From 3eb8597bd7b50afe0acb65169dc5712d6ed1fa18 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Fri, 16 Apr 2004 16:29:01 +0000 Subject: Add mysqlbug temporary file handling vulnerability. Add ident2 vulnerability. make tidy (sorry, I meant to do this in a separate commit) --- security/vuxml/vuln.xml | 238 +++++++++++++++++++++++++++++------------------- 1 file changed, 146 insertions(+), 92 deletions(-) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4209e99d01d6..132ad35f9fd2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -30,6 +30,62 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + MySQL insecure temporary file creation (mysqlbug) + + + mysql-client + 3.2 + + + + +

Shaun Colley reports that the script `mysqlbug' included + with MySQL sometimes creates temporary files in an unsafe + manner. As a result, an attacker may create a symlink in + /tmp so that if another user invokes `mysqlbug' and quits + without making any changes, an + arbitrary file may be overwritten with the bug report + template.

+ + + + http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2 + 9976 + CAN-2004-0381 + + + 2004-03-25 + 2004-04-16 + + + + + ident2 double byte buffer overflow + + + ident2 + 1.04 + + + + +

Jack of RaptureSecurity reported a double byte buffer + overflow in ident2. The bug may allow a remote attacker to + execute arbitrary code within the context of the ident2 + daemon. The daemon typically runs as user-ID `nobody', but + with group-ID `wheel'.

+ + + + http://cvsweb.freebsd.org/ports/security/ident2/files/patch-common.c + + + 2004-04-15 + 2004-04-16 + + + kdepim exploitable buffer overflow in VCF reader @@ -131,9 +187,54 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Vulnerabilities in H.323 implementations + + + pwlib + 1.6.0 + + + asterisk + 0.7.2 + + + openh323 + 1.13.0 + + + + +

The NISCC and the OUSPG + developed a test suite for the H.323 protocol. This test + suite has uncovered vulnerabilities in several H.323 + implementations with impacts ranging from denial-of-service + to arbitrary code execution.

In the FreeBSD Ports Collection, `pwlib' is directly + affected. Other applications such as `asterisk' and + `openh323' incorporate `pwlib' statically and so are also + independently affected.

+ + + + + http://www.uniras.gov.uk/vuls/2004/006489/h323.htm + http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html + CA-2004-01 + 749342 + + CAN-2004-0097 + http://www.southeren.com/blog/archives/000055.html + + + 2004-01-13 + 2004-02-22 + 2004-04-15 + + + - racoon remote denial of service vulnerability - (ISAKMP header length field) + racoon remote denial of service vulnerability (ISAKMP header length field) racoon @@ -162,8 +263,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - racoon remote denial of service vulnerability (IKE Generic - Payload Header) + racoon remote denial of service vulnerability (IKE Generic Payload Header) racoon @@ -188,6 +288,48 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + tcpdump ISAKMP payload handling remote denial-of-service + + + tcpdump + 3.8.3 + + + racoon + 20040408a + + + FreeBSD + 0 + + + + +

Chad Loder has discovered vulnerabilities in tcpdump's + ISAKMP protocol handler. During an audit to repair these + issues, Bill Fenner discovered some related problems.

These vulnerabilities may be used by an attacker to crash a + running `tcpdump' process. They can only be triggered if + the `-v' command line option is being used.

NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP + protocol handler from tcpdump, and so is also affected by + this issue.

+ + + + http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525 + http://www.rapid7.com/advisories/R7-0017.html + CAN-2004-0183 + CAN-2004-0184 + + + 2004-03-12 + 2004-03-31 + 2004-04-14 + + + Midnight Commander buffer overflow during symlink resolution @@ -677,48 +819,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - tcpdump ISAKMP payload handling remote denial-of-service - - - tcpdump - 3.8.3 - - - racoon - 20040408a - - - FreeBSD - 0 - - - - -

Chad Loder has discovered vulnerabilities in tcpdump's - ISAKMP protocol handler. During an audit to repair these - issues, Bill Fenner discovered some related problems.

These vulnerabilities may be used by an attacker to crash a - running `tcpdump' process. They can only be triggered if - the `-v' command line option is being used.

NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP - protocol handler from tcpdump, and so is also affected by - this issue.

- - - - http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525 - http://www.rapid7.com/advisories/R7-0017.html - CAN-2004-0183 - CAN-2004-0184 - - - 2004-03-12 - 2004-03-31 - 2004-04-14 - - - squid ACL bypass due to URL decoding bug @@ -1767,52 +1867,6 @@ misc.c: - - Vulnerabilities in H.323 implementations - - - pwlib - 1.6.0 - - - asterisk - 0.7.2 - - - openh323 - 1.13.0 - - - - -

The NISCC and the OUSPG - developed a test suite for the H.323 protocol. This test - suite has uncovered vulnerabilities in several H.323 - implementations with impacts ranging from denial-of-service - to arbitrary code execution.

In the FreeBSD Ports Collection, `pwlib' is directly - affected. Other applications such as `asterisk' and - `openh323' incorporate `pwlib' statically and so are also - independently affected.

- - - - - http://www.uniras.gov.uk/vuls/2004/006489/h323.htm - http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html - CA-2004-01 - 749342 - - CAN-2004-0097 - http://www.southeren.com/blog/archives/000055.html - - - 2004-01-13 - 2004-02-22 - 2004-04-15 - - - mnGoSearch buffer overflow in UdmDocToTextBuf() -- cgit v1.2.3