CVE List 2004

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2004-2302
2.6 MV Product/Version
affected:
Low kernel Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files. December 30, 2004, 23:12 pm
CVE-2004-2135
2.1 MV Product/Version
affected:
Low kernel cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain IV computation weaknesses that allow watermarked files to be detected without decryption. May 25, 2004, 23:05 pm
CVE-2004-2069
5.0 MV Product/Version
affected:
Medium openssh sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). December 30, 2004, 23:12 pm
CVE-2004-2014
2.6 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Low wget Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. December 30, 2004, 23:12 pm
CVE-2004-1488
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium wget wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. April 26, 2005, 23:04 pm
CVE-2004-1487
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium wget wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a .. that resolves to the IP address of the malicious server, which bypasses wgets filtering for .. sequences. April 26, 2005, 23:04 pm
CVE-2004-1392
5.0 MV Product/Version
affected:
Medium php PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. December 30, 2004, 23:12 pm
CVE-2004-1382
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low glibc The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. December 30, 2004, 23:12 pm
CVE-2004-1335
2.1 MV Product/Version
affected:
Low kernel Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function. December 14, 2004, 23:12 pm
CVE-2004-1333
2.1 MV Product/Version
affected:
Low kernel Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. December 14, 2004, 23:12 pm
CVE-2004-1235
6.2 MV Product/Version
affected:
Medium intuity_audix Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. April 13, 2005, 23:04 pm
CVE-2004-1138
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
High vim VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. January 9, 2005, 23:01 pm
CVE-2004-1073
2.1 MV Product/Version
affected:
Low kernel The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. January 9, 2005, 23:01 pm
CVE-2004-1065
10.0 MV Product/Version
affected:
High openpkg Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. January 9, 2005, 23:01 pm
CVE-2004-1064
10.0 MV Product/Version
affected:
High The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. January 9, 2005, 23:01 pm
CVE-2004-1063
10.0 MV Product/Version
affected:
High PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. January 9, 2005, 23:01 pm
CVE-2004-1019
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
High openpkg The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger information disclosure, double-free and negative reference index array underflow results. January 9, 2005, 23:01 pm
CVE-2004-1018
10.0 MV Product/Version
affected:
High Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an integer overflow/underflow in the pack function, or (3) an integer overflow/underflow in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. January 9, 2005, 23:01 pm
CVE-2004-1016
2.1 MV Product/Version
affected:
CGE 3.0 Resolved
Professional PRO 2.1 Resolved
CGE 2.1 Resolved
Low kernel The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition. January 9, 2005, 23:01 pm
CVE-2004-0986
7.5 MV Product/Version
affected:
CGE 3.0 Resolved
CGE 2.1 Resolved
Professional PRO 2.1 Resolved
High suse_iptables Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. February 28, 2005, 23:02 pm
CVE-2004-0977
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low postgresql The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0976
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low perl Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0975
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low openssl The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0974
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low netatalk The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0972
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low lvm The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0971
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low kerberos The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0969
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
Low groff The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0968
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low glibc The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0967
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
High ghostscript The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0959
2.1 MV Product/Version
affected:
Low php rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the $_FILES array to be modified. November 2, 2004, 23:11 pm
CVE-2004-0958
5.0 MV Product/Version
affected:
Medium php php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. November 2, 2004, 23:11 pm
CVE-2004-0811
7.5 MV Product/Version
affected:
CGE 2.1 Resolved
Professional PRO 3.1 Resolved
Professional PRO 3.0 Resolved
CGE 3.0 Resolved
Professional PRO 2.1 Resolved
CGE 3.1 Resolved
High appache Unknown vulnerability in Apache 2.0.51 prevents the merging of the Satisfy directive, which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. December 30, 2004, 23:12 pm
CVE-2004-0595
6.8 MV Product/Version
affected:
Medium integrated_management The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null () characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. July 26, 2004, 23:07 pm
CVE-2004-0452
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
CGE 7.0 Resolved
Low perl Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. December 20, 2004, 23:12 pm
CVE-2004-0421
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium libpng The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. August 17, 2004, 23:08 pm
CVE-2004-0230
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGE 5.1 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium tcp TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. August 17, 2004, 23:08 pm
CVE-2004-0185
10.0 MV Product/Version
affected:
High wu-ftpd Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. March 14, 2004, 23:03 pm
CVE-2004-0148
7.2 MV Product/Version
affected:
High propack wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. April 14, 2004, 23:04 pm
CVE-2004-0081
5.0 MV Product/Version
affected:
CGE 3.0 Resolved
Medium webstar OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. November 22, 2004, 23:11 pm