From fcde799d20d7f6f53abf1f6c90b43c5dc45f6031 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Tue, 18 May 2004 14:43:04 +0000 Subject: make tidy --- security/vuxml/vuln.xml | 321 ++++++++++++++++++++++++------------------------ 1 file changed, 160 insertions(+), 161 deletions(-) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c9267a4baf73..29f7e4f7504a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -70,6 +70,101 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + MySQL insecure temporary file creation (mysqlbug) + + + mysql-client + 4.04.0.20 + 4.14.1.0_2 + 5.05.0.0_2 + + + + +

Shaun Colley reports that the script `mysqlbug' included + with MySQL sometimes creates temporary files in an unsafe + manner. As a result, an attacker may create a symlink in + /tmp so that if another user invokes `mysqlbug' and quits + without making any changes, an + arbitrary file may be overwritten with the bug report + template.

+ + + + http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2 + http://bugs.mysql.com/bug.php?id=3284 + 9976 + CAN-2004-0381 + + + 2004-03-25 + 2004-04-16 + 2004-05-18 + + + + + fsp buffer overflow and directory traversal vulnerabilities + + + fspd + 2.8.1.19 + + + + +

The Debian + security team reported a pair of vulnerabilities in + fsp:

+
A vulnerability was discovered in fsp, client utilities + for File Service Protocol (FSP), whereby a remote user could + both escape from the FSP root directory (CAN-2003-1022), and + also overflow a fixed-length buffer to execute arbitrary + code (CAN-2004-0011).
+

+ + + + CAN-2003-1022 + CAN-2004-0011 + http://www.debian.org/security/2004/dsa-416 + + + 2004-01-06 + 2004-01-19 + 2004-05-17 + + + + + proftpd IP address access control list breakage + + + proftpd + 1.2.91.2.10.r1 + + + + +

Jindrich Makovicka reports a regression in proftpd's + handling of IP address access control lists (IP ACLs). Due + to this regression, some IP ACLs are treated as ``allow + all''.

+ + + + CAN-2004-0432 + http://bugs.proftpd.org/show_bug.cgi?id=2267 + + + 2003-11-04 + 2004-05-02 + 2004-05-15 + + + Cyrus IMSPd multiple vulnerabilities @@ -82,8 +177,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The Cyrus team reported multiple vulnerabilities in older versions of Cyrus IMSPd:

+

These releases correct a recently discovered buffer overflow vulnerability, as well as clean up a significant amount of buffer handling throughout the code.
@@ -112,8 +206,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
In December 2002, Timo Sirainen reported:
-
+

Cyrus IMAP server has a a remotely exploitable pre-login buffer overflow. [...] Note that you don't have to log in before exploiting this, and since Cyrus @@ -135,6 +228,33 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + insecure temporary file creation in xine-check, xine-bugreport + + + xine + 0.9.23_3 + + + + +
Some scripts installed with xine create temporary files + insecurely. It is recommended that these scripts (xine-check, + xine-bugreport) not be used. They are not needed for normal + operation.
+ + + + http://marc.theaimsgroup.com/?l=bugtraq&m=107997911025558 + 9939 + + + 2004-03-20 + 2004-03-26 + 2004-05-09 + + + exim buffer overflow when verify = header_syntax is used @@ -163,6 +283,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2004-05-06 + phpBB session table exhaustion @@ -547,6 +668,41 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Incorrect cross-realm trust handling in Heimdal + + + heimdal + 0.6.1 + + + FreeBSD + 5.05.2_6 + 4.94.9_6 + 4.04.8_19 + + + + +
Heimdal does not correctly validate the `transited' field of + Kerberos tickets when computing the authentication path. This + could allow a rogue KDC with which cross-realm relationships + have been established to impersonate any KDC in the + authentication path.
+ + + + CAN-2004-0371 + SA-04:08.heimdal + http://www.pdc.kth.se/heimdal/advisory/2004-04-01/ + + + 2004-04-01 + 2004-04-02 + 2004-05-05 + + + lha buffer overflows and path traversal issues @@ -605,33 +761,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - proftpd IP address access control list breakage - - - proftpd - 1.2.91.2.10.r1 - - - - -
Jindrich Makovicka reports a regression in proftpd's - handling of IP address access control lists (IP ACLs). Due - to this regression, some IP ACLs are treated as ``allow - all''.
- - - - CAN-2004-0432 - http://bugs.proftpd.org/show_bug.cgi?id=2267 - - - 2003-11-04 - 2004-05-02 - 2004-05-15 - - - xchat remotely exploitable buffer overflow (Socks5) @@ -782,40 +911,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - MySQL insecure temporary file creation (mysqlbug) - - - mysql-client - 4.04.0.20 - 4.14.1.0_2 - 5.05.0.0_2 - - - - -
Shaun Colley reports that the script `mysqlbug' included - with MySQL sometimes creates temporary files in an unsafe - manner. As a result, an attacker may create a symlink in - /tmp so that if another user invokes `mysqlbug' and quits - without making any changes, an - arbitrary file may be overwritten with the bug report - template.
- - - - http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2 - http://bugs.mysql.com/bug.php?id=3284 - 9976 - CAN-2004-0381 - - - 2004-03-25 - 2004-04-16 - 2004-05-18 - - - neon format string vulnerabilities @@ -1245,41 +1340,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - Incorrect cross-realm trust handling in Heimdal - - - heimdal - 0.6.1 - - - FreeBSD - 5.05.2_6 - 4.94.9_6 - 4.04.8_19 - - - - -
Heimdal does not correctly validate the `transited' field of - Kerberos tickets when computing the authentication path. This - could allow a rogue KDC with which cross-realm relationships - have been established to impersonate any KDC in the - authentication path.
- - - - CAN-2004-0371 - SA-04:08.heimdal - http://www.pdc.kth.se/heimdal/advisory/2004-04-01/ - - - 2004-04-01 - 2004-04-02 - 2004-05-05 - - - Courier mail services: remotely exploitable buffer overflows @@ -1586,33 +1646,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - insecure temporary file creation in xine-check, xine-bugreport - - - xine - 0.9.23_3 - - - - -
Some scripts installed with xine create temporary files - insecurely. It is recommended that these scripts (xine-check, - xine-bugreport) not be used. They are not needed for normal - operation.
- - - - http://marc.theaimsgroup.com/?l=bugtraq&m=107997911025558 - 9939 - - - 2004-03-20 - 2004-03-26 - 2004-05-09 - - - multiple vulnerabilities in phpBB @@ -2915,40 +2948,6 @@ misc.c: - - fsp buffer overflow and directory traversal vulnerabilities - - - fspd - 2.8.1.19 - - - - -
The Debian - security team reported a pair of vulnerabilities in - fsp:
-
-
A vulnerability was discovered in fsp, client utilities - for File Service Protocol (FSP), whereby a remote user could - both escape from the FSP root directory (CAN-2003-1022), and - also overflow a fixed-length buffer to execute arbitrary - code (CAN-2004-0011).
-
- - - - CAN-2003-1022 - CAN-2004-0011 - http://www.debian.org/security/2004/dsa-416 - - - 2004-01-06 - 2004-01-19 - 2004-05-17 - - - Buffer overflow in INN control message handling -- cgit v1.2.3