitise numeric preference + types. This can be exploited to execute arbitrary HTML and script code + in a user's browser session in contact of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <url>http://bugs.horde.org/ticket/?id=8311</url> + <url>http://bugs.horde.org/ticket/?id=8399</url> + <url>http://secunia.com/advisories/36665/</url> + <url>http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559</url> + </references> + <dates> + <discovery>2009-05-28</discovery> + <entry>2009-09-14</entry> + <modified>2009-09-22</modified> + </dates> + </vuln> + + <vuln vid="152b27f0-a158-11de-990c-e5b1d4c882e0"> + <topic>nginx -- remote denial of service vulnerability</topic> + <affects> + <package> + <name>nginx</name> + <range><lt>0.7.62</lt></range> + </package> + <package> + <name>nginx-devel</name> + <range><lt>0.8.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>nginx development team reports:</p> + <blockquote cite="http://nginx.net/CHANGES"> + <p>A segmentation fault might occur in worker process while + specially crafted request handling.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2629</cvename> + <url>http://nginx.net/CHANGES</url> + <mlist msgid="20090914155338.GA2529@ngolde.de">http://lists.debian.org/debian-security-announce/2009/msg00205.html</mlist> + </references> + <dates> + <discovery>2009-09-14</discovery> + <entry>2009-09-14</entry> + <modified>2009-09-15</modified> + </dates> + </vuln> + + <vuln vid="6e8f54af-a07d-11de-a649-000c2955660f"> + <topic>ikiwiki -- insufficient blacklisting in teximg plugin</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>3.1415926</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The IkiWiki development team reports:</p> + <blockquote cite="http://ikiwiki.info/security/#index35h2"> + <p>IkiWikis teximg plugin's blacklisting of insecure TeX commands + is insufficient; it can be bypassed and used to read arbitrary + files.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2944</cvename> + <url>http://ikiwiki.info/security/#index35h2</url> + </references> + <dates> + <discovery>2009-08-28</discovery> + <entry>2009-09-13</entry> + </dates> + </vuln> + + <vuln vid="b46f3a1e-a052-11de-a649-000c2955660f"> + <topic>xapian-omega -- cross-site scripting vulnerability</topic> + <affects> + <package> + <name>xapian-omega</name> + <range><lt>1.0.16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Olly Betts reports:</p> + <blockquote cite="http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"> + <p>There's a cross-site scripting issue in Omega - exception + messages don't currently get HTML entities escaped, but can + contain CGI parameter values in some cases.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2947</cvename> + <url>http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html</url> + </references> + <dates> + <discovery>2009-09-09</discovery> + <entry>2009-09-13</entry> + </dates> + </vuln> + + <vuln vid="922d2398-9e2d-11de-a998-0030843d3802"> + <topic>mozilla firefox -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>3.5.*,1</gt><lt>3.5.3,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.13,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-51 Chrome privilege escalation with FeedWriter</p> + <p>MFSA 2009-50 Location bar spoofing via tall line-height Unicode + characters</p> + <p>MFSA 2009-49 TreeColumns dangling pointer vulnerability</p> + <p>MFSA 2009-48 Insufficient warning for PKCS11 module installation + and removal</p> + <p>MFSA 2009-47 Crashes with evidence of memory corruption + (rv:1.9.1.3/1.9.0.14)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3069</cvename> + <cvename>CVE-2009-3070</cvename> + <cvename>CVE-2009-3071</cvename> + <cvename>CVE-2009-3072</cvename> + <cvename>CVE-2009-3073</cvename> + <cvename>CVE-2009-3074</cvename> + <cvename>CVE-2009-3075</cvename> + <cvename>CVE-2009-3076</cvename> + <cvename>CVE-2009-3077</cvename> + <cvename>CVE-2009-3078</cvename> + <cvename>CVE-2009-3079</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-47.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-48.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-49.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-50.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-51.html</url> + <url>http://secunia.com/advisories/36671/2/</url> + </references> + <dates> + <discovery>2009-09-10</discovery> + <entry>2009-09-10</entry> + </dates> + </vuln> + + <vuln vid="012b495c-9d51-11de-8d20-001bd3385381"> + <topic>cyrus-imapd -- Potential buffer overflow in Sieve</topic> + <affects> + <package> + <name>cyrus-imapd</name> + <range><gt>2.2.0</gt><lt>2.2.13_6</lt></range> + <range><gt>2.3.0</gt><lt>2.3.14_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Cyrus IMAP Server ChangeLog states:</p> + <blockquote cite="http://cyrusimap.web.cmu.edu/imapd/changes.html"> + <p>Fixed CERT VU#336053 - Potential buffer overflow in Sieve.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2632</cvename> + <bid>36296</bid> + <url>http://www.kb.cert.org/vuls/id/336053</url> + <url>http://www.debian.org/security/2009/dsa-1881</url> + </references> + <dates> + <discovery>2009-09-02</discovery> + <entry>2009-09-09</entry> + <modified>2009-09-14</modified> + </dates> + </vuln> + + <vuln vid="24aa9970-9ccd-11de-af10-000c29a67389"> + <topic>silc-toolkit -- Format string vulnerabilities</topic> + <affects> + <package> + <name>silc-toolkit</name> + <range><lt>1.1.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SILC Changlog reports:</p> + <blockquote cite="http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10"> + <p>An unspecified format string vulnerability exists in + silc-toolkit.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3051</cvename> + <url>http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10</url> + <url>http://www.openwall.com/lists/oss-security/2009/09/03/5</url> + </references> + <dates> + <discovery>2009-08-07</discovery> + <entry>2009-09-08</entry> + </dates> + </vuln> + + <vuln vid="4582948a-9716-11de-83a5-001999392805"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <range><lt>10.00.20090830</lt></range> + </package> + <package> + <name>opera-devel</name> + <range><le>10.00.b3_1,1</le></range> + </package> + <package> + <name>linux-opera</name> + <range><lt>10.00</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team Reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/freebsd/1000/"> + <ul> + <li>Issue where sites using revoked intermediate certificates might be shown as secure</li> + <li>Issue where the collapsed address bar didn't show the current domain</li> + <li>Issue where pages could trick users into uploading files</li> + <li>Some IDNA characters not correctly displaying in the address bar</li> + <li>Issue where Opera accepts nulls and invalid wild-cards in certificates</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>http://www.opera.com/support/search/view/929/</url> + <url>http://www.opera.com/support/search/view/930/</url> + <url>http://www.opera.com/support/search/view/931/</url> + <url>http://www.opera.com/support/search/view/932/</url> + <url>http://www.opera.com/support/search/view/934/</url> + </references> + <dates> + <discovery>2009-09-01</discovery> + <entry>2009-09-04</entry> + <modified>2009-10-29</modified> + </dates> + </vuln> + + <vuln vid="80aa98e0-97b4-11de-b946-0030843d3802"> + <topic>dnsmasq -- TFTP server remote code injection vulnerability</topic> + <affects> + <package> + <name>dnsmasq</name> + <range><lt>2.50</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Simon Kelley reports:</p> + <blockquote cite="http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"> + <p>Fix security problem which allowed any host permitted to + do TFTP to possibly compromise dnsmasq by remote buffer + overflow when TFTP enabled.</p> + <p>Fix a problem which allowed a malicious TFTP client to + crash dnsmasq.</p> + </blockquote> + </body> + </description> + <references> + <bid>36121</bid> + <bid>36120</bid> + <cvename>CVE-2009-2957</cvename> + <cvename>CVE-2009-2958</cvename> + <url>http://www.coresecurity.com/content/dnsmasq-vulnerabilities</url> + <url>https://rhn.redhat.com/errata/RHSA-2009-1238.html</url> + </references> + <dates> + <discovery>2009-08-31</discovery> + <entry>2009-09-02</entry> + </dates> + </vuln> + + <vuln vid="e15f2356-9139-11de-8f42-001aa0166822"> + <topic>apache22 -- several vulnerabilities</topic> + <affects> + <package> + <name>apache</name> + <range><gt>2.2.0</gt><lt>2.2.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Apache ChangeLog reports:</p> + <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.12"> + <p>CVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.</p> + <p>CVE-2009-1195: Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.</p> + <p>CVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.</p> + <p>CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.</p> + <p>CVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1891</cvename><!-- vul: 2.2.11 --> + <cvename>CVE-2009-1195</cvename><!-- vul: 2.2.x to 2.2.11 --> + <cvename>CVE-2009-1890</cvename><!-- ok: 2.3.3 --> + <cvename>CVE-2009-1191</cvename><!-- vul: 2.2.11 --> + <cvename>CVE-2009-0023</cvename><!-- ok: apr 1.3.5 --> + <cvename>CVE-2009-1955</cvename><!-- ok: apr-util 1.3.7 --> + <cvename>CVE-2009-1956</cvename><!-- ok: apr-util 1.3.5 --> + </references> + <dates> + <discovery>2009-07-28</discovery><!-- release date of 2.2.12 --> + <entry>2009-08-25</entry> + </dates> + </vuln> + + <vuln vid="59e7af2d-8db7-11de-883b-001e3300a30d"> + <topic>pidgin -- MSN overflow parsing SLP messages</topic> + <affects> + <package> + <name>pidgin</name> + <name>libpurple</name> + <name>finch</name> + <range><lt>2.5.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/36384"> + <p>A vulnerability has been reported in Pidgin, which can be + exploited by malicious people to potentially compromise a user's + system.</p> + <p>The vulnerability is caused due to an error in the + "msn_slplink_process_msg()" function when processing MSN SLP + messages and can be exploited to corrupt memory.</p> + <p>Successful exploitation may allow execution of arbitrary + code.</p> + <p>The vulnerability is reported in versions 2.5.8 and prior. + Other versions may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2694</cvename> + <url>http://secunia.com/advisories/36384/</url> + <url>http://www.pidgin.im/news/security/?id=34</url> + </references> + <dates> + <discovery>2009-08-18</discovery> + <entry>2009-08-20</entry> + </dates> + </vuln> + + <vuln vid="b31a1088-460f-11de-a11a-0022156e8794"> + <topic>GnuTLS -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>2.6.6</lt></range> + </package> + <package> + <name>gnutls-devel</name> + <range><lt>2.7.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34783/discuss"> + <p>GnuTLS is prone to multiple remote vulnerabilities:</p> + <ul> + <li>A remote code-execution vulnerability.</li> + <li>A denial-of-service vulnerability.</li> + <li>A signature-generation vulnerability.</li> + <li>A signature-verification vulnerability.</li> + </ul> + <p>An attacker can exploit these issues to potentially execute + arbitrary code, trigger denial-of-service conditions, carry + out attacks against data signed with weak signatures, and + cause clients to accept expired or invalid certificates from + servers.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1415</cvename> + <cvename>CVE-2009-1416</cvename> + <cvename>CVE-2009-1417</cvename> + <bid>34783</bid> + <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515</url> + <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516</url> + <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517</url> + </references> + <dates> + <discovery>2009-05-21</discovery> + <entry>2009-08-17</entry> + </dates> + </vuln> + + <vuln vid="856a6f84-8b30-11de-8062-00e0815b8da8"> + <topic>GnuTLS -- improper SSL certificate verification</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>2.8.3</lt></range> + </package> + <package> + <name>gnutls-devel</name> + <range><lt>2.9.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GnuTLS reports:</p> + <blockquote cite="http://article.gmane.org/gmane.network.gnutls.general/1733"> + <p>By using a NUL byte in CN/SAN fields, it was possible to fool + GnuTLS into 1) not printing the entire CN/SAN field value when + printing a certificate and 2) cause incorrect positive matches + when matching a hostname against a certificate.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2730</cvename> + <url>http://article.gmane.org/gmane.network.gnutls.general/1733</url> + <url>http://secunia.com/advisories/36266</url> + </references> + <dates> + <discovery>2009-08-11</discovery> + <entry>2009-08-17</entry> + </dates> + </vuln> + + <vuln vid="86ada694-8b30-11de-b9d0-000c6e274733"> + <topic>memcached -- memcached stats maps Information Disclosure Weakness</topic> + <affects> + <package> + <name>memcached</name> + <range><lt>1.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34915/"> + <p>A weakness has been reported in memcached, which can be exploited + by malicious people to disclose system information.</p> + <p>The weakness is caused due to the application disclosing the + content of /proc/self/maps if a stats maps command is received. + This can be exploited to disclose e.g. the addresses of allocated + memory regions.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1255</cvename> + <url>http://secunia.com/advisories/34915/</url> + </references> + <dates> + <discovery>2009-04-29</discovery> + <entry>2009-08-17</entry> + </dates> + </vuln> + + <vuln vid="2430e9c3-8741-11de-938e-003048590f9e"> + <topic>wordpress -- remote admin password reset vulnerability</topic> + <affects> + <package> + <name>wordpress</name> + <range><lt>2.8.4,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <range><lt>2.8.4</lt></range> + </package> + <package> + <name>wordpress-mu</name> + <range><lt>2.8.4a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>WordPress reports:</p> + <blockquote cite="http://wordpress.org/development/2009/08/2-8-4-security-release/"> + <p>A specially crafted URL could be requested that would allow an + attacker to bypass a security check to verify a user requested a + password reset. As a result, the first account without a key in the + database (usually the admin account) would have its password reset and + a new password would be emailed to the account owner.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2762</cvename> + <url>http://wordpress.org/development/2009/08/2-8-4-security-release/</url> + <url>http://www.milw0rm.com/exploits/9410</url> + </references> + <dates> + <discovery>2009-08-10</discovery> + <entry>2009-08-12</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="5179d85c-8683-11de-91b9-0022157515b2"> + <topic>fetchmail -- improper SSL certificate subject verification</topic> + <affects> + <package> + <name>fetchmail</name> + <range><lt>6.3.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthias Andree reports:</p> + <blockquote cite="http://www.fetchmail.info/fetchmail-SA-2009-01.txt"> + <p>Moxie Marlinspike demonstrated in July 2009 that some CAs would + sign certificates that contain embedded NUL characters in the + Common Name or subjectAltName fields of ITU-T X.509 + certificates.</p> + <p>Applications that would treat such X.509 strings as + NUL-terminated C strings (rather than strings that contain an + explicit length field) would only check the part up to and + excluding the NUL character, so that certificate names such as + www.good.example\0www.bad.example.com would be mistaken as a + certificate name for www.good.example. fetchmail also had this + design and implementation flaw.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2666</cvename> + <url>http://www.fetchmail.info/fetchmail-SA-2009-01.txt</url> + </references> + <dates> + <discovery>2009-08-06</discovery> + <entry>2009-08-11</entry> + <modified>2009-08-13</modified> + </dates> + </vuln> + + <vuln vid="739b94a4-838b-11de-938e-003048590f9e"> + <topic>joomla15 -- com_mailto Timeout Issue</topic> + <affects> + <package> + <name>joomla15</name> + <range><lt>1.5.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Joomla! Security Center reports:</p> + <blockquote cite="http://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html"> + <p>In com_mailto, it was possible to bypass timeout protection against + sending automated emails.</p> + </blockquote> + </body> + </description> + <references> + <url>http://developer.joomla.org/security.html</url> + <url>http://secunia.com/advisories/36097/</url> + </references> + <dates> + <discovery>2009-07-22</discovery> + <entry>2009-08-07</entry> + <modified>2009-08-11</modified> + </dates> + </vuln> + + <vuln vid="bce1f76d-82d0-11de-88ea-001a4d49522b"> + <topic>subversion -- heap overflow vulnerability</topic> + <affects> + <package> + <name>subversion</name> + <name>subversion-freebsd</name> + <name>p5-subversion</name> + <name>py-subversion</name> + <range><lt>1.6.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Subversion Security Advisory reports:</p> + <blockquote cite="http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"> + <p>Subversion clients and servers have multiple heap + overflow issues in the parsing of binary deltas. This is + related to an allocation vulnerability in the APR library + used by Subversion.</p> + <p>Clients with commit access to a vulnerable server can + cause a remote heap overflow; servers can cause a heap + overflow on vulnerable clients that try to do a checkout + or update.</p> + <p>This can lead to a DoS (an exploit has been tested) and + to arbitrary code execution (no exploit tested, but the + possibility is clear).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2411</cvename> + <url>http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt</url> + </references> + <dates> + <discovery>2009-08-06</discovery> + <entry>2009-08-06</entry> + <modified>2009-08-07</modified> + </dates> + </vuln> + + <vuln vid="d67b517d-8214-11de-88ea-001a4d49522b"> + <topic>bugzilla -- product name information leak</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.4</gt><lt>3.4.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4/"> + <p>Normally, users are only supposed to see products that + they can file bugs against in the "Product" drop-down on + the bug-editing page. Instead, users were being shown all + products, even those that they normally could not see. Any + user who could edit any bug could see all product + names.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.bugzilla.org/security/3.4/</url> + </references> + <dates> + <discovery>2009-07-30</discovery> + <entry>2009-08-05</entry> + </dates> + </vuln> + + <vuln vid="49e8f2ee-8147-11de-a994-0030843d3802"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <name>linux-firefox</name> + <range><lt>3.*,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.13,1</lt></range> + <range><gt>3.5.*,1</gt><lt>3.5.2,1</lt></range> + </package> + <package> + <name>linux-firefox-devel</name> + <range><lt>3.5.2</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.18</lt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name + longer than 15 characters</p> + <p>MFSA 2009-42: Compromise of SSL-protected communication</p> + <p>MFSA 2009-43: Heap overflow in certificate regexp parsing</p> + <p>MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() + on invalid URL</p> + <p>MFSA 2009-45: Crashes with evidence of memory corruption + (rv:1.9.1.2/1.9.0.13)</p> + <p>MFSA 2009-46: Chrome privilege escalation due to incorrectly cached + wrapper</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2404</cvename> + <cvename>CVE-2009-2408</cvename> + <cvename>CVE-2009-2454</cvename> + <cvename>CVE-2009-2470</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-38.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-42.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-43.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-44.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-45.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-46.html</url> + </references> + <dates> + <discovery>2009-08-03</discovery> + <entry>2009-08-04</entry> + <modified>2009-09-04</modified> + </dates> + </vuln> + + <vuln vid="4e306850-811f-11de-8a67-000c29a67389"> + <topic>silc-client -- Format string vulnerability</topic> + <affects> + <package> + <name>silc-client</name> + <name>silc-irssi-client</name> + <range><lt>1.1.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SILC changelog reports:</p> + <blockquote cite="http://silcnet.org/docs/changelog/SILC%20Client%201.1.8"> + <p>An unspecified format string vulnerability exists in + silc-client.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3051</cvename> + <url>http://silcnet.org/docs/changelog/SILC%20Client%201.1.8</url> + </references> + <dates> + <discovery>2009-07-31</discovery> + <entry>2009-08-04</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="0d0237d0-7f68-11de-984d-0011098ad87f"> + <topic>SquirrelMail -- Plug-ins compromise</topic> + <affects> + <package> + <name>squirrelmail-multilogin-plugin</name> + <range><ge>2.3.4</ge><lt>2.3.4_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The SquirrelMail Web Server has been compromised, and three plugins + are affected.</p> + <p>The port of squirrelmail-sasql-plugin is safe (right MD5), and + change_pass is not in the FreeBSD ports tree, but multilogin has a + wrong MD5.</p> + </body> + </description> + <references> + <url>http://sourceforge.net/mailarchive/message.php?msg_name=4A727634.3080008%40squirrelmail.org</url> + <url>http://squirrelmail.org/index.php</url> + </references> + <dates> + <discovery>2009-07-31</discovery> + <entry>2009-08-02</entry> + </dates> + </vuln> + + <vuln vid="83725c91-7c7e-11de-9672-00e0815b8da8"> + <topic>BIND -- Dynamic update message remote DoS</topic> + <affects> + <package> + <name>bind9</name> + <range><lt>9.3.6.1.1</lt></range> + </package> + <package> + <name>bind9-sdb-postgresql</name> + <name>bind9-sdb-ldap</name> + <range><lt>9.4.3.3</lt></range> + </package> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_12</lt></range> + <range><ge>6.4</ge><lt>6.4_6</lt></range> + <range><ge>7.1</ge><lt>7.1_7</lt></range> + <range><ge>7.2</ge><lt>7.2_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>When named(8) receives a specially crafted dynamic update + message an internal assertion check is triggered which causes + named(8) to exit.</p> + <p>To trigger the problem, the dynamic update message must contains + a record of type "ANY" and at least one resource record set (RRset) + for this fully qualified domain name (FQDN) must exist on the + server.</p> + <h1>Impact:</h1> + <p>An attacker which can send DNS requests to a nameserver can cause + it to exit, thus creating a Denial of Service situation.</p> + <h1>Workaround:</h1> + <p>No generally applicable workaround is available, but some firewalls + may be able to prevent nsupdate DNS packets from reaching the + nameserver.</p> + <p>NOTE WELL: Merely configuring named(8) to ignore dynamic updates + is NOT sufficient to protect it from this vulnerability.</p> + </body> + </description> + <references> + <cvename>CVE-2009-0696</cvename> + <freebsdsa>SA-09:12.bind</freebsdsa> + <url>http://www.kb.cert.org/vuls/id/725188</url> + <url>https://www.isc.org/node/474</url> + </references> + <dates> + <discovery>2009-07-28</discovery> + <entry>2009-08-01</entry> + <modified>2009-08-04</modified> + </dates> + </vuln> + + <vuln vid="708c65a5-7c58-11de-a994-0030843d3802"> + <topic>mono -- XML signature HMAC truncation spoofing</topic> + <affects> + <package> + <name>mono</name> + <range><lt>2.4.2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35852/"> + <p>A security issue has been reported in Mono, which can be + exploited by malicious people to conduct spoofing attacks.</p> + <p>The security issue is caused due to an error when processing + certain XML signatures.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0217</cvename> + <url>http://secunia.com/advisories/35852/</url> + <url>http://www.kb.cert.org/vuls/id/466161</url> + </references> + <dates> + <discovery>2009-07-15</discovery> + <entry>2009-07-29</entry> + </dates> + </vuln> + + <vuln vid="e1156e90-7ad6-11de-b26a-0048543d60ce"> + <topic>squid -- several remote denial of service vulnerabilities</topic> + <affects> + <package> + <name>squid</name> + <range><ge>3.0.1</ge><lt>3.0.17</lt></range> + <range><ge>3.1.0.1</ge><lt>3.1.0.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Squid security advisory 2009:2 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"> + <p>Due to incorrect buffer limits and related bound checks Squid + is vulnerable to a denial of service attack when processing + specially crafted requests or responses.</p> + <p>Due to incorrect data validation Squid is vulnerable to a + denial of service attack when processing specially crafted + responses.</p> + <p>These problems allow any trusted client or external server to + perform a denial of service attack on the Squid service.</p> + </blockquote> + <p>Squid-2.x releases are not affected.</p> + </body> + </description> + <references> + <cvename>CVE-2009-2621</cvename> + <cvename>CVE-2009-2622</cvename> + <url>http://www.squid-cache.org/Advisories/SQUID-2009_2.txt</url> + </references> + <dates> + <discovery>2009-07-27</discovery> + <entry>2009-07-27</entry> + <modified>2009-08-06</modified> + </dates> + </vuln> + + <vuln vid="c1ef9b33-72a6-11de-82ea-0030843d3802"> + <topic>mozilla -- corrupt JIT state after deep return from native function</topic> + <affects> + <package> + <name>firefox</name> + <range><ge>3.5.*,1</ge><lt>3.5.1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/2009/mfsa2009-41.html"> + <p>Firefox user zbyte reported a crash that we determined could result + in an exploitable memory corruption problem. In certain cases after a + return from a native function, such as escape(), the Just-in-Time + (JIT) compiler could get into a corrupt state. This could be exploited + by an attacker to run arbitrary code such as installing malware.</p> + <p>This vulnerability does not affect earlier versions of Firefox + which do not support the JIT feature.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2477</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-41.html</url> + <url>http://www.kb.cert.org/vuls/id/443060</url> + </references> + <dates> + <discovery>2009-07-16</discovery> + <entry>2009-07-17</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="c444c8b7-7169-11de-9ab7-000c29a67389"> + <topic>isc-dhcp-client -- Stack overflow vulnerability</topic> + <affects> + <package> + <name>isc-dhcp31-client</name> + <range><le>3.1.1</le></range> + </package> + <package> + <name>isc-dhcp30-client</name> + <range><lt>3.0.7_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>US-CERT reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/410676"> + <p>The ISC DHCP dhclient application contains a stack buffer + overflow, which may allow a remote, unauthenticated attacker to + execute arbitrary code with root privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0692</cvename> + <url>https://www.isc.org/node/468</url> + <url>http://secunia.com/advisories/35785</url> + <url>http://www.kb.cert.org/vuls/id/410676</url> + </references> + <dates> + <discovery>2009-07-14</discovery> + <entry>2009-07-15</entry> + <modified>2009-07-21</modified> + </dates> + </vuln> + + <vuln vid="be927298-6f97-11de-b444-001372fd0af2"> + <topic>drupal -- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.19</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Drupal Security Team reports:</p> + <blockquote cite="http://drupal.org/node/507572"> + <p>Cross-site scripting</p> + <p>The Forum module does not correctly handle certain arguments + obtained from the URL. By enticing a suitably privileged user + to visit a specially crafted URL, a malicious user is able to + insert arbitrary HTML and script code into forum pages. Such a + cross-site scripting attack may lead to the malicious user + gaining administrative access. Wikipedia has more information + about cross-site scripting (XSS).</p> + <p>User signatures have no separate input format, they use the + format of the comment with which they are displayed. A user + will no longer be able to edit a comment when an administrator + changes the comment's input format to a format that is not + accessible to the user. However they will still be able to + modify their signature, which will then be processed by the new + input format.</p> + <p>If the new format is very permissive, via their signature, the + user may be able to insert arbitrary HTML and script code into + pages or, when the PHP filter is enabled for the new format, + execute PHP code. This issue affects Drupal 6.x only.</p> + <p>When an anonymous user fails to login due to mistyping his + username or password, and the page he is on contains a sortable + table, the (incorrect) username and password are included in + links on the table. If the user visits these links the password + may then be leaked to external sites via the HTTP referer.</p> + <p>In addition, if the anonymous user is enticed to visit the site + via a specially crafted URL while the Drupal page cache is + enabled, a malicious user might be able to retrieve the + (incorrect) username and password from the page cache.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2372</cvename> + <cvename>CVE-2009-2374</cvename> + <cvename>CVE-2009-2373</cvename> + <url>http://drupal.org/node/507572</url> + <url>http://secunia.com/advisories/35681</url> + </references> + <dates> + <discovery>2009-07-01</discovery> + <entry>2009-07-13</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="70372cda-6771-11de-883a-00e0815b8da8"> + <topic>nfsen -- remote command execution</topic> + <affects> + <package> + <name>nfsen</name> + <range><lt>1.3.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>nfsen reports:</p> + <blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=967583"> + <p>Due to double input checking, a remote command execution security + bug exists in all NfSen versions 1.3 and 1.3.1. Users are + requested to update to nfsen-1.3.2.</p> + </blockquote> + </body> + </description> + <references> + <url>http://sourceforge.net/forum/forum.php?forum_id=967583</url> + </references> + <dates> + <discovery>2009-06-18</discovery> + <entry>2009-07-03</entry> + </dates> + </vuln> + + <vuln vid="ba73f494-65a8-11de-aef5-001c2514716c"> + <topic>phpmyadmin -- XSS vulnerability</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>3.2.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin project reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php"> + <p>It was possible to conduct an XSS attack via a crafted + SQL bookmark.</p> + <p>All 3.x releases on which the "bookmarks" feature is + active are affected, previous versions are not.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2284</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php</url> + </references> + <dates> + <discovery>2009-06-30</discovery> + <entry>2009-06-30</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="3ebd4cb5-657f-11de-883a-00e0815b8da8"> + <topic>nagios -- Command Injection Vulnerability</topic> + <affects> + <package> + <name>nagios</name> + <range><le>3.0.6_1</le></range> + </package> + <package> + <name>nagios2</name> + <range><le>2.12_3</le></range> + </package> + <package> + <name>nagios-devel</name> + <range><le>3.1.0_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35543?"> + <p>A vulnerability has been reported in Nagios, which can be + exploited by malicious users to potentially compromise a + vulnerable system.</p> + <p>Input passed to the "ping" parameter in statuswml.cgi is not + properly sanitised before being used to invoke the ping command. + This can be exploited to inject and execute arbitrary shell + commands.</p> + <p>Successful exploitation requires access to the ping feature + of the WAP interface.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2288</cvename> + <url>http://secunia.com/advisories/35543</url> + <url>http://tracker.nagios.org/view.php?id=15</url> + </references> + <dates> + <discovery>2009-05-29</discovery> + <entry>2009-06-30</entry> + <modified>2009-07-13</modified> + </dates> + </vuln> + + <vuln vid="f59dda75-5ff4-11de-a13e-00e0815b8da8"> + <topic>tor-devel -- DNS resolution vulnerability</topic> + <affects> + <package> + <name>tor-devel</name> + <range><lt>0.2.1.15-rc</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Tor Project reports:</p> + <blockquote cite="https://git.torproject.org/checkout/tor/master/ChangeLog"> + <p>A malicious exit relay could convince a controller that the + client's DNS question resolves to an internal IP address.</p> + </blockquote> + </body> + </description> + <references> + <url>https://git.torproject.org/checkout/tor/master/ChangeLog</url> + </references> + <dates> + <discovery>2009-06-20</discovery> + <entry>2009-06-23</entry> + </dates> + </vuln> + + <vuln vid="c14aa48c-5ab7-11de-bc9b-0030843d3802"> + <topic>cscope -- multiple buffer overflows</topic> + <affects> + <package> + <name>cscope</name> + <range><lt>15.7a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34978"> + <p>Some vulnerabilities have been reported in Cscope, which + potentially can be exploited by malicious people to compromise a + user's system.</p> + <p>The vulnerabilities are caused due to various boundary errors, + which can be exploited to cause buffer overflows when parsing + specially crafted files or directories.</p> + </blockquote> + </body> + </description> + <references> + <bid>34805</bid> + <cvename>CVE-2009-0148</cvename> + <url>http://secunia.com/advisories/34978</url> + </references> + <dates> + <discovery>2009-05-31</discovery> + <entry>2009-06-16</entry> + </dates> + </vuln> + + <vuln vid="91a2066b-5ab6-11de-bc9b-0030843d3802"> + <topic>cscope -- buffer overflow</topic> + <affects> + <package> + <name>cscope</name> + <range><lt>15.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34832"> + <p>Attackers may leverage this issue to execute arbitrary code + in the context of the application. Failed attacks will cause + denial-of-service conditions.</p> + </blockquote> + </body> + </description> + <references> + <bid>34832</bid> + <cvename>CVE-2009-1577</cvename> + <url>http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19</url> + </references> + <dates> + <discovery>2009-05-31</discovery> + <entry>2009-06-16</entry> + </dates> + </vuln> + + <vuln vid="bdccd14b-5aac-11de-a438-003048590f9e"> + <topic>joomla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>joomla15</name> + <range><lt>1.5.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35278/"> + <p>Some vulnerabilities have been reported in Joomla!, which can be + exploited by malicious users to conduct script insertion attacks and + by malicious people to conduct cross-site scripting attacks.</p> + <p>Certain unspecified input is not properly sanitised before being + used. This can be exploited to insert arbitrary HTML and script code, + which will be executed in a user's browser session in the context of + an affected site when the malicious data is displayed.</p> + <p>Certain unspecified input passed to the user view of the com_users + core component is not properly sanitised before being returned to the + user. This can be exploited to execute arbitrary HTML and script code + in a user's browser session in context of an affected site.</p> + <p>Input passed via certain parameters to the "JA_Purity" template is + not properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1938</cvename> + <cvename>CVE-2009-1939</cvename> + <cvename>CVE-2009-1940</cvename> + <url>http://secunia.com/advisories/35278/</url> + <url>http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html</url> + </references> + <dates> + <discovery>2009-06-03</discovery> + <entry>2009-06-16</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="b1ca65e6-5aaf-11de-bc9b-0030843d3802"> + <topic>pidgin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>pidgin</name> + <name>libpurple</name> + <name>finch</name> + <range><lt>2.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35194/"> + <p>Some vulnerabilities and weaknesses have been reported in Pidgin, + which can be exploited by malicious people to cause a DoS or to + potentially compromise a user's system.</p> + <p>A truncation error in the processing of MSN SLP messages can be + exploited to cause a buffer overflow.</p> + <p>A boundary error in the XMPP SOCKS5 "bytestream" server when + initiating an outgoing file transfer can be exploited to cause a + buffer overflow.</p> + <p>A boundary error exists in the implementation of the + "PurpleCircBuffer" structure. This can be exploited to corrupt memory + and cause a crash via specially crafted XMPP or Sametime + packets.</p> + <p>A boundary error in the "decrypt_out()" function can be exploited + to cause a stack-based buffer overflow with 8 bytes and crash the + application via a specially crafted QQ packet.</p> + </blockquote> + </body> + </description> + <references> + <bid>35067</bid> + <cvename>CVE-2009-1373</cvename> + <cvename>CVE-2009-1374</cvename> + <cvename>CVE-2009-1375</cvename> + <cvename>CVE-2009-1376</cvename> + <url>http://secunia.com/advisories/35194/</url> + <url>http://www.pidgin.im/news/security/?id=29</url> + <url>http://www.pidgin.im/news/security/?id=30</url> + <url>http://www.pidgin.im/news/security/?id=32</url> + </references> + <dates> + <discovery>2009-06-03</discovery> + <entry>2009-06-16</entry> + </dates> + </vuln> + + <vuln vid="d9b01c08-59b3-11de-828e-00e0815b8da8"> + <topic>git -- denial of service vulnerability</topic> + <affects> + <package> + <name>git</name> + <range><lt>1.6.3.2_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/35338/discuss"> + <p>Git is prone to a denial-of-service vulnerability because it + fails to properly handle some client requests.</p> + <p>Attackers can exploit this issue to cause a daemon process to + enter an infinite loop. Repeated exploits may consume excessive + system resources, resulting in a denial of service condition.</p> + </blockquote> + </body> + </description> + <references> + <bid>35338</bid> + <cvename>CVE-2009-2108</cvename> + <url>https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html</url> + <url>http://article.gmane.org/gmane.comp.version-control.git/120724</url> + </references> + <dates> + <discovery>2009-06-04</discovery> + <entry>2009-06-15</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="62e0fbe5-5798-11de-bb78-001cc0377035"> + <topic>ruby -- BigDecimal denial of service vulnerability</topic> + <affects> + <package> + <name>ruby</name> + <name>ruby+pthreads</name> + <name>ruby+pthreads+oniguruma</name> + <name>ruby+oniguruma</name> + <range><ge>1.8.*,1</ge><lt>1.8.7.160_1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The official ruby site reports:</p> + <blockquote cite="http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/"> + <p>A denial of service (DoS) vulnerability was found on the + BigDecimal standard library of Ruby. Conversion from BigDecimal + objects into Float numbers had a problem which enables attackers + to effectively cause segmentation faults.</p> + <p>An attacker can cause a denial of service by causing BigDecimal + to parse an insanely large number, such as:</p> + <p><code>BigDecimal("9E69999999").to_s("F")</code></p> + </blockquote> + </body> + </description> + <references> + <bid>35278</bid> + <cvename>CVE-2009-1904</cvename> + <url>http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/</url> + </references> + <dates> + <discovery>2009-06-09</discovery> + <entry>2009-06-13</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="da185955-5738-11de-b857-000f20797ede"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.20_8,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.11,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-firefox-devel</name> + <range><lt>3.0.11</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.22</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.17</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> + <p>MFSA 2009-32 JavaScript chrome privilege escalation</p> + <p>MFSA 2009-31 XUL scripts bypass content-policy checks</p> + <p>MFSA 2009-30 Incorrect principal set for file: resources + loaded via location bar</p> + <p>MFSA 2009-29 Arbitrary code execution using event listeners + attached to an element whose owner document is null</p> + <p>MFSA 2009-28 Race condition while accessing the private data + of a NPObject JS wrapper class object</p> + <p>MFSA 2009-27 SSL tampering via non-200 responses to proxy + CONNECT requests</p> + <p>MFSA 2009-26 Arbitrary domain cookie access by local file: + resources</p> + <p>MFSA 2009-25 URL spoofing with invalid unicode characters</p> + <p>MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1392</cvename> + <cvename>CVE-2009-1832</cvename> + <cvename>CVE-2009-1833</cvename> + <cvename>CVE-2009-1834</cvename> + <cvename>CVE-2009-1835</cvename> + <cvename>CVE-2009-1836</cvename> + <cvename>CVE-2009-1837</cvename> + <cvename>CVE-2009-1838</cvename> + <cvename>CVE-2009-1839</cvename> + <cvename>CVE-2009-1840</cvename> + <cvename>CVE-2009-1841</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-24.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-25.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-26.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-27.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-28.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-29.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-30.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-31.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-32.html</url> + <url>http://secunia.com/advisories/35331/</url> + </references> + <dates> + <discovery>2009-06-11</discovery> + <entry>2009-06-12</entry> + <modified>2009-12-12</modified> + </dates> + </vuln> + + <vuln vid="eb9212f7-526b-11de-bbf2-001b77d09812"> + <topic>apr -- multiple vulnerabilities</topic> + <affects> + <package> + <name>apr</name> + <range><lt>1.3.5.1.3.7</lt></range> + </package> + <package> + <name>apache</name> + <range><ge>2.2.0</ge><lt>2.2.11_5</lt></range> + <range><ge>2.0.0</ge><lt>2.0.63_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35284/"> + <p>Some vulnerabilities have been reported in APR-util, which + can be exploited by malicious users and malicious people to + cause a DoS (Denial of Service).</p> + <p>A vulnerability is caused due to an error in the processing + of XML files and can be exploited to exhaust all available + memory via a specially crafted XML file containing a + predefined entity inside an entity definition.</p> + <p>A vulnerability is caused due to an error within the + "apr_strmatch_precompile()" function in + strmatch/apr_strmatch.c, which can be exploited to crash an + application using the library.</p> + </blockquote> + <p>RedHat reports:</p> + <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=3D504390"> + <p>A single NULL byte buffer overflow flaw was found in + apr-util's apr_brigade_vprintf() function.</p> + </blockquote> + </body> + </description> + <references> + <bid>35221</bid> + <cvename>CVE-2009-1955</cvename> + <cvename>CVE-2009-1956</cvename> + <cvename>CVE-2009-0023</cvename> + <url>http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3</url> + <url>http://secunia.com/advisories/35284/</url> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=3D504390</url> + </references> + <dates> + <discovery>2009-06-05</discovery> + <entry>2009-06-08</entry> + </dates> + </vuln> + + <vuln vid="4f838b74-50a1-11de-b01f-001c2514716c"> + <topic>dokuwiki -- Local File Inclusion with register_globals on</topic> + <affects> + <package> + <name>dokuwiki</name> + <range><lt>20090214_2</lt></range> + </package> + <package> + <name>dokuwiki-devel</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>DokuWiki reports:</p> + <blockquote cite="http://bugs.splitbrain.org/index.php?do=details&task_id=1700"> + <p>A security hole was discovered which allows an attacker + to include arbitrary files located on the attacked DokuWiki + installation. The included file is executed in the PHP context. + This can be escalated by introducing malicious code through + uploading file via the media manager or placing PHP code in + editable pages.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1960</cvename> + <url>http://bugs.splitbrain.org/index.php?do=details&task_id=1700</url> + </references> + <dates> + <discovery>2009-05-26</discovery> + <entry>2009-06-04</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="82b55df8-4d5a-11de-8811-0030843d3802"> + <topic>openssl -- denial of service in DTLS implementation</topic> + <affects> + <package> + <name>openssl</name> + <range><ge>0.9.8</ge><lt>0.9.8k_1</lt></range> + </package> + <package> + <name>linux-f10-openssl</name> + <range><ge>0.9.8f</ge><lt>0.9.8m</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35128/"> + <p>Some vulnerabilities have been reported in OpenSSL, which can be + exploited by malicious people to cause a DoS.</p> + <p>The library does not limit the number of buffered DTLS records with + a future epoch. This can be exploited to exhaust all available memory + via specially crafted DTLS packets.</p> + <p>An error when processing DTLS messages can be exploited to exhaust + all available memory by sending a large number of out of sequence + handshake messages.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1377</cvename> + <cvename>CVE-2009-1378</cvename> + <url>http://secunia.com/advisories/35128/</url> + </references> + <dates> + <discovery>2009-05-18</discovery> + <entry>2009-05-30</entry> + <modified>2014-04-10</modified> + </dates> + </vuln> + + <vuln vid="399f4cd7-4d59-11de-8811-0030843d3802"> + <topic>eggdrop -- denial of service vulnerability</topic> + <affects> + <package> + <name>eggdrop</name> + <range><lt>1.6.19_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35104/"> + <p>The vulnerability is caused due to an error in the processing of + private messages within the server module + (/mod/server.mod/servrmsg.c). This can be exploited to cause a + crash by sending a specially crafted message to the bot.</p> + </blockquote> + </body> + </description> + <references> + <bid>34985</bid> + <cvename>CVE-2009-1789</cvename> + <url>http://www.eggheads.org/news/2009/05/14/35</url> + <url>http://secunia.com/advisories/35104/</url> + </references> + <dates> + <discovery>2009-05-15</discovery> + <entry>2009-05-30</entry> + </dates> + </vuln> + + <vuln vid="a2d4a330-4d54-11de-8811-0030843d3802"> + <topic>wireshark -- PCNFSD Dissector Denial of Service Vulnerability</topic> + <affects> + <package> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <name>wireshark</name> + <name>wireshark-lite</name> + <range><lt>1.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35201/"> + <p>A vulnerability has been reported in Wireshark, which can be + exploited by malicious people to cause a DoS.</p> + <p>The vulnerability is caused due to an error in the PCNFSD dissector + and can be exploited to cause a crash via a specially crafted PCNFSD + packet.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1829</cvename> + <url>http://secunia.com/advisories/35201/</url> + <url>http://www.wireshark.org/security/wnpa-sec-2009-03.html</url> + </references> + <dates> + <discovery>2009-05-21</discovery> + <entry>2009-05-30</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="6355efdb-4d4d-11de-8811-0030843d3802"> + <topic>libsndfile -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libsndfile</name> + <range><lt>1.0.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35076/"> + <p>Two vulnerabilities have been reported in libsndfile, which can be + exploited by malicious people to compromise an application using the + library.</p> + <p>A boundary error exists within the "voc_read_header()" function in + src/voc.c. This can be exploited to cause a heap-based buffer overflow + via a specially crafted VOC file.</p> + <p>A boundary error exists within the "aiff_read_header()" function in + src/aiff.c. This can be exploited to cause a heap-based buffer overflow + via a specially crafted AIFF file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1788</cvename> + <cvename>CVE-2009-1791</cvename> + <url>http://secunia.com/advisories/35076/</url> + <url>http://www.trapkit.de/advisories/TKADV2009-006.txt</url> + </references> + <dates> + <discovery>2009-05-15</discovery> + <entry>2009-05-30</entry> + </dates> + </vuln> + + <vuln vid="80f13884-4d4c-11de-8811-0030843d3802"> + <topic>slim -- local disclosure of X authority magic cookie</topic> + <affects> + <package> + <name>slim</name> + <range><lt>1.3.1_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35132/"> + <p>A security issue has been reported in SLiM, which can be + exploited by malicious, local users to disclose sensitive + information.</p> + <p>The security issue is caused due to the application + generating the X authority file by passing the X authority + cookie via the command line to "xauth". This can be exploited + to disclose the X authority cookie by consulting the process + list and e.g. gain access the user's display.</p> + </blockquote> + </body> + </description> + <references> + <bid>35015</bid> + <cvename>CVE-2009-1756</cvename> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306</url> + </references> + <dates> + <discovery>2009-05-20</discovery> + <entry>2009-05-30</entry> + </dates> + </vuln> + + <vuln vid="4175c811-f690-4898-87c5-755b3cf1bac6"> + <topic>ntp -- stack-based buffer overflow</topic> + <affects> + <package> + <name>ntp</name> + <range><lt>4.2.4p7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>US-CERT reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/853097"> + <p>ntpd contains a stack buffer overflow which may allow a remote + unauthenticated attacker to execute arbitrary code on a vulnerable + system or create a denial of service.</p> + </blockquote> + </body> + </description> + <references> + <bid>35017</bid> + <cvename>CVE-2009-0159</cvename> + <cvename>CVE-2009-1252</cvename> + <url>http://www.kb.cert.org/vuls/id/853097</url> + </references> + <dates> + <discovery>2009-05-06</discovery> + <entry>2009-05-20</entry> + </dates> + </vuln> + + <vuln vid="5ed2f96b-33b7-4863-8c6b-540d22344424"> + <topic>imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007e</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33795"> + <p>University of Washington IMAP c-client is prone to a remote + format-string vulnerability because the software fails to adequately + sanitize user-supplied input before passing it as the + format-specifier to a formatted-printing function.</p> + </blockquote> + </body> + </description> + <references> + <bid>33795</bid> + </references> + <dates> + <discovery>2009-02-17</discovery> + <entry>2009-05-21</entry> + <modified>2009-05-22</modified> + </dates> + </vuln> + + <vuln vid="37a8603d-4494-11de-bea7-000c29a67389"> + <topic>nsd -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>nsd</name> + <range><lt>3.2.2</lt></range> + </package> + <package> + <name>nsd2</name> + <range><lt>2.3.7_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NLnet Labs:</p> + <blockquote cite="http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"> + <p>A one-byte buffer overflow has been reported in NSD. The + problem affects all versions 2.0.0 to 3.2.1. The bug allows + a carefully crafted exploit to bring down your DNS server. It + is highly unlikely that this one byte overflow can lead to + other (system) exploits.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1755</cvename> + <url>http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html</url> + </references> + <dates> + <discovery>2009-05-19</discovery> + <entry>2009-05-19</entry> + <modified>2009-05-22</modified> + </dates> + </vuln> + + <vuln vid="48e14d86-42f1-11de-ad22-000e35248ad7"> + <topic>libxine -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxine</name> + <range><lt>1.1.16.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>xine developers report:</p> + <blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=673233"> + <ul> + <li>Fix another possible int overflow in the 4XM demuxer. + (ref. TKADV2009-004, CVE-2009-0385)</li> + <li>Fix an integer overflow in the Quicktime demuxer.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0385</cvename> + <cvename>CVE-2009-1274</cvename> + <url>http://trapkit.de/advisories/TKADV2009-004.txt</url> + <url>http://trapkit.de/advisories/TKADV2009-005.txt</url> + <url>http://sourceforge.net/project/shownotes.php?release_id=660071</url> + </references> + <dates> + <discovery>2009-04-04</discovery> + <entry>2009-05-17</entry> + </dates> + </vuln> + + <vuln vid="51d1d428-42f0-11de-ad22-000e35248ad7"> + <topic>libxine -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxine</name> + <range><lt>1.1.16.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Multiple vulnerabilities were fixed in libxine 1.1.16.2.</p> + <p>Tobias Klein reports:</p> + <blockquote cite="http://trapkit.de/advisories/TKADV2009-004.txt"> + <p>FFmpeg contains a type conversion vulnerability while + parsing malformed 4X movie files. The vulnerability may be + exploited by a (remote) attacker to execute arbitrary code in + the context of FFmpeg or an application using the FFmpeg + library.</p> + <p>Note: A similar issue also affects xine-lib < version + 1.1.16.2.</p> + </blockquote> + <p>xine developers report:</p> + <blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=660071"> + <ul> + <li>Fix broken size checks in various input plugins (ref. + CVE-2008-5239).</li> + <li>More malloc checking (ref. CVE-2008-5240).</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0698</cvename> + <cvename>CVE-2008-5234</cvename> + <cvename>CVE-2008-5240</cvename> + <url>http://trapkit.de/advisories/TKADV2009-004.txt</url> + <url>http://sourceforge.net/project/shownotes.php?release_id=660071</url> + </references> + <dates> + <discovery>2009-02-15</discovery> + <entry>2009-05-17</entry> + </dates> + </vuln> + + <vuln vid="1e8031be-4258-11de-b67a-0030843d3802"> + <topic>php -- ini database truncation inside dba_replace() function</topic> + <affects> + <package> + <name>php4-dba</name> + <range><lt>4.4.9_1</lt></range> + </package> + <package> + <name>php5-dba</name> + <range><lt>5.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus research reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/498746/30/0/threaded"> + <p>A bug that leads to the emptying of the INI file contents if + the database key was not found exists in PHP dba extension in + versions 5.2.6, 4.4.9 and earlier.</p> + <p>Function dba_replace() are not filtering strings key and value. + There is a possibility for the destruction of the file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-7068</cvename> + <url>http://www.securityfocus.com/archive/1/498746/30/0/threaded</url> + <url>http://securityreason.com/achievement_securityalert/58</url> + </references> + <dates> + <discovery>2008-11-28</discovery> + <entry>2009-05-16</entry> + <modified>2013-06-16</modified> + </dates> + </vuln> + + <vuln vid="6a245f31-4254-11de-b67a-0030843d3802"> + <topic>libwmf -- embedded GD library Use-After-Free vulnerability</topic> + <affects> + <package> + <name>libwmf</name> + <range><lt>0.2.8.4_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34901"> + <p>A vulnerability has been reported in libwmf, which can be exploited + by malicious people to cause a DoS (Denial of Service) or compromise + an application using the library.</p> + <p>The vulnerability is caused due to a use-after-free error within the + embedded GD library, which can be exploited to cause a crash or + potentially to execute arbitrary code via a specially crafted WMF + file.</p> + </blockquote> + </body> + </description> + <references> + <bid>34792</bid> + <cvename>CVE-2009-1364</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=496864</url> + <url>https://rhn.redhat.com/errata/RHSA-2009-0457.html</url> + <url>http://secunia.com/advisories/34901/</url> + </references> + <dates> + <discovery>2009-05-05</discovery> + <entry>2009-05-16</entry> + </dates> + </vuln> + + <vuln vid="48aab1d0-4252-11de-b67a-0030843d3802"> + <topic>libwmf -- integer overflow vulnerability</topic> + <affects> + <package> + <name>libwmf</name> + <range><lt>0.2.8.4_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/20921"> + <p>infamous41md has reported a vulnerability in libwmf, which + potentially can be exploited by malicious people to compromise an + application using the vulnerable library.</p> + <p>The vulnerability is caused due to an integer overflow error when + allocating memory based on a value taken directly from a WMF file + without performing any checks. This can be exploited to cause a + heap-based buffer overflow when a specially crafted WMF file is + processed.</p> + </blockquote> + </body> + </description> + <references> + <bid>18751</bid> + <cvename>CVE-2006-3376</cvename> + <url>http://secunia.com/advisories/20921/</url> + </references> + <dates> + <discovery>2006-07-03</discovery> + <entry>2009-05-16</entry> + </dates> + </vuln> + + <vuln vid="bfe218a5-4218-11de-b67a-0030843d3802"> + <topic>moinmoin -- cross-site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.8.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34821/"> + <p>Input passed via multiple parameters to action/AttachFile.py is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in the context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1482</cvename> + <url>http://secunia.com/advisories/34821/</url> + <url>http://moinmo.in/SecurityFixes</url> + </references> + <dates> + <discovery>2009-04-21</discovery> + <entry>2009-05-16</entry> + </dates> + </vuln> + + <vuln vid="4a638895-41b7-11de-b1cc-00219b0fc4d8"> + <topic>mod_perl -- cross-site scripting</topic> + <affects> + <package> + <name>mod_perl</name> + <range><lt>1.31</lt></range> + </package> + <package> + <name>mod_perl2</name> + <range><lt>2.05</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/3459796"> + <p>Certain input passed to the "Apache::Status" and "Apache2::Status" + modules is not properly sanitised before being returned to the user. + This can be exploited to execute arbitrary HTML and script code in a + user's browser session in context of an affected website.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0796</cvename> + <url>http://secunia.com/advisories/34597</url> + </references> + <dates> + <discovery>2009-02-28</discovery> + <entry>2009-05-16</entry> + <modified>2009-05-16</modified> + </dates> + </vuln> + + <vuln vid="a6605f4b-4067-11de-b444-001372fd0af2"> + <topic>drupal -- cross-site scripting</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.18</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Drupal Security Team reports:</p> + <blockquote cite="http://drupal.org/node/461886"> + <p>When outputting user-supplied data Drupal strips potentially + dangerous HTML attributes and tags or escapes characters which + have a special meaning in HTML. This output filtering secures the + site against cross site scripting attacks via user input.</p> + <p>Certain byte sequences that are valid in the UTF-8 specification + are potentially dangerous when interpreted as UTF-7. Internet + Explorer 6 and 7 may decode these characters as UTF-7 if they + appear before the <meta http-equiv="Content-Type" /> tag that + specifies the page content as UTF-8, despite the fact that Drupal + also sends a real HTTP header specifying the content as UTF-8. + This enables attackers to execute cross site scripting attacks + with UTF-7. SA-CORE-2009-005 - Drupal core - Cross site scripting + contained an incomplete fix for the issue. HTML exports of books + are still vulnerable, which means that anyone with edit + permissions for pages in outlines is able to insert arbitrary HTML + and script code in these exports.</p> + <p>Additionally, the taxonomy module allows users with the + 'administer taxonomy' permission to inject arbitrary HTML and + script code in the help text of any vocabulary.</p> + </blockquote> + </body> + </description> + <references> + <url>http://drupal.org/node/461886</url> + <url>http://secunia.com/advisories/35045</url> + </references> + <dates> + <discovery>2009-05-13</discovery> + <entry>2009-05-14</entry> + <modified>2009-05-16</modified> + </dates> + </vuln> + + <vuln vid="14ab174c-40ef-11de-9fd5-001bd3385381"> + <topic>cyrus-sasl -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>cyrus-sasl</name> + <range><lt>2.1.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>US-CERT reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/238019"> + <p>The sasl_encode64() function converts a string into + base64. The Cyrus SASL library contains buffer overflows + that occur because of unsafe use of the sasl_encode64() + function.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0688</cvename> + <url>http://www.kb.cert.org/vuls/id/238019</url> + </references> + <dates> + <discovery>2009-04-08</discovery> + <entry>2009-05-15</entry> + </dates> + </vuln> + + <vuln vid="fc4d0ae8-3fa3-11de-a3fd-0030843d3802"> + <topic>moinmoin -- multiple cross site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.8.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33593/"> + <p>Some vulnerabilities have been reported in MoinMoin, which can be + exploited by malicious people to conduct cross-site scripting attacks.</p> + <p>Input passed to multiple parameters in action/AttachFile.py is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in the context of an affected site.</p> + <p>Certain input passed to security/antispam.py is not properly + sanitised before being returned to the user. This can be exploited to + execute arbitrary HTML and script code in a user's browser session in + the context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0260</cvename> + <cvename>CVE-2009-0312</cvename> + <url>http://moinmo.in/SecurityFixes</url> + <url>http://secunia.com/advisories/33593</url> + </references> + <dates> + <discovery>2009-01-21</discovery> + <entry>2009-05-13</entry> + </dates> + </vuln> + + <vuln vid="f0f97b94-3f95-11de-a3fd-0030843d3802"> + <topic>ghostscript -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>ghostscript8</name> + <name>ghostscript8-nox11</name> + <range><lt>8.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34340/discuss"> + <p>Ghostscript is prone to a remote buffer-overflow vulnerability + because it fails to properly bounds-check user-supplied input before + copying it into a finite-sized buffer.</p> + <p>Exploiting this issue allows remote attackers to overwrite a + sensitive memory buffer with arbitrary data, potentially allowing them + to execute malicious machine code in the context of the affected + application. This vulnerability may facilitate the compromise of + affected computers.</p> + </blockquote> + </body> + </description> + <references> + <bid>34340</bid> + <cvename>CVE-2008-6679</cvename> + </references> + <dates> + <discovery>2009-02-03</discovery> + <entry>2009-05-13</entry> + </dates> + </vuln> + + <vuln vid="4b172278-3f46-11de-becb-001cc0377035"> + <topic>pango -- integer overflow</topic> + <affects> + <package> + <name>pango</name> + <name>linux-pango</name> + <name>linux-f8-pango</name> + <name>linux-f10-pango</name> + <range><lt>1.24</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>oCERT reports:</p> + <blockquote cite="http://www.ocert.org/advisories/ocert-2009-001.html"> + <p>Pango suffers from a multiplicative integer overflow which + may lead to a potentially exploitable, heap overflow depending + on the calling conditions.</p> + <p>For example, this vulnerability is remotely reachable in Firefox + by creating an overly large document.location value but only results + in a process-terminating, allocation error (denial of service).</p> + <p>The affected function is pango_glyph_string_set_size. An overflow + check when doubling the size neglects the overflow possible on the + subsequent allocation.</p> + </blockquote> + </body> + </description> + <references> + <bid>34870</bid> + <cvename>CVE-2009-1194</cvename> + <url>http://secunia.com/advisories/35021/</url> + </references> + <dates> + <discovery>2009-02-22</discovery> + <entry>2009-05-13</entry> + <modified>2009-10-01</modified> + </dates> + </vuln> + + <vuln vid="defce068-39aa-11de-a493-001b77d09812"> + <topic>wireshark -- multiple vulnerabilities</topic> + <affects> + <package> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <name>wireshark</name> + <name>wireshark-lite</name> + <range><lt>1.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Wireshark team reports:</p> + <blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-02.html"> + <p>Wireshark 1.0.7 fixes the following vulnerabilities:</p> + <ul> + <li>The PROFINET dissector was vulnerable to a format + string overflow. (Bug 3382) Versions affected: 0.99.6 to + 1.0.6, CVE-2009-1210.</li> + <li>The Check Point High-Availability Protocol (CPHAP) + dissector could crash. (Bug 3269) Versions affected: 0.9.6 + to 1.0.6; CVE-2009-1268.</li> + <li>Wireshark could crash while loading a Tektronix .rf5 + file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6, + CVE-2009-1269.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <bid>34291</bid> + <bid>34457</bid> + <cvename>CVE-2009-1210</cvename> + <cvename>CVE-2009-1268</cvename> + <cvename>CVE-2009-1269</cvename> + <url>http://www.wireshark.org/security/wnpa-sec-2009-02.html</url> + <url>http://secunia.com/advisories/34542</url> + </references> + <dates> + <discovery>2009-04-06</discovery> + <entry>2009-05-09</entry> + <modified>2009-05-13</modified> + </dates> + </vuln> + + <vuln vid="736e55bc-39bb-11de-a493-001b77d09812"> + <topic>cups -- remote code execution and DNS rebinding</topic> + <affects> + <package> + <name>cups-base</name> + <range><lt>1.3.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gentoo security team summarizes:</p> + <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml"> + <p>The following issues were reported in CUPS:</p> + <ul> + <li>iDefense reported an integer overflow in the + _cupsImageReadTIFF() function in the "imagetops" filter, + leading to a heap-based buffer overflow (CVE-2009-0163).</li> + <li>Aaron Siegel of Apple Product Security reported that the + CUPS web interface does not verify the content of the "Host" + HTTP header properly (CVE-2009-0164).</li> + <li>Braden Thomas and Drew Yao of Apple Product Security + reported that CUPS is vulnerable to CVE-2009-0146, + CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and + poppler.</li> + </ul> + <p>A remote attacker might send or entice a user to send a + specially crafted print job to CUPS, possibly resulting in the + execution of arbitrary code with the privileges of the + configured CUPS user -- by default this is "lp", or a Denial + of Service. Furthermore, the web interface could be used to + conduct DNS rebinding attacks.</p> + </blockquote> + </body> + </description> + <references> + <bid>34571</bid> + <bid>34665</bid> + <bid>34568</bid> + <cvename>CVE-2009-0163</cvename> + <cvename>CVE-2009-0164</cvename> + <cvename>CVE-2009-0146</cvename> + <cvename>CVE-2009-0147</cvename> + <cvename>CVE-2009-0166</cvename> + <url>http://www.cups.org/articles.php?L582</url> + </references> + <dates> + <discovery>2009-05-05</discovery> + <entry>2009-05-07</entry> + <modified>2009-05-13</modified> + </dates> + </vuln> + + <vuln vid="fbc8413f-2f7a-11de-9a3f-001b77d09812"> + <topic>FreeBSD -- remotely exploitable crash in OpenSSL</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_10</lt></range> + <range><ge>6.4</ge><lt>6.4_4</lt></range> + <range><ge>7.0</ge><lt>7.0_12</lt></range> + <range><ge>7.1</ge><lt>7.1_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>The function ASN1_STRING_print_ex does not properly validate + the lengths of BMPString or UniversalString objects before + attempting to print them.</p> + <h1>Impact</h1> + <p>An application which attempts to print a BMPString or + UniversalString which has an invalid length will crash as a + result of OpenSSL accessing invalid memory locations. This + could be used by an attacker to crash a remote application.</p> + <h1>Workaround</h1> + <p>No workaround is available, but applications which do not use + the ASN1_STRING_print_ex function (either directly or indirectly) + are not affected.</p> + </body> + </description> + <references> + <freebsdsa>SA-09:08.openssl</freebsdsa> + <cvename>CVE-2009-0590</cvename> + </references> + <dates> + <discovery>2009-03-25</discovery> + <entry>2009-05-07</entry> + <modified>2009-05-13</modified> + </dates> + </vuln> + + <vuln vid="2748fdde-3a3c-11de-bbc5-00e0815b8da8"> + <topic>quagga -- Denial of Service</topic> + <affects> + <package> + <name>quagga</name> + <range><lt>0.99.11_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Debian Security Team reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/503220"> + <p>It was discovered that Quagga, an IP routing daemon, could + no longer process the Internet routing table due to broken + handling of multiple 4-byte AS numbers in an AS path. If such + a prefix is received, the BGP daemon crashes with an assert + failure leading to a denial of service.</p> + </blockquote> + </body> + </description> + <references> + <bid>34656</bid> + <mlist msgid="Pine.LNX.4.64.0904301931590.24373@nacho.alt.net">http://lists.quagga.net/pipermail/quagga-dev/2009-April/006541.html</mlist> + <cvename>CVE-2009-1572</cvename> + </references> + <dates> + <discovery>2009-05-04</discovery> + <entry>2009-05-06</entry> + <modified>2009-05-07</modified> + </dates> + </vuln> + + <vuln vid="e3e30d99-58a8-4a3f-8059-a8b7cd59b881"> + <topic>openfire -- Openfire No Password Changes Security Bypass</topic> + <affects> + <package> + <name>openfire</name> + <range><lt>3.6.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34984/"> + <p>A vulnerability has been reported in Openfire which can + be exploited by malicious users to bypass certain security + restrictions. The vulnerability is caused due to Openfire + not properly respecting the no password changes setting which + can be exploited to change passwords by sending jabber:iq:auth + passwd_change requests to the server.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1596</cvename> + <url>http://secunia.com/advisories/34984/</url> + <url>http://www.igniterealtime.org/issues/browse/JM-1532</url> + <url>http://www.igniterealtime.org/community/message/190288#190288</url> + </references> + <dates> + <discovery>2009-05-04</discovery> + <entry>2009-05-04</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="7a1ab8d4-35c1-11de-9672-0030843d3802"> + <topic>drupal -- cross site scripting</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.17</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Security Team reports:</p> + <blockquote cite="http://drupal.org/node/449078"> + <p>When outputting user-supplied data Drupal strips potentially + dangerous HTML attributes and tags or escapes characters which have a + special meaning in HTML. This output filtering secures the site + against cross site scripting attacks via user input.</p> + <p>Certain byte sequences that are valid in the UTF-8 specification + are potentially dangerous when interpreted as UTF-7. Internet Explorer + 6 and 7 may decode these characters as UTF-7 if they appear before the + meta http-equiv="Content-Type" tag that specifies the page content + as UTF-8, despite the fact that Drupal also sends a real HTTP header + specifying the content as UTF-8. This behaviour enables malicious + users to insert and execute Javascript in the context of the website + if site visitors are allowed to post content.</p> + <p>In addition, Drupal core also has a very limited information + disclosure vulnerability under very specific conditions. If a user is + tricked into visiting the site via a specially crafted URL and then + submits a form (such as the search box) from that page, the + information in their form submission may be directed to a third-party + site determined by the URL and thus disclosed to the third party. The + third party site may then execute a CSRF attack against the submitted + form.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1575</cvename> + <cvename>CVE-2009-1576</cvename> + <url>http://drupal.org/node/449078</url> + </references> + <dates> + <discovery>2009-04-30</discovery> + <entry>2009-04-30</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="3b18e237-2f15-11de-9672-0030843d3802"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.20_7,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.9,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-firefox-devel</name> + <range><lt>3.0.9</lt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.17</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.22</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>MFSA 2009-22: Firefox allows Refresh header to redirect to + javascript: URIs</p> + <p>MFSA 2009-21: POST data sent to wrong site when saving web page + with embedded frame</p> + <p>MFSA 2009-20: Malicious search plugins can inject code into + arbitrary sites</p> + <p>MFSA 2009-19: Same-origin violations in XMLHttpRequest and + XPCNativeWrapper.toString</p> + <p>MFSA 2009-18: XSS hazard using third-party stylesheets and XBL + bindings</p> + <p>MFSA 2009-17: Same-origin violations when Adobe Flash loaded via + view-source: scheme</p> + <p>MFSA 2009-16: jar: scheme ignores the content-disposition: header + on the inner URI</p> + <p>MFSA 2009-15: URL spoofing with box drawing character</p> + <p>MFSA 2009-14 Crashes with evidence of memory corruption + (rv:1.9.0.9)</p> + </blockquote> + </body> + </description> + <references> + <bid>34656</bid> + <cvename>CVE-2009-1303</cvename> + <cvename>CVE-2009-1306</cvename> + <cvename>CVE-2009-1307</cvename> + <cvename>CVE-2009-1308</cvename> + <cvename>CVE-2009-1309</cvename> + <cvename>CVE-2009-1312</cvename> + <cvename>CVE-2009-1311</cvename> + <cvename>CVE-2009-1302</cvename> + <cvename>CVE-2009-1304</cvename> + <cvename>CVE-2009-1305</cvename> + <cvename>CVE-2009-1310</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-22.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-21.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-20.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-19.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-18.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-17.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-16.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-15.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-14.html</url> + </references> + <dates> + <discovery>2009-04-21</discovery> + <entry>2009-04-22</entry> + <modified>2009-12-12</modified> + </dates> + </vuln> + + <vuln vid="50d233d9-374b-46ce-922d-4e6b3f777bef"> + <topic>poppler -- Poppler Multiple Vulnerabilities</topic> + <affects> + <package> + <name>poppler</name> + <range><lt>0.10.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite=" http://secunia.com/advisories/34746/"> + <p>Some vulnerabilities have been reported in Poppler which can be + exploited by malicious people to potentially compromise an + application using the library.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/34746/</url> + </references> + <dates> + <discovery>2009-04-17</discovery> + <entry>2009-04-18</entry> + </dates> + </vuln> + + <vuln vid="a21037d5-2c38-11de-ab3b-0017a4cccfc6"> + <topic>xpdf -- multiple vulnerabilities</topic> + <affects> + <package> + <name>xpdf</name> + <range><lt>3.02_11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://www.vupen.com/english/advisories/2009/1065"> + <p>Some vulnerabilities have been reported in Xpdf, which can be + exploited by malicious people to potentially compromise a user's + system.</p> + <p>A boundary error exists when decoding JBIG2 symbol dictionary + segments. This can be exploited to cause a heap-based buffer + overflow and potentially execute arbitrary code.</p> + <p>Multiple integer overflows in the JBIG2 decoder can be + exploited to potentially execute arbitrary code.</p> + <p>Multiple boundary errors in the JBIG2 decoder can be + exploited to cause buffer overflows and potentially execute + arbitrary code.</p> + <p>Multiple errors in the JBIG2 decoder can be exploited can be + exploited to free arbitrary memory and potentially execute arbitrary + code.</p> + <p>Multiple unspecified input validation errors in the JBIG2 decoder can + be exploited to potentially execute arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0146</cvename> + <cvename>CVE-2009-0147</cvename> + <cvename>CVE-2009-0166</cvename> + <cvename>CVE-2009-0799</cvename> + <cvename>CVE-2009-0800</cvename> + <cvename>CVE-2009-1179</cvename> + <cvename>CVE-2009-1180</cvename> + <cvename>CVE-2009-1181</cvename> + <cvename>CVE-2009-1182</cvename> + <cvename>CVE-2009-1183</cvename> + <url>http://secunia.com/advisories/34291</url> + <url>http://www.vupen.com/english/advisories/2009/1065</url> + </references> + <dates> + <discovery>2009-04-16</discovery> + <entry>2009-04-18</entry> + <modified>2009-04-18</modified> + </dates> + </vuln> + + <vuln vid="20b4f284-2bfc-11de-bdeb-0030843d3802"> + <topic>freetype2 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>freetype2</name> + <range><lt>2.3.9_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34723/"> + <p>Some vulnerabilities have been reported in FreeType, which can be + exploited by malicious people to potentially compromise an application + using the library.</p> + <p>An integer overflow error within the "cff_charset_compute_cids()" + function in cff/cffload.c can be exploited to potentially cause a + heap-based buffer overflow via a specially crafted font.</p> + <p>Multiple integer overflow errors within validation functions in + sfnt/ttcmap.c can be exploited to bypass length validations and + potentially cause buffer overflows via specially crafted fonts.</p> + <p>An integer overflow error within the "ft_smooth_render_generic()" + function in smooth/ftsmooth.c can be exploited to potentially cause a + heap-based buffer overflow via a specially crafted font.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0946</cvename> + <url>http://secunia.com/advisories/34723/</url> + </references> + <dates> + <discovery>2009-04-16</discovery> + <entry>2009-04-18</entry> + </dates> + </vuln> + + <vuln vid="cf91c1e4-2b6d-11de-931b-00e0815b8da8"> + <topic>ejabberd -- cross-site scripting vulnerability</topic> + <affects> + <package> + <name>ejabberd</name> + <range><lt>2.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34133"> + <p>The ejabberd application is prone to a cross-site scripting + vulnerability.</p> + <p>An attacker may leverage this issue to execute arbitrary script code + in the browser of an unsuspecting user in the context of the affected + site and to steal cookie-based authentication credentials.</p> + </blockquote> + </body> + </description> + <references> + <bid>34133</bid> + <cvename>CVE-2009-0934</cvename> + </references> + <dates> + <discovery>2009-03-16</discovery> + <entry>2009-04-17</entry> + </dates> + </vuln> + + <vuln vid="872ae5be-29c0-11de-bdeb-0030843d3802"> + <topic>ziproxy -- multiple vulnerability</topic> + <affects> + <package> + <name>ziproxy</name> + <range><lt>2.7.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ziproxy Developers reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/MAPG-7N9GN8"> + <p>Multiple HTTP proxy implementations are prone to an + information-disclosure vulnerability related to the interpretation of + the 'Host' HTTP header. Specifically, this issue occurs when the proxy + makes a forwarding decision based on the 'Host' HTTP header instead of + the destination IP address.</p> + <p>Attackers may exploit this issue to obtain sensitive information + such as internal intranet webpages. Additional attacks may also be + possible.</p> + </blockquote> + </body> + </description> + <references> + <bid>33858</bid> + <cvename>CVE-2009-0804</cvename> + <url>http://www.kb.cert.org/vuls/id/MAPG-7N9GN8</url> + </references> + <dates> + <discovery>2009-02-23</discovery> + <entry>2009-04-15</entry> + </dates> + </vuln> + + <vuln vid="1a0e4cc6-29bf-11de-bdeb-0030843d3802"> + <topic>phpmyadmin -- insufficient output sanitizing when generating configuration file</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>3.1.3.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin Team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php"> + <p>Setup script used to generate configuration can be fooled using a + crafted POST request to include arbitrary PHP code in generated + configuration file. Combined with ability to save files on server, + this can allow unauthenticated users to execute arbitrary PHP code. + This issue is on different parameters than PMASA-2009-3 and it was + missed out of our radar because it was not existing in 2.11.x + branch.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1285</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php</url> + </references> + <dates> + <discovery>2009-04-14</discovery> + <entry>2009-04-15</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="03d22656-2690-11de-8226-0030843d3802"> + <topic>drupal6-cck -- cross-site scripting</topic> + <affects> + <package> + <name>drupal6-cck</name> + <range><lt>2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal CCK plugin developer reports:</p> + <blockquote cite="http://drupal.org/node/406520"> + <p>The Node reference and User reference sub-modules, which + are part of the Content Construction Kit (CCK) project, lets + administrators define node fields that are references to other + nodes or to users. When displaying a node edit form, the + titles of candidate referenced nodes or names of candidate + referenced users are not properly filtered, allowing malicious + users to inject arbitrary code on those pages. Such a cross + site scripting (XSS) attack may lead to a malicious user + gaining full administrative access.</p> + </blockquote> + </body> + </description> + <references> + <bid>34172</bid> + <cvename>CVE-2009-1069</cvename> + <url>http://drupal.org/node/406520</url> + </references> + <dates> + <discovery>2009-03-23</discovery> + <entry>2009-04-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="0fe73a4a-1b18-11de-8226-0030843d3802"> + <topic>pivot-weblog -- file deletion vulnerability</topic> + <affects> + <package> + <name>pivot-weblog</name> + <range><lt>1.40.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34302"> + <p>A vulnerability has been discovered in Pivot, which can be + exploited by malicious people to delete certain files.</p> + <p>Input passed to the "refkey" parameter in + extensions/bbclone_tools/count.php is not properly sanitised + before being used to delete files. This can be exploited to + delete files with the permissions of the web server via directory + traversal sequences passed within the "refkey" parameter.</p> + <p>NOTE: Users with the "Advanced" user level are able to include and + execute uploaded PHP code via the "pivot_path" parameter in + extensions/bbclone_tools/getkey.php when + extensions/bbclone_tools/hr_conf.php can be deleted.</p> + </blockquote> + </body> + </description> + <references> + <bid>34160</bid> + <url>http://secunia.com/advisories/34302/</url> + </references> + <dates> + <discovery>2009-03-18</discovery> + <entry>2009-03-27</entry> + </dates> + </vuln> + + <vuln vid="06f9174f-190f-11de-b2f0-001c2514716c"> + <topic>phpmyadmin -- insufficient output sanitizing when generating configuration file</topic> + <affects> + <package> + <name>phpMyAdmin211</name> + <range><lt>2.11.9.5</lt></range> + </package> + <package> + <name>phpMyAdmin</name> + <range><lt>3.1.3.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php"> + <p>Setup script used to generate configuration can be fooled + using a crafted POST request to include arbitrary PHP code + in generated configuration file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1151</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php</url> + </references> + <dates> + <discovery>2009-03-24</discovery> + <entry>2009-03-25</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="6bb6188c-17b2-11de-ae4d-0030843d3802"> + <topic>amarok -- multiple vulnerabilities</topic> + <affects> + <package> + <name>amarok</name> + <range><lt>1.4.10_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33505"> + <p>Tobias Klein has reported some vulnerabilities in Amarok, which + potentially can be exploited by malicious people to compromise a + user's system.</p> + <p>Two integer overflow errors exist within the + "Audible::Tag::readTag()" function in + src/metadata/audible/audibletag.cpp. These can be exploited to cause + heap-based buffer overflows via specially crafted Audible Audio + files.</p> + <p>Two errors within the "Audible::Tag::readTag()" function in + src/metadata/audible/audibletag.cpp can be exploited to corrupt + arbitrary memory via specially crafted Audible Audio files.</p> + </blockquote> + </body> + </description> + <references> + <bid>33210</bid> + <cvename>CVE-2009-0135</cvename> + <cvename>CVE-2009-0136</cvename> + <url>http://www.debian.org/security/2009/dsa-1706</url> + <url>http://secunia.com/advisories/33505</url> + </references> + <dates> + <discovery>2009-01-12</discovery> + <entry>2009-03-23</entry> + </dates> + </vuln> + + <vuln vid="f6f19735-9245-4918-8a60-87948ebb4907"> + <topic>wireshark -- multiple vulnerabilities</topic> + <affects> + <package> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <name>wireshark</name> + <name>wireshark-lite</name> + <range><lt>1.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Vendor reports:</p> + <blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-01.html"> + <p>On non-Windows systems Wireshark could crash if the HOME + environment variable contained sprintf-style string formatting + characters. Wireshark could crash while reading a malformed + NetScreen snoop file. Wireshark could crash while reading a + Tektronix K12 text capture file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0599</cvename> + <cvename>CVE-2009-0600</cvename> + <cvename>CVE-2009-0601</cvename> + <url>http://www.wireshark.org/security/wnpa-sec-2009-01.html</url> + </references> + <dates> + <discovery>2009-02-06</discovery> + <entry>2009-03-22</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="72cba7b0-13cd-11de-a964-0030843d3802"> + <topic>netatalk -- arbitrary command execution in papd daemon</topic> + <affects> + <package> + <name>netatalk</name> + <range><lt>2.0.3_5,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33227/"> + <p>A vulnerability has been reported in Netatalk, which potentially + can be exploited by malicious users to compromise a vulnerable system.</p> + <p>The vulnerability is caused due to the papd daemon improperly + sanitising several received parameters before passing them in a call + to popen(). This can be exploited to execute arbitrary commands via + a specially crafted printing request.</p> + <p>Successful exploitation requires that a printer is configured to + pass arbitrary values as parameters to a piped command.</p> + </blockquote> + </body> + </description> + <references> + <bid>32925</bid> + <cvename>CVE-2008-5718</cvename> + <url>http://secunia.com/advisories/33227/</url> + <url>http://www.openwall.com/lists/oss-security/2009/01/13/3</url> + </references> + <dates> + <discovery>2008-12-19</discovery> + <entry>2009-03-18</entry> + <modified>2009-03-18</modified> + </dates> + </vuln> + + <vuln vid="37a365ed-1269-11de-a964-0030843d3802"> + <topic>gstreamer-plugins-good -- multiple memory overflows</topic> + <affects> + <package> + <name>gstreamer-plugins-good</name> + <range><ge>0.10.9,3</ge><lt>0.10.12,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33650/"> + <p>Tobias Klein has reported some vulnerabilities in GStreamer Good + Plug-ins, which can potentially be exploited by malicious people to + compromise a vulnerable system.</p> + <p>A boundary error occurs within the "qtdemux_parse_samples()" + function in gst/gtdemux/qtdemux.c when performing QuickTime "ctts" + Atom parsing. This can be exploited to cause a heap-based buffer + overflow via a specially crafted QuickTime media file.</p> + <p>An array indexing error exists in the "qtdemux_parse_samples()" + function in gst/gtdemux/qtdemux.c when performing QuickTime "stss" + Atom parsing. This can be exploited to corrupt memory via a specially + crafted QuickTime media file.</p> + <p>A boundary error occurs within the "qtdemux_parse_samples()" + function in gst/gtdemux/qtdemux.c when performing QuickTime "stts" + Atom parsing. This can be exploited to cause a heap-based buffer + overflow via a specially crafted QuickTime media file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0386</cvename> + <cvename>CVE-2009-0387</cvename> + <cvename>CVE-2009-0397</cvename> + <url>http://secunia.com/advisories/33650/</url> + <url>http://trapkit.de/advisories/TKADV2009-003.txt</url> + <url>http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html</url> + </references> + <dates> + <discovery>2009-01-22</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="c5af0747-1262-11de-a964-0030843d3802"> + <topic>libsndfile -- CAF processing integer overflow vulnerability</topic> + <affects> + <package> + <name>libsndfile</name> + <range><lt>1.0.19</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33980/"> + <p>The vulnerability is caused due to an integer overflow error in the + processing of CAF description chunks. This can be exploited to cause a + heap-based buffer overflow by tricking the user into processing a + specially crafted CAF audio file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0186</cvename> + <url>http://secunia.com/advisories/33980/</url> + </references> + <dates> + <discovery>2009-03-03</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="6733e1bf-125f-11de-a964-0030843d3802"> + <topic>ffmpeg -- 4xm processing memory corruption vulnerability</topic> + <affects> + <package> + <name>ffmpeg</name> + <range><lt>2008.07.27_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33711/"> + <p>Tobias Klein has reported a vulnerability in FFmpeg, which + potentially can be exploited by malicious people to compromise an + application using the library.</p> + <p>The vulnerability is caused due to a signedness error within the + "fourxm_read_header()" function in libavformat/4xm.c. This can be + exploited to corrupt arbitrary memory via a specially crafted 4xm + file.</p> + </blockquote> + </body> + </description> + <references> + <bid>33502</bid> + <cvename>CVE-2009-0385</cvename> + <url>http://secunia.com/advisories/33711/</url> + <url>http://trapkit.de/advisories/TKADV2009-004.txt</url> + </references> + <dates> + <discovery>2009-01-28</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="35c0b572-125a-11de-a964-0030843d3802"> + <topic>roundcube -- webmail script insertion and php code injection</topic> + <affects> + <package> + <name>roundcube</name> + <range><lt>0.2.1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33622/"> + <p>Some vulnerabilities have been reported in RoundCube Webmail, which + can be exploited by malicious users to compromise a vulnerable system + and by malicious people to conduct script insertion attacks and + compromise a vulnerable system.</p> + <p>The HTML "background" attribute within e.g. HTML emails is not + properly sanitised before being used. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in context + of an affected site if a malicious email is viewed.</p> + <p>Input passed via a vCard is not properly sanitised before being + used in a call to "preg_replace()" with the "e" modifier in + program/include/rcube_vcard.php. This can be exploited to inject and + execute arbitrary PHP code by e.g. tricking a user into importing a + malicious vCard file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0413</cvename> + <url>http://secunia.com/advisories/33622/</url> + <url>http://sourceforge.net/forum/forum.php?forum_id=927958</url> + <url>http://trac.roundcube.net/changeset/2245</url> + <url>http://trac.roundcube.net/ticket/1485689</url> + </references> + <dates> + <discovery>2009-01-21</discovery> + <entry>2009-03-16</entry> + <modified>2009-03-26</modified> + </dates> + </vuln> + + <vuln vid="ca0841ff-1254-11de-a964-0030843d3802"> + <topic>proftpd -- multiple sql injection vulnerabilities</topic> + <affects> + <package> + <name>proftpd</name> + <name>proftpd-mysql</name> + <range><lt>1.3.2</lt></range> + </package> + <package> + <name>proftpd-devel</name> + <range><le>1.3.20080922</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33842/"> + <p>Some vulnerabilities have been reported in ProFTPD, which can be + exploited by malicious people to conduct SQL injection attacks.</p> + <p>The application improperly sets the character encoding prior to + performing SQL queries. This can be exploited to manipulate SQL + queries by injecting arbitrary SQL code in an environment using a + multi-byte character encoding.</p> + <p>An error exists in the "mod_sql" module when processing e.g. user + names containing '%' characters. This can be exploited to bypass input + sanitation routines and manipulate SQL queries by injecting arbitrary + SQL code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0542</cvename> + <cvename>CVE-2009-0543</cvename> + <url>http://secunia.com/advisories/33842/</url> + <url>http://bugs.proftpd.org/show_bug.cgi?id=3173</url> + <url>http://bugs.proftpd.org/show_bug.cgi?id=3124</url> + <url>http://milw0rm.com/exploits/8037</url> + </references> + <dates> + <discovery>2009-02-06</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="03140526-1250-11de-a964-0030843d3802"> + <topic>zabbix -- php frontend multiple vulnerabilities</topic> + <affects> + <package> + <name>zabbix</name> + <range><lt>1.6.2_1,1</lt></range> + </package> + <package> + <name>zabbix-agent</name> + <range><lt>1.6.2_1,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34091/"> + <p>Some vulnerabilities have been reported in the ZABBIX PHP frontend, + which can be exploited by malicious people to conduct cross-site + request forgery attacks and malicious users to disclose sensitive + information and compromise a vulnerable system.</p> + <p>Input appended to and passed via the "extlang" parameter to the + "calc_exp2()" function in include/validate.inc.php is not properly + sanitised before being used. This can be exploited to inject and + execute arbitrary PHP code.</p> + <p>The application allows users to perform certain actions via HTTP + requests without performing any validity checks to verify the + requests. This can be exploited to e.g. create users by enticing a + logged in administrator to visit a malicious web page.</p> + <p>Input passed to the "srclang" parameter in locales.php (when "next" + is set to a non-NULL value) is not properly verified before being used + to include files. This can be exploited to include arbitrary files + from local resources via directory traversal attacks and URL-encoded + NULL bytes.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/34091/</url> + <url>http://www.ush.it/team/ush/hack-zabbix_162/adv.txt</url> + </references> + <dates> + <discovery>2009-03-04</discovery> + <entry>2009-03-16</entry> + <modified>2009-03-23</modified> + </dates> + </vuln> + + <vuln vid="a2074ac6-124c-11de-a964-0030843d3802"> + <topic>php-mbstring -- php mbstring buffer overflow vulnerability</topic> + <affects> + <package> + <name>php4-mbstring</name> + <range><lt>4.4.9</lt></range> + </package> + <package> + <name>php5-mbstring</name> + <range><lt>5.2.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32948"> + <p>PHP is prone to a buffer-overflow vulnerability because it fails to + perform boundary checks before copying user-supplied data to + insufficiently sized memory buffers. The issue affects the 'mbstring' + extension included in the standard distribution.</p> + <p>An attacker can exploit this issue to execute arbitrary machine + code in the context of the affected webserver. Failed exploit attempts + will likely crash the webserver, denying service to legitimate + users.</p> + </blockquote> + </body> + </description> + <references> + <bid>32948</bid> + <cvename>CVE-2008-5557</cvename> + </references> + <dates> + <discovery>2008-12-21</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="4ce3c20b-124b-11de-a964-0030843d3802"> + <topic>phppgadmin -- directory traversal with register_globals enabled</topic> + <affects> + <package> + <name>phppgadmin</name> + <range><lt>4.2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33014"> + <p>Dun has discovered a vulnerability in phpPgAdmin, which can be + exploited by malicious people to disclose sensitive information.</p> + <p>Input passed via the "_language" parameter to libraries/lib.inc.php + is not properly sanitised before being used to include files. This can + be exploited to include arbitrary files from local resources via + directory traversal attacks and URL-encoded NULL bytes.</p> + </blockquote> + </body> + </description> + <references> + <bid>32670</bid> + <cvename>CVE-2008-5587</cvename> + <url>http://secunia.com/advisories/33014</url> + </references> + <dates> + <discovery>2008-12-08</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="8c5205b4-11a0-11de-a964-0030843d3802"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <name>linux-opera</name> + <range><lt>9.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/freebsd/964/"> + <p>An unspecified error in the processing of JPEG images can be + exploited to trigger a memory corruption.</p> + <p>An error can be exploited to execute arbitrary script code in a + different domain via unspecified plugins.</p> + <p>An unspecified error has a "moderately severe" impact. No further + information is available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0914</cvename> + <cvename>CVE-2009-0915</cvename> + <url>http://www.opera.com/docs/changelogs/freebsd/964/</url> + <url>http://secunia.com/advisories/34135/</url> + </references> + <dates> + <discovery>2009-03-15</discovery> + <entry>2009-03-15</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="e848a92f-0e7d-11de-92de-000bcdc1757a"> + <topic>epiphany -- untrusted search path vulnerability</topic> + <affects> + <package> + <name>epiphany</name> + <range><lt>2.24.2.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE Mitre reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985"> + <p>Untrusted search path vulnerability in the Python interface in + Epiphany 2.22.3, and possibly other versions, allows local users to + execute arbitrary code via a Trojan horse Python file in the current + working directory, related to a vulnerability in the PySys_SetArgv + function (CVE-2008-5983).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5985</cvename> + <cvename>CVE-2008-5983</cvename> + </references> + <dates> + <discovery>2009-01-26</discovery> + <entry>2009-03-11</entry> + </dates> + </vuln> + + <vuln vid="f1892066-0e74-11de-92de-000bcdc1757a"> + <topic>apache -- Cross-site scripting vulnerability</topic> + <affects> + <package> + <name>apache</name> + <range><gt>2.2.0</gt><lt>2.2.9_2</lt></range> + <range><gt>2.0.0</gt><lt>2.0.63_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE Mitre reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939"> + <p>Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the + mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c + in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, + allows remote attackers to inject arbitrary web script or HTML via a + wildcard in the last directory component in the pathname in an FTP + URI.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-2939</cvename> + <url>http://www.rapid7.com/advisories/R7-0033.jsp</url> + </references> + <dates> + <discovery>2008-07-25</discovery> + <entry>2009-03-11</entry> + </dates> + </vuln> + + <vuln vid="ea2411a4-08e8-11de-b88a-0022157515b2"> + <topic>pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability</topic> + <affects> + <package> + <name>pngcrush</name> + <range><lt>1.6.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33976/"> + <p>A vulnerability has been reported in Pngcrush, which + can be exploited by malicious people to potentially + compromise a user's system.</p> + <p>The vulnerability is caused due to the use of vulnerable + libpng code.</p> + </blockquote> + </body> + </description> + <references> + <bid>33827</bid> + <cvename>CVE-2009-0040</cvename> + <url>http://secunia.com/advisories/33976</url> + <url>http://xforce.iss.net/xforce/xfdb/48819</url> + </references> + <dates> + <discovery>2009-02-19</discovery> + <entry>2009-03-04</entry> + </dates> + </vuln> + + <vuln vid="5d433534-f41c-402e-ade5-e0a2259a7cb6"> + <topic>curl -- cURL/libcURL Location: Redirect URLs Security Bypass</topic> + <affects> + <package> + <name>curl</name> + <range><ge>5.11</ge><lt>7.19.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34138/"> + <p>The security issue is caused due to cURL following HTTP Location: + redirects to e.g. scp:// or file:// URLs which can be exploited + by a malicious HTTP server to overwrite or disclose the content of + arbitrary local files and potentially execute arbitrary commands via + specially crafted redirect URLs.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0037</cvename> + <url>http://secunia.com/advisories/34138/</url> + </references> + <dates> + <discovery>2009-03-03</discovery> + <entry>2009-03-04</entry> + </dates> + </vuln> + + <vuln vid="cf495fd4-fdcd-11dd-9a86-0050568452ac"> + <topic>Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()</topic> + <affects> + <package> + <name>ZendFramework</name> + <range><lt>1.7.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthew Weier O'Phinney reports:</p> + <blockquote cite="http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html"> + <p>A potential Local File Inclusion (LFI) vulnerability exists in + the Zend_View::render() method. If user input is used to + specify the script path, then it is possible to trigger the + LFI.</p> + <p>Note that Zend Framework applications that never call the + Zend_View::render() method with a user-supplied parameter are + not affected by this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <url>http://framework.zend.com/issues/browse/ZF-5748</url> + </references> + <dates> + <discovery>2009-02-11</discovery> + <entry>2009-02-18</entry> + </dates> + </vuln> + + <vuln vid="25eb365c-fd11-11dd-8424-c213de35965d"> + <topic>dia -- remote command execution vulnerability</topic> + <affects> + <package> + <name>dia</name> + <range><lt>0.96.1_6,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Security Focus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33448/"> + <p>An attacker could exploit this issue by enticing an + unsuspecting victim to execute the vulnerable + application in a directory containing a malicious + Python file. A successful exploit will allow arbitrary + Python commands to run within the privileges of the currently + logged-in user.</p> + </blockquote> + </body> + </description> + <references> + <bid>33448</bid> + <cvename>CVE-2008-5984</cvename> + <url>http://secunia.com/advisories/33672</url> + </references> + <dates> + <discovery>2009-01-26</discovery> + <entry>2009-02-17</entry> + </dates> + </vuln> + + <vuln vid="5a021595-fba9-11dd-86f3-0030843d3802"> + <topic>pycrypto -- ARC2 module buffer overflow</topic> + <affects> + <package> + <name>py-pycrypto</name> + <range><lt>2.0.1_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dwayne C. Litzenberger reports:</p> + <blockquote cite="http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html"> + <p>pycrypto is exposed to a buffer overflow issue because it fails to + adequately verify user-supplied input. This issue resides in the ARC2 + module. This issue can be triggered with specially crafted ARC2 keys + in excess of 128 bytes.</p> + </blockquote> + </body> + </description> + <references> + <url>http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html</url> + </references> + <dates> + <discovery>2009-02-06</discovery> + <entry>2009-02-15</entry> + </dates> + </vuln> + + <vuln vid="bcee3989-d106-4f60-948f-835375634710"> + <topic>varnish -- Varnish HTTP Request Parsing Denial of Service</topic> + <affects> + <package> + <name>varnish</name> + <range><lt>2.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33712"> + <p>Varnish is prone to a remote denial-of-service + vulnerability because the application fails to handle + certain HTTP requests.</p> + <p>Successfully exploiting this issue allows remote + attackers to crash the affected application denying further + service to legitimate users.</p> + </blockquote> + </body> + </description> + <references> + <bid>33712</bid> + <url>http://secunia.com/advisories/33852/</url> + <url>http://varnish.projects.linpro.no/wiki/WikiStart</url> + </references> + <dates> + <discovery>2008-10-17</discovery> + <entry>2009-02-14</entry> + <modified>2009-02-15</modified> + </dates> + </vuln> + + <vuln vid="78f5606b-f9d1-11dd-b79c-0030843d3802"> + <topic>tor -- multiple vulnerabilities</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.2.0.34</lt></range> + </package> + <package> + <name>tor-devel</name> + <range><lt>0.2.12-alpha</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33880/"> + <p>Some vulnerabilities have been reported in Tor, where one has an + unknown impact and others can be exploited by malicious people to + cause a DoS.</p> + <p>An error when running Tor as a directory authority can be exploited + to trigger the execution of an infinite loop.</p> + <p>An unspecified error exists when running on Windows systems prior + to Windows XP. No further information is currently available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0936</cvename> + <cvename>CVE-2009-0937</cvename> + <cvename>CVE-2009-0938</cvename> + <url>http://secunia.com/advisories/33880/</url> + <url>http://archives.seul.org/or/announce/Feb-2009/msg00000.html</url> + </references> + <dates> + <discovery>2009-02-10</discovery> + <entry>2009-02-13</entry> + <modified>2009-03-20</modified> + </dates> + </vuln> + + <vuln vid="8b491182-f842-11dd-94d9-0030843d3802"> + <topic>firefox -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.20_3,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.6,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-firefox-devel</name> + <range><lt>3.0.6</lt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.15</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.21</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> + <p>MFSA 2009-06: Directives to not cache pages ignored</p> + <p>MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies</p> + <p>MFSA 2009-04: Chrome privilege escalation via local .desktop + files</p> + <p>MFSA 2009-03: Local file stealing with SessionStore</p> + <p>MFSA 2009-02: XSS using a chrome XBL method and window.eval</p> + <p>MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0352</cvename> + <cvename>CVE-2009-0353</cvename> + <cvename>CVE-2009-0354</cvename> + <cvename>CVE-2009-0355</cvename> + <cvename>CVE-2009-0356</cvename> + <cvename>CVE-2009-0357</cvename> + <cvename>CVE-2009-0358</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-01.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-02.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-03.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-04.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-05.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-06.html</url> + <url>http://secunia.com/advisories/33799/</url> + </references> + <dates> + <discovery>2009-02-04</discovery> + <entry>2009-02-11</entry> + <modified>2009-12-12</modified> + </dates> + </vuln> + + <vuln vid="83574d5a-f828-11dd-9fdf-0050568452ac"> + <topic>codeigniter -- arbitrary script execution in the new Form Validation class</topic> + <affects> + <package> + <name>codeigniter</name> + <range><ge>1.7.0</ge><lt>1.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>znirkel reports:</p> + <blockquote cite="http://secunia.com/advisories/33829/"> + <p>The eval() function in _reset_post_array crashes when posting + certain data. By passing in carefully-crafted input data, the eval() + function could also execute malicious PHP code.</p> + <p>Note that CodeIgniter applications that either do not use the + new Form Validation class or use the old Validation class are not + affected by this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <url>http://codeigniter.com/bug_tracker/bug/6068/</url> + </references> + <dates> + <discovery>2008-11-28</discovery> + <entry>2009-02-11</entry> + </dates> + </vuln> + + <vuln vid="b07f3254-f83a-11dd-85a4-ea653f0746ab"> + <topic>pyblosxom -- atom flavor multiple XML injection vulnerabilities</topic> + <affects> + <package> + <name>pyblosxom</name> + <range><lt>1.5.r3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Security Focus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33676/"> + <p>PyBlosxom is prone to multiple XML-injection + vulnerabilities because the application fails to + properly sanitize user-supplied input before using it + in dynamically generated content.</p> + <p>Attacker-supplied XML and script code would run in the + context of the affected browser, potentially allowing + the attacker to steal cookie-based authentication credentials + or to control how the site is rendered to the user. Other attacks + are also possible.</p> + </blockquote> + </body> + </description> + <references> + <bid>33676</bid> + </references> + <dates> + <discovery>2009-02-09</discovery> + <entry>2009-02-11</entry> + </dates> + </vuln> + + <vuln vid="cc47fafe-f823-11dd-94d9-0030843d3802"> + <topic>typo3 -- cross-site scripting and information disclosure</topic> + <affects> + <package> + <name>typo3</name> + <range><lt>4.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33829/"> + <p>Some vulnerabilities have been reported in Typo3, which can be + exploited by malicious people to conduct cross-site scripting attacks + and disclose sensitive information.</p> + <p>Input passed via unspecified fields to the backend user interface + is not properly sanitised before being returned to the user. This can + be exploited to execute arbitrary HTML and script code in a user's + browser session in context of an affected site.</p> + <p>An error in the "jumpUrl" mechanism can be exploited to read + arbitrary files from local resources by disclosing a hash secret used + to restrict file access.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0815</cvename> + <cvename>CVE-2009-0816</cvename> + <url>http://secunia.com/advisories/33829/</url> + <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/</url> + </references> + <dates> + <discovery>2009-02-10</discovery> + <entry>2009-02-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="a89b76a7-f6bd-11dd-94d9-0030843d3802"> + <topic>amaya -- multiple buffer overflow vulnerabilities</topic> + <affects> + <package> + <name>amaya</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32848/"> + <p>A boundary error when processing "div" HTML tags can be exploited + to cause a stack-based buffer overflow via an overly long "id" + parameter.</p> + <p>A boundary error exists when processing overly long links. This can + be exploited to cause a stack-based buffer overflow by tricking the + user into e.g. editing a malicious link.</p> + <p>A boundary error when processing e.g. a "bdo" HTML tag having an + overly long "dir" attribute can be exploited to cause a stack-based + buffer overflow.</p> + <p>A boundary error when processing "input" HTML tags can be + exploited to cause a stack-based buffer overflow via an overly long + e.g. "type" attribute.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5282</cvename> + <cvename>CVE-2009-0323</cvename> + <url>http://secunia.com/advisories/32848/</url> + <url>http://www.bmgsec.com.au/advisory/41/</url> + <url>http://www.bmgsec.com.au/advisory/40/</url> + <url>http://milw0rm.com/exploits/7467</url> + <url>http://www.coresecurity.com/content/amaya-buffer-overflows</url> + </references> + <dates> + <discovery>2008-11-25</discovery> + <entry>2009-02-09</entry> + </dates> + </vuln> + + <vuln vid="71597e3e-f6b8-11dd-94d9-0030843d3802"> + <topic>websvn -- multiple vulnerabilities</topic> + <affects> + <package> + <name>websvn</name> + <range><lt>2.1.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32338/"> + <p>Some vulnerabilities have been reported in WebSVN, which can be + exploited by malicious users to disclose sensitive information, and by + malicious people to conduct cross-site scripting attacks and + manipulate data.</p> + <p>Input passed in the URL to index.php is not properly sanitised + before being returned to the user. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in context + of an affected site.</p> + <p>Input passed to the "rev" parameter in rss.php is not properly + sanitised before being used. This can be exploited to overwrite + arbitrary files via directory traversal attacks.</p> + <p>Access to restricted repositories is not properly enforced, which + can be exploited to disclose potentially sensitive information by + accessing the repository via "listing.php" and using the "compare with + previous" and "show changed files" links.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5918</cvename> + <cvename>CVE-2008-5919</cvename> + <cvename>CVE-2009-0240</cvename> + <url>http://secunia.com/advisories/32338/</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191</url> + <url>http://www.gulftech.org/?node=research&article_id=00132-10202008</url> + </references> + <dates> + <discovery>2008-10-23</discovery> + <entry>2009-02-09</entry> + </dates> + </vuln> + + <vuln vid="40774927-f6b4-11dd-94d9-0030843d3802"> + <topic>phplist -- local file inclusion vulnerability</topic> + <affects> + <package> + <name>phplist</name> + <range><lt>2.10.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33533/"> + <p>Input passed to the "_SERVER[ConfigFile]" parameter in + admin/index.php is not properly verified before being used to include + files. This can be exploited to include arbitrary files from local + resources.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0422</cvename> + <url>http://secunia.com/advisories/33533/</url> + </references> + <dates> + <discovery>2009-01-15</discovery> + <entry>2009-02-09</entry> + </dates> + </vuln> + + <vuln vid="9c2460a4-f6b1-11dd-94d9-0030843d3802"> + <topic>squid -- remote denial of service vulnerability</topic> + <affects> + <package> + <name>squid</name> + <range><ge>2.7.1</ge><lt>2.7.6</lt></range> + <range><ge>3.0.1</ge><lt>3.0.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Squid security advisory 2009:1 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"> + <p>Due to an internal error Squid is vulnerable to a denial + of service attack when processing specially crafted requests.</p> + <p>This problem allows any client to perform a denial of service + attack on the Squid service.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0478</cvename> + <url>http://www.squid-cache.org/Advisories/SQUID-2009_1.txt</url> + <url>http://secunia.com/advisories/33731/</url> + </references> + <dates> + <discovery>2009-02-04</discovery> + <entry>2009-02-09</entry> + <modified>2009-02-10</modified> + </dates> + </vuln> + + <vuln vid="653606e9-f6ac-11dd-94d9-0030843d3802"> + <topic>typo3 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>typo3</name> + <range><lt>4.2.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33617/"> + <p>Some vulnerabilities have been reported in Typo3, which can be + exploited by malicious people to bypass certain security restrictions, + conduct cross-site scripting and session fixation attacks, and + compromise a vulnerable system.</p> + <p>The "Install tool" system extension uses insufficiently random + entropy sources to generate an encryption key, resulting in weak + security.</p> + <p>The authentication library does not properly invalidate supplied + session tokens, which can be exploited to hijack a user's + session.</p> + <p>Certain unspecified input passed to the "Indexed Search Engine" + system extension is not properly sanitised before being used to invoke + commands. This can be exploited to inject and execute arbitrary shell + commands.</p> + <p>Input passed via the name and content of files to the "Indexed Search + Engine" system extension is not properly sanitised before being returned + to the user. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected site.</p> + <p>Certain unspecified input passed to the Workspace module is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in context of an affected site.</p> + <p>Note: It is also reported that certain unspecified input passed to + test scripts of the "ADOdb" system extension is not properly sanitised + before being returned to the user. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in context + of an affected website.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0255</cvename> + <cvename>CVE-2009-0256</cvename> + <cvename>CVE-2009-0257</cvename> + <cvename>CVE-2009-0258</cvename> + <url>http://secunia.com/advisories/33617/</url> + <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/</url> + </references> + <dates> + <discovery>2009-02-07</discovery> + <entry>2009-02-09</entry> + <modified>2013-06-19</modified> + </dates> + </vuln> + + <vuln vid="13d6d997-f455-11dd-8516-001b77d09812"> + <topic>sudo -- certain authorized users could run commands as any user</topic> + <affects> + <package> + <name>sudo</name> + <range><ge>1.6.9</ge><lt>1.6.9.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Todd Miller reports:</p> + <blockquote cite="http://www.gratisoft.us/pipermail/sudo-announce/2009-February/000085.html"> + <p>A bug was introduced in Sudo's group matching code in version + 1.6.9 when support for matching based on the supplemental group + vector was added. This bug may allow certain users listed in + the sudoers file to run a command as a different user than their + access rule specifies.</p> + </blockquote> + </body> + </description> + <references> + <bid>33517</bid> + <cvename>CVE-2009-0034</cvename> + <mlist msgid="200902041802.n14I2llS024155@core.courtesan.com">http://www.gratisoft.us/pipermail/sudo-announce/2009-February/000085.html</mlist> + </references> + <dates> + <discovery>2009-02-04</discovery> + <entry>2009-02-06</entry> + </dates> + </vuln> + + <vuln vid="6d85dc62-f2bd-11dd-9f55-0030843d3802"> + <topic>drupal -- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.15</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Team reports:</p> + <blockquote cite="http://drupal.org/node/358957"> + <p>The Content Translation module for Drupal 6.x enables users to make + a translation of an existing item of content (a node). In that proces + the existing node's content is copied into the new node's submission + form.</p> + <p>The module contains a flaw that allows a user with the 'translate + content' permission to potentially bypass normal viewing access + restrictions, for example allowing the user to see the content of + unpublished nodes even if they do not have permission to view + unpublished nodes.</p> + <p>When user profile pictures are enabled, the default user profile + validation function will be bypassed, possibly allowing invalid user + names or e-mail addresses to be submitted.</p> + </blockquote> + </body> + </description> + <references> + <url>http://drupal.org/node/358957</url> + <url>http://secunia.com/advisories/33550/</url> + <url>http://secunia.com/advisories/33500/</url> + <url>http://secunia.com/advisories/33542/</url> + </references> + <dates> + <discovery>2009-01-14</discovery> + <entry>2009-02-04</entry> + </dates> + </vuln> + + <vuln vid="4a99d61c-f23a-11dd-9f55-0030843d3802"> + <topic>perl -- Directory Permissions Race Condition</topic> + <affects> + <package> + <name>perl</name> + <range><ge>5.8.0</ge><lt>5.8.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/14531/"> + <p>Paul Szabo has reported a vulnerability in Perl File::Path::rmtree, + which potentially can be exploited by malicious, local users to + gain escalated privileges.</p> + <p>The vulnerability is caused due to a race condition in the way + File::Path::rmtree handles directory permissions when cleaning up + directories. This can be exploited by replacing an existing sub + directory in the directory tree with a symbolic link to an arbitrary + file.</p> + <p>Successful exploitation may allow changing permissions of arbitrary + files, if root uses an application using the vulnerable code to delete + files in a directory having a world-writable sub directory.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2005-0448</cvename> + <url>http://www.ubuntulinux.org/usn/usn-94-1</url> + <url>http://secunia.com/advisories/14531/</url> + </references> + <dates> + <discovery>2005-03-09</discovery> + <entry>2009-02-03</entry> + </dates> + </vuln> + + <vuln vid="6a523dba-eeab-11dd-ab4f-0030843d3802"> + <topic>moinmoin -- multiple cross site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33593/"> + <p>Input passed to multiple parameters in action/AttachFile.py is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in the context of an affected site.</p> + <p>Certain input passed to security/antispam.py is not properly + sanitised before being returned to the user. This can be exploited to + execute arbitrary HTML and script code in a user's browser session in + the context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0260</cvename> + <cvename>CVE-2009-0312</cvename> + <url>http://secunia.com/advisories/33593/</url> + <url>http://hg.moinmo.in/moin/1.8/file/c76d50dac855</url> + <url>http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad</url> + <url>http://moinmo.in/SecurityFixes#moin1.8.1</url> + </references> + <dates> + <discovery>2009-01-21</discovery> + <entry>2009-01-30</entry> + </dates> + </vuln> + + <vuln vid="b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e"> + <topic>ganglia -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>ganglia-monitor-core</name> + <name>ganglia-monitor-webfrontend</name> + <range><lt>3.1.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33506"> + <p>Spike Spiegel has discovered a vulnerability in Ganglia which + can be exploited by malicious people to compromise a + vulnerable system. The vulnerability is caused due to a + boundary error within the process_path function in + gmetad/server.c. This can be exploited to cause a stack-based + buffer overflow by e.g. sending a specially crafted message to + the gmetad service.</p> + <p>The vulnerability is confirmed in version 3.1.1. Other + versions may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0241</cvename> + <url>http://secunia.com/advisories/33506</url> + </references> + <dates> + <discovery>2009-01-26</discovery> + <entry>2009-01-30</entry> + <modified>2009-01-30</modified> + </dates> + </vuln> + + <vuln vid="100a9ed2-ee56-11dd-ab4f-0030843d3802"> + <topic>tor -- unspecified memory corruption vulnerability</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.2.0.33</lt></range> + </package> + <package> + <name>tor-devel</name> + <range><lt>0.2.1.11-alpha</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33635/"> + <p>A vulnerability with an unknown impact has been reported in Tor.</p> + <p>The vulnerability is caused due to an unspecified error and can be + exploited to trigger a heap corruption. No further information is + currently available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0414</cvename> + <url>http://secunia.com/advisories/33635/</url> + <url>http://archives.seul.org/or/announce/Jan-2009/msg00000.html</url> + </references> + <dates> + <discovery>2009-01-22</discovery> + <entry>2009-01-29</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8"> + <topic>glpi -- SQL Injection</topic> + <affects> + <package> + <name>glpi</name> + <range><lt>0.71.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The GLPI project reports:</p> + <blockquote cite="http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en"> + <p>Input passed via unspecified parameters is not properly sanitised + before being used in SQL queries. This can be exploited to + manipulateSQL queries by injecting arbitrary SQL code.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en</url> + <url>https://mail.gna.org/public/glpi-news/2009-01/msg00002.html</url> + <url>https://dev.indepnet.net/glpi/ticket/1224</url> + <url>http://secunia.com/advisories/33680/</url> + </references> + <dates> + <discovery>2009-01-25</discovery> + <entry>2009-01-28</entry> + </dates> + </vuln> + + <vuln vid="c3aba586-ea77-11dd-9d1e-000bcdc1757a"> + <topic>openfire -- multiple vulnerabilities</topic> + <affects> + <package> + <name>openfire</name> + <range><lt>3.6.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Core Security Technologies reports:</p> + <blockquote cite="http://www.coresecurity.com/content/openfire-multiple-vulnerabilities"> + <p>Multiple cross-site scripting vulnerabilities have been found + which may lead to arbitrary remote code execution on the server + running the application due to unauthorized upload of Java plugin + code.</p> + </blockquote> + </body> + </description> + <references> + <bid>32935</bid> + <bid>32937</bid> + <bid>32938</bid> + <bid>32939</bid> + <bid>32940</bid> + <bid>32943</bid> + <bid>32944</bid> + <bid>32945</bid> + <cvename>CVE-2009-0496</cvename> + <cvename>CVE-2009-0497</cvename> + <url>http://www.coresecurity.com/content/openfire-multiple-vulnerabilities</url> + </references> + <dates> + <discovery>2009-01-08</discovery> + <entry>2009-01-25</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="abcacb5a-e7f1-11dd-afcd-00e0815b8da8"> + <topic>ipset-tools -- Denial of Service Vulnerabilities</topic> + <affects> + <package> + <name>ipsec-tools</name> + <range><lt>0.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/30657/discuss"> + <p>IPsec-Tools is affected by multiple remote denial-of-service + vulnerabilities because the software fails to properly handle + certain network packets.</p> + <p>A successful attack allows a remote attacker to crash the + software, denying further service to legitimate users.</p> + </blockquote> + </body> + </description> + <references> + <bid>30657</bid> + <cvename>CVE-2008-3651</cvename> + <cvename>CVE-2008-3652</cvename> + <mlist msgid="20080724084529.GA3768@zen.inc">http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2</mlist> + </references> + <dates> + <discovery>2008-07-28</discovery> + <entry>2009-01-21</entry> + </dates> + </vuln> + + <vuln vid="4b68d917-e705-11dd-afcd-00e0815b8da8"> + <topic>Teamspeak Server -- Directory Traversal Vulnerability</topic> + <affects> + <package> + <name>teamspeak_server</name> + <range><le>2.0.23.17</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33256"> + <p>TeamSpeak is prone to a directory-traversal vulnerability because + it fails to sufficiently sanitize user-supplied input data. + Exploiting the issue may allow an attacker to obtain sensitive + information that could aid in further attacks.</p> + </blockquote> + </body> + </description> + <references> + <bid>33256</bid> + <url>http://www.securityfocus.com/bid/33256</url> + </references> + <dates> + <discovery>2009-01-14</discovery> + <entry>2009-01-20</entry> + </dates> + </vuln> + + <vuln vid="2bc960c4-e665-11dd-afcd-00e0815b8da8"> + <topic>optipng -- arbitrary code execution via crafted BMP image</topic> + <affects> + <package> + <name>optipng</name> + <range><lt>0.6.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32651"> + <p>A vulnerability has been reported in OptiPNG, which + potentially can be exploited by malicious people to compromise + a user's system.</p> + <p>The vulnerability is caused due to a boundary error in + the BMP reader and can be exploited to cause a buffer + overflow by tricking a user into processing a specially + crafted file.</p> + <p>Successful exploitation may allow execution of arbitrary + code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5101</cvename> + <url>http://secunia.com/advisories/32651</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399</url> + <url>http://optipng.sourceforge.net/</url> + </references> + <dates> + <discovery>2008-11-11</discovery> + <entry>2009-01-19</entry> + </dates> + </vuln> + + <vuln vid="ecad44b9-e663-11dd-afcd-00e0815b8da8"> + <topic>git -- gitweb privilege escalation</topic> + <affects> + <package> + <name>git</name> + <range><lt>1.6.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Git maintainers report:</p> + <blockquote cite="http://marc.info/?l=git&m=122975564100860&w=2"> + <p>gitweb has a possible local privilege escalation + bug that allows a malicious repository owner to run a command + of his choice by specifying diff.external configuration + variable in his repository and running a crafted gitweb + query.</p> + </blockquote> + </body> + </description> + <references> + <bid>32967</bid> + <mlist msgid="7vhc4z1gys.fsf@gitster.siamese.dyndns.org">http://marc.info/?l=git&m=122975564100860&w=2</mlist> + <url>http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.0.6.txt</url> + </references> + <dates> + <discovery>2008-12-20</discovery> + <entry>2009-01-19</entry> + </dates> + </vuln> + + <vuln vid="0809ce7d-f672-4924-9b3b-7c74bc279b83"> + <topic>gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability</topic> + <affects> + <package> + <name>gtar</name> + <range><lt>1.19</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/26445/"> + <p>GNUs tar and cpio utilities are prone to a denial-of-service + vulnerability because of insecure use of the alloca() + function.</p> + <p>Successfully exploiting this issue allows attackers + to crash the affected utilities and possibly to execute + code but this has not been confirmed.</p> + </blockquote> + </body> + </description> + <references> + <bid>26445</bid> + <cvename>CVE-2007-4476</cvename> + <url>http://www.securityfocus.com/bid/26445/</url> + </references> + <dates> + <discovery>2007-11-14</discovery> + <entry>2009-01-15</entry> + </dates> + </vuln> + + <vuln vid="5ccb1c14-e357-11dd-a765-0030843d3802"> + <topic>mplayer -- vulnerability in STR files processor</topic> + <affects> + <package> + <name>mplayer</name> + <name>mplayer-esound</name> + <name>mplayer-gtk</name> + <name>mplayer-gtk-esound</name> + <name>mplayer-gtk2</name> + <name>mplayer-gtk2-esound</name> + <range><lt>0.99.11_10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/30994"> + <p>The vulnerability is caused due to a boundary error within the + "str_read_packet()" function in libavformat/psxstr.c. This can be + exploited to cause a heap-based buffer overflow via a specially + crafted STR file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3162</cvename> + <bid>30157</bid> + <url>http://secunia.com/advisories/30994</url> + <url>https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311</url> + </references> + <dates> + <discovery>2008-07-09</discovery> + <entry>2009-01-15</entry> + </dates> + </vuln> + + <vuln vid="bc6a7e79-e111-11dd-afcd-00e0815b8da8"> + <topic>cgiwrap -- XSS Vulnerability</topic> + <affects> + <package> + <name>cgiwrap</name> + <range><lt>4.0_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/30765"> + <p>A vulnerability has been reported in CGIWrap, which can be + exploited by malicious people to conduct cross-site scripting + attacks.</p> + <p>The vulnerability is caused due to the application generating + error messages without specifying a charset. This can be exploited + to execute arbitrary HTML and script code in a user's browser + session in context of an affected site.</p> + <p>Successful exploitation may require that the victim uses Internet + Explorer or a browser based on Internet Explorer components.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-2852</cvename> + <url>http://secunia.com/advisories/30765</url> + <url>http://cgiwrap.sourceforge.net/changes.html</url> + </references> + <dates> + <discovery>2008-06-19</discovery> + <entry>2009-01-13</entry> + </dates> + </vuln> + + <vuln vid="d4a358d3-e09a-11dd-a765-0030843d3802"> + <topic>nagios -- web interface privilege escalation vulnerability</topic> + <affects> + <package> + <name>nagios</name> + <range><lt>3.0.5</lt></range> + </package> + <package> + <name>nagios2</name> + <range><lt>2.12_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32156/discuss"> + <p>An attacker with low-level privileges may exploit this issue to + bypass authorization and cause arbitrary commands to run within the + context of the Nagios server. This may aid in further attacks.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5027</cvename> + <bid>32156</bid> + <url>http://secunia.com/advisories/33320</url> + <url>http://www.ubuntu.com/usn/USN-698-1</url> + <url>http://www.nagios.org/development/history/nagios-3x.php</url> + </references> + <dates> + <discovery>2008-11-06</discovery> + <entry>2009-01-12</entry> + <modified>2009-01-15</modified> + </dates> + </vuln> + + <vuln vid="a02c9595-e018-11dd-a765-0030843d3802"> + <topic>pdfjam -- insecure temporary files</topic> + <affects> + <package> + <name>pdfjam</name> + <range><lt>1.20_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33278"> + <p>Some security issues have been reported in PDFjam, which can be + exploited by malicious, local users to perform certain actions with + escalated privileges.</p> + <p>The security issues are caused due to the "pdf90", "pdfjoin", and + "pdfnup" scripts using temporary files in an insecure manner. This can + be exploited to overwrite arbitrary files via symlink attacks.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5743</cvename> + <url>https://bugzilla.novell.com/show_bug.cgi?id=459031</url> + <url>http://secunia.com/advisories/33278</url> + </references> + <dates> + <discovery>2008-12-05</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="58997463-e012-11dd-a765-0030843d3802"> + <topic>verlihub -- insecure temporary file usage and arbitrary command execution</topic> + <affects> + <package> + <name>verlihub</name> + <range><lt>0.9.8.d.r2_2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32889/discuss"> + <p>An attacker with local access could potentially exploit this issue + to perform symbolic-link attacks, overwriting arbitrary files in the + context of the affected application.</p> + <p>Successfully mounting a symlink attack may allow the attacker to + delete or corrupt sensitive files, which may result in a denial of + service. Other attacks may also be possible.</p> + </blockquote> + <blockquote cite="http://www.securityfocus.com/bid/32420/discuss"> + <p>Verlihub is prone to a remote command-execution vulnerability + because it fails to sufficiently validate user input.</p> + <p>Successfully exploiting this issue would allow an attacker to + execute arbitrary commands on an affected computer in the context of + the affected application.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5705</cvename> + <cvename>CVE-2008-5706</cvename> + <bid>32889</bid> + <bid>32420</bid> + <url>http://milw0rm.com/exploits/7183</url> + </references> + <dates> + <discovery>2008-11-22</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="66a770b4-e008-11dd-a765-0030843d3802"> + <topic>mysql -- empty bit-string literal denial of service</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>5.0</ge><lt>5.0.66</lt></range> + <range><ge>5.1</ge><lt>5.1.26</lt></range> + <range><ge>6.0</ge><lt>6.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://bugs.mysql.com/bug.php?id=35658"> + <p>The vulnerability is caused due to an error when processing an + empty bit-string literal and can be exploited to crash the server via + a specially crafted SQL statement.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3963</cvename> + <url>http://bugs.mysql.com/bug.php?id=35658</url> + <url>http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html</url> + <url>http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html</url> + <url>http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html</url> + <url>http://secunia.com/advisories/31769</url> + </references> + <dates> + <discovery>2008-09-11</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="8c451386-dff3-11dd-a765-0030843d3802"> + <topic>mysql -- privilege escalation and overwrite of the system table information</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1</ge><lt>4.1.24</lt></range> + <range><ge>5.0</ge><lt>5.0.51</lt></range> + <range><ge>5.1</ge><lt>5.1.23</lt></range> + <range><ge>6.0</ge><lt>6.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"> + <p>Using RENAME TABLE against a table with explicit DATA + DIRECTORY and INDEX DIRECTORY options can be used to overwrite + system table information by replacing the symbolic link + points. the file to which the symlink points.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-5969</cvename> + <bid>26765</bid> + <url>http://bugs.mysql.com/bug.php?id=32111</url> + </references> + <dates> + <discovery>2007-11-14</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="240ac24c-dff3-11dd-a765-0030843d3802"> + <topic>mysql -- remote dos via malformed password packet</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1</ge><lt>4.1.24</lt></range> + <range><ge>5.0</ge><lt>5.0.44</lt></range> + <range><ge>5.1</ge><lt>5.1.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"> + <p>A malformed password packet in the connection protocol + could cause the server to crash.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-3780</cvename> + <bid>25017</bid> + <url>http://bugs.mysql.com/bug.php?id=28984</url> + </references> + <dates> + <discovery>2007-07-15</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="bb4e9a44-dff2-11dd-a765-0030843d3802"> + <topic>mysql -- renaming of arbitrary tables by authenticated users</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1</ge><lt>4.1.23</lt></range> + <range><ge>5.0</ge><lt>5.0.42</lt></range> + <range><ge>5.1</ge><lt>5.1.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-23.html"> + <p>The requirement of the DROP privilege for RENAME TABLE was not + enforced.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-2691</cvename> + <bid>24016</bid> + <url>http://bugs.mysql.com/bug.php?id=27515</url> + </references> + <dates> + <discovery>2007-05-14</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="69a20ce4-dfee-11dd-a765-0030843d3802"> + <topic>imap-uw -- imap c-client buffer overflow</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007e</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SANS reports:</p> + <blockquote cite="http://www.washington.edu/imap/documentation/RELNOTES.html"> + <p>The University of Washington IMAP library is a library implementing + the IMAP mail protocol. University of Washington IMAP is exposed to a + buffer overflow issue that occurs due to a boundary error within the + rfc822_output_char function in the c-client library. The University of + Washington IMAP library versions prior to 2007e are affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5514</cvename> + <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url> + </references> + <dates> + <discovery>2008-12-16</discovery> + <entry>2009-01-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="a6713190-dfea-11dd-a765-0030843d3802"> + <topic>imap-uw -- local buffer overflow vulnerabilities</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007d</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SANS reports:</p> + <blockquote cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22"> + <p>University of Washington "tmail" and "dmail" are mail deliver + agents. "tmail" and "dmail" are exposed to local buffer overflow + issues because they fail to perform adequate boundary checks on + user-supplied data.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5514</cvename> + <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url> + <url>http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22</url> + </references> + <dates> + <discovery>2008-10-29</discovery> + <entry>2009-01-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="bd730827-dfe0-11dd-a765-0030843d3802"> + <topic>libcdaudio -- remote buffer overflow and code execution</topic> + <affects> + <package> + <name>libcdaudio</name> + <range><lt>0.99.12p2_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32122/discuss"> + <p>The 'libcdaudio' library is prone to a remote heap code in the + context of an application that uses the library. Failed attacks will + cause denial-of-service conditions.</p> + </blockquote> + <blockquote cite="http://www.securityfocus.com/bid/12770/discuss"> + <p>A buffer-overflow in Grip occurs when the software processes a + response to a CDDB query that has more than 16 matches.</p> + <p>To exploit this issue, an attacker must be able to influence the + response to a CDDB query, either by controlling a malicious CDDB + server or through some other means. Successful exploits will allow + arbitrary code to run.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5030</cvename> + <cvename>CVE-2005-0706</cvename> + <bid>32122</bid> + <bid>12770</bid> + </references> + <dates> + <discovery>2008-11-05</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="c702944a-db0f-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- netgraph / bluetooth privilege escalation</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_7</lt></range> + <range><ge>6.4</ge><lt>6.4_1</lt></range> + <range><ge>7.0</ge><lt>7.0_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Some function pointers for netgraph and bluetooth sockets are + not properly initialized.</p> + <h1>Impact:</h1> + <p>A local user can cause the FreeBSD kernel to execute + arbitrary code. This could be used by an attacker directly; + or it could be used to gain root privilege or to escape from + a jail.</p> + <h1>Workaround:</h1> + <p>No workaround is available, but systems without local + untrusted users are not vulnerable. Furthermore, systems are + not vulnerable if they have neither the ng_socket nor + ng_bluetooth kernel modules loaded or compiled into the + kernel.</p> + <p>Systems with the security.jail.socket_unixiproute_only + sysctl set to 1 (the default) are only vulnerable if they have + local untrusted users outside of jails.</p> + <p>If the command</p> + <p><code># kldstat -v | grep ng_</code></p> + <p>produces no output, the system is not vulnerable.</p> + </body> + </description> + <references> + <freebsdsa>SA-08:13.protosw</freebsdsa> + </references> + <dates> + <discovery>2008-12-23</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="e9ecaceb-db0d-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- Cross-site request forgery in ftpd(8)</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_7</lt></range> + <range><ge>6.4</ge><lt>6.4_1</lt></range> + <range><ge>7.0</ge><lt>7.0_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The ftpd(8) server splits long commands into several + requests. This may result in the server executing a command + which is hidden inside another very long command.</p> + <h1>Impact:</h1> + <p>This could, with a specifically crafted command, be used in a + cross-site request forgery attack.</p> + <p>FreeBSD systems running ftpd(8) server could act as a point + of privilege escalation in an attack against users using web + browser to access trusted FTP sites.</p> + <h1>Workaround:</h1> + <p>No workaround is available, but systems not running FTP + servers are not vulnerable. Systems not running the FreeBSD + ftp(8) server are not affected, but users of other ftp + daemons are advised to take care since several other ftp + daemons are known to have related bugs.</p> + </body> + </description> + <references> + <cvename>CVE-2008-4247</cvename> + <freebsdsa>SA-08:12.ftpd</freebsdsa> + </references> + <dates> + <discovery>2008-12-23</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="6b8cadce-db0b-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_5</lt></range> + <range><ge>7.0</ge><lt>7.0_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>IPv6 routers may allow "on-link" IPv6 nodes to create and + update the router's neighbor cache and forwarding + information. A malicious IPv6 node sharing a common router + but on a different physical segment from another node may be + able to spoof Neighbor Discovery messages, allowing it to + update router information for the victim node.</p> + <h1>Impact:</h1> + <p>An attacker on a different physical network connected to the + same IPv6 router as another node could redirect IPv6 traffic + intended for that node. This could lead to denial of service + or improper access to private network traffic.</p> + <h1>Workaround:</h1> + <p>Firewall packet filters can be used to filter incoming + Neighbor Solicitation messages but may interfere with normal + IPv6 operation if not configured carefully.</p> + <p>Reverse path forwarding checks could be used to make + gateways, such as routers or firewalls, drop Neighbor + Solicitation messages from nodes with unexpected source + addresses on a particular interface.</p> + <p>IPv6 router administrators are encouraged to read RFC 3756 + for further discussion of Neighbor Discovery security + implications.</p> + </body> + </description> + <references> + <cvename>CVE-2008-2476</cvename> + <freebsdsa>SA-08:10.nd6</freebsdsa> + </references> + <dates> + <discovery>2008-10-01</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="5796858d-db0b-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- arc4random(9) predictable sequence vulnerability</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_6</lt></range> + <range><ge>7.0</ge><lt>7.0_6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>When the arc4random(9) random number generator is + initialized, there may be inadequate entropy to meet the + needs of kernel systems which rely on arc4random(9); and it + may take up to 5 minutes before arc4random(9) is reseeded + with secure entropy from the Yarrow random number generator.</p> + <h1>Impact:</h1> + <p>All security-related kernel subsystems that rely on a + quality random number generator are subject to a wide range of + possible attacks for the 300 seconds after boot or until 64k + of random data is consumed. The list includes:</p> + <p>* GEOM ELI providers with onetime keys. When a provider is + configured in a way so that it gets attached at the same time + during boot (e.g. it uses the rc subsystem to initialize) it + might be possible for an attacker to recover the encrypted + data.</p> + <p>* GEOM shsec providers. The GEOM shsec subsytem is used to + split a shared secret between two providers so that it can be + recovered when both of them are present. This is done by + writing the random sequence to one of providers while + appending the result of the random sequence on the other host + to the original data. If the provider was created within the + first 300 seconds after booting, it might be possible for an + attacker to extract the original data with access to only one + of the two providers between which the secret data is split.</p> + <p>* System processes started early after boot may receive + predictable IDs.</p> + <p>* The 802.11 network stack uses arc4random(9) to generate + initial vectors (IV) for WEP encryption when operating in + client mode and WEP authentication challenges when operating + in hostap mode, which may be insecure.</p> + <p>* The IPv4, IPv6 and TCP/UDP protocol implementations rely + on a quality random number generator to produce unpredictable + IP packet identifiers, initial TCP sequence numbers and + outgoing port numbers. During the first 300 seconds after + booting, it may be easier for an attacker to execute IP + session hijacking, OS fingerprinting, idle scanning, or in + some cases DNS cache poisoning and blind TCP data injection + attacks.</p> + <p>* The kernel RPC code uses arc4random(9) to retrieve + transaction identifiers, which might make RPC clients + vulnerable to hijacking attacks.</p> + <h1>Workaround:</h1> + <p>No workaround is available for affected systems.</p> + </body> + </description> + <references> + <cvename>CVE-2008-5162</cvename> + <freebsdsa>SA-08.11.arc4random</freebsdsa> + </references> + <dates> + <discovery>2008-11-24</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="d5e1aac8-db0b-11dd-ae30-001cc0377035"> + <topic>xterm -- DECRQSS remote command execution vulnerability</topic> + <affects> + <package> + <name>xterm</name> + <range><lt>238</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33060/discuss"> + <p>The xterm program is prone to a remote command-execution + vulnerability because it fails to sufficiently validate user + input.</p> + <p>Successfully exploiting this issue would allow an attacker + to execute arbitrary commands on an affected computer in the + context of the affected application.</p> + </blockquote> + </body> + </description> + <references> + <bid>33060</bid> + <cvename>CVE-2008-2383</cvename> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030</url> + </references> + <dates> + <discovery>2008-12-28</discovery> + <entry>2009-01-05</entry> + <modified>2009-01-06</modified> + </dates> + </vuln> + + <vuln vid="58a3c266-db01-11dd-ae30-001cc0377035"> + <topic>php5-gd -- uninitialized memory information disclosure vulnerability</topic> + <affects> + <package> + <name>php5-gd</name> + <range><le>5.2.8</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>According to CVE-2008-5498 entry:</p> + <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498"> + <p>Array index error in the "imageRotate" function in PHP 5.2.8 and + earlier allows context-dependent attackers to read the contents + of arbitrary memory locations via a crafted value of the third + argument (aka the "bgd_color" or "clrBack" argument) for an indexed + image.</p> + </blockquote> + </body> + </description> + <references> + <bid>33002</bid> + <cvename>CVE-2008-5498</cvename> + <url>http://www.securiteam.com/unixfocus/6G00Y0ANFU.html</url> + </references> + <dates> + <discovery>2008-12-24</discovery> + <entry>2009-01-05</entry> + <modified>2009-02-04</modified> + </dates> + </vuln> + + <vuln vid="27d78386-d35f-11dd-b800-001b77d09812"> + <topic>awstats -- multiple XSS vulnerabilities</topic> + <affects> + <package> + <name>awstats</name> + <range><lt>6.9,1</lt></range> + </package> + <package> + <name>awstats-devel</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/31519"> + <p>Morgan Todd has discovered a vulnerability in AWStats, + which can be exploited by malicious people to conduct + cross-site scripting attacks.</p> + <p>Input passed in the URL to awstats.pl is not properly + sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a + user's browser session in context of an affected site.</p> + <p>Successful exploitation requires that the application is + running as a CGI script.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3714</cvename> + <cvename>CVE-2008-5080</cvename> + <url>http://secunia.com/advisories/31519</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432</url> + </references> + <dates> + <discovery>2008-03-12</discovery> + <entry>2009-01-04</entry> + </dates> + </vuln> + + <vuln vid="13b0c8c8-bee0-11dd-a708-001fc66e7203"> + <topic>p5-File-Path -- rmtree allows creation of setuid files</topic> + <affects> + <package> + <name>p5-File-Path</name> + <range><lt>2.07_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jan Lieskovsky reports:</p> + <blockquote cite="http://www.openwall.com/lists/oss-security/2008/11/28/1"> + <p>perl-File-Path rmtree race condition (CVE-2005-0448 was assigned to + address this)</p> + <p>This vulnerability was fixed in 5.8.4-7 but re-introduced + in 5.8.8-1. It's also present in File::Path 2.xx, up to and + including 2.07 which has only a partial fix.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2005-0448</cvename> + <mlist>http://www.openwall.com/lists/oss-security/2008/11/28/1</mlist> + <mlist>http://www.gossamer-threads.com/lists/perl/porters/233699#233699</mlist> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905</url> + </references> + <dates> + <discovery>2008-11-28</discovery> + <entry>2009-01-03</entry> + </dates> + </vuln> + + <vuln vid="0e1e3789-d87f-11dd-8ecd-00163e000016"> + <topic>vim -- multiple vulnerabilities in the netrw module</topic> + <affects> + <package> + <name>vim</name> + <name>vim-console</name> + <name>vim-lite</name> + <name>vim-gtk2</name> + <name>vim-gnome</name> + <range><ge>7.0</ge><lt>7.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jan Minar reports:</p> + <blockquote cite="http://www.rdancer.org/vulnerablevim-netrw.v2.html"> + <p>Applying the ``D'' to a file with a crafted file name, + or inside a directory with a crafted directory name, can + lead to arbitrary code execution.</p> + </blockquote> + <blockquote cite="http://www.rdancer.org/vulnerablevim-netrw.v5.html"> + <p>Lack of sanitization throughout Netrw can lead to arbitrary + code execution upon opening a directory with a crafted + name.</p> + </blockquote> + <blockquote cite="http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html"> + <p>The Vim Netrw Plugin shares the FTP user name and password + across all FTP sessions. Every time Vim makes a new FTP + connection, it sends the user name and password of the + previous FTP session to the FTP server.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3076</cvename> + <mlist>http://www.openwall.com/lists/oss-security/2008/10/16/2</mlist> + <url>http://www.rdancer.org/vulnerablevim-netrw.html</url> + <url>http://www.rdancer.org/vulnerablevim-netrw.v2.html</url> + <url>http://www.rdancer.org/vulnerablevim-netrw.v5.html</url> + <url>http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html</url> + </references> + <dates> + <discovery>2008-10-16</discovery> + <entry>2009-01-02</entry> + </dates> + </vuln> |