CVE List 2005

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2005-4889
7.2 MV Product/Version
affected:
CGE 6.0
High rpm lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. June 8, 2010, 13:06 pm
CVE-2005-4886
7.8 MV Product/Version
affected:
CGE 6.0
High kernel The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function. February 26, 2010, 13:02 pm
CVE-2005-4881
4.9 MV Product/Version
affected:
CGE 6.0
Medium kernel The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions. October 19, 2009, 15:10 pm
CVE-2005-4811
4.9 MV Product/Version
affected:
CGE 6.0
Medium kernel The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function. December 30, 2005, 23:12 pm
CVE-2005-4635
5.0 MV Product/Version
affected:
CGE 6.0
Medium kernel The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages. December 30, 2005, 23:12 pm
CVE-2005-4618
3.6 MV Product/Version
affected:
CGE 6.0
Low kernel Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. December 30, 2005, 23:12 pm
CVE-2005-4442
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
High openldap Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. December 20, 2005, 20:12 pm
CVE-2005-4352
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
Low kernel The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." December 30, 2005, 23:12 pm
CVE-2005-4338
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
High academic_suite announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". December 18, 2005, 21:12 pm
CVE-2005-4337
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
High academic_suite The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. December 18, 2005, 21:12 pm
CVE-2005-4336
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
Medium projectforum Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group. December 17, 2005, 05:12 am
CVE-2005-4335
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
High projectforum ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. December 17, 2005, 05:12 am
CVE-2005-4278
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High perl Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. December 16, 2005, 05:12 am
CVE-2005-3962
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium perl Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. December 1, 2005, 11:12 am
CVE-2005-3883
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. November 29, 2005, 05:11 am
CVE-2005-3858
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High kernel Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. November 27, 2005, 16:11 pm
CVE-2005-3857
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. November 27, 2005, 15:11 pm
CVE-2005-3848
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High kernel Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply." November 26, 2005, 18:11 pm
CVE-2005-3807
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function. November 25, 2005, 15:11 pm
CVE-2005-3806
6.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. November 25, 2005, 15:11 pm
CVE-2005-3805
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers. November 25, 2005, 15:11 pm
CVE-2005-3783
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). November 23, 2005, 15:11 pm
CVE-2005-3732
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High ipsec-tools The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. November 21, 2005, 16:11 pm
CVE-2005-3660
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference. December 22, 2005, 17:12 pm
CVE-2005-3631
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. December 22, 2005, 05:12 am
CVE-2005-3392
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High php Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. November 1, 2005, 06:11 am
CVE-2005-3391
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High php Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. November 1, 2005, 06:11 am
CVE-2005-3390
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High php The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. November 1, 2005, 06:11 am
CVE-2005-3389
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. November 1, 2005, 06:11 am
CVE-2005-3388
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." November 1, 2005, 06:11 am
CVE-2005-3359
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules. December 30, 2005, 23:12 pm
CVE-2005-3358
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs. December 14, 2005, 13:12 pm
CVE-2005-3357
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium appache mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. December 30, 2005, 23:12 pm
CVE-2005-3356
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. December 30, 2005, 23:12 pm
CVE-2005-3353
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. November 18, 2005, 17:11 pm
CVE-2005-3350
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High libungif libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. November 3, 2005, 18:11 pm
CVE-2005-3319
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low php The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost. October 27, 2005, 05:10 am
CVE-2005-3276
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. October 20, 2005, 20:10 pm
CVE-2005-3274
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. October 20, 2005, 20:10 pm
CVE-2005-3273
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. October 20, 2005, 20:10 pm
CVE-2005-3272
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. October 20, 2005, 20:10 pm
CVE-2005-3185
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High curl Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. October 13, 2005, 17:10 pm
CVE-2005-3179
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information. October 12, 2005, 08:10 am
CVE-2005-3120
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High lynx Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. October 17, 2005, 15:10 pm
CVE-2005-3055
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. September 26, 2005, 14:09 pm
CVE-2005-3054
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low php fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory. September 26, 2005, 14:09 pm
CVE-2005-2974
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low libungif libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference. November 3, 2005, 18:11 pm
CVE-2005-2973
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash). October 27, 2005, 13:10 pm
CVE-2005-2969
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium openssl The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. October 18, 2005, 16:10 pm
CVE-2005-2946
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium openssl The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. September 16, 2005, 17:09 pm
CVE-2005-2917
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium squid Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). September 30, 2005, 13:09 pm
CVE-2005-2800
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. September 6, 2005, 12:09 pm
CVE-2005-2798
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium openssh sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. September 6, 2005, 12:09 pm
CVE-2005-2797
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium openssh OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. September 6, 2005, 12:09 pm
CVE-2005-2796
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium squid The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. September 7, 2005, 13:09 pm
CVE-2005-2794
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium squid store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. September 7, 2005, 13:09 pm
CVE-2005-2709
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. November 20, 2005, 16:11 pm
CVE-2005-2708
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command. October 25, 2005, 13:10 pm
CVE-2005-2498
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium phpxmlrpc Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. August 14, 2005, 23:08 pm
CVE-2005-2496
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium ntpd The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended. September 2, 2005, 12:09 pm
CVE-2005-2492
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. September 14, 2005, 14:09 pm
CVE-2005-2459
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. August 22, 2005, 23:08 pm
CVE-2005-2458
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". August 22, 2005, 23:08 pm
CVE-2005-2457
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. August 22, 2005, 23:08 pm
CVE-2005-2368
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High vim vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. July 25, 2005, 23:07 pm
CVE-2005-2316
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium dnrd Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer). December 30, 2005, 23:12 pm
CVE-2005-2315
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High dnrd Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared. December 30, 2005, 23:12 pm
CVE-2005-2099
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. August 22, 2005, 23:08 pm
CVE-2005-2098
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. August 22, 2005, 23:08 pm
CVE-2005-2096
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High zlib zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. July 5, 2005, 23:07 pm
CVE-2005-1921
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High xml_rpc Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. July 4, 2005, 23:07 pm
CVE-2005-1768
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. July 10, 2005, 23:07 pm
CVE-2005-1759
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low shtool Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. June 27, 2005, 23:06 pm
CVE-2005-1751
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low shtool Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. May 24, 2005, 23:05 pm
CVE-2005-1369
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function. May 1, 2005, 23:05 pm
CVE-2005-1368
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP. May 1, 2005, 23:05 pm
CVE-2005-1345
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High squid Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. May 1, 2005, 23:05 pm
CVE-2005-1260
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium bzip2 bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). May 18, 2005, 23:05 pm
CVE-2005-1247
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium nsure_audit webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. January 14, 2004, 23:01 pm
CVE-2005-1228
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium gzip Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. May 1, 2005, 23:05 pm
CVE-2005-1043
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. April 13, 2005, 23:04 pm
CVE-2005-1042
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High php Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. May 1, 2005, 23:05 pm
CVE-2005-0953
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low bzip2 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. May 1, 2005, 23:05 pm
CVE-2005-0758
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium gzip zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. May 12, 2005, 23:05 pm
CVE-2005-0749
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
High kernel The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer. March 31, 2005, 23:03 pm
CVE-2005-0525
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. May 1, 2005, 23:05 pm
CVE-2005-0524
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium php The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. May 1, 2005, 23:05 pm
CVE-2005-0504
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value. March 13, 2005, 23:03 pm
CVE-2005-0448
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low perl Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. May 1, 2005, 23:05 pm
CVE-2005-0256
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium wu-ftpd The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. May 1, 2005, 23:05 pm
CVE-2005-0207
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. May 1, 2005, 23:05 pm
CVE-2005-0180
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions. March 6, 2005, 23:03 pm
CVE-2005-0179
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low kernel Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call. March 6, 2005, 23:03 pm
CVE-2005-0178
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. March 6, 2005, 23:03 pm
CVE-2005-0156
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Low perl Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. February 6, 2005, 23:02 pm
CVE-2005-0155
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium perl The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. May 1, 2005, 23:05 pm
CVE-2005-0069
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium vim The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. January 12, 2005, 23:01 pm
CVE-2005-0037
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium dnrd The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. December 30, 2005, 23:12 pm
CVE-2005-0001
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
Medium kernel Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. May 1, 2005, 23:05 pm